1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
1 Montgomery Modular Multiplication in Hard- ware
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
FEI KEMT<br />
and a harvest<strong>in</strong>g mechanism which extracts the randomness and generates truly<br />
random values.<br />
Security level of PRNG depends on complexity of the generat<strong>in</strong>g function, the<br />
period length of the generated sequence, and the amount of entropy <strong>in</strong> the seed. As<br />
a result, the pseudo-random sequences may achieve a high level of unpredictability<br />
<strong>in</strong> case of sufficient complexity of the generat<strong>in</strong>g function. However, the pseudo-<br />
random sequence has always a f<strong>in</strong>ite period and rema<strong>in</strong>s reproducible as far as<br />
<strong>in</strong>itial conditions are susta<strong>in</strong>ed.<br />
The PRNG is the only choice for soft<strong>ware</strong> implementations and thanks to de-<br />
term<strong>in</strong>istic components it attracts also the designers of electronic digital systems.<br />
Note that also pseudo-random sequence can be unpredictable when produced by<br />
cryptographically secure PRNG e.g. based on hash (one-way) functions, stream ci-<br />
phers or Blum Blum Shub pr<strong>in</strong>ciple [28]. The PRNG requires a random seed (from<br />
a TRNG or other reliable source of entropy, if available) to obta<strong>in</strong> the start<strong>in</strong>g level<br />
of entropy. As the system is determ<strong>in</strong>istic, for identical seeds the PRNG generates<br />
identical output pseudo-random sequences, too. No more entropy is added dur<strong>in</strong>g<br />
exploitation of the seed, therefore the seed’s entropy designates the unpredictability<br />
of the generated sequence.<br />
The term generator is not completely correct <strong>in</strong> case of TRNG as the randomness<br />
is not generated but rather extracted from a source of randomness (see Figure 5 –<br />
1). In TRNG the occurrence of random events is sampled by an extractor and<br />
transformed <strong>in</strong>to a sequence of numerical values usually expressed as a b<strong>in</strong>ary stream.<br />
Source of<br />
randomness<br />
A/D conversion<br />
analogue part digital part<br />
noise<br />
signal<br />
Postprocess<strong>in</strong>g<br />
digitised<br />
noise<br />
signal<br />
<strong>in</strong>ternal<br />
random<br />
sequence<br />
Output<br />
buffer<br />
external <strong>in</strong>terface<br />
random<br />
number<br />
sequence<br />
Figure 5 – 1 Schematic diagram of a TRNG with designation of <strong>in</strong>ternal signals and <strong>in</strong>terfaces<br />
The Figure 5 – 1 represents a typical design of TRNG based on a physical phe-<br />
nomenon. Us<strong>in</strong>g a proper harvest mechanism the analogue signal is converted <strong>in</strong>to<br />
its digitised form. Accord<strong>in</strong>g to statistical properties of the signal it may be required<br />
to apply a post-process<strong>in</strong>g <strong>in</strong> order to produce an <strong>in</strong>ternal random sequence. The<br />
generated sequence can be further accumulated <strong>in</strong> output buffer before leav<strong>in</strong>g the<br />
74