On-chip jitter measurement for true random number generators

Applications of true random number generators (TRNGs) span from art to numerical computing and system security. In cryptographic applications, TRNGs are used for generating new keys, nonces and masks. For this reason, a TRNG is an essential building block and often a point of failure for embedded security systems. One type of primitives that are widely used as source of randomness are ring oscillators. For a ring-oscillator-based TRNG, the true randomness originates from its timing jitter. Therefore, determining the jitter strength is essential to estimate the quality of a TRNG. In this paper, we propose a method to measure the jitter strength of a ring oscillator implemented on an FPGA. The fast tapped delay chain is utilized to perform the on-chip measurement with a high resolution. The proposed method is implemented on both a Xilinx FPGA and an Intel FPGA. Fast carry logic components on different FPGAs are used to implement the fast delay line. This carry logic component is designed to be fast and has dedicated routing, which enables a precise measurement. The differential structure of the delay chain is used to thwart the influence of undesirable noise from the measurement. The proposed methodology can be applied to other FPGA families and ASIC designs

A Random Number Generator Using Ring Oscillators and SHA-256 as Post-Processing

Today, cryptographic security depends primarily on having strong keys and keeping them secret. The keys should be produced by a reliable and robust to external manipulations generators of random numbers. To hamper different attacks, the generators should be implemented in the same chip as a cryptographic system using random numbers. It forces a designer to create a random number generator purely digitally. Unfortunately, the obtained sequences are biased and do not pass many statistical tests. Therefore an output of the random number generator has to be subjected to a transformation called post-processing. In this paper the hash function SHA-256 as post-processing of bits produced by a combined random bit generator using jitter observed in ring oscillators (ROs) is proposed. All components – the random number generator and the SHA-256, are implemented in a single Field Programmable Gate Array (FPGA). We expect that the proposed solution, implemented in the same FPGA together with a cryptographic system, is more attack-resistant owing to many sources of randomness with significantly different nominal frequencies

Producing Random Bits with Delay-Line Based Ring Oscillators

One of the sources of randomness for a random bit generator (RBG) is jitter present in rectangular signals produced by ring oscillators (ROs). This paper presents a novel approach for the design of delays used in these oscillators. We suggest using delay elements made on carry4 primitives instead of series of inverters or latches considered in the literature. It enables the construction of many high frequency ring oscillators with different nominal frequencies in the same field programmable gate array (FPGA). To assess the unpredictability of bits produced by RO-based RBG, the restarts mechanism, proposed in earlier papers, was used. The output sequences pass all NIST 800-22 statistical tests for smaller number of ring oscillators than the constructions described in the literature. Due to the number of ROs with different nominal frequencies and the method of construction of carry4 primitives, it is expected that the proposed RBG is more robust to cryptographic attacks than RBGs using inverters or latches as delay element

A Unified Multibit PUF and TRNG based on Ring Oscillators for Secure IoT Devices

Physically Unclonable Functions (PUFs) and True Random Number Generators (TRNGs) are cryptographic primitives very well suited for secure IoT devices. This paper proposes a circuit, named multibit-RO-PUF-TRNG, which offers the advantages of unifying PUF and TRNG in the same design. It is based on counting the oscillations of pairs of ring oscillators (ROs), one of them acting as reference. Once the counter of the reference oscillator reaches a fixed value, the count value of the other RO is employed to provide the TRNG and the multibit PUF response. A mathematical model is presented that supports not only the circuit foundations but also a novel and simple calibration procedure that allows optimizing the selection of the design parameters. Experimental results are illustrated with large datasets from two families of FPGAs with different process nodes (90 nm and 28 nm). These results confirm that the proposed calibration provides TRNG and PUF responses with high quality. The raw TRNG bits do not need post-processing and the PUF bits (even 6 bits per RO) show very small aliasing. In the application context of obfuscating and reconstructing secrets generated by the TRNG, the multibit PUF response, together with the proposal of using error-correcting codes and RO selection adapted to each bit, provide savings of at least 79.38% of the ROs compared to using a unibit PUF without RO selection. The proposal has been implemented as an APB peripheral of a VexRiscv RV32I core to illustrate its use in a secure FPGA-based IoT device

Modeling and Observing the Jitter in Ring Oscillators Implemented in FPGAs

Random number generators represent one of basic cryptographic primitives used to compose cryptographic protocols. While Field Programmable Gate Arrays (FPGAs) are well suited for implementing algorithmic random number generators (pseudo-random number generators), generating fast and secured true random bitstreams inside FPGAs is an open problem. Most of true random number generators in FPGAs employ the timing jitter present in ring oscillator clocks as a source of randomness. The paper analyses the jitter generated in ring oscillators and presents a simple physical model of its sources. The jitter generated in MATLAB in accordance with the proposed model is then used as an input in VHDL simulations. To evaluate the model, we use an embedded technique of jitter measurement. The principle is simulated in VHDL and validated by experiments using different FPGA technologies