1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
FEI KEMT<br />
5.4 Test<strong>in</strong>g of TRNGs<br />
Randomness of the generated numbers cannot be proven only by pass<strong>in</strong>g generally<br />
used statistical tests. Instead of that each RNG implementation has to be evaluated<br />
<strong>in</strong>dividually as an unique system. However, if the prototype <strong>in</strong> the lab generates<br />
acceptable random numbers this may not be true for each piece of TRNG of the<br />
same type dur<strong>in</strong>g the whole operation time and therefore a cont<strong>in</strong>ual test<strong>in</strong>g of the<br />
generated output is required.<br />
It is well-known that most of the attacks are directed towards the implementa-<br />
tions of the cryptographic algorithms and not to the algorithms themselves. This<br />
means that special attention should be paid to avoid all weaknesses help<strong>in</strong>g an at-<br />
tacker <strong>in</strong> break<strong>in</strong>g of a system.<br />
The topic of tests is highly accurate <strong>in</strong> case of attacks. The generators as sources<br />
of secrets, on which the security of the whole cryptosystems is based, are popular<br />
target of attacks and attempts to obscure the generated output. The topic of at-<br />
tacks is also <strong>in</strong>cluded <strong>in</strong> the chapter. Chang<strong>in</strong>g the work<strong>in</strong>g conditions may have a<br />
degrad<strong>in</strong>g <strong>in</strong>fluence on the parameters of generated sequence.<br />
In [74] an approach for the evaluation of physical random number generators<br />
is given which takes the construction of the TRNG <strong>in</strong>to account. The document<br />
presents a theory how the TRNGs used <strong>in</strong> cryptographic systems should be evalu-<br />
ated.<br />
For the TRNGs test<strong>in</strong>g we have to accept the follow<strong>in</strong>g facts [100]:<br />
• A f<strong>in</strong>al set of statistical tests may detect defects of a random source, but these<br />
tests cannot verify the randomness of the source.<br />
• Good statistical properties of the random numbers are clearly not sufficient for<br />
sensitive cryptographic applications as the generation of the keys, signature<br />
key pars or signature parameters.<br />
• The key criterion is not the statistical behavior of the numbers but their en-<br />
tropy.<br />
• For good TRNG it has to be given that the <strong>in</strong>crease of entropy per generated<br />
number is sufficiently large.<br />
In [74], there is proposed a set of tests that should be passed, <strong>in</strong>clud<strong>in</strong>g the<br />
Coron’s test of entropy <strong>in</strong>crease. In addition to the proof that the generated num-<br />
bers have desired properties, it is needed to provide an explanation of randomness<br />
89