Improving Security for Elliptic Curve Implementations on Smart Cards: A Random Number Generator Test Unit

(1)

Improving Security For Elliptic Curve Implementations

on Smart Cards:

A Random Number Generator Test Unit

Vom Fachbereich für Physik und Elektrotechnik der Universität Bremen

zur Erlangung des akademischen Grades eines

DOKTOR-INGENIEURS (Dr.-Ing.)

genehmigte Dissertation

von

Andrew Weigl, M.E.Sc.

aus Bremen

Referent: Professor Dr.-Ing. W. Anheier

Koreferent: Professor Dr.-Ing. R. Laur

Eingeriecht am: 05.04.2006

(2)

(3)

CONTENTS i

Abbreviations

BSI Bundesamt für Sicherheit in der Informationstechnik BMS Binary Memoryless Source

CISC Complex Instruction Set Computer

CMOS Complementary Metal Oxide Semiconductor CPU Central Processing Unit

DES Data Encryption Standard DSA Digital Signature Algorithm

ECDSA Elliptic Curve Digital Signature Algorithm EC-AES Elliptic Curve Autheication Encryption Scheme ECC Elliptic Curve Cryptography

EEPROM Electrically Erasable Programmable Read-Only Memory EPROM Erasable Programmable Read-only Memory

FIPS Federal Information Processing Standards GSM Global System for Mobile communications GUT Generator Under Test

HMAC keyed-Hashing Message Authentication Code HCC Hyper-elliptic Curve Cryptography

ISO International Organization for Standardization LSB Least Significant Bit

(8)

vi CONTENTS

NIST National Institute of Standards and Technology NSA National Security Agency

PRNG Pseudorandom Number Generator PROM Programmable Read-only Memory PTT Posal and Telecom services

PVC Poly-vinyl Chloride

RAM Random Access Memory

RISC Reduced Instruction Set Computer

ROM Read-Only Memory

RP-RNG Repeating Pattern Random Number Generator RSA Rivest, Shamir, and Adleman cryptosystem

SRAM Static RAM

ST Source Transition

USB Universal Serial Bus

VHDL Very High Speed Integrated Circuit Hardware Description Language

XOR Exclusive-Or

(9)

CONTENTS vii

Acknowledgements

I would like to offer special thanks to the following people for without their help this thesis would not have been possible. To my supervisor, Professor Anheier, for the opportunity and the advice. To my parents, who have guided and supported me all my life. To David Lubicz, for his discussions into the mathematics of random numbers and random number generators. To the AREHCC team and particularly Philips Semiconductor for introducing me to the problem of testing random number generators on smart cards. To Volker Meyer, for his help with editing my thesis and to all my friends for their support and suggestions.

(10)

(11)

1

Chapter 1 Introduction

In 1965 Gordon Moore, co-founder of Intel, made the observation that the number of transistors per chip doubles every eighteen months. This was picked up by the media and dubbed “Moore’s Law.” Moore’s observation highlights the exponential growth in computer computation power. While this is good news for home computer users and the public in general, the growth does present problems for people who wish to maintain the integrity and security of their data.

Security protocols are measured by calculating the approximate time it takes to crack the system by using brute trail-and-error methods. The judgment is based on current computer pro-cessing power. For a given protocol a suggested key length is given that allows for “reasonable” security. The current suggested length for the RSA1 cryptosystem is 1024 bits; however, this will be upgraded to 2048 bits key within the next five years. The problem with larger keys is that they require more computational power to process. Long key lengths are not a problem for large computer systems, but this is not the case for small microprocessors, like those used in smart cards.

Smart cards are finding wider acceptance in customer electronics that require either secure data transmission, identification, or both. A smart card is a plastic or Poly-Vinyl-Chloride (PVC) card with an incorporated microprocessor. It ranges in complexity from a simple memory stor-age device to a complex microprocessor. Smart cards are also increasing in calculation power, but they have a more restricted working environment than their larger microprocessor siblings, for example, the microprocessor power supply. The power consumption for desktop computer Central Processing Unit (CPU) has increased with the increase in computational power, for smart cards, work is under way to try and reduce the power consumption.

Current and future smart cards will be a hybrid between contact and contactless cards. For contact cards, power is available to the processor through the terminals and contacts. Contactless cards use induction methods to supply their power but it does not achieve the same levels of power as is available through the contacts. This sets a limit on the design: it needs low power consumption or else the whole chip has to be clocked at a lower frequency.

(12)

2 CHAPTER 1. INTRODUCTION

Not only is the hardware improving for cryptographic applications but new methods and sys-tems are being researched and discovered. In 1985 Neal Koblitz and Victor Miller independently discovered a public-key cryptographic method that used the algebra of elliptic curves. This new method is able to provide, with a given key length, the same level of security as far larger RSA keys. For example, a 160-bit length key in Elliptic Curve Cryptography (ECC) provides the equivalent security to a 1024-bit RSA key. The shorter key requires less memory and processor resources. For the smart card application, research is now focused on elliptic curves and, the next step, hyperelliptic curves. Currently, the ECC is more computationally intensive than the RSA algorithm; however, new hardware and software implementations plus calculation methods bring the ECC processing requirements closer to what is required for RSA. Benefits will be seen with the next jump in RSA key sizes, since the next recommended level is a key length of 2048-bits, whereas the ECC system only needs a key length of 224-bits.

1.1 Motivation

A very important, but often overlooked aspect of cryptography, is the initial seed value for cryp-tographic algorithms. When using encryption applications it is suggested that the designer use known algorithms and parameters, since these have undergone rigorous testing in the public. Usually only military applications have modified or new cryptographic algorithms provided by special governmental departments like the National Security Agency (NSA) or the Bundesamt für Sicherheit in der Informationstechnik (BSI).

Using a published asymmetric algorithm results in an attacker potentially having the algo-rithm, the parameters, the public key, and the encrypted message when trying to decipher the encrypted message. The only secret aspect lies in the private key, which is produced by a random number generator (RNG).

Random number generators have a long history, but it was not until the advent of the mi-crocomputer that they became use in normal applications. Today, there are two main classes of random number generators: the true and pseudorandom number generator. A true RNG incorpo-rates a natural source of entropy and is indeterminate, since it is not known when the next impulse or bit will arrive. A pseudorandom number generator (PRNG) is a deterministic equation that mimics the properties of a true RNG. The benefit of a PRNG is that it is fast and the results are repeatable. Most applications that use RNGs are built with some form of PRNG.

Regardless of the type of RNG if it is to be used in an application it needs to have four prop-erties: independent output bits, a long period, uniform distribution and efficient bit generation. These four factors are used to judge a good RNG. Random number generators used for crypto-graphic applications require an extra property, they need to be unpredictable even when knowing the algorithm and output sequence.

(13)

1.1. MOTIVATION 3

an attacker can change or influence the RNG, they may be able to reduce the possible range of keys generated, which is a reduction in the RNG period. This allows the attacker to perform a brute force attack on the cryptographic algorithm, whereby they test all possible key combina-tions in the reduced key space.

It is impossible to determine exactly if a random number generator is functioning correctly; however, there do exists mathematical models that can be used with statistical analysis to com-pare the generator’s output to what a true RNG would produce. A characteristic trait from the Generator-Under-Test (GUT) is selected and using hypothesis testing this characteristic is com-pared to the results from a true RNG. If the results fall outside the acceptance range, the RNG is rejected as being non-random; however, if it is in the acceptance range, it is only accepted as random for the characteristics tested. This acceptance is not a proof of randomness.

The operations used to calculate the statistical acceptance or rejection are heavy loads for the processor. On modern personal computers this does not present a problem due to the large processor and memory storage resources, but on small, microprocessor capable devices there is not much processing power and memory. For example, smart cards are limited in their processing power, memory, size, and allowable power consumption. Therefore, as a result smart cards are not fully capable of implementing all RNG testing in software or hardware.

Older style smart cards require contact to a power source, but newer style cards are either contactless or a hybrid of contact and contactless cards. This forces any new circuitry addition to the card to have low power consumption requirements. For smart cards the most important characteristic of any new hardware design is the power consumption, followed closely by design area and time delay. Smart card processors have a limited surface area to be deployed on and a large portion of this is used by memory. A circuit design’s time delay is a measure of its maximum operating speed. If it cannot handle the processor speed, then it becomes the bottle neck that slow down the whole processor.

Current RNG tests are designed mainly for software implementations. Some common pub-lished test suites are the NIST SP800-42, FIPS 140-2, and the Diehard test group. A common standard used by manufacturers for RNG testing is the FIPS 140-2 group. It is a combination of four tests (poker, frequency, runs, and longest runs) that analyse a sequence of 20000 bits. If any of the tests fails, the FIPS 140-2 group reports that the RNG is rejected and non-random.

For security and marketing reasons, smart card manufacturers want to be able to implement standards in their products. In the case of testing the smart card RNG, the main standard is the FIPS 140-2; however, current processors and RNGs running software RNG tests are not powerful enough to fulfill the FIPS requirements. In order to achieve the same level of security new solutions need to be applied. This thesis proposes a new online hardware test unit for the smart card environment that operates during the initialization phase. The first design step is an investigation into the hardware characteristics of eight random number generator tests. The tests are implemented in VHDL using SynopsysTM _{tools. The power consumption, area, and}

(14)

4 CHAPTER 1. INTRODUCTION

time delay information garnered from these tests are used to classify the tests, hardwarewise, as complex or simple.

The hardware characteristics are not enough to judge which tests should be applied to the online test unit. Efficient hardware implementation of the random number generator test is only one aspect of finding an efficient online RNG test unit. The number of tests implemented in the test unit need to be as few as possible with a sample sequence of minimum length that has no loss in quality. To judge both criteria a simulator is required. A simulator has been programmed in MatlabTM _that_{examines each test individually and in groups, and looks at how they compare to}

the results of the FIPS 140-2 standard. The simulator simultaneously measures the response of the test(s) using sample sequences varying from 25 to 100000 bits. Each test reaches a minimum sample sequence length where the underlying model does not fit anymore. At this point the test has reached its minimum sequence length for testing of that failure type. From this information a judgment is made on the best test or test combination for each RNG failure type plus a minimum sample sequence. The thesis also includes a recommeded online RNG test unit design. It is only a recommendation, since each manufacturer has to do its own security hardware requirement balance to match with the exact usage of their cards.

1.2 Previous Work

The first step taken in this thesis was to determine what research has already occurred in this field and what solutions were already available. After interviewing an employee at a smart card manufacturer, it was found that they used a simple exclusive-or operation between generated bits as their test method. This catches catastrophic failure, but it leaves open the possibility of other failures like repeating pattern or outside frequency interference.

A literature and patent search revealed very little information . There were seven patents for online testing of random number generators [Har03g, Har03f, Har03e, Har03b, Har03a, Har03c, Har03d]; however, they were software solutions in C++.

The solutions found are not acceptable test solutions that operate during the initialization of the smart card. No other literature or patents have been found that dealt with the hardware implementation of online RNG tests.

1.3 Contents of the Thesis

In the following chapter, the thesis starts with an introduction into smart card technology. This provides the basic framework from which the boundary conditions for the Test Unit design are gathered. Chapter 3 is an introduction to a cryptographic system where random numbers play an important role. This chapter emphasizes the importance of random numbers and why it is imperative that the RNG is working properly. Before going into the theory of testing RNGs,

(15)

1.3. CONTENTS OF THE THESIS 5

Chapter 4 begins with the theory of random binary sequences and their generators. After this, the statistical theory for testing RNGs is introduced. Chapter 5 is the first part of the solution to find the optimum RNG test unit for smart cards. The hardware characteristics of eight test are examined. The second part to the Test Unit solution continues in Chapter 6, where a sim-ulator is presented to judge which test should be implemented and the minimum length of the sample sequence for each failure type. In Chapter 7 an analysis of the results from the previous two chapters is done to determine the optimum smart card test unit. The designed test unit is compared to the original FIPS standard unit. The thesis is then summarized and further study remarks are given in Chapter 8.

(16)

(17)

7

Chapter 2 Smart Cards

Although smart cards are now very common, the technology is still very new, with the first smart cards appearing in the 1970’s. Since then, their evolution has been very rapid. Smart cards have advanced from simple memory cards to very efficient “microcomputers” with multiple applica-tions. Equipped with a microcontroller, these cards are able to store and protect information using cryptographic algorithms. They are also resistant to physical stresses such as twisting and bending. The physical structure of the smart card consist of a small plastic rectangle with a magnetic stripe, holograms, relief characters and an embedded chip. They are small, and easy to use and carry. The security and portability of smart cards provide a safe, reliable, convenient, and effective way to ensure secure transactions (banking, e-business, etc.), and to enable a broad range of applications. Thus, modern smart cards can actually be used in any system that needs security and authentication. They have been proven to be an ideal means of making high-level security available to everyone. This chapter aims to present an overview of today’s smart card technology and show the limitations that smart card manufacturers must take into account when implementing cryptographic algorithms, for example, elliptic or hyperelliptic curve algorithms, in a smart card environment.

2.1 History

In the beginning of the 1950’s, the first plastic (PVC) cards appeared in the USA as a substitute for paper money. They were initially aimed at the rich and powerful, and were only accepted by prestigious hotels and restaurants. These cards were very simple with the owner’s name printed in relief, and sometimes the handwritten signature was added. These cards provided a more con-venient payment system than paper money. With the involvement of VISATM and MasterCardTM

in plastic money, credit cards spread rapidly around the world. Later a magnetic stripe was added to reduce fraud and to increase security. Confidential digitized data was stored on this stripe, but this information was accessible to anyone possessing the appropriate card reader. Between 1970 and 1973 there was a significant development in plastic cards with the addition of microcircuits

(18)

8 CHAPTER 2. SMART CARDS

to the card. Many patents were filed during this time; the best known inventors include: J. Deth-leff, K. Arimura, and R. Moreno. The term “smart card” was proposed by R. Bright. It was not until 1984 that the smart card was first put into commercial use by the French PTT (postal and telecom services) with their first telephone cards (smart cards with memory chips). By 1986, millions of these smart cards were sold in France and other countries. After telephone cards, the next big application was their use as banking cards. This development was more difficult because they contained more complicated chips that were able to compute cryptographic calculations. A number of ISO standards were created to encourage interoperability of smart cards. By 1997, bank cards were widely used in France and Germany. The microcontrollers continued to advance and became more powerful with larger memory capacity. This allowed for sophisticated cryp-tographic algorithms, providing higher levels of security. Nowadays, smart cards are present all over the world, and their use is likely to spread even further.

2.2 Smart Card Properties

Smart cards are physically similar to the classic embossed plastic cards. The older model cards are used as the base design for the newer smart cards. There are two different categories of smart cards: memory only cards, which are the cheapest and the simplest, and the microprocessor cards, which are more expensive, but have more applications and security features. The structure of smart cards is standardized by ISO, principally: ISO 7816 [gro99a, gro99b, gro99c, gro99d], and ISO 7810[gro95].

The following sections look at the different aspects of the smart card properties.

2.2.1 Physical properties

The most widely used smart card format, ID-1, is part of the 1985 ISO 7810 standard [gro95]. Most smart cards are made from PVC (Polyvinyl Chloride), which is also used for credit cards. Some are made from ABS (Acrylonitrile-Butadiene-Styrol), but they cannot be embossed; an example application is the mobile phone card.

The body of the card includes the following components: magnetic stripe, signature strip, embossing, imprinting of personal data (picture, text, fingerprint), hologram, security printing, invisible authentication features (fluorescence, UV), and a microprocessor chip.

The chip module and its embedding

The chip module, also called the micromodule, is the thin gold contact seen on the left side of the smart card. This module needs to be firmly attached to the plastic of the card. Its purpose is to protect the card and the microprocessor chip. The contacts for contact-type smart cards can also be in the chip module.

(19)

2.2. SMART CARD PROPERTIES 9

Many embedding techniques have been tested and used with the aim to optimize overall card resilience to everyday physical and mechanical stresses (temperature abrasion, twisting, bending, etc.) while the keeping production costs as low as possible.

Contact and Contactless Cards

There are two main ways a smart card can communicate with the card terminal: through physical contact or by using a contactless connection. The contact cards were the first types of smart cards on the market. However, with new advances in microcircuit technology, contactless cards have become physically feasible.

Contact Card

This is currently the most common type of card. It communicates via a card reader where the information passes through the contacts. There are metal contacts inside the card reader and on the chip module of the smart card. The position and dimensions of these contacts (power supply, data transfer, etc.) are set in the ISO 7816-2 standard [gro99b]. Another standard, AFNOR, is still in use by some cards in France, but is likely to disappear in the near future.

C 3 C 2 C 1 C 4 C 8 C 5 C 6 C 7 GND I/O VPP RESET VCC CLK RFU RFU

Figure 2.1: Pin layout for contact smart cards.

There are 8 contact areas C_1...C8:

C1: Supply voltage, VCC C5: Ground, GND

C2: Reset C6: External voltage programming

C3: Clock, CLK C7: Input/Output for serial communication

(20)

Contactless Card

These cards contain special circuits, which allow data transmission over short distances with-out mechanical contact and withwith-out a direct supply of power. This technology is not new but is difficult to apply to smart cards. At the moment it is not possible to incorporate a battery into the card due to the size and thickness of the card, but research is ongoing to overcome this problem. Not only is there a problem supplying power to the smart card circuits, but data and clock signals also need to be transmitted between the card and the terminal. The technique of capacitive and inductive coupling, at this time, is the most suitable for smart cards and has been standardized in ISO/IEC 14443 [gro00]. This standard presents a method for capacitive and inductive coupling where the card’s conductive surfaces act as capacitor plates. One or several coupling loops are integrated into the card to receive energy from the terminal. A carrier frequency in the range of 100-300 kHz is used, which allows very rapid transmission.

Dual Interface or “combi cards”

In the future it is likely that “combi-cards” will become more common. They combine the advantages of contact and contactless cards. In ISO/IEC 10536 the application is described as "slot or surface operation." Depending on the operation, the card must either be inserted in a slot to make contact or placed on a certain surface for contactless transaction. This type of card allows applications such as credit, debit, membership, and mass transit to be used on the same card.

2.2.2 Electrical properties

The electrical properties of a smart card depend on its embedded microcontroller, since this is the only component of the card with an electrical circuitry. The basic electrical requirements are defined by the ISO/IEC 7816-3 standard, Part 3: Electronic signals and transmission protocols [gro99c]. Electrical characteristics and class indication for operating at 5 V, 3 V, 1.8 V are de-scribed within Amendment 1. Amendment 2, which describes an USB interface for smart cards, is currently under preparation. The GSM mobile telephone network (GSM 11.11) should be men-tioned here, because it also contributes to the requirements in this area. Further modifications of the ISO/IEC 7816 standard are driven by the UMTS specification.

Supply Voltage

A smart cards supply voltage is 5 V, with a maximum deviation of_{±10%. This voltage, which is} the same as that used for conventional transistor-transistor-logic (TTL) circuits, is standard for all cards currently on the market. Since all modern cellular telephones are built on 1.8 V technology (GSM 11.18), modern smart cards are designed for a voltage range of 1.8-5 V ±10%, which

(21)

2.2. SMART CARD PROPERTIES 11

Specification ISO 7816-3 GSM

Notation Class A Class B GSM 11.11 GSM 11.12 GSM 11.18

Supply voltage 5 V 3 V 5 V 3 V 1.8 V

Supply current 60 mA 50 mA 10 mA 6 mA 4 mA

Frequency 5 MHz 4 MHz 5 MHz 4 MHz 4 MHz

Power consumption 300 mW 150 mW 50 mW 18 mW 7.2 mW

Table 2.1: Smart card power consumption specified by ISO 7816 and the GSM specifications [WW00].

results in an effective voltage range of 1.6-5.5 V. They can be used in both, 1.8 V and 5 V terminals, to keep the advantage of simple and straightforward card usage.

Supply Current

The built-in microcontroller obtains its supply voltage via contact C1 (see Figure 2.1). According to the GSM 11.11 specification, the current may not exceed 10 mA, so the maximum power dis-sipation is 50 mW, with a supply voltage of 5 V and an assumed current consumption of 10 mA. Table 2.1 gives an overview of the actually defined maximum power consumption classes, spec-ified by ISO 7816 and GSM.

The current consumption is directly proportional to the clock frequency used, so it is also possible to specify the current as a function of the clock frequency: Dynamic Power = CV2_{f ,} where C is the load, V is the voltage swing, and f is the frequency [SS91]. State-of-the-art smart card microcontrollers use configurable internal clock frequencies for their processor and their arithmetic coprocessor. Hence, the current consumption is not only dependent on the external clock, but also on the given configuration of the microcontroller itself and the setting of the coprocessor. The coprocessor can be programmed to keep power consumption under a set value, for example, the GSM values.

2.2.3 Memory

Smart cards can be divided into two main components: the processor (including coprocessor) and memory. Memory can be sub-divided into volatile and non-volatile memory. Figure 2.2 shows the different types of volatile and non-volatile memory. Since the smart card needs to be able to function as an independent unit, most cards will be found with a combination of RAM, ROM, and EEPROM.

Read-only Memory (ROM)

ROMs are non-volatile memory that can be randomly accessed during reading. There is no limit to the number of times the memory can be read, but it can only be written during production. This type of memory requires no voltage to hold the information, so when the power is disconnected,

(22)

Memory types found in smart cards

Non-volatile Memory Volatile Memory ROM PROM EPROM EEPROM Flash EEPROM FRAM RAM

Figure 2.2: Types of memory found in smart cards [WW00].

the data is still retained. This is excellent memory for storing vital programs that the smart card needs to run, like the operating system and the diagnostic functions. The data is imprinted onto the chip by using lithographic techniques. ROM cells require the least amount of area per cell compared to other available types of memory.

Random Access Memory (RAM)

RAM is the work area for the smart card. It can quickly read and write data, and there is no limit to the number of writes a RAM cell can handle. However, since it is volatile memory, constant power needs to be supplied, or otherwise the contents will be lost. The method for accessing this memory is what gives it its name; random access means that the memory is selected and directly accessed without having to sequentially traverse the memory block.

In smart cards, the most common form of RAM is static RAM (SRAM), which, unlike dy-namic RAM (DRAM), does not need to be periodically refreshed. SRAM has flip-flops as the basic component while DRAM uses capacitors with refresh circuitry.

Smart card chip designers try to keep the amount of RAM to a minimum, since it requires a large area per cell. Indeed, RAM cells require seventeen times more area than a ROM cell [WW00].

Programmable Read-only Memory (PROM)

Programmable read-only memory is similar to ROM in that once it has been written to it can-not be rewritten. The difference is that the code does can-not need to be written with lithographic techniques. PROM has a serious drawback; access needs to be granted to the address, data and

(23)

2.2. SMART CARD PROPERTIES 13 i a) Preprogrammed (1) b) Programmed (0) v GS D Sensed voltage

Figure 2.3: Threshold voltage curves for programmed and preprogrammed state [SS91].

p substrate Depletion layer Source n+ Drain n+ Oxide Select gate n channel Floating gate +25V +16V

Figure 2.4: EPROM during programming [SS91].

control buses for the writing process. This leaves a security hole in the smart card that a hacker could use to read the data stored on the chip. PROM is not used in smart cards because of this vulnerability.

Erasable Programmable Read-only Memory (EPROM)

An EPROM is essentially an n-channel MOSFET (Metal-Oxide-Semiconductor Field Effect Transistor) with an extra polysilicon gate called the floating gate. Initially, the EPROM finds itself in a preprogrammed state where the device has an iD− vgs characteristic similar to the

n-channel MOSFET. The threshold voltage is relatively low, as can be seen in Figure 2.3 a). This state is generally labeled as state “1.”

In order to program the EPROM, a large voltage needs to be applied, around 16 to 20 V, between the drain and source (see Figure 2.4). Simultaneously, on the select gate a voltage of approximately 25 V needs to be applied. Since smart card controllers use a supply voltage between 3 and 5 V, a cascaded voltage-multiplier circuit, or charge pump, needs to be used to generate the required voltage levels.

The device acts as a regular n-channel enhancement MOSFET when there is no charge present on the floating gate. With the voltages present, a tapered n-type inversion layer is formed

(24)

at the surface of the substrate. The drain-to-source voltage accelerates the electrons through the channel. The electric field formed by the voltage on the select gate attracts the hot electrons (the accelerated electrons) towards the floating gate. At the floating gate the electrons collect, causing the gate to become negatively charged. This process continues until enough of a negative charge is formed on the floating gate to reduce the strength of the electric field to the point of not being able to accelerate any more hot electrons.

The negatively charged floating gate repels electrons away from the surface of the substrate. To compensate for the loss of electrons in the region, a larger select gate voltage is required to form an n-channel. This will shift the iD− vGS characteristic graph upwards, as can be seen in

Figure 2.3 b) [SS91].

For the microcontroller to read the state of the EPROM, the unit needs only to apply a test

VGS between the two iD− vGS curves. If the current flows, the EPROM is in state “1” and if it

does not flow then it is in state “0.”

For smart cards, EPROM was used by the French PTT in their first telephone cards, since, at that time, it was the only ROM type memory available [WW00]. As with other ROM types, it does not require a supply voltage to retain the data. EPROM can be reprogrammed, but it first requires ultraviolet light to erase the old data. This method is not feasible for smart cards, so this technology has been abandoned for newer erasable ROMs.

Electrically Erasable Programmable Read-only Memory (EEPROM)

As with regular computers, sometimes data needs to be read, altered and then stored with the possibility that the voltage supply is disconnected. Computers use hard drives to store the data for longer periods of time, but smart cards do not have this option. Instead they use a type of ROM that can handle multiple writes. EPROM can only be erased with ultraviolet light, which makes it unsuitable as a multi-write memory. The solution is found with another type of ROM that can be electrically erased, the electrically erasable programmable read-only memory (EEPROM).

EEPROM operates similarly to the method described in Section 2.2.3. There are two main differences between EPROM and EEPROM. The first difference is how the electrons travel from the substrate to the floating oxide layer. The method described in Section 2.2.3 uses hot electron injection, while standard EEPROM uses the tunnel effect (Fowler-Nordheim effect). A high positive voltage at the select gate causes electrons to migrate through the tunnel oxide to the floating gate, where they collect. Eventually, the floating gate becomes negatively charged.

The second difference between EPROM and EEPROM is how the data is erased. As stated earlier, EPROM requires ultraviolet light to reset its state. For EEPROM a negative voltage applied to the select gate forces the electrons from the floating gate back to the substrate. After this process, the EEPROM is classified again as discharged and the Vtis low.

Similar to RAM and other types of ROM, EEPROM can be read an unlimited number of times. However, there is a limit to the number of writes that can be performed. The life

(25)

ex-2.3. TYPES OF SMART CARDS 15

pectancy is limited by the quality, type, and thickness of the tunnel oxide layer, which is the oxide layer between the floating gate and the substrate (see Figure 2.4). During production the tunnel oxide is one of the first layers to be produced. As the rest of the production continues, it undergoes large thermal stresses that cause minute faults in the oxide layer. This allows the tunnel oxide to absorb electrons during the programming cycle, which are not returned to the substrate when the data is erased. The trapped electrons then collect at the channel between the drain and source. This process continues until enough electrons collect that they influence the threshold voltage to a greater degree than the floating gate. The threshold voltage then stays in one state regardless of whether the floating gate is charged or not; the EEPROM becomes useless.

2.3 Types of Smart Cards

2.3.1 Memory only cards (also called synchronous cards)

This is the first type of card to be widely used. The prepaid telephone cards mentioned in the introduction are an example of this type of card. The data required for the applications are stored in the EEPROM memory (EPROM for the first cards). In the simplest case the cards use memory that can only be written to once, and then after use, the memory is deleted and made inoperable (the Thomson ST1200 SGS, introduced in 1983, worked in this way). The addition of a security logic device allows more control with memory access. There now exist more complex memory cards, which can perform simple encryption.

These types of cards are easy to use, the electronics are simple, the chip is small, and the price is low. However, memory space and flexibility are limited, and they are not adapted to security applications.

2.3.2 Microprocessor cards (also called asynchronous cards)

These cards are equipped with an "intelligent circuit": a processor connected to memory blocks capable of carrying out complex calculations. The added functionality of the microprocessor allows for higher security and application choices. However, as a result, these cards are larger and more complex. It is possible to connect other devices to the microprocessor for communication, special operations or security. Figure 2.5 shows many of the possible components that can be added to the microprocessor card. There are many different types of microprocessor smart cards. All of them function as a secured unit, protected from unauthorized access.

All microprocessors (and most computers) employ the principle of the stored program digital

computer. This means data and instructions, which are stored in a memory area, must first be

loaded into registers. Then the central processing unit (CPU) operates on these registers and places the results back into the memory areas.

(26)

Timers UART CPU Crypto

Device

Security

Sensors ROM RAM EEPROM

Bus

Figure 2.5: Components of the microprocessor.

CISC RISC

Extensive instruction set. Small instruction set. Complex and efficient machine instructions. Simple instructions.

Advanced instructions microencoded. Hardwired machine instructions. Extensive addressing capabilities for memory operations. Few addressing modes.

Few registers. Many registers.

Table 2.2: Characteristics of CISC and RISC based processors.

The CPUs used in smart cards are usually built around proven modules from other appli-cations. Many CPUs are based on the CISC (Complex Instruction Set Computer) architecture, which requires several clock cycles per instruction. However, CPUs based on the RISC (Re-duced Instruction Set Computer) architecture are becoming more common. Table 2.2 shows the different characteristics between the CISC and RISC type processors. Many current CISC type processors are based on either one of two main families, the Intel 8051 or the Motorola 6805 family. Manufacturers take the base design of either a CISC or RISC processor and add their own functionality as needed. Some common smart card processor manufacturers are Philips S.C., Infineon, ST Microelectronics, Hitachi, ARM, and MIPS.

The processing speed of the smart card is controlled by a clock circuit normally set to 5 MHz. Modern smart card processors use clock multipliers (by two or four) to increase this operating clock speed for internal calculations. Using clock multipliers smart cards are able to operate at speeds between 20 to 30 MHz.

The area occupied by the microprocessor on the chip has a big influence on its manufacturing costs and its resistance to bending and shearing forces. Therefore, effort is made to reduce the chip’s size as much as possible. The chip’s surface area must be less than 25 mm2_{. This means} that the microprocessor contains between 150 000 and 200 000 transistors using 0.25 or 0.30μm2 CMOS process for chip fabrication. New smart card microprocessor designs use the 0.18 μm

CMOS process.

(27)

copro-2.3. TYPES OF SMART CARDS 17

cessors to perform only specified tasks. The next section takes a closer look at co-processors in smart cards.

Coprocessors

Coprocessors are used on the majority of current chips for special operations. Among those used for cryptography are:

• a DES [NIS99a] coprocessor: for DES encryption/decryption

• a random number generator coprocessor: allows the use of random values in algorithms. • an arithmetic coprocessor: dedicated to arithmetic operations (modular operations) on long

integers.

An arithmetic coprocessor element is essential for asymmetric cryptography algorithms such as RSA, DSA, ECDSA ... [Mur01] Adding such coprocessors has a significant impact on the cost of the chip, increasing it by as much as a factor of ten. This being the case, one may wonder why with increasingly powerful processors it continues to be necessary to add coprocessors. But at the same time cryptographic algorithms require longer keys to keep them secure, so coprocessors are likely to remain necessary for high performance cards.

(28)

(29)

19

Chapter 3 Elliptic Curve Theory and Cryptography

In 1985 Koblitz [N. 87] and Miller [V.S86] independently suggested elliptic curves for public key cryptography. The first methods for calculating elliptic curve additions and scalar multiplications were very complicated; however, by the late 1990s the process had been optimized to the point where it could compete with other public key cryptosystems. Elliptic curves provide the same security level as competing public key cryptosystems but at a much smaller key length; hence, providing a saving in cost, calculation time and implementation size.

A very good introduction to elliptic curves cryptography can also be found in [Cor98, Dah00, Kne02, V.S86, Mil96, Ros99].

3.1 Elliptic Curve Algebra

The elliptic curve E_{(k) over a field k is defined as a set of points P}i= {xi,yi} in an affine two

dimensional space. The “Weierstrass” form of the elliptic curve is

y2+ a1xy+ a3y= x3_{+ a2}_x2_{+ a4}_x_{+ a6.} _(3.1)

The values for ai, x and y are elements of the field k.

Definition: Let O∞be the identity element that satisfies P+O∞= P. This point is also called the “the point at infinity.”

The “Weierstrass” equation can be rewritten depending on the field chosen,FporF2m.

3.2 Point Operations on Elliptic Curves over Prime Fields

_F

p

If p> 3 is an odd prime and a,b∈Fp satisfies 4a3+ 27b2= 0 mod p, then the elliptic curve

E(Fp) is

(30)

20 CHAPTER 3. ELLIPTIC CURVE THEORY AND CRYPTOGRAPHY

A point addition operator + using the O∞ element can be defined on the set E(Fp) to form

an abelian group. With P_{= (x1,y1), Q = (x2,y2) and {P,Q}∈E(F}p) the addition operator + is

defined as follows (see Figure 3.1):

1. For point addition, P+ Q = (x3,y3) and P = ±Q:

x3=λ2− x1− x2 (3.3)

y3=λ(x1− x3) − y1

λ =y_x2− y1 2− x1 2. For point doubling, P_{+ P = 2P = (x3,y3):}

x3=λ2− 2x1 (3.4)

y3=λ(x1− x3) − y1

λ =3x_2y21+ a 1

The addition of two different points on the elliptic curve requires the following arithmetic op-erations in _Fp: six additions, one squaring, two multiplications and one inversion. The point

doubling on the elliptic curve inFprequires: eight additions, two squaring, two multiplications,

and one inversion.

The previous equations can also be obtained graphically by applying the following steps: • To calculate R=P+Q (see Figure 3.1 a)):

1. Plot P= (x1,y1) and Q = (x2,y2) on the curve; 2. Connect P and Q with a line;

3. The point where the line intersects with the curve is the new point_{−R = (x3,−y3);} 4. Mirror_{−R over the y-axis to get the new point R = (x3,y3).}

• To calculate R=2P (see Figure 3.1 b)): 1. Plot P= (x1,y1) on the curve;

2. Draw the tangent to the curve at point P, where the tangent isλ = 3x21+a

2y1 ;

3. The point where the tangent line connects with the curve is the new point _{−R =} (x3,−y3),

(31)

3.3. POINT OPERATIONS ON ELLIPTIC CURVES OVER POLYNOMIAL FIELDSF2M 21 P Q y x R = P+Q −R P −R R = 2P x y a) b)

Figure 3.1: Geometric elliptic curve addition and doubling.

The order of the elliptic curve is the number of points in E(Fp) denoted by #E (Fp). For

prime fields Hasse’s theorem [Gjø00, N. 87] provides a boundary for #E(Fp)

q+ 1 − 2√q≤ #E (Fp) ≤ q + 1 + 2√q (3.5)

where q is the prime power.

3.3 Point Operations on Elliptic Curves over Polynomial Fields

F

2m

It is common to implement elliptic curves on computers in either theFp field or the F2m field.

The constants for F2m can either be in polynomial or normal basis. The reduced Weierstrass

form forFp is different than forF2m. The polynomial field has two possible forms called the

“supersingular” curve:

y2_{+ y = x}3_{+ a4}x_{+ a6} (3.6)

and the “nonsupersingular” curve:

y2_{+ xy = x}3_{+ a2}x2_{+ a6} (3.7)

The addition of two points using a polynomial elliptic curve E(F2m) over F2mfollows similar

(32)

1. For point addition, P+ Q = (x3,y3) and P = ±Q:

x3=λ2+λ+ x1+ x2+ a4 (3.8)

y3=λ(x1+ x3) + x3+ y1

λ =y_x2+ y1 2+ x1 2. For point doubling, P_{+ P = 2P = (x3,y3):}

x3=λ2+λ+ a4 (3.9)

y3=λ(x1+ x3) + x3+ y1

λ = x1+x_y1 1

The point addition inF2m has a little more overhead than itsF_pcounterpart with: one inversion,

two multiplications, one squaring and eight additions. The point doubling, however, has a lower overhead with: one inversion, two multiplications, one squaring and six additions.

Definition: Let p be the characteristic of _Fq, and given that t= q+1−#E. The elliptic curve

E is supersingular if p divides t, else it is nonsupersingular.

Care must be taken in choosing the properF2m curves for cryptographic applications.

Su-persingular curves allow for quick calculations; however, they are also susceptible to certain attacks. When using nonsupersingular curves care must also be taken, since there are curves where the Frey-Rück attack applies [Coh05]. However, for nonsupersingular curves there are still many groups that are not vulnerable to attack whereas supersingular curves are always vul-nerable [Gal01].

Elliptic curve algebra, shown here, is the basis for a popular form of asymmetric cryptogra-phy. The next section presents the differences between asymmetric and symmetric cryptography and a common implementation of the elliptic curve in cryptographic applications.

3.4 Cryptography

Throughout history there are many examples of people using cryptography to secure their mes-sages or information. The communication model can be viewed as in Figure 3.2. Person 1 wants to communicate privately with Person 2, however, Person 3 uses available techniques to listen in. If Person 3, the attacker, can see and/or modify the information, the communication channel is insecure. Other examples of communication are variations on Figure 3.2 where Person 2 may be a human, as would be the case for cellphone calls, or it could be a website where Person 1 may wish to make a purchase, or it may be a smart card automated teller machine (ATM). Each

(33)

3.4. CRYPTOGRAPHY 23

Person 1 Person 2

Person 3

Figure 3.2: Communication channel between Person 1 and 2 with Person 3 attacking the channel.

of these examples can lead to financial and reputation loss if a third person retrieves Person 1’s information or if the attacker can imitate Person 1. These are some examples that illustrate the goals of security. From the previous paragraph the following list of the security goals can be formed:

Confidentiality: The information is kept private and only authorized people or devices may see and interact with the information.

Data Integrity: The data retains its original message, even when transmitted over an open medium. A third person is not able to alter the data without the receiver being aware of it. Authentication: The receiver is assured that the data comes from the intended sender.

Non-repudiation: The receiver is able to convince an impartial third party that the data originated from the sender.

There are two forms of cryptography currently available, symmetric and asymmetric key cryp-tography (see Figures 3.3 and 3.4). Both methods are used regularly to secure data; for example, symmetric key cryptography is often used for high data transfer applications, since it is 1000 to 10000 times faster than equivalent asymmetric key algorithms [APS96]. Asymmetric keys are of-ten used in secure key management and exchange over an unsecured channel, the Diffie-Hellman public key algorithm [Kae04] is such an example.

3.4.1 Symmetric (Private) Key Cryptography

For symmetric key systems both parties (encrypter and decrypter) need to have the same key. Figure 3.3 gives a visual picture of the symmetric key encryption process. The sender has a plain text message and a private key psecret, which they input into the symmetric encryption

algorithm. The function then outputs an encrypted text message that can be openly sent to the receiver. However, the key needs to be transported by some secure method, either by physically exchanging the key or through newer key management systems that transport keys securely. The receiver has the encrypted message, the private key, and the decryption algorithm. They use as input for decryption the key and the cipher message. The output is the plain text message.

(34)

A system is said to be secure when the attacker has the ciphering algorithms and the cipher message, but is not able to recalculate the plain text message (in a reasonable time period).

Symmetric Encryption Algorithm - Encrypt Message Symmetric Encryption Algorithm - Decrypt Message Secret Key Random Number Generator Open Channel Receiver p_secret Sender Plain Text Message Plain Text Message Encrypted Text Message p_secret Secure Transport of Secret Key p_secret

Figure 3.3: Symmetric encryption scheme.

3.4.2 Asymmetric (Public-Private) Key Cryptography

One of the major drawbacks with the private key encryption method is how to give both parties exclusive access to the private key. If they are at the same location, it is not a problem, but that is not always the case. A message may wish to be sent to people who are far from each other. A solution to this problem was introduced in 1976 with the the advent of asymmetric or public key encryption.

Public key encryption works by using two keys, a public and a private key. The key pair is selected such that deriving the private key from the public key is equivalent to solving a compu-tational problem that is believed to be intractable.

If the sender wants to send a message, as in Figure 3.4, the receiver must first supply the sender with a public key PKrec over an unsecured channel. The sender then uses the receiver’s

public key PKrec and their own private key psen to calculate a common secret S. An encrypted

message can be created with S, the plain text message and the encryption function. The encrypted message is sent to the receiver, where they first calculate the common secret S using their private

(35)

key prec and the public key from the sender PKsen. The common secret is used again with the

symmetric encryption algorithm (in decrypt mode) and the encrypted message to recreate the plain text message.

Symmetric Encryption Algorithm - Encrypt Message Symmetric Encryption Algorithm - Decrypt Message Sender's Random Number Generator Receiver's Random Number Generator Calc Receiver's Public Key PKrec= prec*Q Calc Sender's Public Key PK_sen= p_sen*Q PK_rec PKsen Open Channel Receiver p_sen p_rec Sender Plain Text Message Plain Text Message Encrypted Text Message Calc Common Secret S(PK_rec, p_sen) Calc Common Secret S(PKsen, prec) S S

Figure 3.4: Asymmetric encryption.

The public key system has the benefit of being more robust than the private key system, however, this comes at the cost of higher computation and algorithm complexity. Table 3.1 shows a comparison of the key lengths for various private and public key systems. It is evident that the private key algorithm requires a smaller key length to achieve the equivalent security to a public key system. Also included in Table 3.1 is the newer elliptic curve cryptosystem. The public key architecture is moving away from the older RSA/DSA systems, see [Lab02] and [18600] for further details on these algorithms, towards the Elliptic Curve Cryptography (ECC). Currently, ECC algorithms are more complex than the RSA equivalent; however, ongoing research is allowing ECC technology to be used in small devices such as smart cards. The major benefit of ECC is in future expandability of the algorithm. Whereas the RSA algorithm requires an extremely large key of 15360 bits for an equivalent 256 bit symmetric key, the ECC system only needs a key size of 512 bits. The smaller key size requires less memory and processor power.

Example 3.4.1. An example of an ECC algorithm is the Elliptic Curve Authentication Encryp-tion Scheme (EC-AES) algorithm [LeR00, Han04]. To send a message using EC-AES it is as-sumed that the sender has the receiver’s public key Kpub2and the domain D= (q,F,a,b,BP,n,#E(F)),

where q is the prime power (q= p or q = 2m_{), F is the field representation, a}_,b∈F

(36)

Symmetric Algorithm ECC Algorithm DSA/RSA Algorithm Key length (bits) Key length (bits) Key length (bits)

80 160 1024

112 224 2048

128 256 3072

192 384 7680

256 512 15360

Table 3.1: Comparison of key lengths for symmetric, ECC and RSA/DSA cryptographic algorithms .

curve over Fq(i.e. y2= x3+ax+b for p > 3), BP is the base point BP = (xBP,yBP), n is the order

of BP, and curve order #E_{(F) is the number of points on the curve. The EC-AES uses elliptic} curve cryptography and a Key Derivation Function (KDF), such as the ANSI X9.42 [Kel00], to transport the key from sender to receiver while the actual encryption of the message is done by a symmetric encryption scheme, for example the AES standard [19701]. The authentication is performed by a Message Authentication Code (MAC) such as the HMAC [oST02].

To encrypt a message m the needs to perform the following: 1. Select a random number in the range[1,n − 1].

2. Calculate the senders public keyKpub1,kpriv1pair Kpub1= kpriv1· BP.

3. Calculate shared secret on the curve S= #E(F) · kpriv1· Kpub2= (Sx,Sy).

4. Verify that S= O.

5. Use the key derivation function to calculate the signature and encryption keys ksign kenc=

KDF(Sx).

6. Encrypt the message using the symmetric encryption algorithm c_{= E}kenc(m).

7. Sign the message using the MAC algorithm v_{= MAC}_ksign_(c). 8. SendKpub1,c,v.

On the other end of the communication line, the receiver getsK_pub1_,c,v and has the domain

D. They proceed to calculate the following to retrieve the message:

1. Check that Kpub1= O.

2. Verify that the points x_k_pub1 and y_k_pub1 are elements of Fq.

3. Confirm that Kpub1is on the curve defined by a and b.

(37)

5. Verify that S= O.

6. Calculate the keys for authentication and decryption from the curve kauth kdec= KDF (Sx).

7. Check v= MACk_auth(c).

(38)

(39)

29

Chapter 4 Random Numbers, Generation and Testing

4.1 Definition of a random sequence

What exactly are random numbers? Is number “5” random? In this section we closely follow the exposition of [Lub]. LetΣ = {0,1} and Σ∗_{be the set of sequences of countable infinite}1 _length with coefficients in the alphabetΣ. An element of u∈Σ∗_{can be written as a sequence of 0 and 1:}

u= u0u1u2u3u4u5...,

with ui∈{0,1}. For n∈N, the set of finite binary sequences of length n is denoted by Σn. An

element u∈Σn_{can be written as:}

u= u0u1u2...un−1.

The objective of this paragraph is to define among all the elements ofΣ∗_{those that are random.} Let Wk be the map fromΣ∗ _{in the set of sequences with coefficients in}_Σk_{, which associates}

to u∈Σ∗_{the unique sequence such that:}

u_{= w0}_{| w1}_{| ...w}q| ...

with| the concatenation and wi∈Σk.

In the following, a sequence of events is defined as a sequence(un)_n∈Nwith values in a set

Ω which will always be finite. The probability denoted by

Pe[(un) = x]

1_{A countable infinite set is any set which, in spite of its boundlessness, can be shown equivalent to the natural}

(40)

30 CHAPTER 4. RANDOM NUMBERS, GENERATION AND TESTING

is the empirical probability that an event is equal to x if the following limit exists lim

k→∞

Sk(x)

k , (4.1)

with Sk = |{n ≤ k|un= x}|. If (wn) is a sequence of words of Σk then E((wn)) denotes the

Shannon entropy function of(wn), defined by

E_((wn)) = −

∑

x∈Σk Pe[(wn) = x]log 1 Pe[(wn) = x] . The definition from [Knu97] can now be stated.

Definition 4.1.1. A sequence(un)∈Σ∗is l-distributed for l∈N∗, if EWl((un))= l or that for

all x∈Σl_{, P}

e[Wl((un)) = x] = (1₂)l. A sequence un∈Σ∗ is then∞-distributed if it is l-distributed

for all l∈N∗_.

Temporarily, it can be stated that a sequence is random if it is ∞-distributed. In particular, if _(un) is a random sequence then Wk((un)) is an equidistributed sequence of words of Σk. If

a random subsequence of length k is picked from a random sequence, then the probability of selecting a given subsequence is the same for all words inΣk_{. This illustrates well the intuitive}

idea of a random phenomenon. A consequence of this is that it is impossible to precisely define what is a finite random sequence.

The link between the statistical tests and the preceding definition of a random sequence can be shown by rewriting the preceding definition in the terms of probability theory. For that, let (Ω,A ,P) be a probability space, which is defined by Ω, a set that is finite, endowed by the discrete sigma-algebra, i.e. the one generated by all the elements ofΩ and a positive measure P on_{A equidistributed and of total weight 1. For this paragraph, Ω will be Σ}n_{, the set of binary}

sequences of length n. The probability space is then denoted by(Σn_,An_,Pn_).

A random variable is a map X :Ω → R. This endows R with a structure of measured space, and the induced measure is indicated by the abuse of notation PX. The function which maps x∈R

to P[X = x] = P(X−1_{(x)) is called the law of X. This gives the following alternative definition} of a random sequence, which is just a reformulation of Definition 4.1.1.

Definition 4.1.2. A sequence(un)∈Σ∗is random if and only if for all random variables fromΣk

endowed with the equidistributed law of probability to R and for all x∈R there is

Pe[X(Wk((un)) = x] = P[X = x].

In other words, the empiric law determined by the sequence X(u) follows the theoretical law induced by the random variable on R by the equidistributed probability law of Σk_{. This}

(41)

4.2. RANDOM NUMBER GENERATORS 31

is random: some random variables are defined on the setsΣk_{, k being an integer endowed with the}

equidistributed probability. This gives a law on R that is able to be computed or approximately computed thanks to the results from the probability theory. Most of the time, this law will use a Gaussian or a χ2 _{distribution. This law is then compared, for example, using a test of} Kolmogorov-Smirnov, to the empiric law, obtained from limit in 4.1, which is approximated with a computation on a sample finite sequence.

The problem is that the preceding general principle is asymptotic by nature: as by definition all the sequences of fixed length l have the same probability to occur in a random sequence. Without any further hypothesis, it is not possible to distinguish a random sequence from a non-random sequence only having a finite subsequence. It is important to remember two main ideas: an infinite sequence can be associated with a probability distribution on the space of finite se-quences of length l and a property for all random sese-quences of length l is that they have a uniform distribution.

As noted in [Knu97], the definition of a random sequence that has been stated does not catch all the properties that may be expected from a random sequence. For instance, let u∈Σ∗ _{be a} ∞-distributed sequence and let u0 _{be the sequence deduced from u by forcing to zero the bits} of rank n2_{, n}_{≥ 2. Then it is easy to see that the sequence u}0 _{is also} _{∞-distributed and is not} random, because the value of some of its bits can be easily predicted a priori. However, even if the definition does not catch the unpredictability notion that is expected from a random sequence, it is enough for the purpose of statistical tests.

The next section will take a closer look at generating random sequences and the testing to see if these generators are operating properly.

4.2 Random number generators

4.2.1 History

Progress in generating random number sequences has been significant. However, people are still trying to figure out new methods for producing fast, cryptographically secure random bits. Before the first table of random numbers was published in 1927, researchers had to work with very slow and simple random number generators (RNG), like tossing a coin or rolling dice. Needless to say, these methods were very time consuming. It was not until 1927 when Tippetts published a table of 40,000 numbers derived from the census reports that people had access to a large sequence of random numbers.

This lack of a ready source of random number sequences led people to try and create more efficient means of producing random numbers. In 1939, the first mechanical random number machine was created by Kendell and Babington-Smith. Their machine was used to generate a table of 100,000 numbers, which was later published for further use. The practice of using

(42)

32 CHAPTER 4. RANDOM NUMBERS, GENERATION AND TESTING

random number machines to generate tables of random numbers continued with the publishing of 1,000,000 digits by the Rand Corporation. Their generator could be best described as an electronic roulette wheel. The first version produced sequences with a statistical biases. The Rand Corp. had to optimize and fix their machine, but even after this new sequences showed a slight statistical bias. However, the random sequences were deemed to be “good enough.”

Even though tables provided researchers with a larger selection of random numbers, this method still had its drawbacks. It required large amounts of memory, since each random number had to be preloaded into memory, and it took a long time to input the data. At this point RNG research branched into two paths: the algorithmic approach and the sampling of physical sys-tems. The algorithmic approach looked into producing random numbers by using the computer’s arithmetic operations, and this led to the creation of deterministic random number generators or pseudorandom number generators. Sampling of physical systems, however, looked at how to create statistically acceptable sequences from natural random sources. These random number generators are called “true” random number generators, since they are based on a truly random source.

Remark 4.2.1. A detailed timeline for the random number machine can be found in [Rit02].

4.2.2 Properties of random number generators

When looking at a random number generator, how is it possible to determine if it is a source of random numbers? Four properties distinguish a random number generator from just an ordinary number generator. The best way to illustrate these properties is to examine a simple random number generator. One of the most recognized and used RNG is the coin toss; if the coin is assumed to be “fair.”

By giving the coin a “0” and “1” for each side, it can be used to generate a random binary sequence. One of the first properties noticed is that the result from each toss is not affected, in any way, by the previous tosses. This means that if ten ones are tossed in a row, the probability of tossing an eleventh one is still 50%. This example illustrates the property of independence; previous results do not affect future results.

Random number generators can be designed to produce any range of values, or distribution. When analyzing the output of common RNGs, the values usually fall into an uniform distribution, which means that they have an equal probability of obtaining any of the values in the specified range. This distribution does not need to be uniform; for some simulations a designer may wish to produce a random sequence following a normal or other distribution. For cryptographic applications it is important that the distribution is uniform. Using a nonuniform distribution allows a hacker to concentrate on a smaller group of numbers to attack the system.

There are physical and computational limits to the size of numbers that an RNG can create. These limitations impose a natural boundary on the RNG and once it has reached these limits, the

(43)

4.2. RANDOM NUMBER GENERATORS 33

RNG repeats its output. This defines the period of the RNG. A well designed RNG will only be bound by the hardware limits. If the RNG is designed without taking care, there can be multiple sequence groups that the RNG could produce, with each group less than the ideal period.

The size of random sequences required is dependent upon the desired application. Crypto-graphic applications require relatively small sequences, in the range of 1024 bits depending on the algorithm, whereas simulations require extremely large sequences. A good example is the Monte Carlo simulation, which may require random sequences up to a billion bits in length, or even more. Therefore, RNGs need to be very efficient and must quickly generate numbers.

The next sections examine the different properties of three classes of random number gen-erators: pseudo, true, and cryptographic random number generators. Each has its own unique requirements and restrictions.

4.2.3 Types of random number generators

Pseudorandom number generators

As mentioned in the history of RNGs (cf. Subsection 4.2.1), development of random number generators branched with the advent of computers. Researchers looked for methods to create large random sequences by using algorithms. Using such algorithms, they were able to make sequences, which mimic the properties of “true” random generators. Since they were created with a deterministic equation, they could not be called “truly” random. This led to a new class of generators, called pseudorandom number generators (PRNGs).

Compared to true random number generators, PRNGs are easier to implement in both hard-ware and softhard-ware, and they also produce large sequences very quickly. In [L’E98, L’E01], the PRNG is described as a structure of the form(X,x0, f , ft, fo,Z) where X is the finite set of states

with a distribution ofδ. The element x0∈X is called the initial state or seed. Using the transition function ft and the output function foas shown in Algorithm 1 a pseudorandom sequence can be

generated,_(z0,...,zn) with zi∈Z and Z = [0,1) as the output set.

Algorithm 1 A pseudorandom number generator.

INPUT: An integer n.

OUTPUT: A pseudorandom sequence(z0,...,zn) with zi∈Z

1. for i= 0 to n do 2. xi+1← ft(xi)

3. zo← fo(xi)

The benefit of the PRNG is its ability to quickly produce large sequences of statistically random numbers. This is very important for running simulations when input data may require