ES-TRNG A High- throughput , Low-area T rue R andom N umber G - - PowerPoint PPT Presentation

▶

Dec 13, 2023 346 likes •526 views

ES-TRNG A High- throughput , Low-area T rue R andom N umber G enerator based on E dge S ampling Bohan Yang , Vladimir Roi , Milo Gruji Nele Mentens and Ingrid Verbauwhede COSIC, KU Leuven Generic TRNG Architecture Timing jitter

SLIDE 1

ES-TRNG

A High-throughput, Low-area True Random Number Generator based on Edge Sampling

Bohan Yang, Vladimir Rožić, Miloš Grujić Nele Mentens and Ingrid Verbauwhede COSIC, KU Leuven

SLIDE 2

12-Sep-18 COSIC, KU Leuven 1

Entropy Source

Digitization

Post Processing

Online Tests

Applications

Total Failure Tests

Raw Numbers Internal Numbers

Digital Noise Source

Generic TRNG Architecture

ES-TRNG

Timing jitter based TRNG
Compact implementation
Reasonable throughput
Security analysis using a stochastic model

SLIDE 3

12-Sep-18 COSIC, KU Leuven 2

Stochastic model oriented security analysis

For Cryptographic Applications:

Initialization Vectors

The SECURITY of a TRNG depends on its unpredictability.

?

which cannot be measured by statistical tests

NIST800-22 DIEHARD FIPS 140-1

can be estimated by stochastic model

AIS-31 NIST800-90B ?

？

SLIDE 4

12-Sep-18 COSIC, KU Leuven 3

Timing jitter based TRNG

Noise Free

Noise

A random bit is generated only when measuring the position of a edge.

D Q

clk

1

Low throughput Timing Jitter accumulation is slow Solution: increasing the sampling resolution! Elementary TRNG

SLIDE 5

12-Sep-18 COSIC, KU Leuven 4

How to increase the sampling resolution

Sampling at a higher frequency ?

Highest sampling frequency is limited by technology, platform, system, power, energy….

D Q

clk

D Q

clk

SLIDE 6

12-Sep-18 COSIC, KU Leuven 5

How to increase the sampling resolution

LUT Using high resolution TDC (Time-to-Digital Converter) 0111 1000 1100 Resolution: ~ 17 ps (@~60 GHz) Period: ~ 2.2 ns 20 2200 𝑞𝑡 ÷ 2 ÷ 17 𝑞𝑡 ÷ 4 ≈ 17 LUT

V. Rozic, B. Yang, W. Dehaene, and I. Verbauwhede, "Highly Efficient Entropy Extraction for True Random Number Generators on FPGAs," In DAC 2015

DC-TRNG ES-TRNG

SLIDE 7

12-Sep-18 COSIC, KU Leuven 6

A closer look at ES-TRNG architecture

SLIDE 8

12-Sep-18 COSIC, KU Leuven 7

Technique 1: variable-precision phase encoding

𝑢𝑔,1 𝑢𝑔,2 𝑢𝑠,1 𝑢𝑠,2 1 1 1 Stages [2:0] Valid Raw bit 110,001 1 1 100,011 1 111,000 N 101,010 n/a

2 1

SLIDE 9

12-Sep-18 COSIC, KU Leuven 8

Technique 1: variable-precision phase encoding

𝑢𝑔,1 𝑢𝑔,2 𝑢𝑠,1 𝑢𝑠,2

1 Elementary TRNG

SLIDE 10

12-Sep-18 COSIC, KU Leuven 9

Technique 2: repetitive sampling

Dependency between each samples

SLIDE 11

12-Sep-18 COSIC, KU Leuven 10

ES-TRNG: platform parameters

RO 1 2.172 ns RO 2 2.740 ns

𝑢𝑔,1 𝑢𝑔,2 𝑢𝑠,1 𝑢𝑠,2

𝑢𝑠,1 𝑢𝑠,2 𝑢𝑔,1 𝑢𝑔,2 35.93 ps 22.25 ps 40.90 ps 24.12 ps 𝜏𝑛

𝑢𝑛 2.9 fs D 0.43

SLIDE 12

12-Sep-18 COSIC, KU Leuven 11

ES-TRNG: design parameters

Entropy claim!

SLIDE 13

12-Sep-18 COSIC, KU Leuven 12

ES-TRNG: design parameters

Entropy claim!

SLIDE 14

12-Sep-18 COSIC, KU Leuven 13

Implementation of ES-TRNG on Xilinx FPGA

5 DFFs 6 LUTs + 4 LUTs 1 CARRY4

SLIDE 15

12-Sep-18 COSIC, KU Leuven 14

Conclusion

ES-TRNG

Compact Hardware: 10 LUTs + 5 FFs @ Xilinx Spartan-6

r 10 LUTs + 6 FFs @ Intel Cyclone-V

Relative High Throughput: 1.15 Mbps @ Xilinx Spartan-6

r 1.07 Mbps @ Intel Cyclone-V

Security analysis supported by stochastic model DC-TRNG & ES-TRNG resources (in progress): https://github.com/ybhphoenix/DC-ES-TRNG

SLIDE 16

Q&A

12-Sep-18 COSIC, KU Leuven 15