January 2020 AN4230 Rev 5 1/27

AN4230

Application note

STM32 microcontroller random number generation validation

using the NIST statistical test suite

Introduction

Many standards created requirements and references for the construction, the validation

and the use of random number generators (RNGs), in order to verify that the output they

produce is indeed random.

This application note provides some guidelines to verify the randomness of the numbers

generated by the RNG peripheral embedded in a selection of STM32 microcontrollers

(MCUs) listed in the table below. This verification is based either on the statistical test suite

(STS) SP 800-22rev1a (April 2010) or SP 800-90b (January 2018) of the NIST (National

Institute of Standards and Technology).

This document is structured as follows:

a general introduction to STM32 microcontroller random number generator

(see Section 1)

the NIST SP800-22b test suite (see Section 2)

the steps needed to run NIST SP800-22b test and analysis (see Section 3)

the NIST SP800-90b test suite (see Section 4)

the steps needed to run NIST SP800-90b test and analysis (see Section 5)

Table 1. Applicable products

Type

Products

Checked with SP800-22rev1a Checked with

SP800-90b

Microcontrollers

STM32F2 Series, STM32F4 Series, STM32F7 Series

STM32H742, STM32H743/753, STM32H745/755,

STM32H747/757 lines, STM32H750 Value line

STM32L0 Series, STM32L4 Series, STM32L4+ Series

STM32H7A3/7B3 line,

STM32H7B0 Value line,

STM32L5 Series

www.st.com

Contents AN4230

2/27 AN4230 Rev 5

Contents

1 STM32 MCU RNG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.2 STM32 MCU implementation description . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2 NIST SP800-22b test suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.2 NIST SP800-22b test suite description . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3 NIST SP800-22b test suite running and analyzing . . . . . . . . . . . . . . . . . 9

3.1 Firmware description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.1.1 STM32 MCU side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.1.2 On the NIST SP800-22b test suite side . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.2 NIST SP800-22b test suite steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.2.1 Step 1: random number generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.2.2 Step 2: NIST statistical test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.2.3 Step 3: test report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

4 NIST SP800-90b test suite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

4.2 NIST SP800-90b test suite description . . . . . . . . . . . . . . . . . . . . . . . . . . 16

4.2.1 Non-IID track: entropy estimation for non-IID data . . . . . . . . . . . . . . . . 16

5 NIST SP800-90b test suite running and analyzing . . . . . . . . . . . . . . . . 18

5.1 Firmware description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

5.1.1 STM32 MCU side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

5.1.2 NIST SP800-90b test suite side . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

5.2 NIST SP800-90B test suite steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

5.2.1 Step 1: random number generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

5.2.2 Step 2: NIST statistical tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

5.2.3 Step 3: test report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Appendix A NIST SP800-22b statistical test suite . . . . . . . . . . . . . . . . . . . . . . . . 21