Security and Performance-Based Design and Evaluation Criteria for Cryptographic Random Number Generators

Öz

This study comprehensively examines security and performance-oriented selection and evaluation criteria for Random Number Generators (RNGs) used in cryptographic applications. The study analyzes the fundamental differences between Pseudo Random Number Generators (PRNGs) and True Random Number Generators (TRNGs). Within the scope of these analyses, entropy sources, statistical characteristics, and performance metrics, as well as their effects on security, are evaluated. The ability of TRNGs to meet high security requirements thanks to their hardware-dependent structures is compared with PRNGs, which offer software-based and low-cost solutions. The study evaluates various criteria ranging from minimum entropy tests to space and energy requirements. It also highlights the fundamental challenges encountered in the design and implementation of RNGs in cryptographic systems. Additionally, the fundamental security requirements encountered in RNG design and how these requirements can be met in practice are discussed in detail. In this context, PRNGs, TRNGs based on physical processes, and hybrid RNG designs are analyzed. The advantages and disadvantages of these different design paradigms are then presented in a comparative manner. In conclusion, this study delivers a framework that unifies security, performance, and design considerations for RNGs, setting a benchmark for future cryptographic research. As a result, this framework forms the foundation for the next generation of secure, efficient, and scalable cryptographic systems.

Anahtar Kelimeler

• Information security
• Cryptography
• Random number generators
• Randomness
• Entropy

Kriptografik Rasgele Sayı Üreteçlerinin Güvenlik ve Performans Temelli Tasarım ve Değerlendirme Kriterleri

Öz

Bu çalışma, kriptografik uygulamalarda kullanılan Rastgele Sayı Üreteçleri (RSÜ) için güvenlik ve performans odaklı seçim ve değerlendirme kriterlerini kapsamlı bir biçimde incelemektedir. Çalışmada, Sözde Rastgele Sayı Üreteçleri (SRSÜ) ile Gerçek Rastgele Sayı Üreteçleri (GRSÜ) arasındaki temel farklılıklar detaylı olarak analiz edilmiştir. Bu analizler kapsamında entropi kaynakları, istatistiksel karakteristikler ve performans metrikleri ile bunların güvenlik üzerindeki etkileri değerlendirilmiştir. GRSÜ’lerin, donanıma bağımlı yapıları sayesinde yüksek güvenlik gereksinimlerini karşılama kapasiteleri; buna karşılık, yazılım tabanlı ve düşük maliyetli çözümler sunan SRSÜ’ler ile karşılaştırmalı olarak ele alınmıştır. Çalışma içerisinde, minimum entropi testlerinden alan ve enerji gereksinimlerine kadar uzanan çeşitli kriterler değerlendirilmiş; kriptografik sistemlerde RSÜ tasarımı ve uygulaması sırasında karşılaşılan temel zorluklara dikkat çekilmiştir. Ayrıca, RSÜ tasarımında karşılaşılan temel güvenlik gereksinimleri ve bu gereksinimlerin pratikte nasıl karşılanabileceği ayrıntılı biçimde tartışılmıştır. Bu kapsamda, SRSÜ’ler, fiziksel süreçlere dayalı GRSÜ’ler ve hibrit RSÜ tasarımları analiz edilerek; bu farklı tasarımların avantajları ve dezavantajları karşılaştırmalı olarak sunulmuştur. Sonuç olarak, bu çalışma RSÜ’ler için güvenlik, performans ve tasarım unsurlarını bir araya getiren bir çerçeve sunarak gelecekteki kriptografik araştırmalar için bir ölçüt oluşturuyor. Böylece, güvenli, verimli ve ölçeklenebilir yeni nesil kriptografik sistemler için bir temel sağlıyor.

Anahtar Kelimeler

• Bilgi güvenliği
• Kriptografi
• Rasgele sayı üreteçleri
• Rasgelelik
• Entropi

Kaynakça

1. A. Saini, A. Tsokanos, and R. Kirner, “Quantum randomness in cryptography: A survey of cryptosystems, RNG-based ciphers, and QRNGs,” Information, vol. 13, no. 8, pp. 350–358, 2022.
2. A. Karakaya, Y. Canbay, H. İ. Bülbül, T. Tuğlular, E. Irmak, E. Kavun, and H. Takçı, Cyber Security and Defense: Biometric and Cryptographic Applications. Ankara, Turkey: Nobel Academic Publishing, 2020.
3. M. Tehranipoor, N. N. Anandakumar, and F. Farahmandi, Hardware Security Training, Hands-On!. Cham, Switzerland: Springer, 2023.
4. L. Yao, X. Wu, and H. Zhang, “DCDRO: A true random number generator based on dynamically configurable dual-output ring oscillator,” Integration, vol. 93, p. 102053, 2023.
5. A. Bikos, P. E. Nastou, G. Petroudis, and Y. C. Stamatiou, “Random number generators: Principles and applications,” Cryptography, vol. 7, no. 4, p. 54, 2023.
6. Y. Yu, “Design and security analysis of TRNGs and PUFs,” Ph.D. dissertation, KTH Royal Inst. of Technology, Stockholm, Sweden, 2022.
7. S. Yakut, “Random number generator based on discrete cosine transform based lossy picture compression,” NATURENGS, vol. 2, no. 2, pp. 76–85, 2021.
8. O. Petura, “True random number generators for cryptography: Design, securing and evaluation,” Ph.D. dissertation, Univ. de Lyon, Lyon, France, 2019.

9. K. Lee, S. Y. Lee, C. Seo, and K. Yim, “TRNG (true random number generator) method using visible spectrum for secure communication on 5G network,” IEEE Access, vol. 6, pp. 12 838–12 847, 2018.
10. Y. Chen, H. Liang, L. Zhang, L. Yao, and Y. Lu, “High throughput dynamic dual entropy source true random number generator based on FPGA,” Microelectron. J., 2024.
11. A. Saini, A. Tsokanos, and R. Kirner, “Quantum randomness in cryptography: A survey of cryptosystems, RNG-based ciphers, and QRNGs,” Information, vol. 13, no. 8, pp. 358–375, 2020.
12. A. J. Acosta, T. Addabbo, and E. Tena-Sánchez, “Embedded electronic circuits for cryptography, hardware security and true random number generation: An overview,” Int. J. Circuit Theory Appl., vol. 45, no. 2, pp. 145–169, 2017.
13. S. Yakut, T. Tuncer, and A. B. Özer, “A new secure and efficient approach for TRNG and its post-processing algorithms,” J. Circuits, Syst. Comput., vol. 29, no. 15, p. 2050244, 2020.
14. F. Ozkaynak, “Cryptologic random number generators,” Türkiye Bilişim Vakfı J. Comput. Sci. Eng., vol. 8, no. 2, pp. 37–45, 2015.
15. V. Fischer and F. Bernard, “True random number generators in FPGAs,” in Security Trends for FPGAs: From Secured to Secure Reconfigurable Systems. New York, NY, USA: Springer, 2011, pp. 1–20.
16. W. Schindler, “Random number generators for cryptographic applications,” in Cryptographic Engineering. New York, NY, USA: Springer, 2009, pp. 5–23.
17. V. Fischer, M. Deutschmann, S. Lattacher, and G. Battum, “Report on selected TRNG and PUF principles,” HECTOR Project, Tech. Rep. D2.1, Univ. Jean Monnet, 2016.
18. J. D. Golic, “New methods for digital generation and postprocessing of random data,” IEEE Trans. Comput., vol. 55, no. 10, pp. 1217–1229, 2009.
19. S. Yakut, T. Tuncer, and A. B. Ozer, “Secure and efficient hybrid random number generator based on sponge constructions for cryptographic applications,” Elektronika ir Elektrotechnika, vol. 25, no. 4, pp. 40–46, 2019.
20. Ö. Aydın and C. Kösemen, “XorshiftUL+: A novel hybrid random number generator for Internet of Things and wireless sensor network applications,” Pamukkale Univ. J. Eng. Sci., vol. 26, no. 5, pp. 953–958, 2020.
21. R. B. Naik and U. Singh, “A review on applications of chaotic maps in pseudo-random number generators and encryption,” Ann. Data Sci., vol. 11, no. 1, pp. 25–50, 2024.
22. S. Ruhault, “Security analysis for pseudo-random number generators,” Ph.D. dissertation, Ecole Norm. Supérieure (ENS), Paris, France, 2015.
23. J. Balasch et al., “Design and testing methodologies for true random number generators towards industry certification,” in Proc. IEEE 23rd Eur. Test Symp. (ETS), 2018, pp. 1–10.
24. M. Stipčević and Ç. K. Koç, “True random number generators,” in Open Problems in Mathematics and Computational Science. Cham, Switzerland: Springer, 2024, pp. 275–315.
25. F. Yu, L. Li, Q. Tang, S. Cai, Y. Song, and Q. Xu, “A survey on true random number generators based on chaos,” Discrete Dyn. Nat. Soc., vol. 2020, no. 5, pp. 1–10, 2020.
26. M. C. Belhadjoudja, “Chaos synchronization using nonlinear observers with applications to cryptography,” arXiv preprint arXiv:2108.02577, 2022.
27. A. R´enyi, “On measures of entropy and information,” in Proc. 4th Berkeley Symp. Math. Statist. Prob., 1961, vol. 1, pp. 547–561.
28. W. Killmann and W. Schindler, “A proposal for functionality classes for random number generators,” BDI, Bonn, Germany, Rep., 2011.
29. W. Schindler and W. Killmann, “Evaluation criteria for true (physical) random number generators used in cryptographic applications,” in Proc. Cryptograph. Hardw. Embedded Syst. (CHES), 4th Int. Workshop, 2002, pp. 431–449.
30. V. Fischer, “A closer look at security in random number generators design,” in Proc. Constructive Side-Channel Anal. Secure Design (COSADE), 3rd Int. Workshop, Darmstadt, Germany, 2012, pp. 167–182.
31. M. S. Turan, E. Barker, J. Kelsey, K. A. McKay, M. L. Baish, and M. Boyle, “Recommendation for the entropy sources used for random bit generation,” NIST Special Publ., vol. 800-90B, 2018.
32. B. Yang, “True random number generators for FPGAs,” Ph.D. dissertation, Dept. Elect. Eng., Arenberg Doctoral School, Leuven, Belgium, 2018.
33. L. E. Bassham et al., “SP 800-22 rev. 1a: A statistical test suite for random and pseudorandom number generators for cryptographic applications,” Nat. Inst. Standards Technol. (NIST), Gaithersburg, MD, USA, 2011.
34. W. M. Daley, C. Shavers, and R. Kammer, “Security requirements for cryptographic modules,” BOOZ-Allen and Hamilton Inc., McLean, VA, USA, Tech. Rep., 1999.
35. R. G. Brown, “Dieharder: A random number test suite,” 2013. [Online]. Available: https://webhome.phy.duke.edu/~rgb/General/dieharder.php. [Accessed: Mar. 16, 2023].
36. P. L’Ecuyer and R. Simard, “TestU01: A C library for empirical testing of random number generators,” ACM Trans. Math. Softw., vol. 33, no. 4, pp. 22–63, 2007.
37. D. E. Knuth, The Art of Computer Programming, vol. 2, 3rd ed. Boston, MA, USA: Addison-Wesley, 1999.
38. K. Gołofit, P. Z. Wieczorek, and M. Pilarz, “A chaos-metastability TRNG for natively flexible IGZO circuits,” AEU-Int. J. Electron. Commun., vol. 170, p. 154835, 2023.
39. M. Bakiri, C. Guyeux, J. F. Couchot, and A. K. Oudjida, “Survey on hardware implementation of random number generators on FPGA: Theory and experimental analyses,” Comput. Sci. Rev., vol. 27, pp. 135–153, 2018.
40. F. Frustaci, F. Spagnolo, S. Perri, and P. Corsonello, “A high-speed FPGA-based true random number generator using metastability with clock managers,” IEEE Trans. Circuits Syst. II, Exp. Briefs, 2022.
41. J. von Neumann, “Various techniques used in connection with random digits,” in Collected Works, vol. 5. New York, NY, USA: Pergamon, 1963, pp. 768–770.