FPGA implementation of random number generator using LFSR and scrambling algorithm for lightweight cryptography

The IoT (Internet of Things) is a network of devices that are interconnected and are uniquely addressable, based on common communication protocols and links to perform certain tasks. The recent developments in the wireless communications have increased the need for the IoT-connected devices. The sensors and the sensor nodes used in these networks are low-resource devices, thus increasing the vulnerability and hence becoming a possible target for hackers. The development and deployment of lightweight protection schemes for such low resource devices have also increased. The random number generation or the key generation used in the encryption process is the most important element in protecting these resource-constrained devices, as the security of the entire data depends on the key used. In this paper a novel random number generation using LFSR (Linear Feedback Shift Register) and Scrambling Algorithm for lightweight encryption algorithms is proposed using which the keys for the encryption process can be generated, thus improving the security of data transmitted in the IoT environment. The randomness of the numbers generated by this Random number generator algorithm is tested using pertinent set of statistical tests. These statistical tests analyze the cryptographic properties of the sub keys generated by the key scheduling algorithm, such as confusion, diffusion, independence, and randomness. For the purpose of simulation, the code is written in Verilog and simulated using Xilinx Vivado and the implementation is carried out using Artix-7 FPGA family for analyzing the parameters like Area, power and timing.


INTRODUCTION
In the era of Internet of Things where the data is exchanged between any two tiny devices the power, energy and time are the major parameters the older techniques may become infeasible and cannot be engineered to fit into such resource constrained devices, thus motivating the researchers to design and implement new techniques in generation of such efficient random numbers which can be used as sub keys in the encryption process. The design of a strong key generation scheme decides the strength of the security of any encryption algorithm. The sub keys generated by the key scheduling algorithm should be so strong that the attacker should not be able to acquire any relationship between any sub keys as well as the secret key by Blumenthal and Bellovin (1996). The key scheduling algorithms mainly use linear and nonlinear operations to generate sub keys from the initial secret key and should possess good confusion and diffusion properties. A strong key scheduling algorithm makes the overall encryption process resistant against several threats like the linear-attack, differential-attack, side-channela t t a c k a n d ma n y s u c h a t t a c k s b y K n u d s e n a n d M a t h i a s s e n ( 2 0 0 4 ) ;

Copyright: The Author(s).
This is an open access article distributed under the terms of the Suzaki et al. (2013); Biryukov and Nikoli´c (2011) and have proposed different key schedules that perform different operations such as low diffusion. Some key schedules apply simple operations such as permutation or linear operations on master keys Wu and Zhang (2011). Some use master key directly without any key schedule as proposed in Hong et al. (2006); Guo et al. (2011);May et al. (2002) explained the various desirable properties for the KSA and explained how these properties can be used to strengthen the key schedule of AES. Afzal et al. (2015) explained, statistical analysis of the sub keys generated by the KSA and showed that the avalanche effect is one of the important cryptographic property to ensure security of the entire encryption algorithm. The strength of any key schedule depends on the type of function used i.e. linear or nonlinear function and the operations used. Many key schedules have been designed in various encryption algorithm such as linear circular shift is implemented for key scheduling in the block cipher IDEA by Daemen et al. (1993). This paper presents the problem of large classes weak keys that are been identified and eliminated by slight modification of the key schedule of the IDEA algorithm. The keys are weak in the sense that their use is detected with minimum effort, whereas key schedule of PRESENT proposed by Bogdanov et al. (2007) uses linear permutation. A 64-bit plaintext block was encrypted using 80-bit key. The code was written in VHDL and synthesized using Virtual Silicon (VST) and standard cell library based on UMCL180, 18µ1P6M Logic. The design phase of the algorithm comprises of an S-BOX that can be used 16 times instead of having 16 different S-BOXes which eases the serialization of the design. The proposed algorithm encrypts a 64-bit plaintext block using 80-bit key in 32 clock cycles and needs an area of 1570 and consumes a power of 5µW. The authors Harmouch and El Kouch (2019) used the concept of chaos in the key schedule algorithm and thus a new key scheduling algorithm called CKSA based on the logic maps has been developed. The proposed algorithm is a one-way function and ensures a good diffusion and confusion and also provides a good avalanche effect. The size of the sub-keys is variable and thus can be used by many ciphers. It also has a good resistance against differential and linear attacks. A strong linear correlation between the sub-keys ensures a randomization of high degree. The authors Paje et al. (2019) used a multidimensional key algorithm for RC6. The authors proposed a modified RC6 algorithm and key sizes of different lengths like 1024/1280/1792/2048/2861 bits are used so as to provide a high degree of security. The longer key length implies that the time required to break the key would result in a longer time. Thus increasing in the length of register, resulted in improved throughput and speed. Avanzi et al. (2016) proposed some general strategies to construct a key schedule is introduced. However, in all of these studies, the cryptographic strength of the key schedule algorithms was not evaluated using any statistical method.
Any key scheduling algorithm should be tested on properties such as confusion, diffusion, randomness of the sub keys to prove the security strength of KSA and the encryption algorithm. In this paper a novel key scheduling algorithm is proposed and also its strength is evaluated based on the above properties using a required set of statistical tests using the NIST test suite. From the studies, it has been seen that the statistical tests may not be sufficient to assert the cryptographic strength of the cipher algorithms, they provide essential requirements for a strong cryptographic algorithm. The algorithm that passes all the statistical tests may not thwart the possible attacks, but the algorithm that fails the required statistical tests would not even thwart the basic attacks on the ciphers by Simion (2015). Ukrop et al. (2016) in his research paper analyzed the randomness of multiple-authenticated encryption schemes. The outputs were assessed using 168 different schemes and 3 different settings and implemented in four different tools. EACirc was defeated by all the statistical batteries of tests hence was the least suitable for given task, while the tests like NIST STS (2010)

THE PROPOSED RANDOM NUMBER GENERATION USING LFSR AND SCRAMBLING ALGORITHM
The security of any cryptographic method depends mainly on the keys used in the encryption process and hence in turn depends on on the key generation algorithm.
The proposed novel random number generation algorithm is a fusion of three different implementations, the random number generation used for SIT algorithm developed n by Usman et al. (2017) inspired from Khazad block cipher proposed by Barreto and Rijmen (2000).The key generation scheme is based on Modified Fibonacci and Scrambling Factor Amiruddin et al. (2019) and the LFSR, so as to provide more randomness, quality and lesser area. The Khazad cipher is based on wide trail strategy that comprises of linear and non-linear transformations ensuring the complexity in the dependence of output bits and input bits Daemen et al. (1995). The algorithm is said to have a linear algorithmic complexity of O(n) , the algorithm has a lightweight operation and hence can save the computing time making it useful in key generation function for a lightweight scheme.
In the proposed Random number generation using LFSR and Scrambling Algorithm, the round keys to be used in the various rounds of the encryption phase of the lightweight cryptographic system are generated using a novel method as shown in Fig. 1. The key length defined by the initial user is made large enough so as to provide security for an exhaustive search attack, thus it may be infeasible for an adversary to perform an exhaustive key searching attack. For this the input is 64 bits input key and output is generation of 5 keys (round keys) which will be used in each of the rounds of the encryption scheme.
The steps are as follows: 1. A 64-bit user defined initial-seed is the input to the proposed RNG scheme (key scheduling scheme ). 4. Next the 16-bit data generated from the above step is given as the input to the LFSR which outputs a 16-bit random number. 5. Next the 16-bit data generated from 3rd step and the pseudorandom number generated from the linear feedback shift register are XORed which outputs, QI, Q2, Q3, Q4 which are fed to the Fibonacci scrambling algorithm [19]., to derive the keys for the encryption process, the steps are a. The key K (1) = mod (Q1 + Q2, n) b. Similarly, the key K (2) = mod (Q3 + Q4, n) c. The remaining keys are determined as (n = 4) for = 3 do ( ) = ( ( − 1) + ( − 2) , ) end for d. end thus keys K(1), … K(5) are obtained which may be used as round keys for the encryption process of a cryptographic algorithm.

RESULTS AND DISCUSSION
The proposed FPGA based random number generator is simulated using Xilinx Vivado Design Suite and implemented in Nexys-4 DDR Artix-7 FPGA family. The randomness and statistical test was evaluated using the NIST800-22 statistical tests by Andrew Rukhin et al. (2010), Giga bit streams were generated from the proposed RNG with P ≥ 0.01 (the level of significance).

Evaluation Based on NIST Statistical Test Suites
The keys generated by the key-scheduling algorithm have to be tested for its randomness. A PRNG should exhibit following characteristic 1. Uniformity: For the generated random or pseudorandom sequence of bits, the probability (P) of occurrence of a zero or one is equally likely, (i. e. P = ½) 2. Scalability: The randomness tests applied to a sequence can be applied to the extracted subsequences.
Thus, the subsequence generated should also pass all the randomness tests. 3. Consistency: the RNG must produce consistent results across initial seeds. Based on the output produced from  the number of occurrences of the particular state in a cumulative sum random walk and checks the deviations from number of occurrences to different states in a random walk. It uses a series of 18 tests and convulsions { -9, -8, -1, +1, +2,…,+8}. Table 1 shows the results of the P value for the NIST randomness tests and it is found that the P-values obtained are greater than 0.01 hence the generated bits are random in nature.

FPGA Implementation
The proposed LFSR based RNG is implemented in ARTIX-7, Nexys-4 DDR FPGA. The optimized structure of the proposed LFSR based RNG results in lesser area and power.
The proposed key generation scheme blocks have been modelled using Verilog HDL, Xilinx Vivado is used to obtain the simulation and synthesis and verified on the Nexys 4 Artix-7 FPGA and Oasys-RTL Tool (45-nm technology). The RTL Schematic is shown in Fig. 4. The results design summary is obtained in Table 2 shows Slice LUTS, Registers and IOB's and timing/ critical Path delay (logic delay + net delay) and total on chip power (Dynamic+Static) in terms of Watts. The proposed scheme has power consumption reduced by 32% than SIMON scheme. Fig. 2 shows the RTL schematic of LFSR Key generation scheme implemented in TEA/XTEA algorithm. Fig. 3 shows the RTL Schematic of the Key generation scheme used in SIMON Cipher.  It is seen that when implemented in Xilinx Vivado the LUT and slices are lesser than SIMON key generation scheme while its implementation in Oasys tool has greater area and power than the state of the art implementations which is well within the lightweight requirements as per the NISTIR report.
The comparative analysis in terms of AREA (LUT + IOBs), Bit-rate for the implemented ciphers with the state of the art implementations is shown in Table 3. Fig. 6 shows the comparison of proposed key generation schemes with the state of the art implementations. It can be seen that the proposed RNG using LFSR encryption has better results.

CONCLUSION
In this paper a novel RNG algorithm using LFSR and Scrambling Algorithm is proposed. The random numbers obtained can be used as round keys of an encryption process in a cryptographic algorithm especially in lightweight cryptographic platforms. The scheme generates keys which are more random in nature as seen from the implemented results. The NIST statistical randomness tests was conducted and implementation results were analyzed and found that this RNG scheme is more secure and resistance against attacks, it can be employed in an encryption process for lightweight ciphers. The proposed scheme is more efficient than the other implemented algorithms. The future work is to implement and analyze it for sensitive applications like healthcare.