2022 Third International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT)
Design of Secured Lightweight PRNG Circuit using
2022 Third International Conference on Intelligent Computing Instrumentation and Control Technologies (ICICICT) | 978-1-6654-1005-2/22/$31.00 ©2022 IEEE | DOI: 10.1109/ICICICT54557.2022.9917644
LFSR for Portable IoT Devices
Shadab Hussain Akhilesh Kumar Chaudhary Sudhanshu Verma
Department of Electronics and Communica- Department of Electronics and Communica- Department of Electronics and Communica-
tion Engineering tion Engineering tion Engineering
Madan Mohan Malaviya University of Tech- Madan Mohan Malaviya University of Tech- Madan Mohan Malaviya University of Tech-
nology nology nology
Gorakhpur, India Gorakhpur, India Gorakhpur, India
Email:
[email protected] Email:
[email protected] Email:
[email protected] Abstract: This paper proposes the pseudo random number generator generated by unpredictable physical phenomenon like sound,
(PRNG) circuit with three linear feedback shift register (LFSR) de- temperature, light, etc. While PRNGs, are deterministic algo-
sign, which generates cryptographically more secured pseudo ran- rithms [4,5] used to produce random number sequences for
dom number than a conventional LFSR system. In this configura- cryptographic applications, such as digital signatures, the gen-
tion, the three different LFSRs (4, 5 and 7-bit) are triggered with
eration of keys, etc. In this paper, PRNG is used because of its
same positive edged clock pulse. A 1-bit comparator is employed as
faster processing speed and uniformity of the generated se-
intermediate stage to compare the outputs of 4 and 5-bit LFSRs. The
subsequent output of the 1-bit comparator has been XORed with the quence [6].
feedback XOR output of the 7-bit LFSR. This introduces the desired
Various techniques have already been proposed to generate
inequality in recurrence relations of the three LFSRs used to en-
pseudo random numbers. A 32-Bit LFSR Using VHDL is pro-
hance the overall linear complexity of the proposed LFSR circuit.
The power consumption of the proposed compact LFSR circuit is less posed in [7] that compared period of 32-bit LFSR with 8 and
than the conventional 16-bit LFSR. 16-bit LFSR. Linear Complexity of LFSR is increased by using
multiple LFSRs in [8]. Linear Congruential Generators (LCG)
Keywords: LFSR, PRNG, Inequality, Comparator, Cryptography. [9] was introduced by D. H. Lehmer in 1949, It involves a math-
ematical formula, Yn+1 = (bYn + d) mod M that generates a long
I. INTRODUCTION
predictable random sequence. A modified algorithm of LCG is
With the revolutionary use of ‘Internet’ as a medium of con- proposed in [10], which is given as Yn+1 = (bYn + d) mod 2a, the
necting millions of computers globally, one of the best applica- modulus value is taken as power of 2 that generates a random
tions of internet is IoT (Internet of Things). IoT is defined as sequence. Another algorithm to generate PRNG is introduced
the interconnected network of electronic devices such as com- in [11], Blum-Blum-Shub (BBS). The expression used is, Yn+1
puters, smartphones, tablets and other communication devices. = Yn2 mod m, where m is the product of two large prime num-
Today, approximately ten billion of electronic devices are con- bers.
nected through internet and it is expected that this data will Reviewing these ideas helped us to understand that PRNGs can
grow to twenty-two billion by 2025 [1]. The purpose of con- be generated by various techniques like LFSR, LCG and BBS.
necting these devices via internet is transmitting and receiving Among these, LCG and BBS are more efficient in generating
data, this data can be a picture, video, confidential data such as secured PRNG but the circuits used in these algorithms are quite
a person’s bank account information or a company’s important bulky and their processing speed is slow. While LFSR involves
document or it can be anything. So, these information needs to simple circuitry and faster processing. The limitation of LFSR
be protected during transmission to maintain privacy and secu- is its simple feedback polynomial which can be solve easily
rity for a user. This can be done by compressing the information than the modular equations used in LCG and BBS. If this limi-
or making it unreadable to an unauthorized observer or hacker. tation is reduced to a remarkable extent, then this technique
Cryptography makes this process easy [2]. It is a technique could be very useful for generating secure PRNG. LFSR based
which hides the actual data and makes it unreadable for an ad- PRNG can be used in small and portable electronic devices at
versary to prevent its illegal usage and modification. low cost. In this paper, a combination of three LFSR design is
proposed which increases the overall linear complexity of the
There are various techniques available that can be used for cryp- circuit.
tography and one of the techniques is ‘Random Number Gener-
ation’ or ‘Random Number Generator’ (RNG) [3]. This tech- The organization of this paper is as follows: In section (2), pro-
nique generates a stream of numbers or symbols having a pat- posed design, proposed algorithm and linear complexity is de-
tern which cannot be easily predicted. RNG is of two types, scribed. Section (3) describes the results obtained through pro-
True Random Number Generator (TRNG) and Pseudo random posed circuit and a typical16-bit LFSR circuit. In section (4),
Number Generator (PRNG). In TRNG random numbers are we summarise this work with conclusion.
978-1-6654-1005-2/22/$31.00
Authorized licensed use limited to: ©2022
HUNANIEEE 1588
UNIVERSITY. Downloaded on February 29,2024 at 08:20:05 UTC from IEEE Xplore. Restrictions apply.
� 2022 Third International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT)
II. PROPOSED DESIGN
Simple way of generating long pseudo random sequence is by should be fast computation of generated sequence and complex-
using LFSR. But the problem is, LFSRs are insecure from a ity in predicting the generated sequence. Hence, in this paper,
cryptographic point of view because the streams generated by we proposed a design which fulfils these requirements of a se-
an n-bit LFSR can be easily detected by noticing 2n successive cure PRNG. Proposed circuit is a combination of three LFSRs
bits using the Berlekamp-Massey algorithm [12] as LFSR is a (4-bit, 5-bit and 7-bit) fed by same clock pulse, last flip flop
linear structure. Due to this inherent linearity, LFSR based outputs of 4 and 5-bit LFSR undergo a 1-bit comparator. The
pseudo random sequence is open to various attacks. So, to gen- generated output at the comparator gets XORed with the feed-
erate cryptographically secure PRNG using LFSR, combination back XOR output of the 7-bit LFSR. Then the output bit is fed
of more than one LFSR can be used to increase linear complex- to the first flip flop of 7-bit LFSR and pseudo random output is
ity [8]. Criteria for secure PRNG includes, generated random obtained at the last flip flop of 7-bit LFSR. The proposed design
numbers should have uniformity and independency, there is shown in (Fig. 1),
Fig. 1. Proposed LFSR based PRNG Representation
In the proposed circuit diagram, taps for the feedback polyno- bit, 5-bit and 7-bit are X, Y and PRNG sequence respectively
mial of 4 stage LFSR are taken from third flip flop output Q3 while the intermediate output of 1-bit comparator assumed as
and last flip flop output Q4 and in the same way taps are taken C1, the output of ‘XOR A’ be C2 and ‘XOR B’ output be C3.
for feedback polynomial of 5-bit and 7-bit LFSRs. Polynomial Outputs X and Y undergo 1-bit comparator operation that gen-
equations for the LFSRs are shown below [7], erates a one-bit random output C1. Then C1 gets XORed with
the ‘XOR A’ output C2 of the 7-bit LFSR and the output C3 of
(4,3) = x4 + x3 + 1 (1) ‘XOR B’ is fed to first flip flop of same LFSR to complete the
(5,3) = x5 + x3 + 1 (2) feedback polynomial. After this combination final output
‘PRNG sequence’ is obtained at the last flip flop output Q7 of
(7,6) = x7 + x6 + 1 (3) the 7-bit LFSR. Designing of the proposed circuit is done using
verilog. RTL (Register Transfer Level) schematic, simulation
where (1), (2), (3) denotes the feedback polynomial equations result and power consumption are synthesised on Vivado/Xil-
of 4-bit, 5-bit and 7-bit LFSR respectively and ‘+’ denotes the inx ISE. The RTL schematic of proposed circuit is shown in
‘modulo 2’ addition. Assuming the last flip flop outputs of 4- (Fig. 2),
Fig. 3. Proposed LFSR based PRNG RTL Schematic
978-1-6654-1005-2/22/$31.00
Authorized licensed use limited to: ©2022
HUNANIEEE 1589
UNIVERSITY. Downloaded on February 29,2024 at 08:20:05 UTC from IEEE Xplore. Restrictions apply.
� 2022 Third International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT)
A. ALGORITHM USED
Algorithm 1: D flip flop Module D3 = out3 [7] ^ out3 [6] // XOR operation.
Input: Clk, d. Step 3: Intermediate comparator and XOR operations,
Output: q. C1 = (out1 [4]) (and) (~out2 [5]) // 1-bit comparator
Step 1: Initialise q = 1 (seed of flip flop) C2 = out3 [7] ^ out3 [6] // taps XOR logic for 7-bit LFSR
Step 2: always @ (posedge Clk) //Positive edge triggered C3 = C1 ^ C2 // 2nd XOR operation
clock D3 = C3 // assigning first flip flop of 7-bit LFSR with
Step 3: q = d. // at every positive edge value of C3
Step 4: PRNG generated at Q7 of 7-bit LFSR
Algorithm 2: Proposed Three LFSR based PRNG Module
Input: Clk (Clock), D1 (seed of 4-bit LFSR), D2 (seed of The above algorithm is used for designing the proposed LFSR
5-bit LFSR), D3 (seed of 7-bit LFSR). based PRNG circuit in Vivado/Xilinx ISE.
Output: [1:4] out1, [1:5] out2, [1:7] out3, C1, C2, C3
B. LINEAR COMPLEXITY [13,14]
PRNG.
Step 1: Creating three LFSRs (4-bit, 5-bit and 7-bit) by us- The proposed LFSR structure utilises a total of 16 D flip flops
ing D flip flop instantiation. which means its performance and characteristics can be com-
Step 2: Feedback Polynomial,
pared to a traditional 16-bit LFSR. Circuit diagram of a typical
D1 = out1 [4] ^ out1 [3] // XOR operation.
16-bit LFSR is shown in (Fig. 3),
D2 = out2 [5] ^ out2 [3] // XOR operation.
Fig. 3. Sixteen-bit Traditional LFSR Representation [7]
In the above circuit, four taps are taken that is from last, 15th, LFSR are linearly independent, but after this period generated
13th and 4th flip flop and its feedback polynomial is shown be- pattern repeats itself.
low,
The recurrence equation of a 16-stage LFSR is shown below,
(16,15,13,4) = x16 + x15 + x13 + x4 +1 (4)
V16 = W0V0 + W1V1 +------W14V14 + W15V15 (5)
The taps are chosen in such a way that the feedback polynomial
where (W0, W1, W2, -------------- W14, W15) and ‘+’ is the modulo
becomes irreducible which means it will generate a maximum
length sequence of random numbers. This concept also holds 2 addition.
true for 4, 5 and 7-bit LFSRs which are used in the proposed (5) clearly shows that all the coefficients (from W 0 to W15) of
circuit. A traditional 16-bit LFSR can also be used for securing sub states V0 to V15 are linearly independent to each other that is
electronic devices or IoT devices as its period is quite large that there is no relation in between them. After generating 216 -1 ran-
is 65535. As the period of LFSR is 2r-1 [7], more capable com- dom bits, the whole pattern starts replicating and previously gen-
puter processors can be used to detect the pattern of the sequence erated coefficients become linearly dependent with the repli-
by deducing its system of linear equation of PRNG generated cated sequence. So, it is clear that the linear complexity in a 16-
from traditional 16-bit LFSR by any unauthorized entity. Hence, bit LFSR is not sufficient to produce a secure PRNG because
in current scenario, a traditional LFSR is incapable of generating there is only one recurrence equation and its coefficients can be
strongly secure PRNG. The proposed LFSR design overcomes easily guessed by an adversary. In the proposed LFSR design,
this limitation by increasing the linear complexity in the circuit linear complexity can be increased to an extent that will make it
and at lower power consumption compared to 16-bit typical difficult for adversaries to guess the coefficients of LFSR’s re-
LFSR. currence equations and hence, pattern prediction of the gener-
Considering a LFSR that generates a sequence ‘k’, then the lin- ated PRNG also becomes very difficult. The recurrence equa-
ear complexity L(k) is defined as the degree of its shortest length tions of proposed combination of three LFSRs are shown below,
LFSR which is capable of producing same sequence ‘k’. Taking X4 = A0X0 + A1X1 + A2X2 + A3X3 (6)
the case of 16-bit LFSR which generate a sequence ‘k’ of length
‘a’ (where a can be infinite) then, 216 -1 subsequent states of the Y5 = B0Y0 + B1Y1 + B2Y2 + B3Y3 + B4Y4 (7)
978-1-6654-1005-2/22/$31.00
Authorized licensed use limited to: ©2022
HUNANIEEE 1590
UNIVERSITY. Downloaded on February 29,2024 at 08:20:05 UTC from IEEE Xplore. Restrictions apply.
� 2022 Third International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT)
Z7 = C0Z0 + C1Z1 + C2Z2 + C3Z3 + C4Z4 + C5Z5 + C6Z6 (8) C2 = Q7 ^ Q6 (10)
(6), (7) and (8) are the recurrence equations of 4, 5 and 7-bit C3 = C1 ^ C2 (11)
LFSRs, where (A0, A1, A2, A3,), (B0, B1, B2, B3, B4) and (C0, C1,
C2, C3, C4, C5, C6) are the coefficients of these three LFSRs re- The one-bit comparator does comparison between the last flip
spectively. flop output X of 4-bit LFSR and output Y of 5-bit LFSR and
result is stored in C1. This introduces inequality in the proposed
Proposed design has increased linear complexity than a typical design that reduces the guessing probability of the generated bit
16-bit LFSR in two ways. Firstly, it uses three different recur- pattern as shown in equation (9). C2 is the resultant output of the
rence equations which itself increases linear complexity because first XOR logic ‘XOR A’ as shown in equation (10), second
there are 16 different coefficients have to be found. For example, XOR that is ‘XOR B’ produce output C3 after performing XOR
if an adversary tries to guess the pattern using X 2 bit then there operation of comparator output C1 with output C2 of ‘XOR A’.
is a need to find the coefficient of that particular bit and also its C3 is fed to the first flip flop of 7-bit LFSR to complete the pro-
relation with other coefficients of the combined recurrence rela- posed LFSR circuit. Then the last flip flop output Q7 of 7-bit
tion which makes it a very difficult task. Lastly, a 1-bit compar- LFSR gives final PRNG with enhanced linear complexity and
ator compares the output of 4 and 5-bit LFSR and two consecu- more randomness.
tives (XOR) logics are used in the feedback of 7-bit LFSR that
connects the output generated at the comparator with the feed- IV. RESULTS
back path of the 7-bit LFSR. Comparator operation and XOR All the results are obtained in Vivado/Xilinx ISE using Verilog
logics are shown below, HDL. Simulation waveform of a traditional 16-bit LFSR is
1 𝑖𝑓 𝑋 > 𝑌 shown in (Fig. 4),
C1 = { (9)
0 𝑂𝑡ℎ𝑒𝑟𝑤𝑖𝑠𝑒
Fig. 4. Sixteen-bit Traditional LFSR Simulation Waveform
Initial seed is taken as ‘ffff’ (out [1:16] = ‘ffff’), the feedback positive edged clock of 10 ns is taken. The waveform simula-
polynomial is (16,15,13,4) = x16 + x15 + x13 + x4 +1 and a tion of proposed LFSR based PRNG is shown in (Fig. 5),
Fig. 5. Proposed LFSR based PRNG Simulation Waveform
Positive edged triggered clock pulse of 10 ns is used with its of first XOR logic ‘XOR A’ and prng [1:1] is the final generated
initial value logic ‘0’ and evenly applied to all three LFSRs of PRNG sequence at the last flip flop of 7-bit LFSR.
the proposed combination. Initial seed is taken in the following
manner, for 4-bit LFSR (out [1:4] = ‘f’), for 5-bit (out [1:5] = Power consumed by proposed LFSR is 3.394 watt which is
‘1f’) and for 7-bit (out [1:7] = ‘7f’). In the simulation, only last 19.30% less than the typical 16-bit LFSR that consumes 4.206
flip flop output of 7-bit LFSR is shown that is prng [1:1]. C1 is watt which is another advantage of the proposed LFSR based
generated at the output of 1-bit comparator, C2 is the resultant PRNG with increased linear complexity as shown in table I.
978-1-6654-1005-2/22/$31.00
Authorized licensed use limited to: ©2022
HUNANIEEE 1591
UNIVERSITY. Downloaded on February 29,2024 at 08:20:05 UTC from IEEE Xplore. Restrictions apply.
� 2022 Third International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT)
TABLE I. COMPARISON BETWEEN PROPOSED DESIGN AND 16-BIT LFSR [6] Priyanka., I. Hussain and A. Khalique, “Random Number Generators and
their Applications: A Review" 7. 1777-1781, 2019.
LFSR POWER CONSUMP- PROBABILITY OF OC-
[7] S. Hathwalia and M. Yadav, “Design and Analysis of a 32-Bit Linear
TION (in watt) CURRENCE OF 1’s and 0’s
Feedback Shift Register Using VHDL” Int. Journal of Engineering Re-
Typical 16- 4.206 Equiprobable search and Applications ISSN: 2248-9622, Vol. 4, Issue 6(Version 6),
bit LFSR pp.99-102, 2014.
Proposed 3.394 Equiprobable
[8] S. Alam, M. U. Bokhari and F. Masoodi, “An Analysis of Linear Feed-
LFSR
back Shift Registers in Stream Ciphers” International Journal of Com-
Probability of occurrence of ‘1s’ and ‘0s’ are evaluated and it is puter Applications-IJCA. Volume 46. 46-49. 10.5120/7013-9714, 2012.
found that, number of ‘1s’ are ‘32821’ and probability of occur- [9] D. H. Lehmer, “Mathematical methods in large scale computing units”
rence is P (1) = 0.50080 {P(x) = (Number of x) / (Total number 2nd Symposium on Large-Scale Digital Calculating Machinery. pp. 141-
of samples)}. While in case of ‘0s’, total number of zeros are 146, 1949.
found to be ‘32715’ and probability of occurrence P (0) =
[10] J. B. Plumstead, “Inferring a sequence generated by a linear congruence”
0.49919. It can be seen that, probability of occurrence of both 23rd Annual Symposium on Foundations of Computer Science (sfcs
‘1s’ and ‘0s’ are approximately equal. Hence, probability of 1982), pp. 153-159, doi: 10.1109/SFCS.1982.73, 1982.
‘0s’ and ‘1s’ can be considered equiprobable (as shown in table
[11] L. Blum, M. Blum and M. Shub, “A simple unpredictable pseudo random
1) which is approximately same as the typical 16-bit LFSR.
number generator” SIAM J. Comput., 15, 364–383.
https://doi.org/10.1137/0215025, 1986.
V. CONCLUSION
[12] E. Dubrova, “A Transformation from the Fibonacci to the Galois
In this study, we have proposed a three LFSR combination of NLFSRs” IEEE Transaction on Information Theory, Vol 55, No. 11, pp
different sizes by using a one-bit comparator that does compar- 5263-5271, 2009.
ison between the last flip flop output X of 4-bit LFSR and out-
[13] Y. M. Chee, J. Chrisnata, T. Etzion and H. M. Kiah, “Efficient Algorithm
put Y of 5-bit LFSR and result is stored in C1. The 7-bit flip
for the Linear Complexity of Sequences and Some Related Conse-
flop includes two consecutive XOR logic in which first is ‘XOR quences”. 2897-2902. 10.1109/ISIT44484.2020.9174394, 2020.
A’ that performs (Q7 ^ Q6) and its resultant is further XORed
with the comparator output C1 and the result is fed to the first [14] A. F. Sabater, V. Requena, and S. D. Cardell, “An Efficient Algorithm to
Compute the Linear Complexity of Binary Sequences” Mathematics 10,
flip of 7-bit LFSR. Finally last flip flop of 7-bit LFSR generates
no. 5: 794. https://doi.org/10.3390/math10050794, 2022.
PRNG. Proposed LFSR is better than a typical 16-bit LFSR in
a way that it uses three different LFSRs having three different [15] A. M. Rueda, F. U. Ponga and C. Feregrino, “Extended period LFSR us-
recurrence equations which itself makes it difficult for an ad- ing variable TAP function” 129-132. 10.1109/CONIELEC OMP.2008.8.
versary to find out the values of coefficients of these equations.
Inequality is introduced by using 1-bit comparator which fur-
ther increases linear complexity. As a typical 16-bit LFSR re-
peats its whole bit pattern after 65535 th state but in proposed
LFSR, pattern repetition is random, whole generated bit pattern
is not repeating which makes number pattern detection very dif-
ficult. The power consumed by the proposed LFSR based
PRNG is 3.394 watt which is 19.30% less than the typical 16-
bit LFSR that consumes 4.206 watt. Hence, this is also an ad-
vantage of proposed design. So, a cryptographically more se-
cure PRNG can be generated by using the Proposed 16-bit
LFSR design with enhanced linear complexity and randomness
as compared to a typical 16-bit LFSR.
REFERENCES
[1] https://www.oracle.com/in/internet-of-things/what-is-iot/.
[2] Y. Alemami., M. A Mohamed and S. Atiewi, “Research on Various Cryp-
tography Techniques” International Journal of Recent Technology and
Engineering, 8.10.35940/ijrte. B1069.0782S319, 2019.
[3] O. Petura. True random number generators for cryptography: Design, se-
curing and evaluation, Micro and nanotechnologies/Microelectronics.
Université de Lyon, English. NNT: 2019LYSES053ff. Tel-02895861,
2019.
[4] E. Dubrova and M. Hell, “Espresso: A stream cipher for 5G wireless com-
munication systems” Cryptogr. Commun. 2017, 9, 273–289, 2017.
[5] A. B. Orue, F. Montoya and L. H. Encinas, “Trifork, a new Pseudorandom
Number Generator Based on Lagged Fibonacci Maps” J. Comput. Sci.
Eng. 2, 46–51, 2010.
978-1-6654-1005-2/22/$31.00
Authorized licensed use limited to: ©2022
HUNANIEEE 1592
UNIVERSITY. Downloaded on February 29,2024 at 08:20:05 UTC from IEEE Xplore. Restrictions apply.
