Evaluation and modeling of physical noise sources
Physical True Random Number Generators (PTRNGs) are based on a hardware noise source which is digitized and possibly composed with a post-processing mechanism. Getting an AIS20/31 certificate for a PTRNG (PTG.1/2/3 classes) requires to provide a stochastic model of the source and to demonstrate evidence on the quality of its entropy. CryptoExperts proposes a methodology that performs a statistical evaluation of the noise source, derives a relevant stochastic model, and assesses the entropy of the generated (post-processed) random numbers.
post-processing security assessment
A post-processing mechanism can be of two different natures:
- a light-weight mixing function acting as entropy extractor for true random generation;
- a cryptographic function for deterministic random generation or hybrid designs.
Assessing the quality of the former kind of post-processing consists in proving that it acts as a good entropy extractor. In other words, given some statistical property about the noise source, the post-processing must produce a high-entropy output. Cryptographic post-processing/DRNG on the other hand must satisfy advanced mathematical properties such as (strong) forward and/or backward secrecy. You can trust CryptoExperts to evaluate your post-processing mechanism, in the TRNG, DRNG, or hybrid setting. If the need be, we will come back to you with a set of recommendations, and finally provide you with a formal security proof of your design.
Going through AIS 20/31 certification
Our offer is not limited to evaluation, stochastic modeling, and formal security proofs, we further help our customers meet all AIS20/31 requirements (PTG.1/2/3, DRG.1/2/3/4) and support them during the overall certification process. Involve CryptoExperts and leave no room to randomness in getting your certificate!