Keywords

1 Introduction

With the rapid development of information technology, the cryptosystem is used widely to protect the data or information. A various encryption techniques are used to make ensure of information security. So the random number generator (RNG) used in cryptography determines the system security. The RNGs are widely used in various applications related to cryptography such as key generation, encryption/decryption, masking protocols, Internet gambling, and block ciphers [1,2,3,4]. A different RNG is proposed by the researchers that enhance the security of information. In the evolutionary development of smart mobile devices that are connected to the internet, the information exchange over an insecure network is a major concern over the years. The physical systems like environment monitoring, health care system, advanced metering in smart grids, etc., which are connected over the Internet of things (IoT) that generate a large amount of data that leads to privacy and security issues. To assure the security of associated information over an Internet network, the RNG is the primary requirement [5]. Due to trade-off between different factors (like hardware performance, security, and cost), most of the cryptosystems are unsuitable for real-time implementation on IoT-based resource constraint devices [6]. To accomplish this request, it is required to implement efficient hardware architectures capable of generating pseudorandom bit sequences to provide the public and private keys for effective data cryptography. Therefore, the hardware-based cryptosystem is compulsory in IoT applications for secure information exchange over smart mobile devices that are connected with IoT. So, the primary requirement of a hardware-based cryptosystem is low-hardware complexity, high speed, low-power consumption, secure key generation, and high randomness. In this regard, different RNG methods were proposed for the generation of the random number to satisfy the randomness behavior as required for cryptography.

The FPGA implementation of the RNG is more useful in real tile applications like cryptography, secure communications, etc. The fully digital circuit or/and embedded systems with high-speed and low-power consumption are suitable for IoT, cybersecurity, and Industry 4.0 security applications. The RNGs based on FPGA open the opportunity to use the large number of combinational blocks that are connected through programmable logic. So, this powerful platform is widely used in digital circuit implementations [7].

This research work surveys the large set of FPGA implementations of RNGs. First, summarize the different classifications of RNGs and provide the advantages and weakness of different well-known RNGs both pseudorandom and truly random, while linear and nonlinear system-based generators are discussed in the PRNG case. The LCGs-based PRBGs are explained in detail and also discuss the choices of the RNGs. Finally, present the performance of FPGA-based PRNGs in terms of FPGA resources, timing performance, security strength, and weakness.

The remainder of the article is as follows. Sect. 2 refers to the classification of the RNGs. Sect. 2.1 presents the FPGA implementations of nonlinear PRNGs, whereas the next Sect. 2.2 focuses on linear system-based PRNGs. This section summarizes the mathematical formation and VLSI architectures corresponding PRBGs with a short comparison regarding area resources and timing performance of the FPGA implementations. The FPGA implementation results (in terms of FPGA resources, frequency, throughput, and power consumptions) and security status of linear and nonlinear PRNGs are detailed in Sect. 3. This article ends with a conclusion section that summarizes the review.

2 Classification of the RNGs

RNGs are categorized mainly into two families: true random number generators (TRNGs) and pseudorandom number generators (PRNGs). In TRNGs, the physical process like jitter or thermal noise is used to generate random numbers. Therefore, the TRNGs cannot be used in the encryption/decryption process because they cannot be able to generate the same sequences corresponding to ciphering and deciphering operations [7]. For this problem, there is only one possible solution is generated sequences from TRNGs stored in memory. Additionally, TRNGs also suffer from a low-throughput rate, therefore they cannot be used in high-speed applications.

In general, there are two types of PRNG: (1) linear and (2) nonlinear PRNG. The linear system-based PRNG, linear feedback shift registers (LFSRs) [8, 9], and linear congruential generators (LCGs) [6, 10,11,12,13,14,15,16,17] are used for generating pseudorandom number sequences. In nonlinear PRNGs, the nonlinear output function or nonlinear transition function is used to convert the linear system into a nonlinear [18,19,20,21,22,23,24,25,26,27,28,29,30].

2.1 Nonlinear PRNG

In nonlinear PRNGs, the nonlinear output function or nonlinear transition function is used to convert the linear system into a nonlinear. Various PRNGs based on nonlinear system are used in the cryptography for their good randomness properties. Nonlinear dynamical systems consist of simple mathematical equations that can exhibit chaos behavior. So, the cryptographic properties of generated random sequences from the chaotic map are very crucial for the security of encryption algorithms. Chaotic systems generate a pseudorandom sequence, which can be applied in designing cryptographic keys to get their valuable characteristics like random behavior, sensitivity to the initial conditions, and ergodicity.

Mathematically, a hyperchaotic system can be defined as a chaotic system with two or more than two positive Lyapunov exponents. Its dynamic behavior is expended in more than two directions. So, the hyperchaotic attractor has more complex dynamic behaviors as compared to a chaotic system. The expansion of this dynamic behavior happens at the same time in two or more than two directions that make the hyperchaotic system, which shows better performance in many chaos-based applications including technological applications, than chaotic systems. Nowadays, hyperchaos has attracted attention from various scientific and engineering communities. So, the application of hyperchaos is becoming more popular in the field of chaos-based cryptography. Though, the well-known disadvantage of ordinary chaotic attractors for topological applications possesses only a single positive Lyapunov exponent (LE), hence its degree of disorder is not high as compare to hyperchaotic systems.

The recent literature of FPGA-based PRNG using chaotic and hyperchaotic attractors is discussed. The FPGA implementation of six different multiplierless chaotic PRNGs using Chua, Lorenz, Rössler, and the other three systems has been done in [7]. To increase the randomness as well as prevent the digital chaotic system to fall into short-period orbits of the generated sequences, a PRNG based on the one-dimensional logistic map was implemented on FPGA [23]. In [24], Rezk et al. proposed an FPGA-based PRNG that is using the Lü and Lorenz chaotic attractors. The PRNG based on a hyperchaotic system with a self-shrinking perturbance generator was proposed by Yang Liu et al. in [25]. A new 4D hyperchaotic oscillator was proposed by wu et al. and analyzed its nonlinear dynamic behavior. Furthermore, an analog circuit of this system is implemented on a chip for some relevant engineering applications such as information encryption [26]. A hyperchaotic system and its qualitative properties were discussed by Rajagopal et al. in [27]. This system was also implemented in FPGA to prove that the system is hardware realizable.

2.2 Linear PRNG

The linear PRNG, LCGs, and LFSRs are used for generating pseudorandom number sequences. The linear PRNGs are suitable for high-speed and low-power applications in a hardware-based cryptosystem, but there is some limitation, i.e., limitation of state and a short period of generated bit sequences. To mitigate this limitation, many-related literature surveys are presents in detail thereafter.

2.2.1 LCG-Based PRNGs

The most popular random number generation method is linear congruential on modular arithmetic. An LCG is originated on the system of linear recurrence equations, which is defined as \(x_{i + 1} = \left[ {\left( {a_1 \times x_i } \right) + x_i + b_1 } \right]{\text{mod}}2^K\), where \(a\) (the “multiplier”), \(b\) (the “increment”), where \(0 \le a\), \(b \le 2^{k - 1}\) are parameters of the generator. LCG is convenient for high-speed and low-power constraints, but it is not capable to generate more secure pseudorandom numbers. Because of this, many hardware implementations are proposed to increase the security and period.

The authors of [14] proposed the high-secure dual-CLCG algorithm-based PRBG. The dual-coupled-LCG blocks are used to design this architecture, and these blocks are designed by following recurrence relations:

$$x_{i + 1} = \left[ {\left( {a_1 \times x_i } \right) + x_i + b_1 } \right]{\text{mod}}2^n$$
(1)
$$y_{i + 1} = \left[ {\left( {a_2 \times y_i } \right) + y_i + b_2 } \right]{\text{mod}}2^n$$
(2)
$$p_{i + 1} = \left[ {\left( {a_3 \times p_i } \right) + p_i + b_3 } \right]{\text{mod}}2^n$$
(3)
$$q_{i + 1} = \left[ {\left( {a_4 \times q_i } \right) + q_i + b_4 } \right]{\text{mod}}2^n$$
(4)
$$B_i = \left\{ {\begin{array}{*{20}l} {1 } \hfill & {{\text{if}} x_{i + 1} > y_{i + 1} } \hfill \\ {0 } \hfill & {{\text{if}} x_{i + 1} < y_{i + 1} } \hfill \\ \end{array} } \right\}$$
(5)
$$C_i = \left\{ {\begin{array}{*{20}l} 1 \hfill & { {\text{if}} p_{i + 1} > q_{i + 1} } \hfill \\ {0 } \hfill & {{\text{if}} p_{i + 1} < q_{i + 1} } \hfill \\ \end{array} } \right\}$$
(6)
$$z_i = B_i , if C_i = 0$$
(7)

Here, constant parameters (\(a_1 , a_2 ,a_3 ,a_4 , b_1 ,b_2 ,b_3 ,b_4\)) and initial seeds (\(x_0 ,y_0 ,p_0 , q_0\)) are used in recurrence relation as given in corresponding Eqs. (1)–(4). The comparator output, i.e., \(B_i\) and \(C_i\) is given by Eqs. (5) and (6). The random bit sequences (\(z_i\)) are given by Eq. (7).

Authors of [15] optimized the implementation of the dual-CLCG algorithm [14] that involves arithmetic operations such as multiplication. In this architecture, the author uses the logical left shifting rather than multiplication operation, which reduces the hardware complexity of dual-coupling of LCG [14]. Therefore, Eqs. (1)–(7) can be rewritten as

$$x_{i + 1} = \left[ {\left( {2^{r1} \times x_i } \right) + x_i + b_1 } \right]{\text{mod}}2^n$$
(8)
$$y_{i + 1} = \left[ {\left( {2^{r2} \times y_i } \right) + y_i + b_2 } \right]{\text{mod}}2^n$$
(9)
$$p_{i + 1} = \left[ {\left( {2^{r3} \times p_i } \right) + p_i + b_3 } \right]{\text{mod}}2^n$$
(10)
$$q_{i + 1} = \left[ {\left( {2^{r4} \times q_i } \right) + q_i + b_4 } \right]{\text{mod}}2^n$$
(11)
$$B_i = \left\{ {\begin{array}{*{20}l} {1 } \hfill & {{\text{if}} x_{i + 1} > y_{i + 1} } \hfill \\ 0 \hfill & { {\text{if}} x_{i + 1} < y_{i + 1} } \hfill \\ \end{array} } \right\}$$
(12)
$$C_i = \left\{ {\begin{array}{*{20}l} {1 } \hfill & {{\text{if}} p_{i + 1} > q_{i + 1} } \hfill \\ 0 \hfill & { {\text{if}} p_{i + 1} < q_{i + 1} } \hfill \\ \end{array} } \right\}$$
(13)
$$z_i = B_i \oplus C_i$$
(14)

Gupta and Chauhan of [6] further optimized the implementation of the dual-CLCG algorithm [15], in which LCG blocks are designed using 2-operands modulo adder instead of 3-operands modulo adder. So, the \(n\)th bit of final addition will be calculated by XOR between \(n\)th bit of 2-operands modulo adder’s output, i.e., (\(S_{x1i} \left[ {n - 1} \right],S_{y1i}i \left[ {n - 1} \right],S_{p1i} \left[ {n - 1} \right]{\text{and}}S_{q1i} \left[ {n - 1} \right]\)) and \(n\)th bit of the shifted value of variables \((x_i , y_i , p_i {\text{and}} q_i\)), i.e., \(\left( {x_i \left[ 0 \right], y_i \left[ 0 \right], p_i \left[ 0 \right]{\text{ and}} q_i \left[ 0 \right]} \right)\) corresponding to each LCG block and given by \(\left( {S_{x2i} , S_{y2i} , S_{p2i} {\text{and}} S_{q2i} } \right)\) as shown in Eqs. (15)–(18). The values \(\left( {S_{x2i} , S_{x1i} \left[ {n - 2:0} \right]} \right)\), \(\left( {S_{y2i} , S_{y1i} \left[ {n - 2:0} \right]} \right)\), \(\left( {S_{p2i} , S_{p1i} \left[ {n - 2:0} \right]} \right)\), and \(\left( {S_{q2i} , S_{q1i} \left[ {n - 2:0} \right]} \right)\) are stored in four registers corresponding to each LCG block that hold the value for further processing. These register values are assigned to the next iterative values as given in Eqs. (19)–(22).

$$S_{x1i} \left[ {n - 1:0} \right] = b_1 \left[ {n - 1:0} \right] + x_i \left[ {n - 1:0} \right],S_{x2i} = S_{x1i} \left[ {n - 1} \right] \oplus x_i \left[ 0 \right]$$
(15)
$$S_{y1i} \left[ {n - 1:0} \right] = b_2 \left[ {n - 1:0} \right] + y_i \left[ {n - 1:0} \right],S_{y2i} = S_{y1i} \left[ {n - 1} \right] \oplus y_i \left[ 0 \right]$$
(16)
$$S_{p1i} \left[ {n - 1:0} \right] = b_3 \left[ {n - 1:0} \right] + p_i \left[ {n - 1:0} \right],S_{p2i} = S_{p1i} \left[ {n - 1} \right] \oplus p_i \left[ 0 \right]$$
(17)
$$S_{q1i} \left[ {n - 1:0} \right] = b_4 \left[ {n - 1:0} \right] + q_i \left[ {n - 1:0} \right],S_{q2i} = S_{q1i} \left[ {n - 1} \right] \oplus q_i \left[ 0 \right]$$
(18)
$$x_{i + 1} \left[ {n - 1:0} \right] = \left\{ {S_{x2i} , S_{x1i} \left[ {n - 2:0} \right]} \right\}$$
(19)
$$y_{i + 1} \left[ {n - 1:0} \right] = \left\{ {S_{y2i} ,S_{y1i} \left[ {n - 2:0} \right]} \right\}$$
(20)
$$p_{i + 1} \left[ {n - 1:0} \right] = \left\{ {S_{p2i} ,S_{p1i} \left[ {n - 2:0} \right]} \right\}$$
(21)
$$q_{i + 1} \left[ {n - 1:0} \right] = \left\{ {S_{q2i} ,S_{q1i} \left[ {n - 2:0} \right]} \right\}$$
(22)

Authors of [16] proposed the high-secure PRBG architecture based on variable-input coupled-LCG. This architecture is designed using the coupling of LCG and input seeds of these LCG blocks are change by another two LCG blocks in each iteration. Each LCG block is defining by recurrence relations. It is given by Eqs. (23)–(26). The Eqs. (2) and (24) are named as variable-input linear congruential generators, were, the variables \(p_i\) and \(q_i\) are attained from two different LCGs recurrence relations as mentioned in Eqs. (25) and (26). The random bit sequence \(Z_i\) is obtained from the inequality condition, which is given in Eq. (27). Here, \(x_0 ,{ }y_0 ,{ }p_0 {\text{, and }}q_0\) are the initialization values corresponding to each recurrence equation. The \(b_1\) and \(b_2\) are the constant parameter of LCG blocks, as shown in Eqs. (25) and (26) (Figs. 1, 2, 3, and 4).

$$x_{i + 1} = \left[ {\left( {2^{r1} \times x_i } \right) + x_i + p_i } \right]{\text{mod}}2^n \equiv f_1 \left( {x_i ,p_i } \right) {\text{mod }}2^n$$
(23)
$$y_{i + 1} = \left[ {\left( {2^{r2} \times y_i } \right) + y_i + q_i } \right]{\text{mod}}2^n \equiv f_2 \left( {y_i ,q_i } \right) {\text{mod }}2^n$$
(24)
$$p_{i + 1} = \left[ {\left( {2^{r3} \times p_i } \right) + p_i + b_1 } \right]{\text{mod}}2^n$$
(25)
$$q_{i + 1} = \left[ {\left( {2^{r4} \times q_i } \right) + q_i + b_2 } \right]{\text{mod}}2^n$$
(26)
$$Z_i = \left\{ {\begin{array}{*{20}l} {1,} \hfill & {{\text{if}}\,x_{i + 1} > y_{i + 1} } \hfill \\ {0,} \hfill & {{\text{otherwise}}} \hfill \\ \end{array} } \right\}$$
(27)
Fig. 1
figure 1

VLSI architecture of dual-CLCG-based PRBG using 3-operands modulo adder [15]

Full size image
Fig. 2
figure 2

PRBG architecture of dual-CLCG using 2-operands modulo adder [6]

Full size image
Fig. 3
figure 3

PRBG architecture is based on the variable-input coupled-LCG [16]

Full size image
Fig. 4
figure 4

PRBG architecture is based on the variable-input coupled-LCG and clock divider [17]

Full size image

Gupta and Chauhan of [17] further improve the period length, security, and hardware performance of variable-input coupled-LCG architecture [16]. It is designed using several values of seed, i.e., \(p(p_0 ,p_1 , \ldots ,p_{2^n - 2} ,p_{2^n - 1}\)) and \(q\left( {q_0 ,q_1 , \ldots ,q_{2^n - 2} ,q_{2^n - 1} } \right)\) change periodically instead of changing in every iteration. Benefits of these techniques, the sequence of \(2^{2n}\) maximum elements, i.e., {\(x_i\)} is generated by periodically changing the value of \(p\). In this method, the first \(2^n\) elements are obtained by \(x_{i + 1} = f_1 \left( {x_i ,p_0 } \right) {\text{mod }}m\), the next \(2^n\) elements are obtained as \(x_{i + 1} = f_1 \left( {x_i ,p_1 } \right) {\text{mod }}m\), and so on. After using all values of \(p\), it generates \(2^{2n}\) total elements. All value of \(p\) (from initial value) is reused to circularly continuing the process. Similarly, the sequence of \(2^{2n}\) elements, i.e., {\(y_i\)} is generated by periodically changing the value of \(q\). With this method, the first \(2^n\) elements are obtained by \(y_{i + 1} = f_1 \left( {y_i ,q_0 } \right) {\text{mod }}m\), the next \(2^n\) elements are obtained as \(y_{i + 1} = f_1 \left( {y_i ,q_1 } \right) {\text{mod }}m\), and so on. After using all values of \(q\), it generates \(2^{2n}\) total elements. Now, this sequence of \(2^{2n}\) elements {\(x_i\)} and {\(y_i\)} is computed by inequality condition to generate pseudorandom bits sequence of \(2^{2n}\) period, without paying extra resources.

3 Result and Discussion

The performance parameters in terms of FPGA resources (i.e., number of flip-flops (FFs), look-up-table (LUT), slices, and DSP blocks), timing performance (critical path delay, frequency, and bit-rate), power consumption per unit frequency, and security strength are presented in Table 1.

Table 1 Table captions should be placed above the tables
Full size table

Let us start to conclude the results obtained with different linear and nonlinear PRNGs, as demonstrated in Table 1. It appears demonstrated that the linear system-based PRNGs have the lowest area resources, high throughput, and less power consumable while maintaining the same security strength as compared with the nonlinear system (chaotic and hyperchaotic ordinary differential equations)-based PRNG approaches. These advantages leading the utility of linear system-based PRNG in lightweight IoT enable devices for cryptographic applications, i.e., better and more recommended schemes of PRNG.

The performance parameters of PRBGs belonging to the LCGs category are demonstrated in Table 1. The one that is based on the dual-coupled-LCG using two-operands modulo adder [6] has the lowest area occupation and high throughput. However, some other LCGs PRNGs can be presented as good competitors, namely (1) the variable-input coupled-LCG [16], (2) variable-input coupled-LCG with clock divider [17]-based PRBGs. Regarding the FPGA resources, throughput, the period length of the bit sequence, and security strength, the LCG-PRBG-based on variable-input coupled-LCG with clock divider [17] outperforms other linear PRNGs. In a conclusion, if we compare linear PRNGs to other PRNGs, it can play an important role in high-speed uses due to their parallel and rapidity generation.

4 Conclusion

This manuscript provided a widespread report on recent development in the FPGA implementation of RNGs. We have first recalled the different types of RNGs and discuss their properties in terms of hardware complexity, performance, and security strength. Thereafter, deeply investigate the nonlinear and linear system-based PRNG. Then, a large review of the FPGA-based PRNGs using LCGs systems is presented. For each type of PRNG, a hardware analysis regarding FPGA resources, timing performance, and security strength has been provided. Each RNG technique is discussed in detail. Finally, the performance parameter of FPGA-based PRNGs in terms of FPGA resources, frequency, throughput, power consumption, security strength, and weaknesses is presented.