No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
True random number generator in FPGAs
Abstract
The issue of random number generation is crucial for the implementation of cryptographic systems in FPGAs. Random numbers are often used in key generation processes, authentication protocols, zeroknowledge protocols, padding, in many digital signature schemes, and even in some encryption algorithms. For these applications, security depends to a great extent on the quality of the source of randomness. The quality of the generated numbers is checked by statistical tests. In addition to the good statistical properties of the obtained numbers, the output of the generator used in cryptography must be unpredictable. For this reason, pseudorandom generators that are easily implementable in digital logic devices, including FPGAs, are not suitable for many cryptographic applications. In this chapter, we present the state-of-the-art of true random number generators in (reconfigurable) logic devices. We evaluate sources of randomness and the general principles used to extract and process randomness in FPGAs.
... The block diagram represented in Figure 1 contains operations like addition, multiplication, addition, comparison and subtraction. To simplify the work process; the circuit is intended using the 'word lengths' lessening method that has recommended in [13][14][15][16][17][18][19][20][21][22][23][24][25]. Then comparator and subtractor blocks can be merged, as shown in Figure 2. ...
p>Arbitrary numerals are utilized in a wide range of uses. Genuine arbitrary numeral generators are moderate and costly for some applications while pseudo arbitrary numeral generators (RNG) do the trick for most applications. This paper fundamentally concentrates around the co-simulation of the linear congruential generator (LCG) model utilizing the Xilinx System generator and checking on Matlab Simulink. The design is obtained from the LCG calculation offered by Lehmer. Word lengths decrease strategy has been utilized to streamline the circuit. Simulation has been done effectively. The effective N bit LCG is structured and tried by utilizing demonstrating in MatLab Simulink. The Co-simulation of the model is done by utilizing the Xilinx system generator. This paper conducts an exhaustive search for the best arbitrary numeral generator in a full period linear congruential generator (LCG) with the largest prime numbers.</p
... The random numbers generated by TRNGs should possess basic properties such as near one entropy, less correlation, non repetition of patterns, non repeatability with respect to initial conditions, etc. Importantly, the need for TRNGs is increasing every day considering the amount of online transactions which require One Time Passwords (OTPs) in banking, online wallets, online payments, etc. Random numbers have plenty of utilities such as nonce generation, data set selection, modeling complex phenomena, etc. [1]. In general, the entropy sources are responsible for making random numbers, aperiodic and non-deterministic. ...
True random number generators (TRNG) have an appreciable demand in key generation of crypto processors. FPGA based TRNGs offer various advantages for generation, packing and storage. Metastability, jitter, race around and memory collision are some of the entropy sources for extraction of true randomness. In this work, jitter extraction is the prime focus for randomness harvesting. Two different frequencies have been generated by Onchip PLL of FPGA which were used in an asynchronous manner for random bit generation. Two Flip-flops have been used in this design after which post processing unit enhances the randomness. Both Von-Neumann Corrector as well as 1D logistic map have been experimented as post processing functions. Randomness of the numbers was tested and ensured by performing entropy analysis as well as NIST tests. This proposed TRNG has been designed using VHDL and implemented on Altera Cyclone II EP2C35F672C6N FPGA consuming 1298 logic elements with a throughput of 26.84 Mbps.
... Session keys should be generated using some of the existing True Random Number Generator [8]. The storage of session keys is performed inside the cryptoprocessor in a trust memory zone. ...
Manycore architectures correspond to a main evolution of computing systems due to their high processing power. Many applications can be executed in parallel which provides users with a very efficient technology. Cloud computing is one of the many domains where manycore architectures will play a major role. Thus, building secure manycore architectures is a critical issue. However a trusted platform based on manycore architectures is not available yet. In this paper we discuss the main challenges and some possible solutions to enhance manycore architectures with cryptoprocessor.
... Session keys should be generated using some of the existing True Random Number Generator [8]. The storage of session keys is performed inside the cryptoprocessor in a trust memory zone. ...
Manycore architectures correspond to a main evolution of computing systems due to their high processing power. Many applications can be executed in parallel which provides users with a very efficient technology. Cloud computing is one of the many domains where manycore architectures will play a major role. Thus, building secure manycore architectures is a critical issue. However a trusted platform based on manycore architectures is not available yet. In this paper we discuss the main challenges and some possible solutions to enhance manycore architectures with cryptoprocessor.
This work proposes a new True Random Number Generator (TRNG) design on Intel Cyclone II FPGA for cryptographic key generation applications. Boolean Chaotic Oscillator (BCO) has been utilised in this work to generate true randomness where the entropy of TRNG has been harvested through beat frequency detection technique. 50 MHz of the operating clock has been used for true random number generation. Linear Feedback Shift Register (LFSR) has been adopted as a corrector function to enhance the randomness of TRNG. The entropy source requires only 9 Logic Elements (LEs) and the proposed TRNG architecture consumed 783 logic elements. Throughput has been achieved as 27.306666 Mbps. Entropy, hamming distance calculation and NIST 800–22 analyses have been performed to validate the design. Further, true randomness of the proposed TRNG has been verified through restart experiment.KeywordsKey generationTrue randomnessFPGASamplingBeat frequency detectionLFSR
Nowadays, many digital applications domains are arising and posing new design issued and challenges related to the security and trustworthiness. Physically Unclonable Functions (PUFs) are emergent and promising solutions in providing some security mechanisms, such as key storing and generation, challenge/response provider, and protection of Intellectual Properties (IPs). As a huge range of embedded applications is deployed on Field Programmable Gate Arrays (FPGAs) devices, most widespread PUFs’ architectures are based on Ring Oscillators (ROs), as they are suitable for an implementation on programmable devices. ROPUF exploits comparisons of measured frequencies, obtained by picking a RO pair, aiming to generate bit responses. In this paper, we present a study of the frequencies characteristics, implementing ROs on a significant number of Xilinx Spartan 6 devices, in order to statistically characterize the oscillations, evaluating the impact of some external uncontrolled parameters that can disturb and alter their original qualities, useful to validate the effectiveness of the ROPUF.
Random numbers are needed in many areas: cryptography, Monte Carlo computation and simulation, industrial testing and labeling, hazard games, gambling, etc. Our assumption has been that random numbers cannot be computed; because digital computers operate deterministically, they cannot produce random numbers. Instead, random numbers are best obtained using physical (true) random number generators (TRNG), which operate by measuring a well-controlled and specially prepared physical process. Randomness of a TRNG can be precisely, scientifically characterized and measured. Especially valuable are the information-theoretic provable random number generators (RNGs), which, at the state of the art, seem to be possible only by exploiting randomness inherent to certain quantum systems. On the other hand, current industry standards dictate the use of RNGs based on free-running oscillators (FRO) whose randomness is derived from electronic noise present in logic circuits and which cannot be strictly proven as uniformly random, but offer easier technological realization. The FRO approach is currently used in 3rd- and 4th-generation FPGA and ASIC hardware, unsuitable for realization of quantum RNGs. In this chapter we compare weak and strong aspects of the two approaches. Finally, we discuss several examples where use of a true RNG is critical and show how it can significantly improve security of cryptographic systems, and discuss industrial and research challenges that prevent widespread use of TRNGs.
In this paper, we propose a true random number generator (TRNG) exploiting jitter and the chaotic behavior in cross ring oscillators (CROs). We make a further study of the feedback ring architecture and cross-connect the XOR gates and inverters to form an oscillator. The CRO utilizes totally digital logic circuits, and gains a high and robust entropy rate, as the jitter in the CRO can accumulate locally between adjacent stages. Two specific working modes of CRO in which the CRO can work in a consistent state and a free-running state respectively are introduced and analyzed both theoretically and experimentally. Finally, different stage lengths of cross ring true random number generators (CRTRNGs) are tested in different Field Programmable Gate Arrays (FPGAs) and test results are analyzed and compared. Especially, random data achieved from a design of 63-stage CRTRNG in Altera Cyclone IV passes both the NIST and Diehard test suites at a rate as high as 240Mbit/s.
True Random Number Generators (TRNG) are cryptographic primitives that exploit intrinsic noise sources in electronic devices. Their quality is linked to the underlying technology, activity of the neighboring circuitry and device environment (temperature, power supply, electromagnetic emanations). Consequently, when comparing TRNGs, they should be tested in identical technology, system architecture and operating conditions. We present a unified hardware platform and related open source tools aimed at fair benchmarking of TRNGs implemented in different FPGA technologies. The platform is accessible remotely. Designers can download related tools from the web site and they can upload their configuration bitstream to the remote FPGA and download random data generated in the same hardware and in the same conditions as other concurrent designs and state-of-the-art generators. The proposed tools were approved in many applications and they guarantee safe acquisition of random sequences at data rates of up to 400 Mbits/s.
Linear Feedback Shift Register (LFSR) is mostly used in the implementation of Pseudo Random Number Generator (PRNG). LFSR based on PRNG techniques are used for many applications such as generating data, encryption keys and generating padding bits. Although a majority of random number generators have been implemented in software level, hardware implementation is becoming more and more popular due to the advent of faster and high density Field Programmable Gate Arrays (FPGA). In this paper, we propose implementations of FPGA Shrinking Generator (SG) and Alternating Step Generator (ASG) using LFSR based random number generation. Both systems have been implemented on Altera Cyclone IV board, and random number has been generated in the real time. Generated numbers have been tested according to National Institute of Standards and Technology (NIST) statistical test. According to the results, both SG and ASG have been shown to able to use in the cryptographic systems.
It is shown that the amount of true randomness produced by the recently introduced Galois and Fibonacci ring oscillators can
be evaluated experimentally by restarting the oscillators from the same initial conditions and by examining the time evolution
of the standard deviation of the oscillating signals. The restart approach is also applied to classical ring oscillators and
the results obtained demonstrate that the new oscillators can achieve orders of magnitude higher entropy rates. A theoretical
explanation is also provided. The restart and continuous modes of operation and a novel sampling method almost doubling the
entropy rate are proposed. Accordingly, the new oscillators appear to be by far more effective than other known solutions
for random number generation with logic gates only.
In this paper, a new, patent pending, architecture for a jitter-based random bit source which is cost-effective and suitable for applications in cryptography, is presented. The source is designed to be robust against parameter variations and attacks aimed to force its output. It also features an auto-test which allows to detect faults and to estimate the source entropy. The proposed design is an enhancement of the oscillator-based architecture where a compensation loop is added to maximize the statistical quality of the output sequence, especially in presence of low-jittered oscillators. As a consequence, a fully-digital implementation, without any amplified noise source, can be adopted for the proposed generator. From an analysis of the known techniques for random number generation, the proposed architecture is derived and implementation details are also reported.
Keywords: Random bit source, random numbers, ring oscillators, jitter, entropy.
The paper presents a simple stochastic model of a true random number generator, which extracts randomness from the tracking jitter of a phase-locked loop. The existence of such a model is a necessary condition in the security certification process. The proposed model can be used to test, in real time, the proper behavior of the generator and thus to guarantee its robustness against cryptographic attacks. The model is validated on real data, which have been obtained using Altera Stratix Nios and Altera Stratix DSP professional boards
We present concepts and implementations to transform write collisions in memory blocks into an entropy source for random number generation. Write collisions in dual-ported block memories occur when both memory ports write simultaneously different data at the same memory location. After a thorough analysis of this effect, we present a robust methodology to generate digitized noise and randomness from such write collisions and also provide details how to implement post-processing methods for efficient bias and correlation removal. Finally, we present three concepts and implementations for random number generators stages that can deliver random data at an output rate of more than 100 MBit/s.
This paper presents a new True Random Number Generator (TRNG) based on an analog Phase-Locked Loop (PLL) implemented in a digital Altera Field Programmable Logic Device (FPLD). Starting with an analysis of the one available on chip source of randomness - the PLL synthesized low jitter clock signal, a new simple and reliable method of true randomness extraction is proposed. Basic assumptions about statistical properties of jitter signal are confirmed by testing of mean value of the TRNG output signal. The quality of generated true random numbers is confirmed by passing standard NIST statistical tests. The described TRNG is tailored for embedded System-On-a-Programmable-Chip (SOPC) cryptographic applications and can provide a good quality true random bit-stream with throughput of several tens of kilobits per second. The possibility of including the proposed TRNG into a SOPC design significantly increases the system security of embedded cryptographic hardware.
The scheme of a device that should have a simple and reliable implementation and that, under simply verifiable conditions,
should generate a true random binary sequence is defined. Some tricks are used to suppress bias and correlation so that the
desired statistical properties are obtained without using any pseudorandom transformation. The proposed scheme is well represented
by an analytic model that describes the system behaviour both under normal conditions and when different failures occur. Within
the model, it is shown that the system is robust to changes in the circuit parameters. Furthermore, a test procedure can be
defined to verify the correct operation of the generator without performing any statistical analysis of its output.
The strength of a cryptographic function depends on the amount of entropy in the cryptovariables that are used as keys. Using
a large key length with a strong algorithm is false comfort if the amount of entropy in the key is small. Unfortunately the
amount of entropy driving a cryptographic function is usually overestimated, as entropy is confused with much weaker correlation
properties and the entropy source is difficult to analyze. Reliable, high speed, and low cost generation of non-deterministic,
highly entropic bits is quite difficult with many pitfalls. Natural analog processes can provide non-deterministic sources,
but practical implementations introduce various biases. Convenient wide-band natural signals are typically 5 to 6 orders of
magnitude less in voltage than other co-resident digital signals such as clock signals that rob those noise sources of their
entropy. To address these problems, we have developed new theory and we have invented and implemented some new techniques.
Of particular interest are our applications of signal theory, digital filtering, and chaotic processes to the design of random
number generators. Our goal has been to develop a theory that will allow us to evaluate the effectiveness of our entropy sources.
To that end, we develop a Nyquist theory for entropy sources, and we prove a lower bound for the entropy produced by certain
chaotic sources. We also demonstrate how chaotic sources can allow spurious narrow band sources to add entropy to a signal
rather than subtract it. Armed with this theory, it is possible to build practical, low cost random number generators and
use them with confidence.
In this paper, a new true random number generator (TRNG), based entirely on digital components is proposed. The design has
been implemented using a fast random number generation method, which is dependent on a new type of ring oscillator with the
ability to be set in metastable mode. Earlier methods of random number generation involved employment of jitter, whereas the
proposed method leverages the metastability phenomenon in digital circuits and applies it to a ring oscillator. The new entropy
employment method allows an increase in the TRNG throughput by significantly reducing the required entropy accumulating time.
Samples obtained from simulation of TRNG design have been evaluated using AIS.31 and FIPS 140-1/2 statistical tests. The results
of these tests have proven the high quality of generated data. Corners analysis of the TRNG design was also performed to estimate
the robustness to technology process and environment variations. Investigated in FPGA technology, phase distribution highlighted
the advantages of the proposed method over traditional architectures.
We demonstrate a new high-entropy digital element suitable for True Random Number Generators (TRNGs) embedded in Field Programmable
Gate Arrays (FPGAs). The original idea behind this principle lies in the randomness extraction on oscillatory trajectory when
a bi-stable circuit is resolving a metastable event. Although such phenomenon is well known in the field of synchronization
flip-flops, this feature has not been applied for TRNG designs. We propose a new bi-stable structure – Transition Effect Ring
Oscillator (TERO) where oscillatory phase can be forced on demand and be reliably synthesized in FPGA. Randomness is represented
as a variance of the TERO oscillations number counted after each excitation. Variance is highly dependent on the internal
noise of logic cells and can be used easily for reliable instant inner testing of each generated bit. Our proposed mathematical
model, simulations and hardware experiments show that TERO is significantly more sensitive to intrinsic noise in FPGA logic
cells and less sensitive to global perturbations than a ring oscillator composed from the same elements. The experimental
TERO-based TRNG passes NIST 800-22 tests.
In this paper, the evaluation of random bit generators for security applications is discussed and the concept of stateless generator is introduced. It is shown how, for the proposed class of generators, the verification of a minimum entropy limit can be performed directly on the post-processed random numbers thus not requiring a good statistic quality for the noise source itself, provided that a sufficient compression is adopted in the post-processing unit. Assuming that the noise source is stateless, a straightforward entropy estimator to drive an adaptive compression algorithm is proposed. Examples of stateless sources are also discussed.
Finally, an attack scenario against a noise source is defined and an effective approach to the attack detection is presented. The entropy estimator and the attack detection together guarantee the unpredictability of the generated random numbers.
Field Programmable Gate Arrays (FPGAs) are an increasingly popular choice of platform for the implementation of cryptographic systems. Until recently, designers using FPGAs had less than optimal choices for a source of truly random bits. In this paper we extend a technique that uses on-chip jitter and PLLs to a much larger class of FPGAs that do not contain PLLs. Our design uses only the Configurable Logic Blocks (CLBs) common to all FPGAs, and has a self-testing capability. Using the intrinsic jitter contained in digital circuits, we produce random bits at speeds of up to 0.5 Mbits/second with good statistical characteristics. We discuss the engineering challenges of extracting random bits from digital circuits, and we report the results of running standard statistical tests (NIST) on the output generated by our system.
The paper presents a high performance True Random Number Generator (TRNG) embedded in Altera Stratix Field Programmable Logic
Devices (FPLDs). As a source of randomness, an on-chip noise generated in the internal analog Phase-Locked Loop (PLL) circuitry
is used. In contrast with traditionally used free running oscillators, it uses and extends a recently developed method of
randomness extraction based on two rationally related clock signals. Although it was developed for the Stratix family, the
principle can be easily employed in other digital devices containing analog PLLs. We use the large flexibility of PLLs embedded
in Stratix family to demonstrate the relationship between PLL and TRNG configuration, the quality of output random bit-stream,
and the speed of the generator. The quality of TRNG output is confirmed by applying statistical tests, which pass also for
a high-speed version of the generator giving up to 1M random bits per second. The generator developed for cryptographic applications
helps to increase the system security, but it can also be used in a wide range of other applications.
Random number generators represent one of basic cryptographic primitives used to compose cryptographic protocols. While field programmable gate arrays (FPGAs) are well suited for implementing algorithmic random number generators (pseudo-random number generators), generating fast and secured true random bitstreams inside FPGAs is an open problem. Most of true random number generators in FPGAs employ the timing jitter present in ring oscillator clocks as a source of randomness. The paper analyses the jitter generated in ring oscillators and presents a simple physical model of its sources. The jitter generated in MATLAB in accordance with the proposed model is then used as an input in VHDL simulations. To evaluate the model, we use an embedded technique of jitter measurement. The principle is simulated in VHDL and validated by experiments using different FPGA technologies.
Most hardware "true" random number generators (TRNGs) take advantage of the thermal agitation around a flip-flop metastable state. In field programmable gate arrays (FPGAs), the classical TRNG structure uses two clocks, either from a PLL or from ring oscillators, in order to sample one by the other. This creates good TRNGs albeit limited in frequency by the interference rate which cannot exceed a few Mbit/s. This article presents an architecture allowing higher bit rates while maintaining provable unconditional security. This requirement becomes stringent for secure communication applications such as the cryptographic quantum key distribution (QKD) protocols. The proposed architecture is very simple as it is based on an open loop structure without any specific component such as PLLs.
Two FPGA-based (field programmable gate array) implementations of random number generators intended for embedded cryptographic applications are presented. The first is a true random number generator (TRNG) which employs oscillator phase noise, and the second is a bit serial implementation of a Blum Blum Shub (BBS) pseudorandom number generator (PRNG). Both designs are extremely compact and can be implemented on any FPGA of PLD device. They were designed specifically for use as FPGA-based cryptographic hardware cores. The TRNG and PRNG were tested using the NIST and Diehard random number test suites.
The paper presents a chaos-based True Random Number Generator (TRNG) implemented in commercially available mixed-signal PSoC reconfigurable devices without any external components. Contrary to the traditionally used sources of randomness (eg various "well-behaved" analog noise sources) it uses well-defined deterministic analog circuit that exhibits chaos. A new simple method of mapping the deterministic chaos into the switched capacitor based mixed-signal PSoC devices is proposed. The design is optimized for reduction of influence of circuit non-idealities to the quality of generated random bit stream. The influence of circuit non-idealities is significantly reduced by the proposed XOR corrector and optimized circuit topology. The high quality of generated true random numbers is confirmed by passing standard NIST statistical tests.
This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may be used in many cryptographic applications, such as the generation of key material. Generators suitable for use in cryptographic applications may need to meet stronger requirements than for other applications. In particular, their outputs must be unpredictable in the absence of knowledge of the inputs. Some criteria for characterizing and selecting appropriate generators are discussed in this document. The subject of statistical testing and its relation to cryptanalysis is also discussed, and some recommended statistical tests are provided. These tests may be useful as a first step in determining whether or not a generator is suitable for a particular cryptographic application. However, no set of statistical tests can absolutely certify a generator as appropriate for usage in a particular application, i.e., statistical testing cannot serve as a substitute for cryptanalysis. The design and cryptanalysis of generators is outside the scope of this paper.
Key words: random number generator, hypothesis test, P-value
This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may he used in many cryptographic applications, such as the generation of key material. Generators suitable for use in cryptographic applications may need to meet stronger requirements than for other applications. In particular, their outputs must he unpredictable in the absence of knowledge of the inputs. Some criteria for characterizing and selecting appropriate generators are discussed in this document. The subject of statistical testing and its relation to cryptanalysis is also discussed, and some recommended statistical tests are provided. These tests may he useful as a first step in determining whether or not a generator is suitable for a particular cryptographic application. The design and cryptanalysis of generators is outside the scope of this paper.
In 2007 a novel ring oscillator based true-random number generator design (Rings De-sign) was introduced in [1]. The design was rigorously analyzed under a mathematical model and its performance characteristics were established. However, from a practical viewpoint the paper left much unexplored. In this paper, we focus on the practical aspects of the Rings Design. In particular, we consider transistor level effects such as phase interlock, narrow signal rejection, transmission line at-tenuation, and sampler bias and determine their implications on the earlier analysis framework. We make recommendations for avoiding pitfalls in real-life implementations. Furthermore, we present ex-perimental results showing that changing operating conditions such as the power supply voltage or the operating temperature may affect the output quality when the signal is subsampled. Hence, an attacker may shift the operating point via a simple non-invasive influence and easily bias the TRNG output. Fi-nally, we propose modifications to the design which significantly improves its robustness against attacks, alleviates implementation related problems, and simultaneously improves its area, throughput and power performance.
RFID applications create a need for low-cost security and privacy in potentially hostile environments. Our measurements show that initialization of SRAM produces a physical fingerprint. We propose a system of Fingerprint Extraction and Random Numbers in SRAM (FERNS) that harvests static identity and randomness from existing volatile CMOS storage. The identity results from manufacture-time phys-ically random device threshold mismatch, and the random numbers result from run-time physically random noise. We use experimental data from virtual tags, microcontroller memory, and the WISP UHF RFID tag to validate the principles behind FERNS. We show that a 256byte SRAM can be used to identify circuits among a population of 160 virtual tags, and can potentially produce 128bit random numbers capable of passing cryptographic statistical tests.
True random sources are not implementable in digital hardware, so that many practical applications have historically relied on pseudo-random generators in order to avoid the potentially long prototyping times and the costs of dedicated analog design. However, pseudo-random sources have liabilities that make them hardly suitable for some tasks (notably security related ones). Previous attempts to conciliate security, cost-effectiveness, and rapid development included the exploitation of the analog accessory parts often present on programmable devices. In these designs some analog blocks are used for their side effects (noise amplification) rather than for their originally intended behaviour. Conversely, here we report a direct implementation of a true random source on programmable, low-cost, general-purpose hardware, where all blocks are used only for their nominal function. To the best of the authors' knowledge, this is the first proposal of this sort. The design exploits an FPAA, and is based on a non-linear system exhibiting chaotic behaviour. Measures confirm the correct operation, high throughput, and robustness of the system. Copyright © 2005 John Wiley & Sons, Ltd.
Random number generator is a key primitive in cryptographic algorithms and applications. In this paper, we propose an architecture to implement a high-speed and high-quality true random number generator, which can be used as FPGA-based cryptographic hardware cores. By implementing the proposed generator in Xilinx Vertex II Pro FPGA and testing the output random bit stream using NIST and Diehard random number test suites, we prove that the proposed generator can be implemented effectively in FPGA with very high output rate and strong randomness
This paper presents a new method for creating TRNGs in Xilinx FPGAs. Due to its simplicity and ease of implementation, the design constitutes a valuable alternative to existing methods for creating single-chip TRNGs. Its main advantages are the high throughput, the portability and the low amount of resources it occupies inside the chip. Therefore, it could further extend the use of FPGA chips in cryptography. Our primary source of entropy is a True Dual-Port Block-RAM operating at high frequency, which is used in a special architecture that creates a concurrent write conflict. The paper also describes the practical issues which make it possible to convert that conflict into a strong entropy source. Depending on the users' requirements, it is possible to connect many units of this generator in parallel on a single FPGA device, thus increasing the bit generation throughput up to the Gbps level. The generator has successfully passed the major statistical test batteries.
This paper describes a solution for the generation of true random numbers in a purely digital fashion; making it suitable for any FPGA type, because no FPGA vendor specific features (e.g., like phase-locked loop) or external analog components are required. Our solution is based on a framework for a provable secure true random number generator recently proposed by Sunar, Martin and Stinson. It uses a large amount of ring oscillators with identical ring lengths as a fast noise source - but with some deterministic bits - and eliminates the non-random samples by appropriate post-processing based on resilient functions. This results in a slower bit stream with high entropy. Our FPGA implementation achieves a random bit throughput of more than 2 Mbps, remains fairly compact (needing minimally 110 ring oscillators of 3 inverters) and is highly portable
This paper presents two novel hardware random number generators (RNGs) based on latch metastability. We designed the first, the DC-nulling RNG, for extremely low power operation. The second, the FIR-based RNG, uses a predictive whitening filter to remove non-random components from the generated bit sequence. In both designs, the use of floating-gate memory cells allows us to predict and compensate for DC offsets and other non-random influences while minimizing power consumption. We also present a simple post-processing technique for improving randomness. We fabricated both RNGs in a standard 2P4M 0.35 μm CMOS process. The DC-nulling RNG utilized .031 mm<sup>2</sup> of die area, while the FIR-based RNG occupied 1.49 mm<sup>2</sup>.
A new, patent pending, concept for a random bit generator, suitable to be integrated in a cryptographic device, is presented. The proposed circuit exploits the relative jitter between two identical ring oscillators sharing the same delay elements and shows several advantages with respect to other oscillator-based generators reported in the technical literature. In particular, the generator is stateless and therefore easily testable accordingly to what is reported in (Bucci, 2005). Moreover, the generation throughput is automatically adapted to the available noise in the circuit thus guaranteeing the statistical quality (minimum entropy) of the generated bits. To validate the proposed circuit, simulation results on a 0.12mum CMOS process are reported
There are many applications for true, unpredictable random numbers. For example the strength of numerous cryptographic operations is often de- pendent on a source of truly random numbers. Sources of random information are available in nature but are often hard to access in integrated circuits. In some specialized applications, analog noise sources are used in digital circuits at great cost in silicon area and power consumption. These analog circuits are often influenced by periodic signal sources that are in close proximity to the random number generator. We present a random number generator comprised entirely of digital circuits, which utilizes electronic noise. Unlike earlier work (11), only standard digital gates without regard to precise layout were used.
Random number generators are essential components of many cryptographic systems. Inappropriate random number generators may
weaken the security properties of the system considerably. This paper considers evaluation criteria for true (physical) random
number generators. General objectives are formulated and possible criteria and measures are discussed which shall ensure these
goals. Central parts of the mathematical-technical reference of the German evaluation guidance document AIS 31 ([19],[2]) are cited and rationale is given.
We briefly address general aspects that reliable security evaluations of physical RNGs should consider. Then we discuss an
efficient RNG design that is based on a pair of noisy diodes. The main contribution of this paper is the formulation and the
analysis of the corresponding stochastic model which interestingly also fits to other RNG designs. We prove a theorem that
provides tight lower bounds for the entropy per random bit, and we apply our results to a prototype of a particular physical
RNG.
Some of the desirable properties a cryptographic random number generator should have are lack of bias, bit independence, unpredictiability
and nonrepeatability. In this paper, we discuss how a hardware random number generator formed from simple components can provide
these properties. The components include two state machines with different structures, and free-running oscillators. The generated
numbers pass the DIEHARD battery of tests.
A new method for digital true random number generation based on asynchronous logic circuits with feedback is introduced. In particular, a concrete technique using the so-called Fibonacci and Galois ring oscillators is developed and experimentally tested in FPGA technology. The generated random binary sequences inherently have a high speed and a very high and robust entropy rate in comparison with previous proposals for digital random number generators. A new method for digital post-processing...
This paper is a contribution to the theory of true random number generators based on sampling phase jitter in oscillator rings. After discussing several misconceptions and apparently insurmountable obstacles, we propose a general model which, under mild assumptions, will generate provably random bits with some tolerance to adversarial manipulation and running in the megabit-per-second range. A key idea throughout the paper is the fill rate, which measures the fraction of the time domain in which the analog output signal is arguably random. Our study shows that an exponential increase in the number of oscillators is required to obtain a constant factor improvement in the fill rate. Yet, we overcome this problem by introducing a postprocessing step which consists of an application of an appropriate resilient function. These allow the designer to extract random samples only from a signal with only moderate fill rate and, therefore, many fewer oscillators than in other designs. Last, we develop fault-attack models and we employ the properties of resilient functions to withstand such attacks. All of our analysis is based on rigorous methods, enabling us to develop a framework in which we accurately quantify the performance and the degree of resilience of the design.
We present a true random number generator which, contrary to other implementations, is not based on the explicit observation of complex micro-cosmic processes but on standard signal processing primitives, freeing the designer from the need for dedicated hardware. The system can be implemented from now ubiquitous analog-to-digital converters building blocks, and is therefore well-suited to embedding. On current technologies, the design permits data rates in the order of a few tens of megabits per second. Furthermore, the absence of predictable, repeatable behaviors increases the system security for cryptographic applications. The design relies on a simple inner model based on chaotic dynamics which, in ideal conditions, can be formally proven to generate perfectly uncorrelated binary sequences. Here, we detail the design and we validate the quality of its output against a couple of test suites standardized by the U.S. National Institute of Standards and Technology, both in the ideal case and assuming implementation errors.
Most hardware “True” Random Number Generators (trng) take advantage of the thermal agitation around a flip-flop metastable state. In Field Programmable Gate Arrays (fpga), the classical trng structure uses at least two oscillators, build either from pll or ring oscillators. This creates good trng albeit limited in frequency by the interference rate which cannot exceed a few Mbit/s. This article presents an architecture allowing higher bit rates while maintaining provable unconditional security. This speed requirement becomes stringent for secure communication applications such as the cryptographic quantum key distribution protocols. The proposed architecture is very simple and generic as it is based on an open loop structure with no specific component such as pll.
Random number generators are one of basic cryptographic primitives used in cryptographic protocols. Most of true random number generators in field programmable gate arrays (FPGAs) employ the timing jitter from ring oscillator clocks as a source of randomness. The paper analyses the jitter generated in ring oscillators and it uses a simple physical model of jitter sources to show that the random jitter accumulates slower than the global and manipulable deterministic jitter. This fact, which can be used to attack generators, is not considered even in most recent designs considered to be secure. The paper proposes simple but efficient countermeasure against these attacks. The method is validated using the proposed behavioral VHDL model and it is shown to be efficient also in hardware.
A novel, patent pending, technique to design random bit generators, suitable to be integrated in a cryptographic device, is presented. The proposed generator is based on a high resolution phase noise detection in free running ring oscillators and it belongs to the class of stateless generators introduced by the authors in a previous work. Therefore, the quality (entropy per bit) of the produced bit stream can be easily tested after the digital post-processing without requiring time-consuming statistical tests on the noise source.
A true random number generator (RNG) based on a digital phase-locked loop (PLL) has been designed and implemented in a 1.5μm CMOS process. It achieved an output data rate of 100 kbps from the sampling of two 30MHz ring oscillators, and successfully passed the NIST test suite SP800-22.
We present small random number generators using silicon devices that generate large fluctuating signal as noise source devices. Since the noise signal of these devices is very large, the noise signal can be directly input to an RC oscillator or a differential amplifier without preamplifiers. In this paper, we present a small physical random number generator using an astable multivibrator and post-processing circuits, which can generate excellent quality random numbers suitable for cryptographic applications. We also introduce the concept of random number generator using a filter circuit and a differential amplification for high bit rate application.
Couple to the rapid development of cryptography, the strength of security protocols and encryption algorithms consumingly relies on the quality of random number. This paper presents a new and security random number generator architecture. The philosophy architecture is based on SHA-2 (512) hash function whose security strength ensures the unpredictability of the produced random numbers. Furthermore, an FPGA-based implementation of architecture is described. The proposed architecture is a flexible solution in many applications taking into account the performance, power consumption, flexibility, cost and area.
The random jitter performance of clock, oscillator, and timing circuits can be predicted by using steady-state circuit simulation techniques that determine phase noise by analyzing the impact on phase due to thermal, flicker, channel, and shot noise present in the electronic devices. Given the phase noise response, and the steady-state operating conditions of the circuit, a wide variety of jitter measurements can be computed. Each involves a transformation of the phase noise results, with accuracy hinging on the quality of the phase noise response over a suitable range of offset frequencies
The design of a mixed-signal random number generator (RNG)
integrated circuit (IC) suitable for integration with hardware
cryptographic systems is presented. Certain applications in cryptography
require the use of a truly RNG, a device which produces unpredictable
and unbiased digital signals derived from a fundamental noise mechanism.
For IC-based cryptographic systems, an RNG must harness randomness from
a low-power noise signal yet remain insensitive to deterministic
influences such as crosstalk, power supply noise, and clock signal
coupling through the substrate. An RNG IC utilizing established analog
IC design techniques was designed and fabricated in a 2-μm CMOS
technology. Sequences generated by the experimental system repeatedly
passed many standard randomness tests for bit rates up to 1.4 MHz. No
changes in randomness performance were observed as the system was
exposed to power supply noise and substrate signal coupling. The system
occupies a total chip area of 1.5 mm<sup>2</sup> and dissipates 3.9 mW
of power
This paper is a contribution to the theory of true random number generators based on sampling phase jitter in oscillator rings. After discussing several misconceptions and apparently insurmountable obstacles, we propose a general model which, under mild assumptions, will generate provably random bits with some tolerance to adversarial manipulation and running in the megabit-per-second range. A key idea throughout the paper is the fill rate, which measures the fraction of the time domain in which the analog output signal is arguably random. Our study shows that an exponential increase in the number of oscillators is required to obtain a constant factor improvement in the fill rate. Yet, we overcome this problem by introducing a postprocessing step which consists of an application of an appropriate resilient function. These allow the designer to extract random samples only from a signal with only moderate fill rate and, therefore, many fewer oscillators than in other designs. Last, we develop fault-attack models and we employ the properties of resilient functions to withstand such attacks. All of our analysis is based on rigorous methods, enabling us to develop a framework in which we accurately quantify the performance and the degree of resilience of the design
A new method for digital true random number generation based on asynchronous logic circuits with feedback is introduced. In particular, a concrete technique using the so-called Galois and Fibonacci ring oscillators is developed and analyzed both theoretically and experimentally. The generated random binary sequences may have a very high speed and a higher and more robust entropy rate in comparison with previous proposals for digital random number generators. A new method for digital postprocessing of random data based on irregularly clocked nonautonomous synchronous logic circuits with feedback is also introduced and a concrete technique using a self-clock-controlled linear feedback shift register is proposed. The postprocessing can provide both randomness extraction and computationally secure speed increase of input random data.
The design of a high-speed IC random number source macro-cell, suitable for integration in a smart card microcontroller, is presented. The oscillator sampling technique is exploited and a jittered oscillator which features an amplified thermal noise source has been designed in order to increase the output throughput and the statistical quality of the generated bit sequences. The oscillator feedback loop acts as an offset compensation for the noise amplifier, thus solving one of the major issues in this kind of circuit. A numerical model for the proposed system has been developed which allows us to carry out an analytical expression for the transition probability between successive bits in the output stream. A prototype chip has been fabricated in a standard digital 0.18 /spl mu/m n-well CMOS process which features a 10 Mbps throughput and fulfills the NIST FIPS and correlation-based tests for randomness. The macro-cell area, excluding pads, is 0.0016 mm/sup 2/ (184 /spl mu/m /spl times/ 86 /spl mu/m) and a 2.3 mW power consumption has been measured.