1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
FEI KEMT<br />
and effort needed for reproduction the output is lower. Mathematical analysis of<br />
TRNGs tries to f<strong>in</strong>d determ<strong>in</strong>istic dependencies <strong>in</strong>side the extraction method caus<strong>in</strong>g<br />
pseudo-randomness.<br />
As the parameters of TRNGs are highly dependent on the implementation, at-<br />
tack<strong>in</strong>g directly the hard<strong>ware</strong> realisation can be more powerful.<br />
Implementation attacks The second group, the implementation attacks, expects<br />
a direct physical access to an implementation and is based on weaknesses caused by<br />
implementation of the RNG. Implementation attacks are further divided to passive<br />
and active attacks.<br />
Passive attacks usually called side-channel attacks, benefit from a side channel <strong>in</strong>-<br />
formation ga<strong>in</strong>ed from the physical implementation. The power consumption,<br />
execution time or electromagnetic emanations can provide additional useful<br />
<strong>in</strong>formation about RNG <strong>in</strong>ternal status or processed data.<br />
Active attacks require an <strong>in</strong>volvement of the attacker <strong>in</strong>to changes of the standard<br />
work<strong>in</strong>g conditions, operation flow or design of the orig<strong>in</strong>al implementation of<br />
the RNG. The non-<strong>in</strong>vasive active attacks apply non-permanent changes of ex-<br />
ternal parameters for RNG e.g. supply voltage, temperature, with motivation<br />
to achieve non-standard - biased RNG output. With more resources one can<br />
execute an <strong>in</strong>vasive attack and change the physical structure of the implemen-<br />
tation. The attacker tries to destroy the source of randomness and make the<br />
output of the RNG constant or to get directly the output of generator.<br />
5.6 Conclusions<br />
In this chapter we have <strong>in</strong>troduced the topic of random numbers. The extraction<br />
of random bits <strong>in</strong> digital environment is a crucial topic <strong>in</strong> the area of system imple-<br />
mentations with public-key cryptography. The randomness itself and typical three<br />
sources of randomness: noise, metastability and jitter were described. In order to<br />
provide an overview on the actual status <strong>in</strong> the research we have collected descrip-<br />
tions of the recently published design proposals and implementations of TRNG.<br />
A typical design of TRNG implemented <strong>in</strong> a digital device <strong>in</strong>cludes a source<br />
of randomness from which a digitised noise signal can be harvested by a proper<br />
mechanism. We have expla<strong>in</strong>ed the importance of research <strong>in</strong> the areas of the<br />
harvest<strong>in</strong>g mechanisms and postprocess<strong>in</strong>g. The positive results of statistical tests<br />
92