The suite, called TuRiNG, addresses the challenges associated with testing PUFs, which are increasingly used in semiconductors for secure, regenerable random number generation. The numbers underpin device security, providing a basis for unique device identities and cryptographic key generation.
Unlike traditional Random Number Generators (RNGs), PUFs produce a fixed-length output, making existing tests inadequate for determining randomness, which is a fundamental requirement for a secure device root-of-trust (RoT). The new test suite adapts existing tests from the NIST 800-22 suite, making them suitable for the unique characteristics of PUFs, such as spatial dependencies and limited output length.
The suite introduces a test to ensure the independence of PUF outputs, which is crucial for maintaining cryptographic security by identifying correlated outputs. It is designed to be both comprehensive and practical, ensuring that PUFs meet randomness requirements without excessive data demands, and involves running tests in different data orderings to account for potential spatial correlations in PUF outputs.
By reducing the number of required bits for certain tests, the suite allows for more efficient testing, minimizing the risk of misrepresenting PUF quality. This development is set to change the way randomness is validated in PUFs, offering a reliable method for ensuring the security of cryptographic systems in IoT devices.
Crypto Quantique's TuRiNG open-source test suite is available as a free GitHub download and from where a detailed technical white paper can also be downloaded.