CN111897514A - TRNG evaluation method based on stochastic model and online monitoring - Google Patents
TRNG evaluation method based on stochastic model and online monitoring Download PDFInfo
- Publication number
- CN111897514A CN111897514A CN202010714678.1A CN202010714678A CN111897514A CN 111897514 A CN111897514 A CN 111897514A CN 202010714678 A CN202010714678 A CN 202010714678A CN 111897514 A CN111897514 A CN 111897514A
- Authority
- CN
- China
- Prior art keywords
- trng
- evaluation
- random
- evaluation method
- stochastic model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 44
- 238000012544 monitoring process Methods 0.000 title claims abstract description 36
- 238000004364 calculation method Methods 0.000 claims abstract description 8
- 238000004088 simulation Methods 0.000 claims abstract description 4
- 238000005070 sampling Methods 0.000 claims description 6
- 150000003254 radicals Chemical class 0.000 abstract 1
- 238000011084 recovery Methods 0.000 abstract 1
- 230000007547 defect Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000000528 statistical test Methods 0.000 description 3
- 238000000034 method Methods 0.000 description 2
- 238000012805 post-processing Methods 0.000 description 2
- 238000010972 statistical evaluation Methods 0.000 description 2
- 238000013480 data collection Methods 0.000 description 1
- 238000012938 design process Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000013139 quantization Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
Abstract
The invention discloses a TRNG (blast free radical recovery network) evaluation method based on a stochastic model and on-line monitoring, which comprises the following steps of: (1) generating an independent, uniformly distributed and unpredictable binary random sequence by utilizing a simulation noise source; (2) constructing a random model, and estimating the minimum shannon entropy value of each output bit of the TRNG; performing formal security evaluation on TRNG randomness; (3) the TRNG raw output is continuously monitored on-line. The invention selects uniformity as a statistical characteristic evaluation parameter by the on-line monitoring logic, and can obtain a related statistical characteristic evaluation result by using simple bit 1 counting logic and threshold comparison logic after collecting enough random sequences without performing complex mathematical calculation. In addition, the on-line monitoring logic provided by the invention monitors the random sequence in real time, so that a large amount of hardware overhead caused by caching the random sequence is avoided, and a large amount of low-entropy random sequences generated before evaluation failure are reduced.
Description
Technical Field
The invention relates to the field of true random number generation, in particular to a TRNG (true random number generation) evaluation method based on a random model and on-line monitoring.
Background
TRNG is a primitive used in cryptographic system chips to implement various cryptographic algorithms and protocols. TRNG, which utilizes an analog noise source in an electronic device to generate an independent, uniformly distributed and unpredictable binary random sequence as a key, initialization vector, stimulus, and the like. Most of the current security evaluations designed for TRNG involve only statistical evaluation methods, such as: after collecting a large amount of data, the raw sequence generated by the TRNG or the post-processed random sequence is statistically tested using the standard statistical test sets FIPS140-1, NIST SP 800-22, DIEHARD and DIEHARDER, etc. However, these methods of statistical evaluation are not applicable to modern security systems:
(1) post-processing in the TRNG can mask apparent randomness defects in the generated random sequence.
(2) Statistical tests performed after data collection can only evaluate the statistical quality of the random sequence and not its informatics quality (entropy).
(3) These statistical tests are complex, slow and require large data sets, so that only limited data can be statistically tested and the TRNG cannot be continuously monitored. The randomness of the TRNG may be affected by some active attacks, thereby reducing the entropy of the random sequence it generates. In order to quickly detect the failure of the TRNG to prevent too many low entropy sequences from threatening the safety of the whole system, the TRNG needs to be monitored online in real time.
The german federal information safety agency has recently proposed an AIS-31 standard for evaluating TRNGs that directs TRNG designers to more closely evaluate TRNG safety in a more comprehensive consideration of safety considerations during the design process. AIS-31 requires the use of on-line monitoring logic to detect statistical defects in internal random numbers. In addition, NIST 800-90B also requires that a corresponding stochastic model be built for TRNGs and that the on-line monitoring logic monitor the raw stochastic sequence before post-processing in real time, i.e. TRNGs for cryptographic applications must meet several requirements:
(1) the design is simple, and the source of randomness is determined.
(2) And establishing a random model, and performing form safety evaluation on TRNG randomness based on a probability theory.
(3) The raw output signal output by the entropy source is continuously monitored on-line.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the problems, the invention provides a TRNG evaluation method based on a random model and online monitoring, which is used for constructing the random model to carry out formal security evaluation on TRNG randomness and continuously monitoring an original output signal output by an entropy source on line.
The technical scheme is as follows: in order to realize the purpose of the invention, the technical scheme adopted by the invention is as follows: a TRNG evaluation method based on stochastic model and on-line monitoring comprises the following steps:
(1) generating an independent, uniformly distributed and unpredictable binary random sequence by utilizing a simulation noise source;
(2) constructing a random model, and estimating the minimum shannon entropy value of each output bit of the TRNG; performing formal security evaluation on TRNG randomness;
(3) the TRNG raw output is continuously monitored on-line.
Further, the step 2 comprises:
(2.1) constructing a random model, and initializing input parameters of the random model;
(2.2) sampling each bit output of the TRNG by using a digital sampling module;
and (2.3) estimating the minimum shannon entropy value of each output bit of the TRNG, and performing form safety evaluation on TRNG randomness.
Further, the step 3 comprises:
(3.1) collecting original random sequences by using a finite state machine;
and (3.2) performing parameter calculation and characteristic evaluation by using uniformity monitoring logic, and sending a pass or fail signal according to an evaluation result.
Further, in the step 2.2, the following steps can be replaced: each bit is output exclusive-or and then sampled.
Further, in step 2.3, the shannon entropy value of the output bit is close to 1, and the TRNG randomness is considered to be ideally unpredictable.
Further, in the step 3.1, whether the count value is greater than or equal to N is judged; when enough original random sequences which are more than or equal to N are collected, carrying out the subsequent steps; otherwise, the collection work is continued.
Further, in step 3.2, after collecting enough random sequences, a simple bit "1" counting logic is used and compared with a threshold value set in advance to obtain a characteristic evaluation result, and a uniformity fault warning signal is generated.
Further, in step 3.2, the uniformity monitoring logic performs parameter calculation and characteristic evaluation by using a serial adder and a subtractor.
Has the advantages that: the invention selects uniformity as a statistical characteristic evaluation parameter by the on-line monitoring logic, and can obtain a related statistical characteristic evaluation result by using simple bit 1 counting logic and threshold comparison logic after collecting enough random sequences without performing complex mathematical calculation. In addition, the on-line monitoring logic provided by the invention monitors the random sequence in real time, so that a large amount of hardware overhead caused by caching the random sequence is avoided, and a large amount of low-entropy random sequences generated before evaluation failure are reduced.
Drawings
FIG. 1 is a flow chart of a TRNG evaluation method based on stochastic model and on-line monitoring;
FIG. 2 is a block diagram of online monitoring logic;
fig. 3 is uniformity detection logic.
Detailed Description
The technical solution of the present invention is further described below with reference to the accompanying drawings and examples.
As shown in fig. 1, the TRNG evaluation method based on stochastic model and online monitoring according to the present invention includes the steps of:
(1) a true random number generator TRNG, which utilizes a simulation noise source to generate an independent, uniformly distributed and unpredictable binary random sequence;
(2) constructing a random model for estimating the minimum Shannon entropy value of each output bit of the TRNG; performing formal security evaluation on TRNG randomness;
(2.1) constructing a random model, and initializing input parameters of the random model;
and (3) assuming that the delay of the LUT units on the FPGA platform is normally distributed, simulating the jitter of the entropy source design, and fitting Gaussian parameters for input parameters of a random model to estimate the minimum Shannon entropy value of the TRNG original output.
(2.2) sampling each node output of the TRNG by using a digital sampling module according to a reference clock;
or, each node is sampled after being subjected to exclusive OR output, and the output entropy value is improved. That is, the original sequence generated by the TRNG or the post-processed random sequence is estimated.
(2.3) estimating a minimum shannon entropy value of each output bit of the TRNG; further, formal security assessment is performed on TRNG randomness.
The minimum shannon entropy value of the stochastic model is a function of some characteristic parameters in the TRNG, the minimum shannon entropy value evaluated by the stochastic model is used as an indicator of quantization unpredictability, and if the shannon entropy value of each output bit is close to 1, the output of the TRNG can be considered to be ideally unpredictable.
(3) As shown in fig. 2, the TRNG raw output is continuously monitored on-line;
and carrying out online monitoring on TRNG raw output, and timely finding unpredictable randomness defects to ensure that the entropy source works as expected. The on-line test logic comprises a finite state machine, and firstly, enough random sequences need to be collected, then relevant statistical characteristic parameters are calculated, and finally, a pass or fail signal is sent according to an evaluation result.
(3.1) collecting enough original random sequences by using a Finite State Machine (FSM);
judging whether the count value is greater than or equal to N; when enough original random sequences which are more than or equal to N are collected, carrying out the subsequent steps; otherwise, the collection work is continued.
(3.2) performing parameter calculation and characteristic evaluation by using uniformity monitoring logic, and finally sending a pass or fail signal according to an evaluation result;
the correlation statistical property evaluation results are obtained using simple bit "1" count logic and threshold comparison logic after sufficient random sequences are collected. The uniformity monitoring logic continuously calculates the shannon entropy of the entropy source after counting N bits, and then compares with a preset threshold value to generate a uniformity fault warning signal.
And in the parameter calculation and characteristic evaluation stage, the uniformity monitoring logic is used for continuously monitoring the statistical characteristics of the entropy source, so that the randomness of the output of the entropy source is ensured. As shown in fig. 3, the uniformity monitoring logic includes a serial adder and subtractor, a register, and a comparator.
The uniformity on-line monitoring logic adopts a serial adder and a subtracter to continuously calculate and evaluate the statistical characteristics of the TRNG original random sequence, and meanwhile, a large number of random sequences do not need to be cached in advance and complex floating point operation does not need to be carried out, so that the hardware cost is greatly reduced.
According to the invention, the on-line monitoring logic of 8-4096 bit sequences is realized according to the actual application requirement of TRNG to generate random numbers, and the TRNG is adjusted according to the result modeled by the random model so as to meet the safety requirement of TRNG design.
Claims (8)
1. A TRNG evaluation method based on stochastic model and on-line monitoring is characterized by comprising the following steps:
(1) generating an independent, uniformly distributed and unpredictable binary random sequence by utilizing a simulation noise source;
(2) constructing a random model, and estimating the minimum shannon entropy value of each output bit of the TRNG; performing formal security evaluation on TRNG randomness;
(3) the TRNG raw output is continuously monitored on-line.
2. The stochastic model and online monitoring based TRNG evaluation method of claim 1, wherein the step 2 comprises:
(2.1) constructing a random model, and initializing input parameters of the random model;
(2.2) sampling each bit output of the TRNG by using a digital sampling module;
and (2.3) estimating the minimum shannon entropy value of each output bit of the TRNG, and performing form safety evaluation on TRNG randomness.
3. The stochastic model and online monitoring based TRNG evaluation method of claim 1, wherein the step 3 comprises:
(3.1) collecting original random sequences by using a finite state machine;
and (3.2) performing parameter calculation and characteristic evaluation by using uniformity monitoring logic, and sending a pass or fail signal according to an evaluation result.
4. The stochastic model and online monitoring based TRNG evaluation method of claim 2, wherein in step 2.2, the alternatives are: each bit is output exclusive-or and then sampled.
5. The stochastic model and online monitoring based TRNG evaluation method of claim 2, wherein in step 2.3, when the shannon entropy value of the output bit is close to 1, TRNG randomness is considered to be ideally unpredictable.
6. The stochastic model and online monitoring based TRNG evaluation method of claim 3, wherein in step 3.1, it is determined whether the count value is greater than or equal to N; when enough original random sequences which are more than or equal to N are collected, carrying out the subsequent steps; otherwise, the collection work is continued.
7. The stochastic model and online monitoring based TRNG evaluation method of claim 3, wherein in step 3.2, after enough random sequences are collected, a characteristic evaluation result is obtained using simple bit "1" count logic and compared with a threshold value set in advance, and a uniformity failure warning signal is generated.
8. The stochastic model and online monitoring based TRNG evaluation method of claim 3, wherein in step 3.2, the uniformity monitoring logic performs parameter calculation and characteristic evaluation using a serial adder and subtractor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010714678.1A CN111897514A (en) | 2020-07-23 | 2020-07-23 | TRNG evaluation method based on stochastic model and online monitoring |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010714678.1A CN111897514A (en) | 2020-07-23 | 2020-07-23 | TRNG evaluation method based on stochastic model and online monitoring |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111897514A true CN111897514A (en) | 2020-11-06 |
Family
ID=73190428
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010714678.1A Pending CN111897514A (en) | 2020-07-23 | 2020-07-23 | TRNG evaluation method based on stochastic model and online monitoring |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111897514A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1662375A1 (en) * | 2004-11-30 | 2006-05-31 | Infineon Technologies AG | Random number generator and method for testing a random number generator |
| CN109508174A (en) * | 2018-11-05 | 2019-03-22 | 杭州电子科技大学 | A kind of single-stage real random number generator |
| CN111190570A (en) * | 2018-11-15 | 2020-05-22 | 北京创原天地科技有限公司 | High-quality random number generator and random number generation method |
-
2020
- 2020-07-23 CN CN202010714678.1A patent/CN111897514A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1662375A1 (en) * | 2004-11-30 | 2006-05-31 | Infineon Technologies AG | Random number generator and method for testing a random number generator |
| CN109508174A (en) * | 2018-11-05 | 2019-03-22 | 杭州电子科技大学 | A kind of single-stage real random number generator |
| CN111190570A (en) * | 2018-11-15 | 2020-05-22 | 北京创原天地科技有限公司 | High-quality random number generator and random number generation method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Robust fault detection for switched linear systems with state delays | |
| US6947960B2 (en) | Randomness test utilizing auto-correlation | |
| JP4263623B2 (en) | Monobit run frequency online randomness test | |
| Ozkaynak | A novel random number generator based on fractional order chaotic Chua system | |
| CN108445759B (en) | Random fault detection method for networked system under sensor saturation constraint | |
| Weerakkody et al. | A moving target approach for identifying malicious sensors in control systems | |
| Tiri et al. | Changing the odds against masked logic | |
| WO2014205369A1 (en) | Signal transition analysis of a circuit | |
| JP2005523497A (en) | Hadamard transform online irregularity test | |
| Zhou et al. | Research of network traffic anomaly detection model based on multilevel autoregression | |
| US20030156713A1 (en) | On-line randomness test for detecting irregular pattern | |
| Feiten et al. | # SAT-based vulnerability analysis of security components—A case study | |
| CN111897514A (en) | TRNG evaluation method based on stochastic model and online monitoring | |
| CN111427541B (en) | Machine learning-based random number online detection system and method | |
| JP4263622B2 (en) | Gap average online randomness test | |
| KR20180106358A (en) | Preventive maintenance simulation system and method | |
| US20030187889A1 (en) | Functional gap average on-line randomness test | |
| Tang et al. | MPFA: an efficient multiple faults-based persistent fault analysis method for low-cost FIA | |
| KR102274995B1 (en) | Method for augmentation partial discharge data using generative adversarial network | |
| US9361197B2 (en) | Pseudo-random error insertion for network testing | |
| CN108710561B (en) | Power burr fault attack evaluation platform for true random number generator | |
| Ergün | Predicting the secret parameters of a chaotic random number generator from time series | |
| CN112912838B (en) | Random number generation device and method | |
| KR102591867B1 (en) | METHOD AND RECORDING MEDIUM FOR BLOCK CHAIN PoW USING POWER TRACE INFORMATION | |
| Shi | A novel model for assessing network risks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |