On-chip jitter measurement for true random number generators

Applications of true random number generators (TRNGs) span from art to numerical computing and system security. In cryptographic applications, TRNGs are used for generating new keys, nonces and masks. For this reason, a TRNG is an essential building block and often a point of failure for embedded security systems. One type of primitives that are widely used as source of randomness are ring oscillators. For a ring-oscillator-based TRNG, the true randomness originates from its timing jitter. Therefore, determining the jitter strength is essential to estimate the quality of a TRNG. In this paper, we propose a method to measure the jitter strength of a ring oscillator implemented on an FPGA. The fast tapped delay chain is utilized to perform the on-chip measurement with a high resolution. The proposed method is implemented on both a Xilinx FPGA and an Intel FPGA. Fast carry logic components on different FPGAs are used to implement the fast delay line. This carry logic component is designed to be fast and has dedicated routing, which enables a precise measurement. The differential structure of the delay chain is used to thwart the influence of undesirable noise from the measurement. The proposed methodology can be applied to other FPGA families and ASIC designs

The Monte Carlo PUF

Physically unclonable functions are used for IP protection, hardware authentication and supply chain security. While many PUF constructions have been put forward in the past decade, only few of them are applicable to FPGA platforms. Strict constraints on the placement and routing are the main disadvantages of the existing PUFs on FPGAs, because they place a high effort on the designer. In this paper we propose a new delay-based PUF construction called Monte Carlo PUF, that does not require low-level placement and routing control. This construction relies on the on-chip Monte Carlo method that is applied for measuring the delays of logic elements in order to extract a unique device fingerprint. The proposed construction allows a trade-off between the evaluation time and the error rate. The Monte Carlo PUF is implemented and evaluated on Xilinx Spartan-6 FPGAs

D2.1 - Report on Selected TRNG and PUF Principles

This report represents the final version of Deliverable 2.1 of the HECTOR work package WP2. It is a result of discussions and work on Task 2.1 of all HECTOR partners involved in WP2. The aim of the Deliverable 2.1 is to select principles of random number generators (RNGs) and physical unclonable functions (PUFs) that fulfill strict technology, design and security criteria. For example, the selected RNGs must be suitable for implementation in logic devices according to the German AIS20/31 standard. Correspondingly, the selected PUFs must be suitable for applying similar security approach. A standard PUF evaluation approach does not exist, yet, but it should be proposed in the framework of the project. Selected RNGs and PUFs should be then thoroughly evaluated from the point of view of security and the most suitable principles should be implemented in logic devices, such as Field Programmable Logic Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs) during the next phases of the project

Circuit-Level Optimizations for Cryptography; True Random Number Generators: Design, Evaluation and Testing

In this work, we look into several aspects of hardware security. The major part of this thesis is dedicated to true random number generators (TRNGs). Our contributions to this field include designing a novel all-digital entropy source and developing a methodology for efficient online testing. Part of the work was dedicated to experimental evaluation of physically unclonable functions (PUFs) cryptographic primitives used for device authentication and countermeasures against device counterfeiting. Side channel attacks such as power-analysis are another significant threat to embedded security. Circuit-level countermeasures against the power analysis were applied in designing an embedded processor for elliptic curve cryptography (ECC) and in designing a side-channel secure SRAM-cell.nrpages: 220status: publishe

Hardware-Efficient Post-Processing Architectures for True Random Number Generators

IEEE In this brief we present novel post-processing modules for use in True Random Number Generators. These modules are based on mathematical constructs called strong blenders, which provide theoretical guarantees for the randomness of the output. We start by pointing out problems with current post-processing methods used in state-of-the-art TRNG designs. We present three novel hardware-efficient architectures and provide guidelines for choosing the design parameters.status: publishe

A 5.1μJ per point-multiplication elliptic curve cryptographic processor

Copyright © 2016 John Wiley & Sons, Ltd. Security features such as privacy and device authentication are required in wireless sensor networks, electronic IDs, Radio Frequency Identification tags, and many other applications. These features are provided using cryptography. Symmetric key cryptography, where the key is distributed between the communication parties prior to communication, does not provide adequate solution for large scalable systems such as sensor networks. In these cases, public-key cryptography should be used. However, public-key algorithms are typically more computationally intensive than their symmetric key counterparts, which creates difficulties in meeting the strict area, power, and energy requirements. Elliptic curve cryptography, because of relatively small operand sizes, can be used to answer the imposed challenges. In this paper, we present a processor for elliptic curve cryptography over GF(2163). This processor can perform elliptic curve point multiplication as well as general modular operations. The processor is flexible enough to support multiple cryptographic protocols. The chip is fabricated using UMC.13 μm 1P8M process, resulting in a core area of 0.54 mm2. The energy consumption to perform one elliptic curve point multiplication is 5.1 μJ. The design features lightweight countermeasures against side-channel attacks. A security evaluation shows the effectiveness of such countermeasures. Copyright © 2016 John Wiley & Sons, Ltd.status: publishe

A Highly-Portable True Random Number Generator based on Coherent Sampling

status: publishe

A Closer Look at the Delay-Chain based TRNG

© 2018 IEEE. This paper presents a refined stochastic model of the delay-chain based true random number generator (DC-TRNG) and its application. DC-TRNG is a true random number generator for FPGAs that utilizes time-to-digital conversion (TDC) to accurately determine the position of the ring-oscillator jittery signal edge. Our stochastic model employs precise time characterization of the carry-chains that are used for TDC in the DC-TRNG. In order to determine lower bounds of the estimated min-entropy, the binary probabilities are calculated by applying the stochastic model. Based on these computed probabilities, we perform optimizations of the DC-TRNG parameters on two different FPGAs - Xilinx Spartan 6 and Intel Cyclone IV, in order to achieve the highest possible throughput of the DC-TRNG.status: accepte

A Self-Calibrating True Random Number Generator

status: publishe

Lightweight Prediction-Based Tests for On-Line Min-Entropy Estimation

© 2017 IEEE. Health tests (on-the-fly tests) play an important role in true random number generators because they are used to assess the quality of the bits produced by entropy source and to raise an alert when failures or attacks are detected. Most of classical tests are implemented as statistical tests. A set of new health tests based on predictors was presented by National Institute of Standards and Technology in CHES 2015. These off-line tests attempt to predict the next output of the entropy source by trying to learn the patterns that the previously produced sequence of bits may possess. We provide the first integrated lightweight implementation of prediction-based tests for min-entropy estimation and verify their validity.status: publishe