Secure cryptographic mechanisms and protocols require good random numbers. Therefore, random number generators used in cryptographic products need to provide random and unpredictable data.

For this purpose the BSI defined guidelines for the evaluation and certification of random number generators in the mathematical/technical reference A proposal for: Functionality classes for random number generators - Version 2.0 (September 18, 2011), which is the cryptographic basis for AIS 20 and AIS 31 (AIS documents).

Presentation of the revised draft of AIS 20/31 from June 5 to June 7:

The Bundesamt für Sicherheit in der Informationstechnik (BSI) is revising the requirements for random number generators. A draft of the mathematical-technical reference AIS 20/31 was published in September 2022 A proposal for: Functionality classes for random number generators - Version 2.35 - Draft. The comment period ended on February 15, 2023. The BSI recieved many valuable comments.

From June 5 to 7, 2023, the BSI held a workshop in which an updated draft of the AIS 20/31 was presented.

More information

Furthermore, various BSI studies examine and evaluate individual random number generators:

BSI study: Documentation und Analysis of the Linux pseudo-random number generator

For several years now, the BSI continuously examined the random number generator (RNG for short) /dev/random for each newly released version of Linux. This enables the BSI to make security statements about this RNG, but also about cryptographic systems that use this RNG to generate key material. The main aspect of the investigation is to prove that the Linux RNG is compliant with a certain functionality class.

BSI study: Random number generation in virtualized environments

With the increasing use of virtual machines, especially in cloud-based solutions, the question arises whether random numbers of sufficient quality can be provided here as well. A study by the BSI therefore investigated how virtualization influences the entropy of the noise sources feeding the random number generators and what can be done to ensure that the virtual machines (VM) are supplied with sufficient random numbers. As an example, the Linux open-source random number generator was investigated in virtual machines running on different virtual-machine monitors (VMM) such as KVM, VirtualBox, Microsoft Hyper-V, and VMWare ESXi.