Are the Interpulse Intervals of an ECG signal a good source of entropy? An in-depth entropy analysis based on NIST 800-90B recommendation Articles uri icon

publication date

  • April 2020

start page

  • 346

end page

  • 360


  • 105

International Standard Serial Number (ISSN)

  • 0167-739X

Electronic International Standard Serial Number (EISSN)

  • 1872-7115


  • In recent years many authors have explored the use of biological signals for security issues. In the context of cardiac signals, the use of Inter-Pulse Interval (IPI) values as a source of entropy is one of the most widely used solutions in the literature. To date, there is a broad consensus that the four least significant bits of each IPI are highly entropic and can be used, for instance, in the generation of a cryptographic key. In this article, we demonstrate that the choice of the IPI bits used to date may not be the most correct (e.g., the combination of bits 2638 are much better that the common assumed 5678). To come to our conclusions, we have done a rigorous and in-depth study, analyzing cardiac signals from more than 160,000 files from 19 databases of the Physionet public repository and basing our analysis on the NIST 800-90B recommendation.


  • entropy; nist 800-90b; privacy; security