The Design Of Hash-based Random Numbers Generator And Its Security Analysis

With the rapid development of information society,the problem of information security is becoming serious,and as the cornerstone of information security systems,the security of random numbers is becoming increasingly important.For security protocols that need a large number of random numbers,the true random number seed must be extended into pseudo-random numbers by some algorithms.Therefore,the security of pseudo-random numbers depends on the security of seed.The above process is usually performed by software,so there is a strong risk of seed leakage.As a kind of encryption entity,PUFs that hold the unclonable and unpredictable characteristic have become a part of a variety of security protocols.Treating PUFs as the true random number seeds source and providing PRNG hardware with seeds,can improve the security of information security system.Based on the above analysis,this paper includes the following aspects:This paper analyzes the characteristics of FPGA-based PUFs and explores the feasibility of using them as true random number seed sources;According to the above analysis,an entropy monitoring module is designed to monitor the availability of the entropy source;According to the NIST SP800-90A,a Hash-based PRNG that conforms to the specification is designed and can be combined with PUFs,entropy monitoring module into a complete system;A test platform is built to test the randomness of output through NIST random number test suite and the security of the system is analysed.The innovative points in this paper are as follows:Firstly,the feasibility of using a variety of PUFs as entropy sources on FPGA is explored for the first time;Secondly,the method of real-time monitoring for the availability of the entropy source,which eliminates the influence of environmental factors,is first put forward;Thirdly,for the first time,hardware architecture of PRNG that can reseed itself dynamically is designed.This PRNG system is verificated on Altera Cyclone IV FPGA platform and the speed of generating pseudo-random numbers is up to 598.1 Mbps at 68MHz working frequency.This system has the function of entropy monitoring and dynamically reseeding,which can ensure the backtracking resistance and prediction resistance.The pseudo-random numbers generated by this system can pass all random tests of NIST test suite.The significance of this paper is to design a random number generator with high security and high reliability,which can be applied to the high security level encryption protocols.