Fast Software Implementation of Serial Test and Approximate Entropy Test of Binary Sequence

Yang, Xian-wei; Zhan, Xue-qiu; Kang, Hong-juan; Luo, Ying

doi:https://doi.org/10.1155/2021/1375954

Security and Communication Networks

On this page

Abstract Introduction Experimental Results Conclusions Data Availability Conflicts of Interest References Copyright Related Articles

Research Article | Open Access

Volume 2021 | Article ID 1375954 | https://doi.org/10.1155/2021/1375954

Fast Software Implementation of Serial Test and Approximate Entropy Test of Binary Sequence

Xian-wei Yang,¹Xue-qiu Zhan,¹Hong-juan Kang,²and Ying Luo³

Academic Editor: Stelvio Cimato

Received18 Jun 2021

Revised06 Aug 2021

Accepted23 Aug 2021

Published16 Sept 2021

Abstract

In many cryptographic applications, random numbers and pseudorandom numbers are required. Many cryptographic protocols require using random or pseudorandom numbers at various points, e.g., for auxiliary data in digital signatures or challenges in authentication protocols. In NIST SP800-22, the focus is on the need for randomness for encryption purposes and describes how to apply a set of statistical randomness tests. These tests can be used to evaluate the data generated by cryptographic algorithms. This paper will study the fast software implementation of the serial test and the approximate entropy test and propose two types of fast implementations of these tests. The first method is to follow the basic steps of these tests and replace bit operations with byte operations. Through this method, compared with the implementation of Fast NIST STS, the efficiency of the serial test and approximate entropy test is increased by 2.164 and 2.100 times, respectively. The second method is based on the first method, combining the statistical characteristics of subsequences of different lengths and further combining the two detections with different detection parameters. In this way, compared to the individual implementation of these tests, the efficiency has been significantly improved. Compared with the implementation of Fast NIST STS, the efficiency of this paper is increased by 4.078 times.

1. Introduction

In cryptography, random numbers and pseudorandom numbers are widely used in applications. For example, use a randomly generated key in a cryptographic system. There are also random or pseudorandom numbers required to be used at various points in cryptographic protocols, for example, for auxiliary data in digital signatures or challenges in authentication protocols.

The random bit sequence can be explained by the result of an unbiased “fair” coin flip, with the sides of the coin marked as “0” and “1.” The probability that each flip produces a “0” or “1” is 1/2, and the results of each coin toss are independent of each other. Unbiased, fair coins are perfect random bitstream generators because 0 and 1 values will be randomly distributed, and all elements in the sequence are generated independently of each other. The value of any element in the sequence is unpredictable and has nothing to do with all previously generated elements.

The SP 800-22 [1] issued by the National Institute of Standards and Technology (NIST) discusses the randomness test of random number and pseudorandom number generators. These tests can be applied to fields such as cryptography, modeling, and simulation. In NIST SP800-22, the focus is on the need for randomness for encryption purposes and describes applying a set of statistical randomness tests. Germany released the BSI AIS 30 specification [2]. In 2009, the National Cryptography Administration (NCA) of China issued a randomness test specification [3]. In addition, research on random sequences is in full swing, and a large number of new statistical tests have been proposed [4]. There are two basic types of random sequence generators: random number generator (RNG) and pseudorandom number generator (PRNG) [5]. In cryptographic applications, both generators produce zero and a stream divided into subsequences or blocks.

These tests can be used to evaluate the data stream generated by the cryptographic algorithm, thereby providing useful reference data for the theoretical analysis of the algorithm [6–8]. This approach can reduce the workload of theoretical analysis and detect security risks that cannot be found by other analytical methods. For example, in the competition of AES [9, 10], randomness detection is used to evaluate candidate cryptographic algorithms [11]. ZUC [12, 13] has officially become a cryptographic algorithm of LTE and executed many randomness tests. Parameter of these detections can be recommended or be adjusted [14–16].

Some researchers study the rapid implementation of all NIST STS tests and achieved interesting speedups in most of the tests [17]. Q-value is introduced, and the distribution of Q-value is closer to a uniform distribution than value, which can reduce the false detection rate [18]. When the runs distribution test is applied on some well-known good deterministic random bit generators (DRBGs), the test results show apparent bias from randomness [19]. A new DFT test method for the long sequence is proposed, and this DFT test reconstructs the statistics to follow the chi-square distribution [20].

In this paper, we study the fast implementation of the serial test and the approximate entropy test and propose two types of fast implementation of these tests. The first fast implementation method is to follow the basic steps according to these tests. In this implementation, the efficiency of the serial test and the approximate entropy test is increased by 2.164 and 2.100 times, respectively, compared with the basic implementation. The second one is to merge these tests. Relative to the individual implementation of these tests, the efficiency has been improved in this implementation. Compared with the basic implementation, the best efficiency of this method is increased by 4.078 times, and the effect is significant.

This paper is organized as follows. Section 2 presents an introduction to these statistical tests. Section 3 discusses the serial test, the approximate entropy test, and the basic implementation. Sections 4 and 5 present two types of fast implementation of these tests. Section 6 presents the software implementation results of these methods. Section 7 concludes the paper.

2. Introduction of Statistical Tests

By performing various statistical tests on the sequences, it is possible to compare and evaluate sequences with random sequences. Both characterization and description of the properties of random sequences can be done through probability. There are countless possible statistical tests to assess the presence or absence of a pattern, which indicates that the sequence is nonrandom. These test methods are designed for the different characteristics of the sequence, mainly based on the different focus of the sequence characteristics, and there are also some test methods that have no significant differences in the principles. Therefore when choosing a randomness test method, it is necessary to consider all aspects of the random characteristics of the test sequence, but also to take into account the efficiency of the test. In addition, one must be careful when interpreting the results of statistical tests to avoid erroneous conclusions about specific generators [21].

The randomness of the test sequence is essential to test whether it is truly random or the gap between it and true randomness. Randomness testing usually uses hypothesis testing. Hypothesis testing is to propose certain assumptions about the population in order to infer certain properties of the population when the population distribution is unknown or only its form is known. However, its parameters are not known, and then, make judgments on the proposed hypotheses based on the sample. Random hypothesis testing means that a certain aspect of a truly random sequence conforms to a specific distribution. If the sequence to be tested is random, then the sequence to be tested should also conform to this specific distribution in this respect. Take a certain statistical value V of a random sequence that conforms to the chi-square distribution with n degrees of freedom as an example. Null hypothesis (null hypothesis) H₀: the sequence is random if the statistical value V of the sequence to be tested obeys the χ²(n) distribution. Alternative hypothesis H_α: the sequence is not random if the statistical value V of the sequence to be tested does not obey the χ2(n) distribution. The opposite of this null hypothesis is the alternative hypothesis, which is that the sequence is not random. By testing each application, a decision or conclusion is derived. Based on the generated sequence, determine whether to accept the null hypothesis H₀. Under the original hypothesis, the theoretical reference distribution of the statistical data is determined by mathematical methods, and the critical value is determined. During the test, the statistical value of the tested sequence is calculated and compared with the critical value. If the test statistic value does not exceed the critical value, the null hypothesis H₀ of randomness is accepted. Otherwise, accept the alternative hypothesis H_a.

There are two possible outcomes of statistical hypothesis testing, namely, accepting H₀ or accepting H_a.

Two types of errors may occur with this method. First, if the data is random, then we conclude that the data is nonrandom. This conclusion is called a type I error. Second, if the data is nonrandom, then we conclude that the data is random. This conclusion is called a type II error. The probability of a type I error is called the significance level of the test, and this probability is usually denoted as α. Typically, α is selected in the range of [0.001, 0.01], and the value of α in cryptography is about 0.01. In the test, α is the probability that when the test shows that the sequence is truly random, it is not a random sequence. The probability of a type II error is usually denoted as β. In the test, β is the probability that the test will indicate that the sequence is random when it is not. β is not a fixed value, which is different from α. There are many ways to select data, they can be nonrandom, and each different way can produce different β. One of the main goals of the test is to minimize the possibility of making type II errors. Table 1 below correlates the true state of the data with the test conclusion.

In order to reflect the strength of the evidence against the null hypothesis, the value can be calculated using test statistics. In all tests, the value is the probability that the sequence generated by the perfect random number generator has less randomness than the sequence to be tested. When the sequence seems to have perfect randomness, the value is equal to 1, and when the sequence seems to be completely nonrandom, the value is equal to 0. When the value ≥α, the null hypothesis H₀ is accepted, which means that the sequence appears to be random. When the value <α, the alternative hypothesis H_a is accepted, which means that the sequence appears nonrandom.

In the test, the value can be calculated with the test statistic. The value represents the probability that the sequence generated by the perfect random number generator is less random than the sequence being tested. When the value is 1, it means that the sequence seems to have perfect randomness, and when the value is 0, it means that the sequence seems to be completely nonrandom. When ≥α, it means that the null hypothesis is credible, which reflects that the sequence seems to be random. When <α, it means that the null hypothesis is unreliable, which reflects that the sequence seems to be nonrandom. The value is the strength of evidence for accepting the null hypothesis.

The NIST SP800-22 is a statistical test suite consisting of 16 tests, and the test suite of NCA consists of 15 tests. Table 2 lists all of the tests. Serial test and approximate entropy test are the tests of the two test suites.

3. Serial Test and Approximate Entropy Test

3.1. Definitions and Symbols

Table 3 lists all of the symbols and their meanings used in this paper.

The establishment of the incomplete gamma function is based on the approximate formula [22], which can be approximated by continuous fraction expansion or series expansion according to the values of its parameters a and x.

Gamma function and incomplete gamma function are defined as

3.2. Serial Test

This section describes the serial tests, such as the test description, the technical details, the testing strategy, and the purpose of this test.

The frequency of all possible m-bit subsequences in the entire sequence is the focus of the serial test. From the results of this test, it can be determined whether the frequency of occurrence of the 2^mm-bit subsequences of the random sequence is roughly in line with expectations. The probability of all subsequent m-bit in the random sequence is the same, and when m is 1, the serial test has the same utility as the frequency test.

For different values of n, the sequence is expanded by appending the first m-1 bits to the end of the sequence to form an expanded sequence . The serial test is based on testing the uniformity of distributions of subsequences of given lengths in the circularised string . Set

Here, . Thus, is a type of statistic, but it is a common mistake to assume that has the distribution. The corresponding generalized serial statistics for the testing of randomness are and :

Then, and have the distribution with and degrees of freedom, respectively. Thus, for small values of m, , one can find the corresponding 2m values from the standard formulas:

Denote by the frequency of m-bit pattern , the frequency of -bit pattern , and the frequency of -bit pattern , respectively.

The steps of the serial test (Algorithm 1) are as follows.

	Input: a binary sequence of length n. m is the bit length of subsequence.
Output: pass or not.
Step 1: extend the sequence by appending the first bits to the end of the sequence
Step 2: determine , , and and the frequency of all possible m-bit, -bit, and -bit subsequence, respectively.
Step 3: compute , , and . . .
Step 4: compute and . .
Step 5: compute values. .
Step 6: if and , the sequence passes the test. Otherwise, return not pass.

Note that choose m such that . The bit length of subsequence m and the sample length n are proposed and in specification [3], respectively.

3.3. Approximate Entropy Test

The frequency of all possible overlapping m-bit patterns in the sequence is the focus of the approximate entropy test. Through this test, the frequency of two adjacent lengths’ (m and m + 1) subsequences can be compared with the expected result.

The repetitive pattern in the string is a feature of approximate entropy. Set

The approximate entropy , , is defined aswith .

measures the logarithmic frequency with which blocks of length m that are close together. Thus, a smaller value indicates strong regularity in the sequence, while larger values indicate irregularities in the sequence.

For a fixed block length m, one should expect that, in long random strings, . The limited distribution is consistent with the distribution of a random variable with 2m degrees of freedom. This fact provides the basis for statistical testing. Thus, with ), the reported value is

The steps of the approximate entropy (Algorithm 2) test are as follows.

Input: a binary sequence of length n. m is the bit length of subsequence
Output: pass or not
Step 1: extend the sequence by appending the first m-1 bits to the end of the sequence .
Step 2: determine the frequency of all possible m-bit subsequences.
Step 3: compute , for each value of i. .
Step 4: compute .
Step 5: repeat Steps 1–4, replacing m by m+1.
Step 6: compute with .
Step 7: compute values. .
Step 8: if , the sequence passes the test. Otherwise, return not pass.

Note that choose m such that . The bit length of subsequence m and the sample length n are proposed and in specification [3], respectively.

The second step of the serial test and the approximate entropy test is to determine the frequency of all possible m-bit subsequences of . Algorithm 3 is a basic implementation of Step 2 based on bits’ operations.

Input: A extended binary sequence of length . m is the bit length of subsequence.
Output:, for each value of .
Step 1: , for each value of i.
Step 2: for , do: 2.1 . 2.2 for , do: . 2.3 .
Step 3: return , for each value of .

We note by LOAD the data loading operation. Left and right shifts will be denoted SHIFT. By CMP means the compare operation.

The computational complexity of Algorithm 3 is LOAD, ADD, SHIFT, and OR. The computational complexity of Algorithm 4 is LOAD, ADD, SUB, SHIFT, AND, OR, and CMP.

Input: a extended octet string of octet length . m is the bit length of subsequence.
Output:, for each value of .
Step 1: , for each value of i. .
Step 2: for , do: 2.1 . 2.2 for , do. if , then: if , then:
Step 3: return , for each value of .

4. Fast Implementation

4.1. Hotspots

After determining the key parts of the program, we can start to optimize the code. During the running of the program, there are two situations for time allocation. In some programs, more than 99% of the time is used for inner loop calculations. In other programs, 99% of the time is used to read and write data, and less than 1% of the time is used to calculate the data. It is important to optimize these parts of the code instead of the parts of the code that spend a small amount of time. Optimizing the less critical parts of the code not only wastes time but also makes the code more difficult to maintain.

We can use the profiler in the compiler to profile how much time each function costs. It can also be done with third-party analyzers, such as AQtime, Intel VTune, and AMD Code Analyst.

Due to the short time interval, time measurement requires very high resolution. Users can use the QueryPerformanceCounter or GetTickCount functions for millisecond resolution in Windows. Use the time stamp counter in the CPU to get a higher resolution RDTSC. This instruction counts at the CPU clock frequency.

We need to identify the most time-consuming hotspots of the basic implementation of the serial test and the approximate entropy test. The Hotspots analysis helps understand these tests and identify steps that take a long time to execute (hotspots). Intel VTune amplifier identifies that Step 2 of the serial test is the most time-consuming hotspot of this test. In the serial test, this step determines , , and and the frequency of all possible m-bit, -bit, and -bit subsequence, respectively. Then, the Intel VTune amplifier identifies that Step 2 of the approximate entropy test is the most time-consuming hotspots of this test. This step determines the frequency of all possible m-bit subsequences.

All the operations of Algorithm 3 are based on bit operations, which seriously reduce the performance of these tests.

In practice, a binary sequence is in the form of an octet string. This octet string needs to be converted into a bit string, and then, the bit string is sent into Algorithm 3 to determine the frequency of all possible m-bit subsequences.

Algorithm 3 is replaced by bit operations with byte operations, and the performance will be significantly improved.

4.2. Fast Implementation Based on Octet Operation

In practice, a binary sequence is almost in the form of the octet string, so we assume that n is divided by The random byte is a byte sequence formed by combining random bits by bit-by-bit splicing.

Denote the octet string of the binary sequence of length n, with , . Because the value of the parameter m is less than 8, the extended octets are not more than one octet (8 bits). Extend the sequence by appending the first octet to the end of the octet string and to form the augmented octet string . Algorithm 4 determines the frequency based on multiple bits’ operations.

4.3. Analysis of Computational Complexity

This section analyses and compares the number of arithmetic operations of the above algorithms. Because Step 2 is the most time-consuming, so the main task is to analyze the computational complexity of Algorithm 3 based on bit string and bit operations and Algorithm 4 based on octet string and multibit operations.

Unroll Step 2.2 of Algorithm 4, which can reduce many operations. The CMP operation is clear, and the left and right shift number does not need to be calculated. The computational complexity is reduced to LOAD, ADD, SHIFT, AND, and OR.

The efficiency of the loop depends on the microprocessor’s ability to predict the control branch of the loop. A loop with a small and fixed repeat count and no branches inside can be predicted perfectly. It is best to avoid loop unrolling on processors with microoperation cache because it is important to save the use of microoperation cache. The unrolled loop takes up more space in the code cache or microoperation cache. If there are specific advantages to be gained, such as eliminating the if branch, the programmer should manually unroll a loop.

Loop unrolling of Algorithm 4 has many advantages. Then, if the branch is eliminated, the CMP operation is removed, and the left and right shift numbers are cleared.

The computational complexity of Algorithm 3 (based on bit string) and Algorithm 4 (based on octet string) is provided in Table 4.

For example, when the value of m is 3, the execution numbers of Algorithms 3 and 4 are and , respectively.

The serial test determines the frequency of all possible j-bit patterns, with . In Algorithm 3 (based on bit string), the sum of operations of the serial test (with ) is

In Algorithm 4 (based on octet string), the sum of operations of the serial test (with ) is

In contrast to the number of arithmetic operations of the above two algorithms, it is shown that Algorithm 4 based on the octet string is superior to Algorithm 3 based on bit string, in the serial test. Table 5 shows the number of arithmetic operations of the above two algorithms.

The approximate entropy test determines the frequency of all possible j-bit patterns, with . In Algorithm 3 (based on bit string), the sum of operations of the approximate entropy test is

In Algorithm 4 (based on octet string), the sum of operations of the approximate entropy test is

In contrast to the number of arithmetic operations of the above two algorithms, it is shown that Algorithm 4 based on octet string is superior to Algorithm 3 based on bit string, in the approximate entropy test. Table 6 shows the number of arithmetic operations of the above two algorithms.

However, different instructions cost different cycles. Integer operations are usually very fast. On most microprocessors, most simple integer operations (such as addition, subtraction, comparison, bit operations, and shift operations) only take one clock cycle. Multiplication and division require longer clock cycles. Usually, integer multiplication requires 3-4 clock cycles, and integer division requires 40–80 clock cycles. In addition, it may take longer to access data from RAM compared to the time required to perform calculations on the data. If it is cached, it only takes 2-3 clock cycles to read or write the variables in the memory, while if it is not cached, it takes hundreds of clock cycles [23]. So, the exact time consuming of these algorithms needs to do many different experiments.

5. Further Optimizing

5.1. Merging These Two Tests

As mentioned earlier, accessing data from RAM may take longer than the time it takes to perform calculations on the data. This is why all modern computers have a memory cache. Generally, there are a level 1 data cache, a level 2 cache, and a level 3 cache. If the total size of all data in the program is greater than the level 2 cache and the data is scattered in the memory or accessed in a nonsequential manner, memory access may be the largest time-consuming operation in the program. If it is cached, it only takes 2-3 clock cycles to read or write a variable in the memory, while if it is not cached, it takes hundreds of clock cycles.

The sequence size is 125000 bytes, which is bigger than most of the level-1 cache, so these data cannot be cached. Loading sequence data in memory costs many clock cycles, and memory access is the time-consuming operation (hotspots) in these tests. The size of the sequence cannot be reduced, and the cache of the CPU is fixed. The best thing we can do is reduce the loading times of data to improve the performance of these tests. Many specifications propose to perform both the serial test and the entropy test.

Step 2 of the serial test and Step 2 of the approximate entropy test have similar functions and call the same algorithm so that these tests may be merged. The values of m are proposed in specification [3]. In the serial test, the values are , which need to determine the frequency of 1-bit, 2-bit, 3-bit, 4-bit, and 5-bit pattern. In the approximate entropy test, the values are , which need to determine the frequency of 2-bit, 3-bit, 5-bit, and 6-bit pattern so one can determine the frequency of i-bit patterns, with .

There are many benefits to the merger of the six cases. Firstly, lots of the same operations of Algorithm 4 can be combined. For example, the large number of loading operations only need to execute one time with , and the loading data operations reduce , which enhances the efficiency of data. Secondly, the number of calling algorithms can be greatly reduced, which further speeds up the test performance.

Algorithm 5 shows the emerged test based on multibit, which is the merger of the serial test and the approximate entropy test.

Input: an octet string of octet length .
Output: pass or not pass
Step 1: extend the sequence by appending the first octet to the end of the sequence .
Step 2: call Algorithm 6 to determine the frequency of all possible j-bit pattern, with .
Step 3: compute , . .
Step 4: compute and , . .
Step 5: compute values of the serial test, .
Step 6: pass the serial test, if , , . Otherwise, not pass.
Step 7: compute , for each value of i.
Step 8: compute , , .
Step 9: compute with , .
Step 10: compute values of the approximate entropy test. , .
Step 11: pass the approximate entropy test, if , . Otherwise, not pass.

Algorithm 6 shows the merger of the six cases, which determine the frequency of the i-bit pattern, with .

Input: a extended octet string of octet length .
Output:, for each value of , .
Step 1: , for each value of , . , .
Step 2: For , do: 2.1 2.2 for , do for do. .
Step 3: Return .

In Step 2.2, the conditions of j are and , which ensure the validity of the results. For example, k = 13, (j = 2) is valid, and (j = 3) is invalid. It is recommended to unroll the loop of j and k in programming, reducing lots of operations.

The codes of Algorithm 6 are shown in Appendix, with loop unrolling.

5.1.1. Computational Complexity

This section analyses the number of arithmetic operations of the above algorithms.

Algorithm 5 shows the emerged test based on multibit, which is the merger of the serial test and the approximate entropy test. The most time-consuming step of this test still is Step 2, which calls Algorithm 6, to determine the frequency of all possible j-bit patterns, with . In Algorithm 6, Step 1 and Step 3 do basic operations, and Step 2 is the crucial step and the most time-consuming step.

The computational complexity of Algorithm 6 is LOAD, ADD, SHIFT, AND, and OR. The details are provided in Table 7.

In the implementation of these two tests, different algorithms have different performances. Table 8 lists the number of operations of Algorithms 3, 4, and 6 in the serial test and the approximate entropy test.

6. Experimental Results

This section shows the experimental results of the above algorithm. In contrast to the performance of these algorithms, it is shown that Algorithm 4 (based on octet string) and Algorithm 6 (based on the merger of these tests) are superior to Algorithm 1 (based on bit string).

At first, it shows the way to perform analysis of the above algorithms. The first step is to set a time counter before the algorithm to be analyzed, and set another time counter after the algorithm. Then, run the application and get the elapsed time . Repeat Step 1 and Step 2 k times (k is odd), and get multiple values of the elapsed time . By the descending order of these values, , and the intermediate value is the elapsed time of the algorithm.

We can use the command RDTSC to get the current time. RDTSC instruction loads the current value of the processor’s time stamp counter (64-bit counter). The processor monotonically increments the timestamp counter every clock cycle and resets it to 0 every time the processor is reset. The RDTSC instruction is not serialized. It does not have to wait until all previous instructions have been executed to read the counter.

We measure our algorithms and these tests on a personal computer. This computer has one Intel Core i3-3240@ 3400 MHz CPU with four cores. Measurements use one core. The compiler used to compile our C code is Intel C++ Compiler XE 12.0.

The input data of Algorithm 3 is a bit string of length 1000000, and the input data of Algorithms 4 and 8 is the octet string of byte length 125000, which is converted from that binary string.

Algorithm 3 (based on bit string) and Algorithm 4 (based on octet string) can be used to determine the frequency of the m-bit pattern. Algorithm 6 (based on octet string) can be used to determine the frequency of the i-bit pattern with .

In the serial test, one should determine the frequency of 1-bit, 2-bit, 3-bit, 4-bit, and 5-bit patterns. In the approximate entropy test, one should determine the frequency of 2-bit, 3-bit, 5-bit, and 6-bit patterns. Algorithm 6 can complete this task.

On the same test platform, we use the NIST STS source code provided by NIST, the source code of Fast NIST STS from [17], and the implementation of this paper to test serial test and approximate entropy test. Table 9 shows the performance of the original implementation NIST STS, the implementation Fast NIST STS from [17], and our new implementation.

The original implementation of NIST STS is based on bits when performing serial tests and approximate entropy tests. This makes the detection time increase significantly when m increases. For example, when m = 2, it takes 32.844 milliseconds to perform the serial test, and when m = 9, the time increases to 169.163 milliseconds. In addition, the original implementations of NIST STS and Fast NIST STS both perform detection for a single parameter m when performing serial tests and approximate entropy tests. This makes m = 2 and m = 5 need to perform corresponding tests, respectively.

It can be seen from Table 9 that the efficiency of the serial test and the approximate entropy test are increased by 2.164 and 2.100 times separately, compared with the implementation of Fast NIST STS, and the execution efficiency of the merge test has been significantly improved. Its execution time is very close to that of the serial test or approximate entropy test alone. At the same time, the efficiency of the merge test reached 4.078 times that of Fast NIST STS.

In most applications, all the detection items of the test suit need to be executed. Therefore, the algorithm proposed in this paper has very important value in practical applications and can significantly reduce the execution time of these two detection algorithms.

7. Conclusions

In this paper, we study the fast implementation of the serial test and the approximate entropy test and propose two types of fast implementation of these tests.

The first fast implementation method is to follow the basic steps according to these tests and then call Algorithm 4 to determine the frequency of the m-bit pattern. In this implementation, the efficiency of the serial test and the approximate entropy test are increased by 2.164 and 2.100 times separately, compared with the implementation of Fast NIST STS. The second one is to merge these tests, combine the steps, and call Algorithm 6 to determine the frequency of all the possible values of m. In this implementation, the efficiency has been greatly improved relative to the individual implementation of these tests, and the improvement is much more significant compared with the basic implementation based on bits’ operations. The best efficiency of this method is increased by 4.078 times, comparing to the implementation of Fast NIST STS.

In conclusion, we propose the fast implementation method based on merging tests and combining the frequency of the subsequences. This method not only can be used in the merging test but also can be used to only do the serial test or only do the approximate entropy test.

Data Availability

The raw/processed data required to reproduce these findings cannot be shared at this time as the data also form part of an ongoing study.

Conflicts of Interest

The authors declare that they have no conflicts of interest regarding the publication of this article.

References

A. Rukhin, J. Soto, J. Nechvatal, M. Smid, and M. Barker, “A statistical test suite for the validation of random number generators and pseudo random number generators for cryptographic applications,” 2010, [EB/OL]. Version STS-2.1, NIST Special Publication 800-22rev1a.
View at: Google Scholar
BSI AIS-20 and AIS-30, Application Notes and Interpretation of the Scheme Functionality Classes and Evaluation Methodology for Deterministic and Physical Random Number Generators, German Federal Office for Information Security, Berlin, Germany, 2008.
National Cryptography Administration, Randomness Test Specification, National Cryptography Administration, Beijing, China, 2009.
B. Y. Ryabko and A. I. Pestunov, ““Book stack” as a new statistical test for random numbers,” Problems of Information Transmission, vol. 40, no. 1, pp. 66–71, 2004.
View at: Publisher Site | Google Scholar
E. Barker and J. Kelsey, “Recommendation for random number generation using deterministic random bit generators, [EB/OL]. revision 1, NIST special publication 800-90Ar1,” 2015, http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A.
View at: Google Scholar
H. Chen, Security Test on Cryptographic Algorithms and Design of Key Cryptographic Components, Institute of Software, Chinese Academy of Sciences, Beijing, China, 2004.
E. Filiol, “A new statistical testing for symmetric ciphers and hash functions,” in Proceedings of International Conference on Information and Communications Security, pp. 342–353, Singapore, December 2002.
View at: Publisher Site | Google Scholar
F. Pareschi, R. Rovatti, and G. Setti, “On statistical tests for randomness included in the NIST SP800-22 test suite and based on the binomial distribution,” IEEE Transactions on Information Forensics and Security, vol. 7, no. 2, pp. 491–500, 2012.
View at: Publisher Site | Google Scholar
J. Daemen and V. Rijmen, The Design of Rijndael: AES-the Advanced Encryption Standard, Springer, Heidelberg, Germany, 2002.
D. G. Feng and W. L. Wu, Design and Analysis of Block Cipher, Tsinghua University Press, Beijing, China, 2000.
J. Soto and B. H. Lawrence, Randomness Testing of the Advanced Encryption Standard Finalist Candidates, Computer Security Division, NIST, Gaithersburg, ML, USA, 2000.
ETSI/SAGE, TS 35.222 Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3, Document 2: ZUC Specification [S/OL],, 2011, http://www.3gpp.org/DynaReport/35-series.htm.
X. T. Feng, “ZUC algorithm: 3GPP LTE international encryption standard,” Information Security and Communications Privacy, vol. 9, no. 12, pp. 45-46, 2012.
View at: Google Scholar
W. W. Tsang, L. C. K. Hui, and K. P. Chow, “Tuning the collision test for power,” in Proceedings of the 27th Australasian Conference on Computer Science, pp. 23–30, Australian Computer Society, New Zealand, Oceania, January 2004.
View at: Google Scholar
K. Hamano and T. Kaneko, “Correction of overlapping template matching test included in NIST randomness test suite,” IEICE-Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. 90, no. 19, pp. 1788–1792, 2007.
View at: Publisher Site | Google Scholar
F. Pareschi, R. Rovatti, and G. Setti, “Second-level NIST randomness tests for improving test reliability,” in Proceedings of the 2007 IEEE International Symposium on Circuits and Systems, pp. 1437–1440, New Orleans, LA, USA, May 2007.
View at: Google Scholar
M. Sys and Z. Riha, “Faster randomness testing with the NIST statistical test suite,” in Proceedings of the International Conference on Security, Privacy, and Applied Cryptography Engineering, pp. 272–284, Springer, Pune, India, October 2014.
View at: Publisher Site | Google Scholar
J. Zhuang, Y. Ma, S. Y Zhu, J. Q. Lin, and J. W. Jing, “Q_Value test: a new method on randomness statistical test,” Journal of Cryptologic Research, vol. 3, no. 2, pp. 192–201, 2016.
View at: Publisher Site | Google Scholar
L. M. Fan, H. Chen, M. H. Chen, and S. Gao, “Corrected runs distribution test for pseudorandom number generators,” Electronics Letters, vol. 52, no. 4, pp. 281–283, 2016.
View at: Publisher Site | Google Scholar
M. H. Chen, H. Chen, L. M. Fan, S. F. Zhu, and D. G. Feo, “A new discrete Fourier transform randomness test,” Science China(Information Sciences), vol. 62, no. 3, pp. 90–105, 2019.
View at: Publisher Site | Google Scholar
A. J. Menezes, P. C. V. Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, USA, 1997.
W. Press, S. Teukolsky, and W. Vetterling, Numerical Recipes in C: The Art of Scientific Computing, Cambridge University Press, Cambridge, England, 2nd edition, 1993.
I. Corporation, “Intel advanced vector extensions programming preference [EB/OL],” 2011, https://software.intel.com/sites/default/files/m/f/7/c/36945.
View at: Google Scholar

Copyright

Copyright © 2021 Xian-wei Yang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

546

Downloads

452

Citations