1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
FEI KEMT<br />
extraction. In other words, the pr<strong>in</strong>ciple of random numbers generation has to be<br />
described for better understand<strong>in</strong>g and for better analysis of possible attacks on the<br />
TRNG.<br />
Startup Test, Onl<strong>in</strong>e Test, TOT Tests If RNG prototype <strong>in</strong> a lab generates<br />
acceptable random numbers this may not be true for each TRNG of the same type<br />
dur<strong>in</strong>g the whole operation time. The reason for this could be found <strong>in</strong> tolerances<br />
of components of the noise source, age<strong>in</strong>g effects, or outside attacks. In the worst<br />
case the TRNG breaks down totally and the output numbers are constant from that<br />
moment on. Therefore, the developer of the TRNG should implement also tests<br />
that will detect similar cases of the randomness degradation of the output bits. We<br />
dist<strong>in</strong>guish between 3 types of tests [74]:<br />
1. startup test is used to verify the pr<strong>in</strong>ciple functionality of the noise source<br />
when the TRNG has been started.<br />
2. onl<strong>in</strong>e test should detect if the quality of the random numbers is not sufficient<br />
for this particular TRNG or deteriorates <strong>in</strong> the course of the time.<br />
3. tot test (’tot’ stands for ’total failure of the noise source’) should detect a total<br />
breakdown of the noise source.<br />
Implementation of the tests For implementation of the tests one has to consider<br />
the limitations that are given by the platform on which the TRNG is implemented.<br />
Not rarely the implementation target are smart cards, or field programmable gate<br />
arrays (FPGAs) with limited memory space. Therefore the chosen tests should<br />
require only small additional logic resources. Moreover the tests should be selected<br />
accord<strong>in</strong>g to the features of the TRNG and the basic pr<strong>in</strong>ciple of the random source.<br />
It is possible to create also new tests that are more suitable for the particular TRNG<br />
and detect better the possible defects.<br />
Due to the limited memory resources of target platforms it is impossible to test<br />
the statistical properties on very long sequences (up to Mbits of data) as some tests<br />
(e.g. [97]) require. The goal is to f<strong>in</strong>d tests that are able cont<strong>in</strong>ually evaluate the<br />
quality of the random source without the need of stor<strong>in</strong>g the output bits. Require-<br />
ments which appropriate onl<strong>in</strong>e tests should fulfil are formulated <strong>in</strong> [100].<br />
Two another requirements are given on the tests. On one side we expect detection<br />
of even small deviation from ideal random source, but on the other side often random<br />
90