Date Published: May 2019
Comments Due:
Email Questions to:
Author(s)
John Kelsey (NIST), Luís T. A. N. Brandão (NIST), Rene Peralta (NIST), Harold Booth (NIST)
Announcement
Draft NISTIR 8213 provides a reference for implementing interoperable randomness beacons. The document defines terminology and notation, a format for pulses, a protocol for beacon operations, hash-chaining and skiplists of pulses, and the beacon interface calls. It also provides directions for how to use beacon randomness, and includes security considerations. With the release of this draft publication, NIST intends to seek constructive feedback from interested parties.
NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
A randomness beacon produces timed outputs of fresh public randomness. Each output, called a pulse, also includes metadata and cryptographic elements to support several security and usability features. This document specifies a reference “version 2” of a format for pulses and of a protocol for beacon operations. The main goal of the description is to serve as a baseline for the deployment of numerous interoperable beacons, including the NIST Beacon. In the proposed reference, a Beacon periodically outputs a pulse containing 512 fresh random bits, time-stamped, signed and hash-chained. For example, each pulse also pre-commits to the randomness to be released in the next pulse. The latter enables users to securely combine randomness from different beacons. The Beacon protocol also specifies the interface for users to interact with the Beacon, in order to obtain information about past pulses.
A randomness beacon produces timed outputs of fresh public randomness. Each output, called a pulse, also includes metadata and cryptographic elements to support several security and usability features. This document specifies a reference “version 2” of a format for pulses and of a protocol for...
See full abstract
A randomness beacon produces timed outputs of fresh public randomness. Each output, called a pulse, also includes metadata and cryptographic elements to support several security and usability features. This document specifies a reference “version 2” of a format for pulses and of a protocol for beacon operations. The main goal of the description is to serve as a baseline for the deployment of numerous interoperable beacons, including the NIST Beacon. In the proposed reference, a Beacon periodically outputs a pulse containing 512 fresh random bits, time-stamped, signed and hash-chained. For example, each pulse also pre-commits to the randomness to be released in the next pulse. The latter enables users to securely combine randomness from different beacons. The Beacon protocol also specifies the interface for users to interact with the Beacon, in order to obtain information about past pulses.
Hide full abstract
Keywords
cryptography; public randomness; beacons; hash chaining; timestamping; auditability; unpredictability
Control Families
None selected