Full download text book at textbookfull.

com

Smart Card Research and Advanced

Applications 12th International
Conference CARDIS 2013 Berlin Germany
November 27 29 2013 Revised Selected
Papers 1st Edition Aurélien
DOWLOAD HERE Francillon
https://textbookfull.com/product/smart-card-
research-and-advanced-applications-12th-
international-conference-cardis-2013-berlin-
germany-november-27-29-2013-revised-selected-
papers-1st-edition-aurelien-francillon/

DOWLOAD NOW

Download more textbook from textbookfull.com

More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Smart Card Research and Advanced Applications 14th

International Conference CARDIS 2015 Bochum Germany
November 4 6 2015 Revised Selected Papers 1st Edition
Naofumi Homma
https://textbookfull.com/product/smart-card-research-and-
advanced-applications-14th-international-conference-
cardis-2015-bochum-germany-november-4-6-2015-revised-selected-
papers-1st-edition-naofumi-homma/

Smart Card Research and Advanced Applications 16th

International Conference CARDIS 2017 Lugano Switzerland
November 13 15 2017 Revised Selected Papers 1st Edition
Thomas Eisenbarth
https://textbookfull.com/product/smart-card-research-and-
advanced-applications-16th-international-conference-
cardis-2017-lugano-switzerland-november-13-15-2017-revised-
selected-papers-1st-edition-thomas-eisenbarth/

Information Security and Cryptology ICISC 2013 16th

International Conference Seoul Korea November 27 29
2013 Revised Selected Papers 1st Edition Hyang-Sook Lee

https://textbookfull.com/product/information-security-and-
cryptology-icisc-2013-16th-international-conference-seoul-korea-
november-27-29-2013-revised-selected-papers-1st-edition-hyang-
sook-lee/

Simulation and Modeling Methodologies Technologies and

Applications International Conference SIMULTECH 2013
Reykjavík Iceland July 29 31 2013 Revised Selected
Papers 1st Edition Mohammad S. Obaidat
https://textbookfull.com/product/simulation-and-modeling-
methodologies-technologies-and-applications-international-
conference-simultech-2013-reykjavik-iceland-
e Infrastructure and e Services for Developing
Countries 5th International Conference AFRICOMM 2013
Blantyre Malawi November 25 27 2013 Revised Selected
Papers 1st Edition Tegawendé F. Bissyandé
https://textbookfull.com/product/e-infrastructure-and-e-services-
for-developing-countries-5th-international-conference-
africomm-2013-blantyre-malawi-november-25-27-2013-revised-
selected-papers-1st-edition-tegawende-f-bissyande/

Formal Aspects of Component Software 10th International

Symposium FACS 2013 Nanchang China October 27 29 2013
Revised Selected Papers 1st Edition José Luiz Fiadeiro

https://textbookfull.com/product/formal-aspects-of-component-
software-10th-international-symposium-facs-2013-nanchang-china-
october-27-29-2013-revised-selected-papers-1st-edition-jose-luiz-
fiadeiro/

Personal Satellite Services 5th International ICST

Conference PSATS 2013 Toulouse France June 27 28 2013
Revised Selected Papers 1st Edition Pietrofrancesco
Apollonio
https://textbookfull.com/product/personal-satellite-services-5th-
international-icst-conference-psats-2013-toulouse-france-
june-27-28-2013-revised-selected-papers-1st-edition-
pietrofrancesco-apollonio/

Informatics in Control Automation and Robotics 10th

International Conference ICINCO 2013 Reykjavík Iceland
July 29 31 2013 Revised Selected Papers 1st Edition
Jean-Louis Ferrier
https://textbookfull.com/product/informatics-in-control-
automation-and-robotics-10th-international-conference-
icinco-2013-reykjavik-iceland-july-29-31-2013-revised-selected-
papers-1st-edition-jean-louis-ferrier/

Information and Communication Technologies in Education

Research and Industrial Applications 9th International
Conference ICTERI 2013 Kherson Ukraine June 19 22 2013
Revised Selected Papers 1st Edition Wolf-Ekkehard
Matzke (Auth.)
https://textbookfull.com/product/information-and-communication-
technologies-in-education-research-and-industrial-
applications-9th-international-conference-icteri-2013-kherson-
 Aurélien Francillon
Pankaj Rohatgi (Eds.)
LNCS 8419

Smart Card Research and

Advanced Applications
12th International Conference, CARDIS 2013
Berlin, Germany, November 27–29, 2013
Revised Selected Papers

123
Lecture Notes in Computer Science 8419
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board
David Hutchison
Lancaster University, Lancaster, UK
Takeo Kanade
Carnegie Mellon University, Pittsburgh, PA, USA
Josef Kittler
University of Surrey, Guildford, UK
Jon M. Kleinberg
Cornell University, Ithaca, NY, USA
Alfred Kobsa
University of California, Irvine, CA, USA
Friedemann Mattern
ETH Zurich, Zürich, Switzerland
John C. Mitchell
Stanford University, Stanford, CA, USA
Moni Naor
Weizmann Institute of Science, Rehovot, Israel
Oscar Nierstrasz
University of Bern, Bern, Switzerland
C. Pandu Rangan
Indian Institute of Technology, Madras, India
Bernhard Steffen
TU Dortmund University, Dortmund, Germany
Demetri Terzopoulos
University of California, Los Angeles, CA, USA
Doug Tygar
University of California, Berkeley, CA, USA
Gerhard Weikum
Max Planck Institute for Informatics, Saarbruecken, Germany

For further volumes:

http://www.springer.com/series/7410
Aurélien Francillon Pankaj Rohatgi (Eds.)
•

Smart Card Research

and Advanced Applications
12th International Conference, CARDIS 2013
Berlin, Germany, November 27–29, 2013
Revised Selected Papers

123
Editors
Aurélien Francillon Pankaj Rohatgi
EURECOM Cryptography Research Inc.
Biot San Francisco, CA
France USA

ISSN 0302-9743 ISSN 1611-3349 (electronic)

ISBN 978-3-319-08301-8 ISBN 978-3-319-08302-5 (eBook)
DOI 10.1007/978-3-319-08302-5
Springer Cham Heidelberg New York Dordrecht London

Library of Congress Control Number: 2014941234

LNCS Sublibrary: SL4 – Security and Cryptology

 Springer International Publishing Switzerland 2014

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with
reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed
on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or
parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in its
current version, and permission for use must always be obtained from Springer. Permissions for use may be
obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under
the respective Copyright Law.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
While the advice and information in this book are believed to be true and accurate at the date of publication,
neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or
omissions that may be made. The publisher makes no warranty, express or implied, with respect to the
material contained herein.

Printed on acid-free paper

Springer is part of Springer Science+Business Media (www.springer.com)

 Preface

These proceedings contain the revised versions of the papers selected for presentation
at CARDIS 2013, the 12th Smart Card Research and Advanced Application Con-
ference, organized by the Chair for Security in Telecommunications (SecT), Technical
University of Berlin, and held at the Moevenpick Hotel, Berlin, Germany.
The CARDIS conference, first held in Lille, France, in 1994, will turn 20 next year.
Over these years, as smart cards became a pervasive, foundational technology for
bootstrapping security and trust, CARDIS became the foremost international con-
ference dedicated to research on all aspects of smart cards and their applications,
including hardware design, operating systems, application software, security proto-
cols, as well as physical and system security.
The conference provides an unparalleled forum for researchers from academia,
industry, testing labs, and government organizations to present and discuss exploratory
research and novel advances in this area. Its unique format allows authors to incor-
porate these discussions and feedback into the final papers that are published here.
This year, the CARDIS Program Committee reviewed 47 submissions and selected
17 papers for presentation at the conference. Each paper received at least three
reviews and all submissions by the Program Committee members received at least five
reviews. This task was performed by the 38 members of the Program Committee
members with the help of 70 external reviewers. The technical program also featured
three invited talks. The first invited speaker, Prof. Srdjan Capkun, from ETH, Zurich,
presented ‘‘Selected Topics in Wireless Physical Layer Security’’. The second invited
speaker, Dr. Mathias Wagner, Fellow and Chief Security Technologist at NXP
Semiconductors, spoke about ‘‘Security in Industry — When is Good, Good
Enough?’’. The third invited speaker, Mr. Olivier Thomas from Texplained, SARL,
spoke on the topic of ‘‘Adequate Security’’.
CARDIS 2013 owes its success to the hard work and dedication of a number of
people, and we would like to use this opportunity to thank them for their service. First
and foremost, we would like to thank the members of the Program Committee and the
external reviewers for conducting the task of evaluating and discussing the submis-
sions with professionalism and within a short and abbreviated timeline. We are very
grateful to Jean-Pierre Seifert, the general chair of CARDIS 2013, and his excellent
team including Kevin Redon, Claudia Petzsch, and Juliane Kraemer for their flawless
conference management. We are especially grateful to Kevin Redon for managing the
conference website and making our task easier. We thank the CARDIS Steering
Committee for giving us the privilege of serving as program chairs of this premier
conference, and we especially thank Prof. Jean-Jacques Quisquater for organizing and
publicizing this event and for his help and guidance throughout the process. Last, not
least, we thank all the authors who submitted papers and all the attendees who con-
tributed to the discussions and made the conference a memorable event.

November 2013 Aurélien Francillon

Pankaj Rohatgi
 Organization

CARDIS 2013 was organized by the Chair for Security in Telecommunications

(SecT), Technical University of Berlin.

Executive Committee

Conference General Chair

Jean-Pierre Seifert TU Berlin and Deutsche Telekom Laboratories,

TU Berlin

Conference Program Co-chairs

Aurélien Francillon EURECOM, France

Pankaj Rohatgi Cryptography Research, USA

Conference Publicity Chair

Jean-Jacques Quisquater Université Catholique de Louvain, Belgium

Program Committee

Onur Aciicmez Samsung, USA

N. Asokan University of Helsinki, Finland
Gildas Avoine UCL, Belgium
Guillaume Barbu Oberthur, France
Christophe Clavier University of Limoges, France
Elke De Mulder Cryptography Research, USA
Hermann Drexler Giesecke & Devrient, Germany
Martin Feldhofer NXP, Austria
Nathalie Feyt Thales, France
Berndt Gammel Infineon, Germany
Michael Hauspie LIFL, France
Michael Hutter TU Graz, Austria
Kari Kostiainen ETHZ, Switzerland
Jean-Louis Lanet University of Limoges, France
Cédric Lauradoux Inria, France
Stefan Mangard Infineon Technologies, Germany
David Naccache ENS, France
Svetla Nikova K.U. Leuven, Belgium
Karsten Nohl Security Research Labs, Germany
VIII Organization

David Oswald Ruhr University Bochum, Germany

Elisabeth Oswald University of Bristol, UK
Eric Peeters Texas Instruments, USA
Erik Poll Radboud Universiteit Nijmegen, The Netherlands
Axel Poschmann Nanyang Technological University, Singapore
Bart Preneel K.U. Leuven, Belgium
Emmanuel Prouff ANSSI, France
Matthieu Rivain CryptoExperts, France
Jean-Marc Robert ETS Montreal, Canada
Thomas Roche ANSSI, France
Ahmad-Reza Sadeghi TU Darmstadt, Germany
Jörn-Marc Schmidt TU Graz, Austria
Lex Schoonen Brightsight, The Netherlands
Sergei Skorobogatov Cambridge University, UK
François-Xavier Standaert UCL, Belgium
Frederic Stumpf Escrypt GmbH, Germany
Marc Witteman Riscure, The Netherlands

Additional Reviewers

Josep Balasch Vincent Grosso Roel Peeters

Lejla Batina Mike Hamburg Thomas Plos
Georg Becker Christian Hanser François Poucheret
Sonia Belaid Annelie Heuser Mathieu Renauld
Begül Bilgin Johann Heyszl Oscar Reparaz
Rafael Boix Carpi Lars Hoffmann Gokay Saldamli
Guillaume Bouffard Dirmanto Jap Falk Schellenberg
Cees Bart Breunesse Eliane Jaulmes Peter Schwabe
Xavier Carpent Timo Kasper Nicolas Sendrier
J.-C. Courrege Thomas Korak Dave Singelée
Rémy Daudigny Pascal Lafourcade Raphael Spreitzer
Fabrizio De Santis Andy Leiserson Pawel Swierczynski
Cécile Delerablée Victor Lomne Hien Thi Thu Truong
François Durvaux Damien Marion Sébastien Valette
Jan-Erik Ekberg Mark Marson Vincent Verneuil
Matthieu Finiasz Marcel Medwed Christian Wachsmann
Wieland Fischer Bernd Meyer Carolyn Whitnall
Laurie Genelle Amir Moradi Antoine Wurcker
Hannes Gross Michael Muehlberghuber
 Organization IX

Sponsoring Institutions

NXP
Infineon
Cryptography Research
Oberthur Technologies
Brightsight
Gemalto

Event Support

1a Event Services Gmbh

Telekom Innovation Laboratories
 Contents

Security Technologies - Session Chair: Benedikt Gierlichs

Evaluation of ASIC Implementation of Physical Random Number Generators

Using RS Latches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Hirotaka Kokubo, Dai Yamamoto, Masahiko Takenaka, Kouichi Itoh,
and Naoya Torii

From New Technologies to New Solutions: Exploiting FRAM Memories

to Enhance Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Stéphanie Kerckhof, François-Xavier Standaert, and Eric Peeters

Attacks on Masking - Session Chair: Michael Hutter

Low Entropy Masking Schemes, Revisited . . . . . . . . . . . . . . . . . . . . . . . . 33

Vincent Grosso, François-Xavier Standaert, and Emmanuel Prouff

On the Vulnerability of Low Entropy Masking Schemes . . . . . . . . . . . . . . . 44

Xin Ye and Thomas Eisenbarth

A Machine Learning Approach Against a Masked AES . . . . . . . . . . . . . . . 61

Liran Lerman, Stephane Fernandes Medeiros, Gianluca Bontempi,
and Olivier Markowitch

Side Channel Attacks - Session Chair: François-Xavier Standaert

Clustering Algorithms for Non-profiled Single-Execution Attacks

on Exponentiations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Johann Heyszl, Andreas Ibing, Stefan Mangard, Fabrizio De Santis,
and Georg Sigl

Optimization of Power Analysis Using Neural Network . . . . . . . . . . . . . . . 94

Zdenek Martinasek, Jan Hajny, and Lukas Malina

Time-Frequency Analysis for Second-Order Attacks . . . . . . . . . . . . . . . . . . 108

Pierre Belgarric, Shivam Bhasin, Nicolas Bruneau, Jean-Luc Danger,
Nicolas Debande, Sylvain Guilley, Annelie Heuser, Zakaria Najm,
and Olivier Rioul

Software and Protocol Analysis - Session Chair: Lex Schoonen

Vulnerability Analysis of a Commercial .NET Smart Card . . . . . . . . . . . . . 125

Behrang Fouladi, Konstantinos Markantonakis, and Keith Mayes
XII Contents

Manipulating the Frame Information with an Underflow Attack . . . . . . . . . . 140

Emilie Faugeron

Formal Security Analysis and Improvement of a Hash-Based NFC

M-Coupon Protocol. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Ali Alshehri and Steve Schneider

Side Channel Countermeasures - Session Chair: Svetla Nikova

Revisiting Atomic Patterns for Scalar Multiplications on Elliptic Curves. . . . 171

Franck Rondepierre

Efficient and First-Order DPA Resistant Implementations of KECCAK . . . . . . 187

Begül Bilgin, Joan Daemen, Ventzislav Nikov, Svetla Nikova,
Vincent Rijmen, and Gilles Van Assche

Practical Analysis of RSA Countermeasures Against Side-Channel

Electromagnetic Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Guilherme Perin, Laurent Imbert, Lionel Torres, and Philippe Maurine

Side Channel and Fault Attacks - Session Chair: Berndt Gammel

The Temperature Side Channel and Heating Fault Attacks . . . . . . . . . . . . . 219

Michael Hutter and Jörn-Marc Schmidt

Glitch It If You Can: Parameter Search Strategies for Successful

Fault Injection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Rafael Boix Carpi, Stjepan Picek, Lejla Batina, Federico Menarini,
Domagoj Jakobovic, and Marin Golub

Efficient Template Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Omar Choudary and Markus G. Kuhn

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Security Technologies - Session Chair:
Benedikt Gierlichs
 Evaluation of ASIC Implementation of Physical
Random Number Generators Using RS Latches

Hirotaka Kokubo(B) , Dai Yamamoto, Masahiko Takenaka,

Kouichi Itoh, and Naoya Torii

Secure Computing Lab, Fujitsu Laboratories Ltd., 4-1-1 Kamikodanaka,

Nakahara-ku, Kawasaki, Kanagawa 211-8588, Japan
{kokubo.hirotaka,yamamoto.dai,ma,ito.kouichi,torii.naoya}@jp.fujitsu.com

Abstract. Embedded devices such as smart cards and smart phones are
used for secure systems, for example automated banking machines and
electronic money. The security of an embedded device depends strongly
on secret information; cryptographic keys, nonces for authentication or
seeds for a pseudo random number generator, which is generated by a
Physical True Random Number Generator (PTRNG). If a PTRNG gen-
erates random numbers with a low entropy, the security of the embedded
device has a vulnerability because secret information may be predictable
by attackers due to the low entropy. Hence PTRNGs are required to
provide high-quality physical random numbers even in an undesirable
environment, that is, low/high temperature or supply voltage. PTRNGs
also must be small-scale and consume low power due to the limited hard-
ware resources in embedded devices.
In this paper, we fabricate and evaluate 39 PTRNGs using RS Latches
on 0.18 µ m ASICs. Physical random numbers were generated from the
exclusive-OR of 256 RS latches’ outputs. Our PTRNGs passed the
SP800-90B Health Tests and the AIS31 Tests while changing both tem-
perature (from −20 ◦ C to 60 ◦ C) and voltage (1.80 V ±10 %), and thus,
we were able to confirm that our PTRNGs have high-robustness against
environmental stress. The power consumption and circuit scale of our
PTRNG are 0.27 mW and 984.5 gates, respectively. Our PTRNG using
RS latches is small enough to be implemented on embedded devices.

Keywords: Random number generator · RS Latch · Metastability ·

AIS31 · SP800-90B

1 Introduction

Embedded devices such as smart cards and smart phones have become wide-
spread in applications where high security is necessary, such as employee ID
cards, electronic money and online banking. These embedded devices have cryp-
tographic hardware for secure communications and identification/authentication.
Cryptographic hardware achieves high-level security by using cryptographic

A. Francillon and P. Rohatgi (Eds.): CARDIS 2013, LNCS 8419, pp. 3–15, 2014.
DOI: 10.1007/978-3-319-08302-5 1,  c Springer International Publishing Switzerland 2014
4 H. Kokubo et al.

technologies such as symmetric-key cryptography and a pseudo random num-

ber generator. One of the security aspects for these cryptographic technolo-
gies depends on random numbers. This is because the random numbers are
used for key generations for symmetric-key/public-key ciphers and seed gener-
ations for pseudo random number generators amongst other things. Random
numbers with a low randomness cause the risk of prediction of the secret key
and seed, which enables attackers to eavesdrop on communication contents and
forge signatures. Hence, the quality of random numbers affects the security of
embedded devices. Generally, random numbers are generated with physical ran-
dom number generators (PTRNGs). Embedded devices with high-level security
require PTRNGs which can generate high-quality random numbers. Addition-
ally, embedded devices such as smart card and smart phone are often exposed
to environmental changes, so attackers could intentionally lower the quality of
the random numbers by freezing embedded devices. Therefore, PTRNGs should
be able to generate high-quality random numbers regardless of the environmen-
tal changes. Moreover, PTRNGs should be able to integrate as an Large Scale
Integration (LSI) for resource-limited embedded devices.
Some of the PTRNGs that can be integrated as digital LSI have been previ-
ously proposed, but there are many problems in terms of noise, power consump-
tion, circuit scale and design cost. A PTRNG using RS latches has been proposed
as a method to solve these problems. This PTRNG has been implemented only
on FPGAs. Application specific integrated circuit (ASIC) implementation is nec-
essary for the mass production of the PTRNGs because ASIC has the advantage
of lower chip cost, lower power consumption and faster processing than FPGA. It
is unknown whether or not a PTRNG on ASIC is able to generate high-quality
random numbers. It is necessary to implement and evaluate the PTRNG on
ASIC because random numbers are affected by the characteristics of the semi-
conductor, but as yet no evaluation has been made of such a PTRNG on ASIC
and PTRNGs [1] have only been evaluated with the NIST SP800-22 randomness
statistical tests [2]. It has not been evaluated by the tests dedicated to physi-
cal random numbers, namely AIS31 [3] and SP800-90B [4]. PTRNGs should be
evaluated by these tests because the importance of PTRNGs has recently been
gathering attention, and these tests for physical random numbers will be widely
used in the future. Moreover, the robustness of PTRNG against temperature
and voltage fluctuations must be evaluated.
Our Contributions. In this paper, we implement a PTRNG using RS latches
on an ASIC based on the PTRNG on an FPGA [1]. The reason why we focus on
this latch-based PTRNG is that its design cost is small and high-quality random
numbers are expected to be generated in any environment. This paper makes
four contributions; (1) We fabricated the PTRNG on a 0.18 µm CMOS ASIC.
We evaluated whether or not the PTRNG is able to generate random numbers on
this ASIC. (2) We measured the power consumption and the circuit scale of the
PTRNGs, and examined whether it can be installed in embedded devices. (3) We
evaluated the quality of random numbers generated by our PTRNGs according
to the AIS31 and SP800-90B randomness statistical tests for physical random
Evaluation of ASIC Implementation of Physical Random Number Generators 5

numbers. (4) We examined whether our PTRNGs have the robustness against
temperature and voltage fluctuations. As a result, our PTRNGs on an ASIC
were found to be small and low-power enough to be implemented on embedded
devices, and able to generate high-quality random numbers even if the environ-
ment changes, thus our PTRNGs can improve the security of embedded devices.
Organization of This Paper. This paper is organized as follows: Sect. 2 briefly
introduces some work related to our research. Section 3 gives an outline of a
PTRNG using RS Latches. Section 4 describes an ASIC implementation of the
PTRNG. In addition, we measured the power consumption of the PTRNG on
an ASIC. Section 5 evaluates the quality of the physical random numbers from
the PTRNG by using the AIS31 and SP800-90B Health Tests. Finally, Sect. 6
gives a summary of this research.

2 Related Work
Figure 1 shows various PTRNGs on LSIs which have been proposed until now.
The PTRNGs are classified into two types; analog-based one and digital-based
one. Analog-based PTRNGs are based on random noise signals such as ther-
mal noise, and they are known to be high-quality random number generators.
However, the weak point of these PTRNGs is that they are difficult to integrate
in high-density in an LSI due to the large-scale thermal sensors. Digital-based
PTRNGs are categorized by entropy sources. One is to use the jitter of oscil-
lators as an entropy source, for example ring oscillators-based PTRNGs [5].
A ring oscillator has a feedback structure composed of an odd number of NOT
gates. Random numbers are obtained from the exclusive-OR of multiple ring
oscillator outputs, and they have the robustness against temperature change.
However, the PTRNGs in this category would be not suitable for embedded
devices with limited resources because the ring oscillator has large power con-
sumption, noise, and circuit scale. The other is to use the metastability of digital
circuits. This type of PTRNG is suitable for embedded devices because of the
small scale and low-power consumption. The prototypes of this PTRNG can
generate high-quality random numbers [6–8]. However they need an additional
dynamic adjustment for the voltage or of internal elements. This adjustment
needs a dedicated full-custom circuit, which causes the large design cost at the
transistor level. Moreover, it is necessary to re-design them when implement-
ing on different CMOS technology because the PTRNGs often do not work as
expected under a different CMOS technology.
Hata et al. have proposed a PTRNG using the metastability of RS latches and
implemented it on an FPGA [1]. The design cost of this PTRNG is quite small
because it uses only digital synchronous circuits. In addition, the PTNRG can
save power consumption by stopping the clock signal inputted to the RS latches
when the random numbers generation is not required. The random numbers
from the PTRNG passes the NIST SP800-22 statistical tests [2]. For the above-
mentioned reasons, the PTRNG proposed by Hata et.al. has better properties
for embedded devices than other PTRNGs.
6 H. Kokubo et al.

Fig. 1. Variety of physical random number generators.

3 Random Number Generator Using RS Latches

This section explains the method for generating physical random numbers that
was proposed by Hata et al. in [1]. The PTRNGs that are using this method
generates physical random numbers based on the metastability of RS latches.
Figure 2 shows an RS latch. An RS latch consists of 2 NAND gates, and is
commonly used to store one bit information. When input = 0, the RS latch is
stable with output = 1. When input changes from 0 to 1, the RS latch temporar-
ily enters a metastable state, and then, it is stable with output = 0 or 1. Physical
random numbers can be obtained from output by giving input clock signals using
this behavior. Ideally, the probability of outputting 0 and 1 is equal, but this
probability is actually biased. This is because of the difference in wiring delay
between gates, or the difference of drive capability between two NAND gates.
In many cases, this RS latch generates only ‘0’ s or only ‘1’ s, so it is difficult
to generate high-quality random numbers using only one RS latch. A PTRNG
consisting of multiple RS latches and an exclusive-OR gate is proposed in [1].
This PTRNG generates random numbers from the exclusive-OR of multiple RS
latches’ outputs. This enables the PTRNG to exclude the biases and to generate
high-quality random numbers.
Problems. There are two problems in [1]. (1) This PTRNG has implemented
only on FPGAs. (2) This PTRNG has not been evaluated in various envi-
ronments. It is difficult to implement an FPGA in mass-produced embedded
devices such as smart cards due to a large power consumption and chip cost,
so ASIC implementation is necessary for mass production. The PTRNGs for
embedded devices must be able to generate high-quality physical random num-
bers in any environments. If the PTRNG generates random numbers with low
Evaluation of ASIC Implementation of Physical Random Number Generators 7

Fig. 2. RS latch

entropy due to environmental changes, the security of the embedded device is

compromised because secret information may be predictable by attackers due to
the low entropy. In general, the characteristics of a semiconductor, for example
drive capability and wire delay, are influenced by both temperature and voltage
changes. Therefore, the quality of random numbers from PTRNGs is affected
by the both changes. Hence, the robustness against to the changes should be
evaluated, but as yet it has not. In addition, the PTRNGs should be evaluated
based on the SP800-90B Health Tests published in 2012, which is introduced for
the tests of physical random number generators.

4 ASIC Implementation

We fabricate PTRNGs using RS latches on a 0.18 µ m CMOS ASIC (Fujitsu

CS86 series [9]). This PTRNG generates random numbers from the exclusive-
OR of 256 RS latches’ outputs. The RS latch was custom-designed on the circuit
layout so that the wire lengths between the two NAND gates are the same, and
was implemented as hard macro. Thus, the probability of the RS latch gener-
ating random numbers is expected to improve. 256 RS latches are implemented
automatically by using circuit design tools. Hence, the design cost is quite small.
The PTRNGs are assembled as DIP28 packages. Two types of the PTRNG were
fabricated, namely 20 standard PTRNGs (using CS86MN, called MN-PTRNG)
and 19 low-power-consuming PTRNGs (using CS86ML, called ML-PTRNG).

4.1 Measurement of Power Consumption and Circuit Scale

Embedded devices require low-power-consuming PTRNGs. We measured the

power and current consumption of the PTRNGs with a direct current ammeter.
According to our experimental measurements, the average power/current con-
sumption of both MN-PTRNG and ML-PTRNG ASICs is 0.27 m W/0.15 m A
and 0.252 m W/0.14 m A respectively. The current consumption of common
ASICs used for contactless smart cards is approximately 1 m A [10]. The current
consumption of our PTRNG was much smaller than this value, so is practical
and useful. Additionally, we measured the circuit scale of our PTRNG. In the
following discussion, one gate is equivalent to a 2-1 NAND gate (2-bit input and
1-bit output). The PTRNG consists of 256 RS latches, a 256-1 exclusive-OR gate,
8 H. Kokubo et al.

and a 1-bit flip-flop to store a random number temporarily. Our PTRNG was
synthesized with the Design Compiler 2003.03, and the circuit scale was 984.3
gates. This circuit scale was smaller than the implementation of the PRESENT
cipher which is one of the most famous ultra-lightweight ciphers [11]. In addi-
tion, this circuit size is smaller than the circuit size of Triple DES which is one
of the most widely used in smart cards (e.g. MIFARE DESFire MF31CD40).
We achieved PTRNGs with the very small circuit scale on an ASIC.

5 Evaluation
As mentioned in Sect. 3, PTRNGs may be influenced by both temperature and
voltage fluctuations. This section evaluates whether our PTRNGs fabricated
on ASICs generate high-quality random numbers regardless of environmental
changes.

5.1 Evaluation System

Figure 3 shows our experimental system for the acquisition of random numbers.
This figure is omitted excluding important parts. It consists of two boards: a
custom-made board for the ASICs of the PTRNGs and a Spartan-3E starter kit
board with a Xilinx FPGA for controlling the PTRNGs [12]. The core voltage to
the PTRNGs was supplied by using a stabilizing power supply, which was able
to adjust the supply voltage at intervals of 0.01V. The clock signals were input
to the PTRNGs through the FPGA board. Random numbers generated by the
PTRNGs were written to a micro SD card via a block RAM of the FPGA. We
acquired not only the random numbers but also the output of each latch for our
further evaluation.
In this environment, we evaluated the random numbers generated by all of
the 39 PTRNGs while changing the temperature and voltage. The core voltage
is changed to 1.65 V (1.80 V–10 %), 1.80V (standard) and 1.95V (1.80V+10 %)
by the stabilizing power supply. The temperature was maintained at −20 ◦ C,
27 ◦ C, and 60 ◦ C by using a constant temperature oven. Only the custom-made
board for the PTRNGs was put in the constant temperature oven. The FPGA
board was always operated at the rated voltage and room temperature. These
two boards were connected through a low/high temperature resistant cable.

5.2 Evaluation of Randomness

We acquired approximately 5.5 M bits of random numbers from each PTRNG
while changing the temperature and voltage. 351 cases of random numbers (3
temperatures × 3 voltages × 39 PTRNGs, 180 cases for MN-PTRNGs and
171 cases for ML-PTRNGs) was exhaustively evaluated according to both the
SP800-90B Health Tests and the AIS31 Tests.
The NIST SP800-22 statistical tests [2], which are well known as tests for
pseudo random numbers, had been used for physical random numbers. However,
Evaluation of ASIC Implementation of Physical Random Number Generators 9

Fig. 3. Experimental system for the acquisition of random numbers

there is SP800-90B and AIS31 which are tests dedicated to physical random
numbers now. We evaluated our PTRNGs according not to SP800-22 but to
these tests in this paper.

NIST SP800-90B Health Tests. We evaluated whether our PTRNGs could

generate high-entropy random numbers according to the repetition count test
and the adaptive proportion test defined in SP800-90B [4]. The random numbers
at various temperatures and voltages were tested as follows. A “false positive
rate”, which is the probability of ideal true random numbers failing these tests,
is set to 2−30 as recommended in SP800-90B.
[Repetition Count Test]
If the same value (0 or 1) appears consecutively c times or more in the sequence
of random numbers, the random numbers are a failure, where c = ceiling(1 +
30/min − entropy). In this paper, c is 32. min-entropy will be mentioned in
Sect. 5.3.
[Adaptive Proportion Test]
Firstly, we obtained a 1-bit value from the beginning of the random numbers as
a reference value. Secondly, we obtained one block from the succeeding random
numbers. The bit length of a block is represented by window size, and if the
reference value appears greater than cutoff times in a block, the random numbers
are failure. The size of the cutoff is defined by the false positive rate, min-entropy
and window size. This procedure was repeated until the end of the random
numbers. In our evaluations, the window size and cutoff were 64, 51 in Test
Settings I and are 4096, 2240 in Test Settings II, respectively. That is, about
10 H. Kokubo et al.

84,700 blocks are evaluated in “Test Settings I” and about 1,350 blocks are
evaluated in “Test Settings II”, in each case of random numbers. We consider
the PTRNGs pass the SP800-90B Health Tests if all blocks pass in both test
settings. This means that the PTRNGs continuously generate random numbers
with high-entropy.
Figures 4 and 5 show the rate of the PTRNGs that passed the SP800-90B
Health Tests. The horizontal axis shows the environment at various tempera-
tures and voltages. The vertical axis shows the rate of the PTRNGs that passed
the tests. In the MN-PTRNGs, all cases pass this test as shown in Fig. 4. In the
ML-PTRNGs, six cases failed the test in Fig. 5, and four cases out of the six hap-
pened when the temperature was −20 ◦ C. This may be because the ML-PTRNGs
have a small number of RS latches outputting random numbers at a low tem-
perature (details are discussed in Sect. 5.4). In contrast, the MN-PTRNGs can
generate high-entropy random numbers even when the temperature and voltage
change. Hence an MN-PTRNG is more suitable for generating physical random
numbers than an ML-PTRNG.

AIS31 Tests. We evaluated the random numbers in various temperatures and

voltages according to AIS31 Tests [3]. AIS31 is an evaluation criterion for the
physical random number generators defined by BSI (i.e. the German Federal
Office for Information Security). Tests in AIS31 include various statistical tests
such as the Poker Test, the Long Run Test and the Uniform Distribution Test.
AIS31 classifies PTRNGs into two classes; P1 Class and P2 Class. PTRNGs in
P1 Class pass P1 Tests, and PTRNG in P2 Class pass P2 Tests. The PTRNGs
in the P1 Class can be used for random number generation for challenge and
response authentication. The PTRNGs in the P2 Class can be used for key and
seed generations for pseudo random number generators, which provide higher
security than PTRNGs in the P1 Class. It is desirable for PTRNGs to pass
both of the tests because PTRNGs for embedded devices are used for various
applications.
Figures 6 and 7 show the rate of PTNRGs that passed the AIS31 Tests.
The horizontal and the vertical axises are the same as Figs. 4 and 5. If the
PTRNG fails either of the P1 or P2 Tests, we regarded it as failed PTRNG.
The MN-PTRNGs pass the tests in all cases as shown in Fig. 6, so our MN-
PTRNGs have the robustness against temperature and voltage fluctuations, and
can thus be used for secure embedded systems including key generation. The ML-
PTRNGs, however, failed tests only in two cases out of 171, one of which was
the same PTRNG as the failed PTRNG in the SP800-90B Health Tests. The
next section discusses whether ML-PTRNGs are able to generate high-quality
random numbers.

Further Evaluation by Increasing the Number of Latches. We expected

that the quality of random numbers would be improved by increasing the num-
ber of implemented RS latches. This is because our PTRNGs generated random
numbers as the exclusive-OR of 256 RS latch outputs. To verify this, we regarded
Evaluation of ASIC Implementation of Physical Random Number Generators 11

100 100

80 80
Pass Rate(%)

Pass Rate(%)
60 60

40 40

20 20

0 0
-20°C 1.65V

-20°C 1.80V

-20°C 1.95V

+27°C 1.65V

+27°C 1.80V

+27°C 1.95V

+60°C 1.65V

+60°C 1.80V

+60°C 1.95V

-20°C 1.65V

-20°C 1.80V

-20°C 1.95V

+27°C 1.65V

+27°C 1.80V

+27°C 1.95V

+60°C 1.65V

+60°C 1.80V

+60°C 1.95V
Fig. 4. SP800-90B Pass Rate (MN) Fig. 5. SP800-90B Pass Rate (ML)

100 100

80 80
Pass Rate(%)

Pass Rate(%)
60 60

40 40

20 20

0 0
-20°C 1.65V

-20°C 1.80V

-20°C 1.95V

+27°C 1.65V

+27°C 1.80V

+27°C 1.95V

+60°C 1.65V

+60°C 1.80V

+60°C 1.95V

-20°C 1.65V

-20°C 1.80V

-20°C 1.95V

+27°C 1.65V

+27°C 1.80V

+27°C 1.95V

+60°C 1.65V

+60°C 1.80V

+60°C 1.95V
Fig. 6. AIS31 Pass Rate (MN) Fig. 7. AIS31 Pass Rate (ML)

the exclusive-OR of 2 actual PTRNGs outputs as random numbers obtained from

a virtual PTRNG with built-in 512 RS latches, and evaluated whether or not the
quality of the random numbers was improved. The virtual PTRNGs were gener-
ated as follows. We focused on the PTRNGs failing at least one test. If there were
even numbers of PTRNGs that failed the same test in the same environment,
the exclusive-OR of each pair was regarded as the virtual PTRNG. Otherwise,
the exclusive-OR of outputs from the failing PTRNG and the PTRNG with the
lowest min-entropy in the same test/environment was regarded as the virtual
PTRNG.
We evaluated the virtual PTRNGs according to the NIST SP800-90B Health
Tests and AIS31 Tests. As a result, all the virtual PTRNGs passed both tests.
Through this evaluation, we verify that the 256 latches are not sufficient for
the ML-PTRNGs, while the quality of random numbers could be improved by
increasing the number of RS latches. Hence we should carefully decide the num-
ber of implemented RS latches in consideration of both the quality of random
numbers and the circuit space.
Another random document with
no related content on Scribd:
them the example, you see."
"More's the pity," sniffed Aunt Gertrude. "Why couldn't you have
been a plumber? It's safer."
"But not as exciting," said Fenton Hardy, with a laugh.

THE END

MYSTERY STORIES FOR BOYS

By FRANKLIN W. DIXON
THE HARDY BOYS: THE TOWER TREASURE
THE HARDY BOYS: THE HOUSE ON THE CLIFF
THE HARDY BOYS: THE SECRET OF THE OLD MILL
THE HARDY BOYS: THE MISSING CHUMS
THE HARDY BOYS: HUNTING FOR HIDDEN GOLD
GROSSET & DUNLAP, PUBLISHERS, NEW YORK
 *** END OF THE PROJECT GUTENBERG EBOOK THE MISSING
CHUMS ***

Updated editions will replace the previous one—the old editions will
be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright in
these works, so the Foundation (and you!) can copy and distribute it
in the United States without permission and without paying
copyright royalties. Special rules, set forth in the General Terms of
Use part of this license, apply to copying and distributing Project
Gutenberg™ electronic works to protect the PROJECT GUTENBERG™
concept and trademark. Project Gutenberg is a registered trademark,
and may not be used if you charge for an eBook, except by following
the terms of the trademark license, including paying royalties for use
of the Project Gutenberg trademark. If you do not charge anything
for copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such as
creation of derivative works, reports, performances and research.
Project Gutenberg eBooks may be modified and printed and given
away—you may do practically ANYTHING in the United States with
eBooks not protected by U.S. copyright law. Redistribution is subject
to the trademark license, especially commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the free

distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund
from the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only be

used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law
in the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name associated
with the work. You can easily comply with the terms of this
agreement by keeping this work in the same format with its attached
full Project Gutenberg™ License when you share it without charge
with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the
terms of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.

1.E. Unless you have removed all references to Project Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears,
or with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed:
 This eBook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this eBook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is derived

from texts not protected by U.S. copyright law (does not contain a
notice indicating that it is posted with permission of the copyright
holder), the work can be copied and distributed to anyone in the
United States without paying any fees or charges. If you are
redistributing or providing access to a work with the phrase “Project
Gutenberg” associated with or appearing on the work, you must
comply either with the requirements of paragraphs 1.E.1 through
1.E.7 or obtain permission for the use of the work and the Project
Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is posted

with the permission of the copyright holder, your use and distribution
must comply with both paragraphs 1.E.1 through 1.E.7 and any
additional terms imposed by the copyright holder. Additional terms
will be linked to the Project Gutenberg™ License for all works posted
with the permission of the copyright holder found at the beginning
of this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files containing a
part of this work or any other work associated with Project
Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute this

electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1
with active links or immediate access to the full terms of the Project
Gutenberg™ License.

1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if you
provide access to or distribute copies of a Project Gutenberg™ work
in a format other than “Plain Vanilla ASCII” or other format used in
the official version posted on the official Project Gutenberg™ website
(www.gutenberg.org), you must, at no additional cost, fee or
expense to the user, provide a copy, a means of exporting a copy, or
a means of obtaining a copy upon request, of the work in its original
“Plain Vanilla ASCII” or other form. Any alternate format must
include the full Project Gutenberg™ License as specified in
paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™ works
unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or providing

access to or distributing Project Gutenberg™ electronic works
provided that:

• You pay a royalty fee of 20% of the gross profits you derive
from the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
 about donations to the Project Gutenberg Literary Archive
Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of receipt
that s/he does not agree to the terms of the full Project
Gutenberg™ License. You must require such a user to return or
destroy all copies of the works possessed in a physical medium
and discontinue all use of and all access to other copies of
Project Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full refund of

any money paid for a work or a replacement copy, if a defect in
the electronic work is discovered and reported to you within 90
days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™

electronic work or group of works on different terms than are set
forth in this agreement, you must obtain permission in writing from
the Project Gutenberg Literary Archive Foundation, the manager of
the Project Gutenberg™ trademark. Contact the Foundation as set
forth in Section 3 below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on, transcribe
and proofread works not protected by U.S. copyright law in creating
the Project Gutenberg™ collection. Despite these efforts, Project
Gutenberg™ electronic works, and the medium on which they may
be stored, may contain “Defects,” such as, but not limited to,
incomplete, inaccurate or corrupt data, transcription errors, a
copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer
codes that damage or cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for

the “Right of Replacement or Refund” described in paragraph 1.F.3,
the Project Gutenberg Literary Archive Foundation, the owner of the
Project Gutenberg™ trademark, and any other party distributing a
Project Gutenberg™ electronic work under this agreement, disclaim
all liability to you for damages, costs and expenses, including legal
fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR
NEGLIGENCE, STRICT LIABILITY, BREACH OF WARRANTY OR
BREACH OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH
1.F.3. YOU AGREE THAT THE FOUNDATION, THE TRADEMARK
OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL
NOT BE LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES EVEN IF
YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you

discover a defect in this electronic work within 90 days of receiving
it, you can receive a refund of the money (if any) you paid for it by
sending a written explanation to the person you received the work
from. If you received the work on a physical medium, you must
return the medium with your written explanation. The person or
entity that provided you with the defective work may elect to provide
a replacement copy in lieu of a refund. If you received the work
electronically, the person or entity providing it to you may choose to
give you a second opportunity to receive the work electronically in
lieu of a refund. If the second copy is also defective, you may
demand a refund in writing without further opportunities to fix the
problem.

1.F.4. Except for the limited right of replacement or refund set forth
in paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of damages.
If any disclaimer or limitation set forth in this agreement violates the
law of the state applicable to this agreement, the agreement shall be
interpreted to make the maximum disclaimer or limitation permitted
by the applicable state law. The invalidity or unenforceability of any
provision of this agreement shall not void the remaining provisions.

1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation,

the trademark owner, any agent or employee of the Foundation,
anyone providing copies of Project Gutenberg™ electronic works in
accordance with this agreement, and any volunteers associated with
the production, promotion and distribution of Project Gutenberg™
electronic works, harmless from all liability, costs and expenses,
including legal fees, that arise directly or indirectly from any of the
following which you do or cause to occur: (a) distribution of this or
any Project Gutenberg™ work, (b) alteration, modification, or
additions or deletions to any Project Gutenberg™ work, and (c) any
Defect you cause.

Section 2. Information about the Mission

of Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new computers.
It exists because of the efforts of hundreds of volunteers and
donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project Gutenberg™’s
goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project
Gutenberg Literary Archive Foundation was created to provide a
secure and permanent future for Project Gutenberg™ and future
generations. To learn more about the Project Gutenberg Literary
Archive Foundation and how your efforts and donations can help,
see Sections 3 and 4 and the Foundation information page at
www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-profit
501(c)(3) educational corporation organized under the laws of the
state of Mississippi and granted tax exempt status by the Internal
Revenue Service. The Foundation’s EIN or federal tax identification
number is 64-6221541. Contributions to the Project Gutenberg
Literary Archive Foundation are tax deductible to the full extent
permitted by U.S. federal laws and your state’s laws.

The Foundation’s business office is located at 809 North 1500 West,

Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up
to date contact information can be found at the Foundation’s website
and official page at www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission of
increasing the number of public domain and licensed works that can
be freely distributed in machine-readable form accessible by the
widest array of equipment including outdated equipment. Many
small donations ($1 to $5,000) are particularly important to
maintaining tax exempt status with the IRS.

The Foundation is committed to complying with the laws regulating

charities and charitable donations in all 50 states of the United
States. Compliance requirements are not uniform and it takes a
considerable effort, much paperwork and many fees to meet and
keep up with these requirements. We do not solicit donations in
locations where we have not received written confirmation of
compliance. To SEND DONATIONS or determine the status of
compliance for any particular state visit www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states where

we have not met the solicitation requirements, we know of no
prohibition against accepting unsolicited donations from donors in
such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot make

any statements concerning tax treatment of donations received from
outside the United States. U.S. laws alone swamp our small staff.

Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.

Section 5. General Information About

Project Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could be
freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose network of
volunteer support.
Project Gutenberg™ eBooks are often created from several printed
editions, all of which are confirmed as not protected by copyright in
the U.S. unless a copyright notice is included. Thus, we do not
necessarily keep eBooks in compliance with any particular paper
edition.

Most people start at our website which has the main PG search
facility: www.gutenberg.org.

This website includes information about Project Gutenberg™,

including how to make donations to the Project Gutenberg Literary
Archive Foundation, how to help produce our new eBooks, and how
to subscribe to our email newsletter to hear about new eBooks.