The development of a hardware random number generator for gamma-ray astronomy / R.C. Botha

Botha, Roelof Cornelis

January 2005

Pulsars, as rotating magnetised neutron stars got much attention during the last 40 years since their discovery. Observations revealed them to be gamma-ray emitters with energies continuing up to the sub 100 GeV region. Better observation of this upper energy cut-off region will serve to enhance our theoretical understanding of pulsars and neutron stars. The H-test has been used the most extensively in the latest periodicity searches, whereas other tests have limited applications and are unsuited for pulsar searches. If the probability distribution of a test statistic is not accurately known, it is possible that, after searching through many trials, a probability for uniformity can be given, which is much smaller than the real value, possibly leading to false detections. The problem with the H-test is that one must obtain the distribution by simulation and cannot do so analytically. For such simulations, random numbers are needed and are usually obtained by utilising so-called pseudo-random number generators, which are not truly random. This immediately renders such generators as useless for the simulation of the distribution of the H-test. Alternatively there exists hardware random number generators, but such devices, apart from always being slow, are also expensive, large and most still don't exhibit the true random nature required. This was the motivation behind the development of a hardware random number generator which provides truly random U(0,l) numbers at very high speed and at low cost The development of and results obtained by such a generator are discussed. The device delivered statistically truly random numbers and was already used in a small simulation of the H-test distribution. / Thesis (M.Sc. (Physics))--North-West University, Potchefstroom Campus, 2005.

H-test

Pulsar searches

Periodicity searches

Gamma-ray astronomy

Random number generator

True randomness

Testing Primitive Polynomials for Generalized Feedback Shift Register Random Number Generators

Lian, Guinan

30 November 2005

The class of generalized feedback shift register (GFSR) random number generators was a promising method for random number generation in the 1980's, but was abandoned because of some flaws such as poor performance on certain tests for randomness. The poor performance may be due to the choice of primitive polynomials used in the generators, rather than inherent flaws in the method. The original GFSR generators were all based on primitive trinomials. This project examines several alternative choices of primitive polynomials with more than one "interior" term to address this problem and hopefully provide access to good random number generators.

random number generator

generalized feedback shift register

primitive polynomials

primitive trinomials

Statistics and Probability

Statistical Analysis of Dark Counts in Superconducting Nanowire Single Photon Detectors

Cakste, Anton, Andrae, Martin

January 2022

In this paper we perform a statistical analysis of dark counts in superconducting nanowire single photon detectors (SNSPDs) with the end goal of creating a quantum random number generator (QRNG) using these dark counts. We confirm that dark counts are Poissonian for low bias currents and that no afterpulsing is present. However, we also show that an increase in bias current causes the dark counts to violate the independence assumption. For the non-Poissonian dark counts we identify three seemingly similar effects and confirm that: (i) a single event is at times regarded as two by the flat-threshold discriminator in the time-tagging device; (ii) a reflection in the readout circuit incites a second detection event shortly after the arrival of a first one, creating a conditionality between dark counts; (iii) a damped oscillation in the effective bias current immediately after a detection event shows itself in the inter-arrival time probability distribution. Finally, we present and evaluate a method for generating random numbers using the Poissonian dark counts as an entropy source with promising results.

Single-Photon Detector

SNSPD

Dark Counts

Quantum Random Number Generator

Afterpulsing

Physical Sciences

Fysik

Exploring true random number generators Build on commercial-off-the-shelve Components / Sanna slumptalsgeneratorer med lättillgängliga komponenter

Mörk, Linnéa

January 2023

Generating random numbers can be accomplished through various methods, with the primary distinction lying between pseudo-random number generators (PRNGs), which are commonly used for applications that require a large amount of random data, and true random number generators (TRNGs), which are commonly used for applications that need security and unpredictability. This thesis explores the feasibility of harnessing frequency variations in the electrical grid as a source of entropy for a TRNG. By employing an iterative approach, the study has substantiated the likelihood that frequency fluctuations can serve as a reliable source of ran-domness for a TRNG. This assertion is supported by statistical testing using the comprehensive RNG testing suite known as DieHarder, where the final implementation of the TRNG yielded favourable outcomes. Nevertheless, it is worth noting that the artefact exhibited weaker resultson three specific tests within the suite, which can likely be attributed to a limited amount of generated data. Despite these limitations, the findings are undeniably promising, and futurere search endeavours should focus primarily on enhancing the generation speed of the TRNG. By doing so, it is anticipated that improved performance on the DieHarder suite and similar RNG testing suites can be achieved. / Generering av slumptal kan åstadkommas mev hjälp av flera olika metoder. De två stora grupperna är pseudo-slumptalsgeneratorer (PRNG:er), som vanligtvis används för applikationer som kräver en stor mängd slumpmässiga data, och sanna slumptalsgeneratorer (TRNG:er), som ofta används för applikationer som behöver säkerhet och oförutsägbarhet. Detta examensarbete undersöker möjligheten att utnyttja frekvensvariationer i det elektriska nätetverket som en källa till entropi för en TRNG. Genom att använda ett iterativt tillvägagångssätt har studien underbyggt sannolikheten att frekvensfluktuationer kan fungera som en pålitlig källa till slumpmässighet för en TRNG. Detta påstående stöds av statistiska tester med den omfattande RNG-testsviten känd som DieHarder, där den slutliga implementeringen av TRNG:n gav gynnsamma resultat. Det är värt att notera att artefacten visade svagare resultat på tre specifika tester inom sviten, vilket sannolikt kan tillskrivas en begränsad mängd genererad data. Trots dessa begränsningar är resultaten onekligen lovande, och framtida forskningsansträngningar bör främst fokusera på att öka generationshastigheten för generatorn. Genom att göra det förväntas det att bättre resultat från DieHarder och liknande RNG-testsviter kan uppnås.

TRNG

RNG

Random number generator

commercial-off-the-shelve

Embedded Systems

Inbäddad systemteknik

Pseudo-Random Number Generator

Lam, Clement C.Y.

09 1900

One of the two project reports: The other part is designated PART A: MCMASTER (Off-Campus) PROJECT / <P> A simple and inexpensive pseudo-random number generator has been designed and built using linear feedback shift registers to generate rectangular and gaussian distributed numbers. The device has been interfaced to a Nova computer to provide a high speed source of random numbers. The two distributions have been checked with the following tests: (i) Frequency test (ii) Autocorrelation test and (iii) d 2-test. Results of each test have been compared with the expected theoretical values. Finally, a comparison of the generating speed has been made between this new generator and the existing old software generators. This 28-bit generator is especially desirable in random simulation and Monte Carlo application if randomness, speed and cost are the main consideration in the design. </P> / Thesis / Master of Engineering (MEngr)

Pseudo-Random

number generator

distributed numbers

frequency test

autocorrelation test

linear feedback shift register

Security of Lightweight Cryptographic Primitives

Vennos, Amy Demetra Geae

10 June 2021

Internet-of-Things (IoT) devices are increasing in popularity due to their ability to help automate many aspects of daily life while performing these necessary duties on billions of low-power appliances. However, the perks of these small devices also come with additional constraints to security. Security always has been an issue with the rise of cryptographic backdoors and hackers reverse engineering the security protocols within devices to reveal the original state that was encrypted. Security researchers have done much work to prevent attacks with high power algorithms, such as the international effort to develop the current Advanced Encryption Standard (AES). Unfortunately, IoT devices do not typically have the computational resources to implement high-power algorithms such as AES, and must rely on lightweight primitives such as pseudorandom number generators, or PRNGs.This thesis explores the effectiveness, functionality, and use of PRNGs in different applications. First, this thesis investigates the confidentiality of a single-stage residue number system PRNG, which has previously been shown to provide extremely high quality outputs for simulation and digital communication applications when evaluated through traditional techniques like the battery of statistical tests used in the NIST Random Number Generation and DIEHARD test suites or in using Shannon entropy metrics. In contrast, rather than blindly performing statistical analyses on the outputs of the single-stage RNS PRNG, this thesis provides both white box and black box analyses that facilitate reverse engineering of the underlying RNS number generation algorithm to obtain the residues, or equivalently the key, of the RNS algorithm. This thesis develops and demonstrate a conditional entropy analysis that permits extraction of the key given a priori knowledge of state transitions as well as reverse engineering of the RNS PRNG algorithm and parameters (but not the key) in problems where the multiplicative RNS characteristic is too large to obtain a priori state transitions. This thesis then discusses multiple defenses and perturbations for the RNS system that defeat the original attack algorithm, including deliberate noise injection and code hopping. We present a modification to the algorithm that accounts for deliberate noise, but rapidly increases the search space and complexity. Lastly, a comparison of memory requirements and time required for the attacker and defender to maintain these defenses is presented. The next application of PRNGs is in building a translation for binary PRNGs to non-binary uses like card shuffling in a casino. This thesis explores a shuffler algorithm that utilizes RNS in Fisher-Yates shuffles, and that calls for inputs from any PRNG. Entropy is lost through this algorithm by the use of PRNG in lieu of TRNG and by its RNS component: a surjective mapping from a large domain of size $2^J$ to a substantially smaller set of arbitrary size $n$. Previous research on the specific RNS mapping process had developed a lower bound on the Shannon entropy loss from such a mapping, but this bound eliminates the mixed-radix component of the original formulation. This thesis calculates a more precise formula which takes into account the radix, $n$. This formulation is later used to specify the optimal parameters to simulate the shuffler with different test PRNGs. After implementing the shuffler with PRNGs with varying output entropies, the thesis examines the output value frequencies to discuss if utilizing PRNG is a feasible alternative for casinos to the higher-cost TRNG. / Master of Science / Cryptography, or the encrypting of data, has drawn widespread interest for years, initially sparking public concern through headlines and dramatized reenactments of hackers targeting security protocols. Previous cryptographic research commonly focused on developing the quickest, most secure ways to encrypt information on high-power computers. However, as wireless low-power devices such as smart home, security sensors, and learning thermostats gain popularity in ordinary life, interest is rising in protecting information being sent between devices that don't necessarily have the power and capabilities as those in a government facility. Lightweight primitives, the algorithms used to encrypt information between low-power devices, are one solution to this concern, though they are more susceptible to attackers who wish to reverse engineer the encrypting process. The pesudorandom number generator (PRNG) is a type of lightweight primitive that generates numbers that are essentially random even though it is possible to determine the input value, or seed, from the resulting output values. This thesis explores the effectiveness and functionality of PRNGs in different applications. First, this thesis explores a PRNG that has passed many statistical tests to prove its output values are random enough for certain applications. This project analyzes the quality of this PRNG through a new lens: its resistance to reverse engineering attacks. The thesis describes and implements an attack on the PRNG that allows an individual to reverse engineer the initial seed. The thesis then changes perspective from attacker to designer and develop defenses to this attack: by slightly modifying the algorithm, the designer can ensure that the reverse engineering process is so complex, time-consuming, and memory-requiring that implementing such an attack would be impractical for an attacker. The next application of PRNGs is in the casino industry, in which low-power and cost-effective automatic card shufflers for games like poker are becoming popular. This thesis explores a solution for optimal shuffling of a deck of cards.

Pseudorandom Number Generator

PRNG

Residue Number System

RNS

Reverse Engineering

Shannon Entropy

Mixed-Radix Conversion

Analysis of Lightweight Cryptographic Primitives

George, Kiernan Brent

05 May 2021

Internet-of-Things (IoT) devices have become increasingly popular in the last 10 years, yet also show an acceptance for lack of security due to hardware constraints. The range of sophistication in IoT devices varies substantially depending on the functionality required, so security options need to be flexible. Manufacturers typically either use no security, or lean towards the use of the Advanced Encryption Standard (AES) with a 128-bit key. AES-128 is suitable for the higher end of that IoT device range, but is costly enough in terms of memory, time, and energy consumption that some devices opt to use no security. Short development and a strong drive to market also contribute to a lack in security. Recent work in lightweight cryptography has analyzed the suitability of custom protocols using AES as a comparative baseline. AES outperforms most custom protocols when looking at security, but those analyses fail to take into account block size and future capabilities such as quantum computers. This thesis analyzes lightweight cryptographic primitives that would be suitable for use in IoT devices, helping fill a gap for "good enough" security within the size, weight, and power (SWaP) constraints common to IoT devices. The primitives have not undergone comprehensive cryptanalysis and this thesis attempts to provide a preliminary analysis of confidentiality. The first is a single-stage residue number system (RNS) pseudorandom number generator (PRNG) that was shown in previous publications to produce strong outputs when analyzed with statistical tests like the NIST RNG test suite and DIEHARD. However, through analysis, an intelligent multi-stage conditional probability attack based on the pigeonhole principle was devised to reverse engineer the initial state (key) of a single-stage RNS PRNG. The reverse engineering algorithm is presented and used against an IoT-caliber device to showcase the ability of an attacker to retrieve the initial state. Following, defenses based on intentional noise, time hopping, and code hopping are proposed. Further computation and memory analysis show the proposed defenses are simple in implementation, but increase complexity for an attacker to the point where reverse engineering the PRNG is likely no longer viable. The next primitive proposed is a block cipher combination technique based on Galois Extension Field multiplication. Using any PRNG to produce the pseudorandom stream, the block cipher combination technique generates a variable sized key matrix to encrypt plaintext. Electronic Codebook (ECB) and Cipher Feedback (CFB) modes of operation are discussed. Both system modes are implemented in MATLAB as well as on a Texas Instruments (TI) MSP430FR5994 microcontroller for hardware validation. A series of statistical tests are then run against the simulation results to analyze overall randomness, including NIST and the Law of the Iterated Logarithm; the system passes both. The implementation on hardware is compared against a stream cipher variation and AES-128. The block cipher proposed outperforms AES-128 in terms of computation time and consumption for small block sizes. While not as secure, the cryptosystem is more scalable to block sizes used in IoT devices. / Master of Science / An Internet-of-Things (IoT) device is a single-purpose computer that operates with less computing resources and sometimes on battery power. The classification of IoT can range anywhere from motion sensors to a doorbell camera, but IoT devices are used in more than just home automation. The medical and industrial spaces use simple wireless computers for a number of tasks as well. One concern with IoT, given the hardware constraints, is the lack of security. Since messages are often transmitted through a wireless medium, anybody could eavesdrop on what is being communicated if data is not encrypted prior to transmission. Cryptography is the practice of taking any string of data and obfuscating it through a process that only valid parties can reverse. The sophistication of cryptographic systems has increased to the point where IoT manufacturers elect to use no security in many cases because the hardware is not advanced enough to run them efficiently. The Advanced Encryption Standard (AES) is usually the choice for security in the IoT space, but typically only higherend devices can afford to use AES. This thesis focuses on alternative lightweight systems to AES. First, a single-stage residue number system (RNS) pseudorandom number generator (PRNG) is analyzed, which has been proven to generate statistically random outputs in previous publications. PRNGs are a cheap method of producing seemingly random outputs through an algorithm once provided with an initial state known as a seed. An intelligent attack on the PRNG is devised, which is able to reverse engineer the initial state, effectively breaking the random behavior. Three defenses against the attack are then implemented to protect against the reported vulnerability. Following, a block cipher combination technique is presented, using the aforementioned PRNG as the source of randomness. A block cipher is a method of encrypting large chunks of data together, to better obfuscate the output. Using a block cipher is more secure than just using a PRNG for encryption. However, PRNGs are used to generate the key for the proposed block cipher, as they offer a more efficient method of security. The combination technique presented serves to increase the security of PRNGs further. The cipher is shown to perform better on an IoT-caliber device in terms of computation time and energy consumption at smaller block sizes than AES.

Block Cipher

Galois Extension Field

Post-Quantum Cryptography

Pseudorandom Number Generator

Residue Number System

Analysis of Entropy Usage in Random Number Generators / Analys av entropianvändning i slumptalsgeneratorer

Gärtner, Joel

January 2017

Cryptographically secure random number generators usually require an outside seed to be initialized. Other solutions instead use a continuous entropy stream to ensure that the internal state of the generator always remains unpredictable. This thesis analyses four such generators with entropy inputs. Furthermore, different ways to estimate entropy is presented and a new method useful for the generator analysis is developed. The developed entropy estimator performs well in tests and is used to analyse entropy gathered from the different generators. Furthermore, all the analysed generators exhibit some seemingly unintentional behaviour, but most should still be safe for use. / Kryptografiskt säkra slumptalsgeneratorer behöver ofta initialiseras med ett oförutsägbart frö. En annan lösning är att istället konstant ge slumptalsgeneratorer entropi. Detta gör det möjligt att garantera att det interna tillståndet i generatorn hålls oförutsägbart. I den här rapporten analyseras fyra sådana generatorer som matas med entropi. Dessutom presenteras olika sätt att skatta entropi och en ny skattningsmetod utvecklas för att användas till analysen av generatorerna. Den framtagna metoden för entropiskattning lyckas bra i tester och används för att analysera entropin i de olika generatorerna. Alla analyserade generatorer uppvisar beteenden som inte verkar optimala för generatorns funktionalitet. De flesta av de analyserade generatorerna verkar dock oftast säkra att använda.

Random

vulnerability

Entropy

CSPRNG

RNG

TRNG

PRNG

LRNG

Linux

Estimate

HAVEGED

PRNGD

FreeBSD

Overestimate

Linux Random Number Generator

Cryptography

Random Number Generator

Seed

Predictors

Markov Chains

Computer Sciences

Datavetenskap (datalogi)

Development of a FPGA-based True Random Number Generator for Space Applications

Shanmuga Sundaram, Prassanna

January 2010

<p>Random numbers are required for cryptographic applications such as IT security products, smart cards etc. Hardwarebased random number generators are widely employed. Cryptographic algorithms are implemented on FieldProgrammable Gate Arrays (FPGAs). In this work a True Random Number Generator (TRNG) employed for spaceapplication was designed, investigated and evaluated. Several cryptographic requirements has to be satisfied for therandom numbers. Two different noise sources was designed and implemented on the FPGA. The first design wasbased on ring oscillators as a noise source. The second design was based on astable oscillators developed on a separatehardware board and interfaced with the FPGA as another noise source. The main aim of the project was to analyse theimportant requirement of independent noise source on a physical level. Jitter from the oscillators being the source forthe randomness, was analysed on both the noise sources. The generated random sequences was finally subjected tostatistical tests.</p>

True random number generator

cryptography

random jitter

FPGA

VHDL

ring oscillator

astable oscillator

statistical tests

Electrical engineering

Elektroteknik

Lightweight Silicon-based Security: Concept, Implementations, and Protocols

Majzoobi, Mehrdad

16 September 2013

Advancement in cryptography over the past few decades has enabled a spectrum of security mechanisms and protocols for many applications. Despite the algorithmic security of classic cryptography, there are limitations in application and implementation of standard security methods in ultra-low energy and resource constrained systems. In addition, implementations of standard cryptographic methods can be prone to physical attacks that involve hardware level invasive or non-invasive attacks. Physical unclonable functions (PUFs) provide a complimentary security paradigm for a number of application spaces where classic cryptography has shown to be inefficient or inadequate for the above reasons. PUFs rely on intrinsic device-dependent physical variation at the microscopic scale. Physical variation results from imperfection and random fluctuations during the manufacturing process which impact each device’s characteristics in a unique way. PUFs at the circuit level amplify and capture variation in electrical characteristics to derive and establish a unique device-dependent challenge-response mapping. Prior to this work, PUF implementations were unsuitable for low power applications and vulnerable to wide range of security attacks. This doctoral thesis presents a coherent framework to derive formal requirements to design architectures and protocols for PUFs. To the best of our knowledge, this is the first comprehensive work that introduces and integrates these pieces together. The contributions include an introduction of structural requirements and metrics to classify and evaluate PUFs, design of novel architectures to fulfill these requirements, implementation and evaluation of the proposed architectures, and integration into real-world security protocols. First, I formally define and derive a new set of fundamental requirements and properties for PUFs. This work is the first attempt to provide structural requirements and guideline for design of PUF architectures. Moreover, a suite of statistical properties of PUF responses and metrics are introduced to evaluate PUFs. Second, using the proposed requirements, new and efficient PUF architectures are designed and implemented on both analog and digital platforms. In this work, the most power efficient and smallest PUF known to date is designed and implemented on ASICs that exploits analog variation in sub-threshold leakage currents of MOS devices. On the digital platform, the first successful implementation of Arbiter-PUF on FPGA was accomplished in this work after years of unsuccessful attempts by the research community. I introduced a programmable delay tuning mechanism with pico-second resolution which serves as a key component in implementation of the Arbiter-PUF on FPGA. Full performance analysis and comparison is carried out through comprehensive device simulations as well as measurements performed on a population of FPGA devices. Finally, I present the design of low-overhead and secure protocols using PUFs for integration in lightweight identification and authentication applications. The new protocols are designed with elegant simplicity to avoid the use of heavy hash operations or any error correction. The first protocol uses a time bound on the authentication process while second uses a pattern-matching index-based method to thwart reverseengineering and machine learning attacks. Using machine learning methods during the commissioning phase, a compact representation of PUF is derived and stored in a database for authentication.