Non-Binary Pseudorandom Number Generators For Information Security Purposes

Available online at www.sciencedirect.com

ScienceDirect Procedia Computer Science 123 (2018) 203–211

Non-Binary Pseudorandom Number Generators For 8th Annual International Conference on Biologically Inspired Cognitive Architectures, BICA 2017 Security Purposes Non-BinaryInformation Pseudorandom Number Generators For Non-Binary Pseudorandom Number Generators For Non-Binary Pseudorandom Number Generators For Information Security Purposes Ivanov M.A., Roslyj E.B., Starikovskiy A.V., Krasnikova S.A., Shevchenko Information Security Purposes Information N.A., Security Shustova L.I.Purposes Ivanov M.A., Roslyj E.B., Starikovskiy A.V., Krasnikova S.A., Shevchenko Ivanov M.A., Roslyj E.B.,University Starikovskiy National Research Nuclear “MEPhI”A.V., (Moscow EngineeringS.A., PhysicsShevchenko Institute) N.A., Shustova L.I.Krasnikova Ivanov M.A., Roslyj E.B., Starikovskiy A.V., Krasnikova S.A., Shevchenko Kashirskoe highway 31, Shustova 115409, Moscow, N.A., L.I. Russian Federation N.A., Shustova L.I. [email protected] National Research Nuclear University “MEPhI” (Moscow Engineering Physics Institute)

National Research Nuclear University “MEPhI” (Moscow Engineering Physics Institute) Kashirskoe highway 31, 115409, Moscow, Russian Federation National Research Nuclear University “MEPhI” (Moscow Engineering Physics Institute) Kashirskoe highway 31, 115409, Moscow, Russian Federation [email protected] Kashirskoe highway [email protected] 31, 115409, Moscow, Russian Federation [email protected] Abstract The paper considers non-binary pseudorandom number generators (PRNG) on the non-linear feedback shift registers (NLFSR). The schemes of p-ary NLFSR are given that create a sequence of length S ≤ Abstract N , where is a degree of a primitive polynomial over GF(p)). In addition, of the universal pAbstract The paper Nconsiders non-binary pseudorandom number generators (PRNG) the on scheme the non-linear feedback Abstract NLFSR is given, which generates, depending on configuration, the sequences of any period including The paper considers non-binary pseudorandom number generators (PRNG) on the non-linear feedback shift registers (NLFSR). The schemes of p-ary NLFSR are given that create a sequence of length S≤ paper non-binary pseudorandom generators (PRNG) ona scheme the non-linear feedback the for given amount of number memory elements. Thecreate peculiarity of of theof N maximum shift registers The schemes of p-ary NLFSR are given that sequence length S≤ , where Nconsiders is(NLFSR). apossible degree of a aprimitive polynomial over GF(p)). In addition, the theconsidered universal pThe shift registers The schemespolynomial of(tail). p-ary The NLFSR are given that create sequence of S≤ N the of pre-period can besequences used asaof building when , where is(NLFSR). a presence degree a primitive overdevices GF(p)). Inthe addition, the scheme of blocks thelength universal pNLFSR NLFSR isisNgiven, whichof generates, depending on configuration, any period including N , where N is a degree of a primitive polynomial over GF(p)). In addition, the scheme of the universal pconstructing of unpredictable PRNG. NLFSR is given, which for generates, configuration, the sequences of anyofperiod including the maximum possible a givendepending amount ofonmemory elements. The peculiarity the considered NLFSR is given, which for generates, configuration, the sequences of anyofperiod including the maximum possible a pre-period givendepending amount ofonThe memory elements. The peculiarity the considered NLFSR is the presence of (tail). devices can be used as building blocks when © 2018 ThePseudorandom Authors. Published bygiven Elsevier Ltd.NLFSR, This is Universal an open elements. access article under the CC BY-NC-ND license the maximum possible for a amount of memory The peculiarity of the considered Keywords: Number Generator, NLFSR, Tail. NLFSR is the presence of pre-period (tail). The devices can be used as building blocks when constructing of unpredictable PRNG. (http://creativecommons.org/licenses/by-nc-nd/3.0/). NLFSR is the presence of PRNG. pre-period (tail). The devices can be used as building blocks when constructing of unpredictable Peer-review under responsibility of the scientific committee of the 8th Annual International Conference on constructing of unpredictable PRNG. Keywords: Number Generator, NLFSR, Universal NLFSR, Tail. BiologicallyPseudorandom Inspired Cognitive Architectures

1 Introduction

Keywords: Pseudorandom Number Generator, NLFSR, Universal NLFSR, Tail. Keywords: Pseudorandom Number Generator, NLFSR, Universal NLFSR, Tail.

1 Introduction 1 Introduction 1 Introduction

The article is devoted to a pseudorandom number generator (PRNG) aimed at using in tasks of information protection (IP) from accidental and deliberate destructive influences. In other words, these areThe generators strictto requirements for number unpredictability statistical article iswith devoted a pseudorandom generatorand (PRNG) aimedsecurity at usingof ingenerated tasks of sequences. The ofa pseudorandom designing PRNGs on (PRNG) non-linear feedback shift The article is principles devoted generator aimed at other using in registers tasks of information protection (IP)tofrom accidentalnon-binary andnumber deliberate destructive influences. In words, these The article isconsidered. devoted a pseudorandom generator (PRNG) at other usingsimplicity in tasks of (NLFSRs) are The main advantages of the PRNG this aimed type security are the of information protection (IP)tofrom accidental andnumber deliberate destructive influences. In words, these are generators with strict requirements for unpredictability andofstatistical of generated information protection (IP) from accidental and deliberate destructive influences. In other words, these software and hardware implementation, high speed and good statistical properties. are generators with strict requirements for unpredictability and statistical security of generated sequences. The principles of designing non-binary PRNGs on non-linear feedback shift registers are generators with strict of requirements non-binary for unpredictability on and statisticalfeedback security of generated sequences. Theconsidered. principles registers (NLFSRs) are Thedesigning main advantages of PRNGs the PRNG non-linear of this type are the shift simplicity of sequences. The principles of designing non-binary PRNGs on non-linear feedback shift registers (NLFSRs) are considered. The main advantages of the PRNG of this type are the simplicity of software and hardware implementation, high speed and good statistical properties. (NLFSRs) considered. The main advantages of the of this type are the simplicity of software andarehardware implementation, high speed and goodPRNG statistical properties. software and hardware implementation, high speed and good statistical properties.

2 Stochastic methods of information protection

2 Stochastic methods of information protection 2 Stochastic methods of information protection 2Analysis Stochastic methods ofand information of threats to cybersecurity widespread use protection of vulnerable supercomputer,

Analysis of threats to cybersecurity and widespread use of vulnerable supercomputer, mobile, cyberphysical and RFID (radio frequency identification) technologies allows us to conclude that the Analysis of and threats cybersecurity widespread technologies use of vulnerable cyberphysical RFIDto (radio frequencyand identification) allows supercomputer, us to conclude Analysis of and threats cybersecurity widespread technologies use of vulnerable cyberphysical RFIDto (radio frequencyand identification) allows supercomputer, us to conclude cyberphysical and RFID (radio frequency identification) technologies allows us to conclude

mobile, mobile, that the mobile, that the that the

1877-0509 © 2018 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/3.0/). Peer-review under responsibility of the scientific committee of the 8th Annual International Conference on Biologically Inspired Cognitive Architectures 10.1016/j.procs.2018.01.032

204

M.A. Ivanov et al. / Procedia Computer Science 123 (2018) 203–211

role of stochastic IP methods is constantly increasing (Osmolovskij 1991, 2003; Ivanov 2012). Stochastic methods are usually called the methods, directly or indirectly based on the use of unpredictable PRNGs. With the use of the PRNG, almost all of the IP tasks are successfully solved. In some cases, stochastic methods are the only possible mechanism for protecting information from an active adversary. A special case of stochastic methods is the cryptographic methods of the IP. The process of information hashing can be considered as an overlay of a pseudorandom sequence (PRS) on the input information sequence. This seemingly controversial statement became evident after the appearance of the new SPONGE hash construction (Bertoni 2016). The effectiveness of protection when using stochastic methods is determined by the quality of the algorithms used, respectively, the PRS generation and hashing. As an example of the universal stochastic IP method, one can mention the method of introducing unpredictability in the work of means and objects of protection (the method of randomization). Its implementation in principle cannot be imagined without the use of the PRNG. It can be used in conjunction with any other method of protection, automatically increasing its quality. In this case, unpredictability can be inserted not only into the sequence, time of execution of individual acts of the algorithm or the mechanism of the functioning of the software, but also even into the result of the algorithm work. The methods of program obfuscating and the methods of protecting software from unauthorized use also require the use of the PRNG. The use of randomization in the design of digital equipment makes it possible to protect it from leakage of information through side channels. Examples of the PRNG use and hash generators in IP protection tasks can be found in (Osmolovskij 1991, Ivanov 2012, Goldreich, 2010, Bellare 1994, 1997; Goldwasser 1984, RSAES-OAEP 2000, Boeck 2016). Thus, we can draw a conclusion about the determining role of the qualitative PRNGs in the IP systems. For example, in the presence of the unpredictable PRNGs all other symmetric cryptography primitives can be efficiently built. It should be remembered that stochastic methods of the IP are classical dual-use methods, as they are used not only for solving the IP issues, but also for attacks on computer systems, which have been successfully demonstrated for a long time by the creators of permutation, polymorphic and metamorphic malicious programs (Razrushayushchie 2011).

3 PRNG on non-linear feedback shift register In (Ivanov 2012, the principles of designing binary and non-binary PRNG on linear feedback shift registers (LFSR) were considered. This article focuses on the PRNG on non-linear feedback shift registers (NLFSR). The general scheme of the NLFSR is shown in Fig. 1, where Q1, Q2, ..., QN are generator registers, F is a non-linear function of the Fibonacci generator, F1, F2, ..., FN are linear or non-linear functions of the Galois generator (Dubrova 2008). In the case of the Galois generator, at least one of the functions Fi is non-linear. Like the LFSR, the NLFSR can be used as elementary building blocks in the construction of the unpredictable PRNG (in some cases, with greater cryptographic robustness than the LFSR) and they serve as the basis for stream ciphers. Moreover, their main advantage is high efficiency in hardware implementation. The most revealing example on this topic is the PRNG of the Trivium stream cipher (Canniere 2008). The main problem in the synthesis of the PRNG based on the NLFSR is to provide a large period of generated sequences. In (Dubrova 2012a, 2011, 2012b, 2008, 2014; Chabloz 2010, Mansouri) the questions of constructing binary NLFSRs with a guaranteed longer period are considered. This paper focuses solely on the non-binary NLFSRs.



M.A. Ivanov et al. / Procedia Computer Science 123 (2018) 203–211

205

F

Q1

...

Q2

QN

a)

...

...

F1

Q1

...

...

FN - 1

FN

QN - 1

QN

b)

Fig. 1 – General scheme of NLFSR: Fibonacci design (a); Galois design (b)

4 Sequence generators of pN length Consider the non-binary LFSR functioning in the GF(p) field and corresponding to equation Q(t + 1) = Tk Q(t), where p = q , q – prime number, n – natural number,

Q 1 (t )

n

Q (t ) 

Q 2 (t )

and

...

Q 1 ( t  1) Q ( t  1) 

Q N (t )

Q 2 ( t  1)

– the

... Q N ( t  1)

state of the device at the instants time t and (t + 1) respectively; Т is a square matrix of order N of the form T1 or T2: 

T1 

a1 a0 1 0



a2 a0 0 1

... ... ...



a N 1 a0 0 0



0

aN a0 0

1

, T2 

0

... 0

0

...

1

... ...

0

0

0

0



aN a0 a N 1



a0

,

... 0

...

1

0



0

...

0

1



0

a2 a0 a1 a0

Qj(t) and Qj(t + 1) is the state of the j-th generator register at the instants of time t and (t + 1) respectively; j  1 , 2 , ..., N ; k is natural number, k and (pN – 1) are relatively prime numbers, N is the degree of the generating primitive polynomial

Ф x  

N

∑a i0

i

i x , a 0  0 , a i ∈ GF

p,

i  0 , 1 , ..., N .

The device generates an M-sequence of pN – 1 length. For k = 1 and the matrix T = T1, we obtain a linear Fibonacci generator; for k = 1 and the matrix T = T2 we obtain a linear Galois generator. Elimination of the forbidden zero state of all PRNG registers allows to increase the period of the generated PRS and to make it maximum possible, equal to pN, and to improve its quality, since the probability of occurrence of all p-ary characters becomes 1/p. Consider the formation of a sequence of pN length by the Fibonacci scheme, p ≠ 2, k = 1. Choose *GF(p), *≠ 0. Let

M.A. Ivanov et al. / Procedia Computer Science 123 (2018) 203–211

206

 0 , if Q ( t )  000 ... 00 ;  0 , if Q ( t )  000...0  *; z2 (t)   z1 (t )    1 , if Q ( t )  000 ... 00 .  1 , if Q ( t )  000...0  * ;

Then the equations of operation of the PRS generator of pN length (Fig. 2) have the form Q 1 t  1   a N z 1 ( t ) Q N ( t )  a N  * z 2 ( t ) 

N 1



a i Q i t 

i 1

Q

j

t  1  

Q

j 1

 t ,

j  2 , 3 , ..., N .

a1 QN = α* a2

...

Q1

...

Q2

z1(t)

DC

QN

QN - 1

z2(t)

aN - 1

α*

aN

...

AND gate z1(t)

QN = 0

...

aN

z2(t)

AND-NOT gate

DC

Addition block in GF(p)

...

Decoder

Multiplication block by ai in GF(p)

ai

OR-NOT gate

Fig. 2 – The logic scheme of the PRS generator of pN length. Let p = 2 . Consider the formation of a sequence of 2 nN length, k = 1. We choose *GF(p), *≠ 0. Let n

 0 , if Q ( t )  000...0 0  AND z(t)   1 , if Q ( t )  000...0 0  OR 

Q ( t )

 000...0  * ;

Q ( t )

 000...0  *  .

Then the equation of the NLFSR operation,

forming the PRS of 2nN length (Figure 3), looks like Q 1 t  1   a N  * z ( t ) 

N



a i Q i t 

i 1

Q

j

t  1  

Q

j 1

 t ,

j  2 , 3 , ..., N .

a1 QN = α* a2

...

Q1

Q2

...

QN

QN - 1

DC

z(t)

aN - 1

...

aN

α*

QN = 0

OR component

aN z(t)

Fig. 3 – The logic scheme of the PRS generator of pN length, if p = 2n. Consider the formation of a sequence of pN length, p ≠ 2, in general case, for an arbitrary k. We choose i*GF(p), i*≠ 0, j  1 , 2 , ..., N . Let



M.A. Ivanov et al. / Procedia Computer Science 123 (2018) 203–211 *

*

*

 0 , if Q ( t )   1  2  3 ...  z1 ( t )   * * *  1 , if Q ( t )   1  2  3 ... 

*

*

N;

N -1 *

*

N ;

N -1

 0 , if Q ( t )  000 ... 00 ; z2 (t )    1 , if Q ( t )  000 ... 00 .

Then the equation of the operation of the PRS generator of pN length looks like N

N

Q i  t  1   z 2 ( t )  a ji a j  z 1 ( t )  a ji Q *

j 1

t  ,

j

j 1

where aji is Tk matrix coefficients.

5 NLFSR with pre-period Consider the principles of constructing PRS generators of arbitrary length. The sequence of construction of the p-ary PRS generator of S < pN length is: 1) Choose a polynomial Ф(х) of degree N, that is primitive over GF(p); 2) Construct LFSR corresponding to Ф(х); 3) Fix an arbitrary nonzero state Q0 PRNG; 4) Simulate t = pN – S cycles of the PRNG operation and determine the state Qt to which the generator should pass from the state Q0; 5) The difference between the codes Q1 and Qt determines the numbers of those bits of the PRNG registers whose input signals need to be inverted when the generator is in the state Q0, for the transition Q0  Qt; Controlled inverters are implemented on XOR elements, the number and the place in the PRNG scheme of which are determined by the result of the operation Q1  Qt.

6 Universal PRNG Consider the field GF(2n). The sequence of constructing of a universal PRNG, which, form depending on settings the PRS of an arbitrary length S  2nN: 1) Construct the PRS generator of 2nN length according to the procedure considered above; 2) Choose an arbitrary state PRNG *

*

*

 , i  1, 2 , ...,

*

 1  2 ...  N ,  i ∈ GF 2

n

N;

3) Then the equations of operation of the universal PRNG looks like Q i  t  1   MS

N i



∑a

ji

Q

j

 t ,

i  1 , 2 , ..., N ,

j 1

where MSi = (msi(n – 1) … msi1msi0), msik  {0, w(t)},  0 , if w (t) =   1 , if

Q 1  t Q 2 ( t )

... Q N  t     1  2 ... 

Q 1  t Q 2 ( t )

... Q N  t     1  2 ... 

*

*

*

*

k  0 , 1 , ..., ( n  1 ) * N * N

;

, ,

4) Determine the period and pre-period values (Tail) of the PRNG for all possible values (MS1 MS2 … MSN). Figure 4 shows the scheme of a universal NLFSR constructed on the basis of the Galois generator corresponding to the polynomial Ф(x) = x3 + x2 + x + g, primitive over GF(22), when

207

M.A. Ivanov et al. / Procedia Computer Science 123 (2018) 203–211

208 *

*

*

*

*

*

and also the diagram of its switching when ms10 = ms11 = ms20 = ms21 =

 1  2  3   1  2  3  100 ,

ms30 = 0, ms31 = w. When ms10 = ms11 = ms20 = ms21 = ms30 = ms31 = 0 NLFSR forms a sequence of length 64.

MS1 MS2 MS3

Q1

Q2

Q3

ms10

q11

q21

q31

ms11

q12

q22

q32

g2

ms20 ms21

w

ms30 ms31

0 0 0 0 1 0

  g   

  g

g

g g 

  

g2



g2

g g

g



g2

g g2

g



g2



g



g

g g2



g2



g2 g



0 0 1

g2 g g2

g2  

g2

g2 g2 g2

g  

g2  g



 g 

g2

g   g2

 g

g2

g2



 g g2

g 

 g 

g2  

g2  

  g

 g2 

g2  g2

  

g2

 



g g





g g



g2 g

g  g

g2

 

g2

g2

1 0 0

  

g g g

 g2 

 g2 g2

  g2

 g g

g g2 

g g g2

g2

 

g  

g g2 g

 g2 

 g 

 g2 g

g2 g2 

 

g g2

 

g2 g2 g g2

 

 g2 g 2

g

g

Fig. 4 – Universal PRNG and the sequence of its switching when ms10 = ms11 = ms20 = ms21 = ms30 = 0, ms31 = w. Period = 20, Tail = 44.

7 Using PRNG with a pre-period to implement the mechanism of hidden functions When connecting an input-output device (IOD) to the computer for solving information protection tasks, the mechanism of its functioning should be protected from research. An example of such devices is solutions offered by the HASP (Hardware Against Software Piracy) technology. One of the possible mechanisms designed to counteract the logic of interaction between the computer and the adapter of the non-standard IOD is the mechanism of hidden functions, which can be implemented on the basis of the PRNG with a pre-period (Fig. 5). The entire set of IOD functions is divided into two groups – hidden and public, for example, the clock of the PRNG, while some of the functions of the second group can be fictitious (false). The ability to perform each function is determined by the fact that the embedded PRNG is in a certain state si. The hidden functions are performed when the PRNG is in one of the states of the pre-period (s0 – s3



M.A. Ivanov et al. / Procedia Computer Science 123 (2018) 203–211

in Figure 5), the public ones – when the PRNG is in one of the states of the cycle (s4 – s11 in Figure 5). Thus, any of the hidden functions can be performed only after the implementation of a hidden nontrivial transition (hidden jump) from some cyclic state to the initial state s0. There are other options for using the PRNG with a pre-period, for example, controlling access to a protected fragment of the program. Initially, the PRNG is in cyclic mode. Access is possible only if the PRNG is in one of the pre-period states. Hidden Jump S6 S5

S7

Tail S0

S1

S2

Hidden Functions

S3

Cycle mode

S4

S11

S8

S9 S10 Public Functions

Fig. 5 – The PRNG switching diagram.

8 Conclusion This article considers the principles of the non-linear feedback shift registers (NLFSR) construction. It also deals with the p-ary NLFSR forming sequences of pN length; the p-ary NLFSR forming sequences of S < pN length, and the universal p-ary NLFSR forming depending on the settings the sequence with any values of the period and the pre-period. These devices can be used as building blocks in the construction of the unpredictable PRNG. The areas of the NLFSR use are: construction of synchronous counters (Alfke 2016); implementation of "floating" protocols of processor interaction with input-output devices, in particular, implementation of mechanisms of hidden functions (Sklyarov 2004, Gabitov 2016); construction of synchronous and self-synchronizing stream ciphers (Hongjun 2016, Lano 2016), primarily in Light-Weight variants (Melia-Segui 2016a, 2016b, Mandal 2013). It is of interest to develop the results of papers (Pesoshin 2016, Pesoshin 2007) devoted to binary non-linear PRNGs of a special form for the case of generating of the non-binary PRSs, in particular, the generation of p-ary (M – 1)-, (M – 3)- and (M – 7)-sequences.

209

M.A. Ivanov et al. / Procedia Computer Science 123 (2018) 203–211

210

9 Acknowledgement The publication is prepared in accordance with the scientific research under the Agreement between the Federal State Autonomous Educational Institution of Higher Education "National Research Nuclear University MEPhI" and the Ministry of Education and Science № 14.578.21.0117 on 27.10.2015. The unique identifier for the applied scientific research (project) is RFMEFI57815X0117.

10 References 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

17 18

Osmolovskij S.A. Stohasticheskie metody peredachi dannyh. – M.: Radio i svyaz', 1991. Osmolovskij S.A. Stohasticheskie metody zashchity informacii. – M.: Radio i svyaz', 2003. Ivanov M.A., Chugunkov I.V. Kriptograficheskie metody zashchity informacii v komp'yuternyh sistemah i setyah. – M.: NRNU MEPhI, 2012. G. Bertoni, J. Daemen, M. Peeters and G. Van Assche. Cryptographic Sponge Functions. Date Views 06.10.2016 sponge.noekeon.org/CSF-0.1.pdf O. Goldreich, A Primer on Pseudorandom Generators, vol. 55 of University Lecture Series. Providence, RI: American Mathematical Society, 2010. M. Bellare and P. Rogaway. Optimal asymmetric encryption. In, R. Rueppel editor, Advances in Cryptology – Eurocrypt’94, Lecture Notes in Computer Science, volume 950, pages 92111. Springer Verlag, 1994. M. Bellare, S. Goldwasser, and D. Micciancio, Pseudo-Random number generation within cryptographic algorithms: The DDS case, in CRYPTO, vol. 1294 of Lecture Notes in Computer Science, pp. 277–291, Springer, 1997. S. Goldwasser and S. Micali, Probabilistic Encryption, Journal of Computer and System Sciences, vol. 28, pp. 270-299, April 1984. RSAES-OAEP Encryption Scheme. RSA Security Inc., 2000. J. Boeck, RSA-PSS – Provable secure RSA Signatures and their Implementation. Date Views 06.10.2016 rsapss.hboeck.de/rsapss.pdf. Razrushayushchie programmnye vozdejstviya/A.B. Vavrenyuk, E.V. Vel'myakina, D.V. Gurov et. al. – М.: NRNU MEPhI, 2011. E. Dubrova. An Equivalence Preserving Transformation from the Fibonacci to the Galois NLFSRs. CoRR, vol. abs/0801.4079, 2008. C. Canniere and B. Preneel. Trivium. New Stream Cipher Designs: The eSTREAM Finalists, LNCS 4986, pages 244–266, 2008. E. Dubrova. A List of Maximum Period NLFSRs. Cryptology ePrint Archive, Report 2012/166, 2012. http://eprint.iacr.org/2012/166. E. Dubrova. A Scalable Method for Constructing Galois NLFSRs with Period 2n −1 using Cross-Join Pairs. Cryptology ePrint Archive, Report 2011/632, 2011. http://eprint.iacr.org/2011/632. J.-M. Chabloz, S. Mansouri, and E. Dubrova. An algorithm for constructing a fastest Galois NLFSR generating a given sequence. In C. Carlet and A. Pott, editors, Sequences and Their 12 Applications – SETA 2010, volume 6338 of Lecture Notes in Computer Science, pages 41–54. Springer Berlin / Heidelberg, 2010. E. Dubrova. A Method for Generating Full Cycles by a Composition of NLFSRs. https://eprint.iacr.org/2012/492.pdf E. Dubrova, M. Teslenko, and H. Tenhunen, “On analysis and synthesis of (n, k)-non-linear feedback shift registers,” in Design and Test in Europe, pp. 133–137, 2008.



M.A. Ivanov et al. / Procedia Computer Science 123 (2018) 203–211

19 E. Dubrova. An Equivalence-Preserving Transformation of Shift Registers. https://eprint.iacr.org/2014/051.pdf 20 S. S. Mansouri and E. Dubrova. An Improved Implementation of Grain. https://arxiv.org/pdf/0910.5595.pdf 21 P. Alfke, Efficient Shift Registers, LFSR Counters, and Long PseudoRandom Sequence 06.10.2016 Generators. Date Views xilinx.com/support/documentation/application_notes/xapp052 .pdf 22 Sklyarov D. Iskusstvo zashchity i vzloma informacii. – Sankt-Peterburg, BHVPETERBURG, 2004. 23 Gabitov R.N., Gabitova YA.A, Giniyatullin V.M., Filippov V.N. Elektronnyj klyuch zashchity s funkcional'nost'yu troichnogo soprocessora. Date Views 06.10.2016 ogbus.ru/issues/2_2015/ogbus_2_2015_p385-396_GabitovRN _ru.pdf 24 Hongjun Wu. Cryptanalysis and Design of Stream Ciphers. Date Views 14.10.2016 pdfs.semanticscholar.org/7659/3b22460d3c070ed1c900f75771c9165cccb2.pdf 25 Joseph Lano. Cryptanalysis and design of synchronous stream ciphers. Date Views 14.10.2016 esat.kuleuven.be/cosic/publications/thesis-124.pdf 26 Joan Melia-Segui. Lightweight PRNG for Low-Cost Passive RFID Security Improvement. Date Views 14.10.2016 tesisenred.net/bitstream/handle/10803/129398/JMeliaSeguiPhD.pdf?sequence=1&isAllowed =y 27 J. Melia-Segui, J. Garcia-Alfaro, J. Herrera-Joancomarti. Analysis and Improvement of a Pseudorandom Number Generator for EPC Gen2 Tags. Date Views 14.10.2016 wwwpublic.tem-tsp.eu/~garcia_a/papers/fc2010.pdf 28 Kalikinkar Mandal, Xinxin Fan and Guang Gong. Warbler: A Lightweight Pseudorandom Number Generator for EPC C1 Gen2 Passive RFID Tags. International Journal of RFID Security and Cryptography (IJRFIDSC), Volume 2, Issue 2, December 2013, pp. 82-91. 29 V. A. Pesoshin, V. M. Kuznetsov, D. V. Shirshova. Generators of the equiprobable pseudorandom nonmaximal-length sequences based on linear-feedback shift registers. Automation and Remote Control, 2016, Volume 77, Issue 9, pp 1622–1632. 30 V. A. Pesoshin, V. M. Kuznetsov. Generatory psevdosluchajnyh i sluchajnyh chisel na registrah sdviga. Kazan National Reseach Technological University, 2007.

211