ES-TRNG A High- throughput , Low-area T rue R andom N umber G enerator based on E dge S ampling Bohan Yang , Vladimir Rožić , Miloš Grujić Nele Mentens and Ingrid Verbauwhede COSIC, KU Leuven
Generic TRNG Architecture • Timing jitter based TRNG • Compact implementation ES-TRNG • Reasonable throughput • Security analysis using a stochastic model Digital Noise Source Internal Raw Entropy Post Numbers Numbers Digitization Applications Source Processing Total Failure Online Tests Tests 12-Sep-18 COSIC, KU Leuven 1
Stochastic model oriented security analysis I nitialization For Cryptographic Applications: V ectors ? The SECURITY of a TRNG depends on its unpredictability. which AIS-31 cannot be can be NIST800-22 measured by estimated by NIST800-90B ? DIEHARD statistical tests stochastic model FIPS 140-1 ? 12-Sep-18 COSIC, KU Leuven 2
Timing jitter based TRNG Noise Free Noise Free Noise A random bit is generated only when measuring the position of a edge. 0 D Q 1 clk Timing Jitter accumulation is slow Low throughput Elementary TRNG Solution: increasing the sampling resolution! 12-Sep-18 COSIC, KU Leuven 3
How to increase the sampling resolution Sampling at a higher frequency ? D Q D Q clk clk Highest sampling frequency is limited by technology, platform, system, power, energy…. 12-Sep-18 COSIC, KU Leuven 4
How to increase the sampling resolution Using high resolution TDC (Time-to-Digital Converter) ES-TRNG DC-TRNG 1100 Resolution: ~ 17 ps (@~60 GHz) 0111 1000 LUT LUT Period: ~ 2.2 ns 2200 𝑞𝑡 ÷ 2 ÷ 17 𝑞𝑡 ÷ 4 ≈ 17 20 V. Rozic, B. Yang, W. Dehaene, and I. Verbauwhede, "Highly Efficient Entropy Extraction for True Random Number Generators on FPGAs," In DAC 2015 12-Sep-18 COSIC, KU Leuven 5
A closer look at ES-TRNG architecture 12-Sep-18 COSIC, KU Leuven 6
Technique 1: variable-precision phase encoding 1 1 1 Stages Raw Valid [2:0] bit 0 1 2 110,001 1 1 𝑢 𝑔,1 𝑢 𝑔,2 100,011 1 0 𝑢 𝑠,1 𝑢 𝑠,2 111,000 0 N 101,010 0 n/a 12-Sep-18 COSIC, KU Leuven 7
Technique 1: variable-precision phase encoding Elementary TRNG 𝑢 𝑔,1 𝑢 𝑔,2 𝑢 𝑠,1 𝑢 𝑠,2 1 0 12-Sep-18 COSIC, KU Leuven 8
Technique 2: repetitive sampling Dependency between each samples 12-Sep-18 COSIC, KU Leuven 9
ES-TRNG: platform parameters RO 2 2.740 ns RO 1 2.172 ns 𝑢 𝑔,1 𝑢 𝑔,2 40.90 ps 35.93 ps 𝑢 𝑔,1 𝑢 𝑔,2 𝑢 𝑠,2 𝑢 𝑠,1 24.12 ps 22.25 ps 𝑢 𝑠,1 𝑢 𝑠,2 D 2 𝜏 𝑛 2.9 fs 0.43 𝑢 𝑛 12-Sep-18 COSIC, KU Leuven 10
ES-TRNG: design parameters Entropy claim! 12-Sep-18 COSIC, KU Leuven 11
ES-TRNG: design parameters Entropy claim! 12-Sep-18 COSIC, KU Leuven 12
Implementation of ES-TRNG on Xilinx FPGA 5 DFFs 1 CARRY4 6 LUTs + 4 LUTs 12-Sep-18 COSIC, KU Leuven 13
Conclusion Compact Hardware: 10 LUTs + 5 FFs @ Xilinx Spartan-6 ES-TRNG or 10 LUTs + 6 FFs @ Intel Cyclone-V Relative High Throughput: 1.15 Mbps @ Xilinx Spartan-6 or 1.07 Mbps @ Intel Cyclone-V Security analysis supported by stochastic model DC-TRNG & ES-TRNG resources (in progress): https://github.com/ybhphoenix/DC-ES-TRNG 12-Sep-18 COSIC, KU Leuven 14
Q&A 12-Sep-18 COSIC, KU Leuven 15
Recommend
More recommend
