{\rtf1\ansi\ansicpg1252\cocoartf1504 {\fonttbl\f0\fswiss\fcharset0 Helvetica;\f1\fmodern\fcharset0 Courier;} {\colortbl;\red255\green255\blue255;} {\*\expandedcolortbl;\csgray\c100000;} \margl1440\margr1440\vieww15440\viewh11460\viewkind0 \deftab720 \pard\pardeftab720\partightenfactor0 \f0\fs28 \cf0 \expnd0\expndtw0\kerning0 Q: How does a submission obtain secure randomness?\ \'a0\ A: The function randombytes() will be available to the submitters. This is a function that will be available in the test environment and should be used to generate seed values for an algorithm. If the algorithm needs additional randomness beyond the seed value a NIST-approved DRBG should be used. If a non-approved DRBG is used \'93the submitter shall provide an explanation for why a NIST-approved primitive would not be suitable.\'94 The length of the random value obtained from randombytes() should be selected to match one of the security categories in the call for algorithms. That is, if the call to generate a key pair is from category 1 the randomness value should be 128 bits (16 bytes), if the call is from category 2 or 3 it should be 192 bits (24 bytes) and if it is from category 4 or 5 it should be 256 bits (32 bytes). The DRBG will be used to expand that if necessary.\ \ For functional and timing tests a deterministic generator is used inside randombytes() to produce the seed values. If security testing is being done simply substitute calls to a true hardware RBG inside randombytes().\ \'a0\ Function prototype for randombytes() is:\ \'a0\ \pard\pardeftab720\partightenfactor0 \f1 \cf0 // The xlen parameter is in bytes \f0 \ \f1 void randombytes(unsigned char *x,unsigned long long xlen) \f0 \ \'a0\ The following demonstrate the use of the KAT and non-KAT versions of the functions to generate a key pair for encryption:\ \'a0\ \f1 int crypto_encrypt_keypair_KAT( \f0 \ \f1 \'a0 \'a0 \'a0 \'a0 \'a0 \'a0 \'a0 unsigned char *pk, \f0 \ \f1 \'a0 \'a0 \'a0 \'a0 \'a0 \'a0 \'a0 unsigned char *sk, \f0 \ \f1 \'a0 \'a0 \'a0 \'a0 \'a0 \'a0 \'a0 const unsigned char *randomness \f0 \ \f1 \'a0\'a0 \'a0 \'a0 \'a0 ) \f0 \ \'a0\ \f1 int crypto_encrypt_keypair(unsigned char *pk, unsigned char *sk) \f0 \ \f1 \{ \f0 \ \f1 \'a0\'a0\'a0\'a0\'a0 unsigned char pk[CRYPTO_PUBLICKEYBYTES]; \f0 \ \f1 \'a0\'a0\'a0\'a0\'a0 unsigned char sk[CRYPTO_SECRETKEYBYTES]; \f0 \ \f1 \'a0\'a0\'a0\'a0\'a0 unsigned char seed[CRYPTO_RANDOMBYTES]; \f0 \ \f1 \'a0 \f0 \ \f1 \'a0\'a0\'a0\'a0\'a0 randombytes(seed, CRYPTO_RANDOMBYTES); \f0 \ \f1 \'a0\'a0\'a0\'a0\'a0 crypto_encrypt_keypair_KAT(pk, sk, seed); \f0 \ \f1 \}}