Hash function of cryptographically secure pseudorandom number generator for hardware root-of-trust

Abstract

The hardware secure module is the common example of Root-of-Trust that used in cryptographic system, fundamentally it is generating, managing and provide protection to the cryptographic keys and performing cryptographic functions within its secure environments. A random number generator (RNG) is one of the critical components in hardware Root-off-Trust, since one of the most important elements in securing cryptographic system is the keys generation. A cryptographically secure pseudorandom number generator (CSPRNG) is a pseudorandom number generator with properties that suitable to be used in cryptography systems for the keys generation. There are few CSPRNG standardized under NIST SP 800-90A Rev.1 which is Hash_DRBG, HMAC_DRBG and CTR_DRBG. Both Hash_DRBG and HMAC_DRBG is hash based DRBG. This project is performing the study of Hash_DRBG algorithm and understand that the core of the DRBG is the hash function. All the internal process of Hash_DRBG is using hash function such as the instantiate process, reseeding process, and pseudorandom numbers generation process. Therefore, the selection of hash function to be used in the Hash_DRBG is important. There are few SHA family available such as SHA0, SHA1 and SHA2. Based on previous work, SHA0 and SHA1 family algorithm can be break by the generic attacks such as Brute Force attack, domain extender attack, poisoned block attach, etc. Therefore, SHA2 family is preferable in this project, under this family, SHA-256 is used. This is because SHA-256 can provide better robustness compare to SHA-512. In the framework of multiple cryptographic cores, two SHA-256 can perform better in term of higher throughput and lower internal state compare to SHA-512. This project will be focusing on SHA-256 algorithm and applied pipeline architecture on the algorithm to help on decreasing the critical path for better performance.