a highly portable true random number generator based on
play

A Highly-Portable True Random Number Generator based on Coherent - PowerPoint PPT Presentation

Nov 24, 2022 •20 likes •370 views

A Highly-Portable True Random Number Generator based on Coherent Sampling 2019 International Conference on Field-Programmable Logic and Applications Adriaan Peetermans, Vladimir Ro zi c and Ingrid Verbauwhede September 10, 2019 Random

  1. A Highly-Portable True Random Number Generator based on Coherent Sampling 2019 International Conference on Field-Programmable Logic and Applications Adriaan Peetermans, Vladimir Roˇ zi´ c and Ingrid Verbauwhede September 10, 2019

  2. Random numbers How are they used? ◮ Cryptography: ◮ Statistical ◮ Gambling/games simulations ⋆ Symmetric key ⋆ Card shuffling ⋆ Public key ⋆ Monte Carlo ⋆ Dice throw ⋆ Challenge- ⋆ Optimisation ⋆ Roulette ⋆ Initialisation response protocols ⋆ Padding value ⋆ Masking 2

  3. Random numbers How are they generated? Seed ◮ Pseudo Random Number Generator (PRNG) ⋆ Deterministic finite state machine expanding the initial State seed value update ◮ True Random Number Generator (TRNG) State Output 3

  4. Random numbers How are they generated? ◮ Pseudo Random Number Generator (PRNG) ◮ True Random Number Generator (TRNG) ⋆ Convert electrical noise to digital bitstream ⋆ Must be accompanied by a stochastic model 3

  5. Stochastic model How to make sure the process is truly random? ◮ Old approach: Pass/Fail Statistical RNG T ests 4

  6. Stochastic model How to make sure the process is truly random? ◮ Old approach: Pass/Fail Statistical RNG T ests ◮ New approach: Experiments Entropy claim Stochastic Model TRNG Assumptions Design parameters 4

  7. TRNGs for FPGA TRNGs for FPGA with associated stochastic model: 1 TRNG type Area Power cons. Bit rate Feasib. & Repeat. (LUT/Reg) [mW] [Mbit/s] ERO 46/19 2.16 0.0042 5 COSO 18/3 1.22 0.54 1 MURO 521/131 54.72 2.57 4 PLL 34/14 10.6 0.44 3 TERO 39/12 3.312 0.625 1 STR 346/256 65.9 154 2 1 O. Petura, et al. “A survey of AIS-20/31 compliant TRNG cores suitable for FPGA devices,” in FPL 2016. 5

  8. TRNGs for FPGA TRNGs for FPGA with associated stochastic model: 1 TRNG type Area Power cons. Bit rate Feasib. & Repeat. (LUT/Reg) [mW] [Mbit/s] ERO 46/19 2.16 0.0042 5 COSO 18/3 1.22 0.54 1 MURO 521/131 54.72 2.57 4 PLL 34/14 10.6 0.44 3 TERO 39/12 3.312 0.625 1 STR 346/256 65.9 154 2 1 O. Petura, et al. “A survey of AIS-20/31 compliant TRNG cores suitable for FPGA devices,” in FPL 2016. 5

  9. COherent Sampling ring Oscillator (COSO) based TRNG What makes this TRNG hard to implement? ◮ General architecture: ⋆ RO 1 samples RO 0 ⋆ Sampling generates low frequency beat signal ( S beat ) ⋆ Count period length of S beat and reset every negative edge of S beat S beat Q RO 0 D CSCnt CLR RO 1 Counter 6

  10. COherent Sampling ring Oscillator (COSO) based TRNG S beat Q RO 0 D CSCnt CLR RO 1 Counter 255 MHz RO 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 400 MHz RO 1 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 S beat [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 CSCnt [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 7

  11. COherent Sampling ring Oscillator (COSO) based TRNG S beat Q RO 0 D CSCnt CLR RO 1 Counter 290 MHz RO 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 400 MHz RO 1 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 S beat [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 4 CSCnt 2 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 7

  12. COherent Sampling ring Oscillator (COSO) based TRNG S beat Q RO 0 D CSCnt CLR RO 1 Counter 325 MHz RO 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 400 MHz RO 1 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 S beat [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 6 CSCnt 4 2 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 7

  13. COherent Sampling ring Oscillator (COSO) based TRNG S beat Q RO 0 D CSCnt CLR RO 1 Counter 360 MHz RO 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 400 MHz RO 1 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 S beat [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 10 CSCnt 5 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 7

  14. COherent Sampling ring Oscillator (COSO) based TRNG S beat Q RO 0 D CSCnt CLR RO 1 Counter 385 MHz RO 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 400 MHz RO 1 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 S beat [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 CSCnt 20 10 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 7

  15. COherent Sampling ring Oscillator (COSO) based TRNG S beat Q RO 0 D CSCnt CLR RO 1 Counter 400 MHz RO 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 400 MHz RO 1 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 S beat [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 30 CSCnt 20 10 0 [ μ s] 0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 7

  16. COSO stochastic model Due to jitter in both ROs, CSCnt is a discrete random variable: E [ CSCnt ] = E [ T RO 0 ] E [∆] Var [ CSCnt ] = E [ CSCnt ] Var [∆] E [∆] 2 ∆ is equal to the period difference of the two ROs: E [∆] = | E [ T RO 1 ] − E [ T RO 0 ] | Var [∆] = Var [ T RO 0 ] + Var [ T RO 1 ] Use the LSB of the generated CSCnt value as a random bit 8

  17. COSO stochastic model Due to jitter in both ROs, CSCnt is a discrete random variable: E [ CSCnt ] = E [ T RO 0 ] E [∆] Var [ CSCnt ] = E [ CSCnt ] Var [∆] E [∆] 2 ∆ is equal to the period difference of the two ROs: E [∆] = | E [ T RO 1 ] − E [ T RO 0 ] | Var [∆] = Var [ T RO 0 ] + Var [ T RO 1 ] Use the LSB of the generated CSCnt value as a random bit 8

  18. COSO stochastic model Due to jitter in both ROs, CSCnt is a discrete random variable: E [ CSCnt ] = E [ T RO 0 ] E [∆] Var [ CSCnt ] = E [ CSCnt ] Var [∆] E [∆] 2 ∆ is equal to the period difference of the two ROs: E [∆] = | E [ T RO 1 ] − E [ T RO 0 ] | Var [∆] = Var [ T RO 0 ] + Var [ T RO 1 ] Use the LSB of the generated CSCnt value as a random bit 8

  19. COSO stochastic model Due to jitter in both ROs, CSCnt is a discrete random variable: E [ CSCnt ] = E [ T RO 0 ] E [∆] Var [ CSCnt ] = E [ CSCnt ] Var [∆] E [∆] 2 ∆ is equal to the period difference of the two ROs: E [∆] = | E [ T RO 1 ] − E [ T RO 0 ] | Var [∆] = Var [ T RO 0 ] + Var [ T RO 1 ] Use the LSB of the generated CSCnt value as a random bit 8

  20. COSO stochastic model Entropy versus throughput trade-off: 9

  21. RO matching in FPGA How to achieve RO matching in FPGA? ◮ Search for locations that gives the required matching ⋆ Slow and labour intensive process ⋆ Has to be repeated for every device separately, even for the same FPGA family/vendor Architecture FPGA family Area [DFFs/LUTs] Throughput [Mbit/s] Statistical test Design effort Spartan 6 3/18 0.54 AIS-31 T8 MP Original COSO [15] Cyclone V 3/13 1.44 AIS-31 T8 MP SmartFusion2 3/23 0.328 AIS-31 T8 MP 128 slices 1.1 AIS-31 T6-T8 MP Spartan 6 DC-TRNG [18] Cyclone V 273 ALMs 1.116 AIS-31 T6-T8 MP & MR Spartan 6 190 slices 1.0416 AIS-31 T6-T8 PLL required PLL-TRNG [18] Cyclone V 273 ALMs 1.04 AIS-31 T6-T8 PLL required Spartan 6 5/10 1.15 AIS-31 T0-T5 MP ES-TRNG [11] Cyclone V 6/10 1.067 AIS-31 T0-T5 MP Spartan 6 12/39 0.625 AIS-31 T8 MP & MR TERO [15] Cyclone V 12/46 1 AIS-31 T8 MP & MR 12/46 1 AIS-31 T8 MP & MR SmartFusion2 256/346 154 AIS-31 T8 MP & MR Spartan 6 STR [15] Cyclone V 256/352 245 AIS-31 T8 MP & MR SmartFusion2 256/350 188 AIS-31 T8 MP & MR 10

  22. RO matching in FPGA How to achieve RO matching in FPGA? ◮ Create a reconfigurable RO that can match itself using a feedback mechanism ⋆ No manual intervention needed ⋆ Same bitstream can be used for all devices ⋆ Porting process greatly simplified ⋆ Control circuit can actively monitor TRNG health and change configuration when needed 11

  23. Configurable RO ROSel ROSel ROSel [1:0] [3:2] [2 n -1:2 n -2] Enable ROSel [1:0] RO out 12

  24. Controller feedback High and Low bounds Controller Entropy Digitisation source D RO 0 S beat Q Counter CSCnt RO 1 13

  25. Controller feedback Input: CSCnt , req Output: ROSel , matched Global constant: L , H 1: goodSamples ← 0, sampleCnt ← 0 2: ROSel ← 0, matched ← 0 3: while true do 4: if req then 5: if L ≤ CSCnt < H then 6: goodSamples ← goodSamples + 1 7: matched ← 1 if sampleCnt == 2 7 − 1 then 8: 9: if goodSamples == 0 then 10: ROSel ← ROSel + 1 11: matched ← 0 12: goodSamples ← 0 13: sampleCnt ← sampleCnt + 1 14

  26. Controller feedback sampleCnt ++ Input: CSCnt , req Y N Output: ROSel , matched L ≤ CSCnt < H Global constant: L , H 1: goodSamples ← 0, sampleCnt ← 0 goodSamples ++ 2: ROSel ← 0, matched ← 0 matched ← 1 3: while true do 4: if req then 5: if L ≤ CSCnt < H then 6: goodSamples ← goodSamples + 1 7: matched ← 1 Y N if sampleCnt == 2 7 − 1 then sampleCnt = 2 7 -1 8: 9: if goodSamples == 0 then 10: ROSel ← ROSel + 1 11: matched ← 0 Y N goodSamples = 0 12: goodSamples ← 0 13: sampleCnt ← sampleCnt + 1 ROSel ++ goodSamples ← 0 matched ← 0 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Magnetic Tunnel Junction Based True Random Number Generator with Conditional Perturb and

A Magnetic Tunnel Junction Based True Random Number Generator with Conditional Perturb and

A Magnetic Tunnel Junction Based True Random Number Generator with Conditional Perturb and Real-Time Output Probability Tracking Won Ho Choi*, Yang Lv*, Jongyeon Kim, Abhishek Deshpande, Gyuseong Kang, Jian-Ping Wang, and Chris H. Kim *equal

590 views • 18 slides
Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number

Vacuum fluctuations Secure heterodyne-based quantum random number quantum random number generator with non-iid generator at 17 Gbps samples Tobias Gehring et al. Marco Avesani et al. 1 The need for random numbers Alice quantum Rx laser

346 views • 32 slides
Analysis of the Linux Random Number Generator Patrick Lacharme, Andrea R ock, Vincent Stubel,

Analysis of the Linux Random Number Generator Patrick Lacharme, Andrea R ock, Vincent Stubel,

Analysis of the Linux Random Number Generator Patrick Lacharme, Andrea R ock, Vincent Stubel, Marion Videau October 23, 2009 - Rennes Outline Random Number Generators The Linux Random Number Generator Building Blocks Entropy Estimation

681 views • 55 slides
FPGA-based True Random Number Generation using Circuit

FPGA-based True Random Number Generation using Circuit

FPGA-based True Random Number Generation using Circuit Meta-stability with Adaptive Feedback Control Mehrdad Majzoobi 1 , Farinaz Koushanfar 1, and

243 views • 21 slides
A Random Walk through CS70 bounds for computing whether you have an even number of 1s as true?

A Random Walk through CS70 bounds for computing whether you have an even number of 1s as true?

A Random Walk through CS70 bounds for computing whether you have an even number of 1s as true? Then Q true, then R true. If P not true, then both sides reduce CS70 Summer 2016 - Lecture 8B 4 Applications: Circuits Boolean logic encompasses a

336 views • 5 slides
How to Make a Lumpy Random Number Generator Michael A. Covington University of Georgia and

How to Make a Lumpy Random Number Generator Michael A. Covington University of Georgia and

How to Make a Lumpy Random Number Generator Michael A. Covington University of Georgia and CORAID, Inc. International Workshop on Plan 9 Athens, Georgia October 23, 2009 How would you make a random number generator with a preference

237 views • 20 slides
Links visited in class Googled the number 48271: found Lehmer random number generator,

Links visited in class Googled the number 48271: found Lehmer random number generator,

3.6 Central Limit Theorem Links visited in class Googled the number 48271: found Lehmer random number generator, random.org, random.org/decimal-fractions/, generated 100 random decimal fractions, nsm.buffalo.edu/~hassard/459/py,

203 views • 4 slides
KISS: A Bit Too Simple Greg Rose ggr@qualcomm.com Outline KISS random number generator

KISS: A Bit Too Simple Greg Rose ggr@qualcomm.com Outline KISS random number generator

KISS: A Bit Too Simple Greg Rose ggr@qualcomm.com Outline KISS random number generator Subgenerators Efficient attack New KISS and attack Conclusion PAGE 2 One approach to PRNG security &quot;A random number generator

643 views • 25 slides
A study of entropy transfers in the Linux Random Number Generator Th. Vuillemin, F . Goichon, G.

A study of entropy transfers in the Linux Random Number Generator Th. Vuillemin, F . Goichon, G.

A study of entropy transfers in the Linux Random Number Generator Th. Vuillemin, F . Goichon, G. Salagnac, C. Lauradoux 1 The need for random numbers Computers are built to be fully deterministic... ...but unpredictability is still required

483 views • 33 slides
KISS: A Bit Too Simple Greg Rose ggr@qualcomm.com Outline q KISS random number generator

KISS: A Bit Too Simple Greg Rose ggr@qualcomm.com Outline q KISS random number generator

KISS: A Bit Too Simple Greg Rose ggr@qualcomm.com Outline q KISS random number generator q Subgenerators q Efficient attack q New KISS and attack q Conclusion PAGE 2 One approach to PRNG security &quot;A random number

594 views • 26 slides
Random numbers We have seen that in many applications we need random number generators For

Random numbers We have seen that in many applications we need random number generators For

Random numbers We have seen that in many applications we need random number generators For example we sue random number generator to obtain session keys; to avoid key guessing If an adversary sees a sequence of session keys He/she

426 views • 16 slides
The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators A.

The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators A.

The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators A. Theodore Markettos and Simon Moore www.cl.cam.ac.uk/research/security Computer Laboratory A.T. Markettos and S. W. Moore, The Frequency Injection Attack

796 views • 30 slides
Chapter Secure Random Number Generator Jean-Louis Roch, Grenoble University, M2-SCCI/SECR Anyone

Chapter Secure Random Number Generator Jean-Louis Roch, Grenoble University, M2-SCCI/SECR Anyone

Chapter Secure Random Number Generator Jean-Louis Roch, Grenoble University, M2-SCCI/SECR Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin. -- John Von Neumann, 1951 References: NIST

599 views • 22 slides
Random Number Generator using FPGA David P erez Mart nez Centro de Investigaci on en

Random Number Generator using FPGA David P erez Mart nez Centro de Investigaci on en

Random Number Generator using FPGA David P erez Mart nez Centro de Investigaci on en Computaci on - IPN Introduction A field-programmable gate array (FPGA) is an integrated circuit designed to be configured by a customer.

256 views • 9 slides
PC PORTABLE PC PORTABLE PC PORTABLE Introducing the PC Portable Lamp, one of a range of

PC PORTABLE PC PORTABLE PC PORTABLE Introducing the PC Portable Lamp, one of a range of

PC PORTABLE PC PORTABLE PC PORTABLE Introducing the PC Portable Lamp, one of a range of new light fjxtures based on Pierre Charpins original PC Task Light, a HAY classic. Like its predecessor, the PC Portable hides its engineering

271 views • 15 slides
Quam Bene Non Quantum Identifying Bias in a Commercial Quantum Random Number Generator Darren

Quam Bene Non Quantum Identifying Bias in a Commercial Quantum Random Number Generator Darren

The UKs European university Real World Crypto 2018 Quam Bene Non Quantum Identifying Bias in a Commercial Quantum Random Number Generator Darren Hurley-Smith &amp; Julio Hernandez-Castro Index Introduction Related works Aims Experimental

563 views • 11 slides
Randomness generation Daniel J. Bernstein, Tanja Lange May 16, 2014 RDRAND: Just use it! David

Randomness generation Daniel J. Bernstein, Tanja Lange May 16, 2014 RDRAND: Just use it! David

Randomness generation Daniel J. Bernstein, Tanja Lange May 16, 2014 RDRAND: Just use it! David Johnston, 2012 (emphasis added): Thats exactly why we put the new random number generator in our processors. To solve the chronic problem of

392 views • 25 slides
ES-TRNG A High- throughput , Low-area T rue R andom N umber G enerator based on E dge S ampling

ES-TRNG A High- throughput , Low-area T rue R andom N umber G enerator based on E dge S ampling

ES-TRNG A High- throughput , Low-area T rue R andom N umber G enerator based on E dge S ampling Bohan Yang , Vladimir Roi , Milo Gruji Nele Mentens and Ingrid Verbauwhede COSIC, KU Leuven Generic TRNG Architecture Timing jitter

522 views • 16 slides
Serial and Parallel Random Number Generation Prof. Dr. Michael Mascagni Seminar f ur

Serial and Parallel Random Number Generation Prof. Dr. Michael Mascagni Seminar f ur

Serial and Parallel Random Number Generation Prof. Dr. Michael Mascagni Seminar f ur Angewandte Mathematik, ETH Z urich R aimistrasse 101, CH-8092 Z urich, Switzerland and Department of Computer Science &amp; School of

672 views • 35 slides
ECEN 5022 Cryptography Pseudo Random Number Generators Peter Mathys University of Colorado

ECEN 5022 Cryptography Pseudo Random Number Generators Peter Mathys University of Colorado

Pseudo Random Number Generators ECEN 5022 Cryptography Pseudo Random Number Generators Peter Mathys University of Colorado Spring 2008 Peter Mathys ECEN 5022 Cryptography Pseudo Random Number Generators Random Number Generation Random

352 views • 14 slides
MIPS Assembly (Random Numbers) 2 Lab Schedule Activities Assignments Due This Week Lab 10

MIPS Assembly (Random Numbers) 2 Lab Schedule Activities Assignments Due This Week Lab 10

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific MIPS Assembly (Random Numbers) 2 Lab Schedule Activities Assignments Due This Week Lab 10 Due by Apr 11 th 5:00am Lab work time MIPS

477 views • 5 slides
Random Numbers on GPUs W. B. Langdon Mathematical and Biological Sciences and Computing and

Random Numbers on GPUs W. B. Langdon Mathematical and Biological Sciences and Computing and

Random Numbers on GPUs W. B. Langdon Mathematical and Biological Sciences and Computing and Electronic Systems CIGPU 2008 Introduction Artificial Intelligence needs Randomisation Implementing randomisation is hard. GPU no native

618 views • 23 slides
Computational Expression Random Class, Math Class, Wrapper Classes Janyl Jumadinova 30

Computational Expression Random Class, Math Class, Wrapper Classes Janyl Jumadinova 30

Computational Expression Random Class, Math Class, Wrapper Classes Janyl Jumadinova 30 September, 2019 Janyl Jumadinova Computational Expression 30 September, 2019 1 / 8 Random Class The Random class is part of the java.util package It

415 views • 15 slides
Random number generation failures from Netscape to DUHK Nadia Heninger University of

Random number generation failures from Netscape to DUHK Nadia Heninger University of

Random number generation failures from Netscape to DUHK Nadia Heninger University of Pennsylvania June 18, 2018 A cartoon cryptographic communication protocol AES k ( m ) A cartoon cryptographic communication protocol g a g b AES k ( m ) k =

1.06k views • 70 slides

More recommend