Building Physical Random Number Generators from Logic ......First Steps Towards Modelling FIROs and...
Transcript of Building Physical Random Number Generators from Logic ......First Steps Towards Modelling FIROs and...
Corporate Research and Technology
BuildingBuilding Physical Random Number Generators y
from Logic Gates
Markus DichtlMarkus Dichtl
Siemens AG
Copyright © Siemens AG 2010. All rights reserved.
Topics not covered in this talk
Analogue methods of physical random number
generationgeneration
Postprocessing of physical random numbers
Statistical tests for random numbersStatistical tests for random numbers
Do we really need a physical random number
generator would a cryptograpically strong pseudogenerator, would a cryptograpically strong pseudo
random number generator not do?
Certification of physical random number generatorsCertification of physical random number generators,
AIS 31
Page 2 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Why do we need random numbers?
Many cryptographic protocols use random elements.
E lExamples:
Key generation
Nonces without memory
ElGamal-procedures
Randomized implementations against side
channel attacks
Page 3 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Environment for FPGA experiments
All my experiments used Xilinx Spartan 3 FPGAs
Page 4 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Looking for the simplest digital random number generator
Page 5 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Ring Oscillators
Ring Oscillators (ROs) consist of an odd number of inverters forming a loop.forming a loop.
fRO = 1/(2*n*dinv)
fRO frequency of RO
b f i tn number of inverters
dinv delay time of inverter
Page 6 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Pseudorandomness from Sampling ROs
Many RO-based TRNG design are really pseudo random number generators, as the rate of jitter accumulation isof jitter accumulation is overestimated.
Pseudorandomeness fromPseudorandomeness from sampling a deterministic oscillation:
Page 7 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Broken Motorola TRNG design
The Motorola RNG presented at CHES 2002 was broken at CHES p2003, as the ROs do not accumulate jitter fast enough
But Werner Schindler (BSI) showed that it produces enough entropy if
Page 8 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
the sampling rate is reduced by a factor of 60000
How to Distinguish True and Pseudo Randomness
Statistical tests can not distinguish good pseudo randomness from true randomness
Repeated restarting the generator from the same state helps to distinguish:
P d d l d t th b h i f h t t Pseudorandomness leads to the same behaviour for each restart
True randomness shows varied behaviour despite identical starting diticonditions
Page 9 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Restarting a Ring Oscillator I
Even after 148 oscillation periods, 100 traces of restarts of a 296 MHz RO only a small amount of jitter has accumulated
Page 10 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Restarting a Ring Oscillator II
The figure shows the standard deviation of the output voltage of 1000 restarts of a 296 MHz RO.
Page 11 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Restarting a Ring Oscillator III
The figure shows the mean of the output voltage of 1000 restarts of a 296 MHz RO.
Page 12 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Must we wait for so long?
No, just sample always close to the edge
Marco Bucci, Raimondo Luzzi: Design of Testable Random Bit Generators: CHES 2005
Holger Bock, Marco Bucci, Raimondo Luzzi: An Offset-Compensated Oscillator-Based Random Bit Source for Security Applications, CHES 2006
Page 13 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
The current Infineon smartcard RNG
A feedback loop keeps sampling close to the edge of the sampled signal.p g
sampled RO signal time of sampling
voltage
Control of the (relative) sampling time with a precision of 40 ps
time
Page 14 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Control of the (relative) sampling time with a precision of 40 ps
Pro and Contra of the Infineon Approach
Very clear principle Power efficient design Power efficient design Can use standard cell library
Hand layout of cells necessary to achieve required precision of timingprecision of timing
Impossible on FPGAs Feedback loop makes generated bits dependent Feedback loop makes generated bits dependent Dependencies complicate postprocessing
Page 15 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Do many ROs achieve more?
Idea: Use more ROs to get more entropy
Sunar, Martin, Stinson: A Provably Secure True Random Number Generator with Built-in Tolerance to Active Attacks, IEEE Trans. Computers, vol. 56(1), pp. 109-119, Jan. 2007
Schellekens, Preneel, Verbauwhede: FPGA Vendor Agnostic True Random Number Generator FPL 2006 August 2006True Random Number Generator, FPL 2006, August 2006
Page 16 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
The „provably secure“ TRNG design (Leuven version)
Page 17 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
First Reason why the Security Proof Fails
The „security proof“ is based on a very unrealistic statistical model of jitter:statistical model of jitter:It is assumed that each RO has a built in perfect clock, and that jitter occurs only around the edges ofclock, and that jitter occurs only around the edges of the imaginary clock. The model does not allow the accumulation of jitter over time.
Page 18 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Second Reason why the Security Proof Fails
In the security proof, all the ROs are assumed to be statistically independentstatistically independent. In reality, ROs implemented on the same chip interact strongly.strongly.
Page 19 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Interaction of two ROs on the same FPGA Chip
Page 20 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Non-Interaction of Two ROs on Two FPGA Boards
Page 21 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Third Reason why the Security Proof Fails
The XOR of many high frequency oscillations results in an extremely high frequency signal impossible toin an extremely high frequency signal impossible to compute.
In the Leuven design, the output of the XOR would have to make 139 billions of transitions per second, which is clearly impossible with current technology.
Page 22 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Third Reason why the Security Proof Fails (II)
SPICE simulation of the design with 114 ROs of length 13. 98 8 % of the transitions are lost in the XOR tree
Page 23 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
98.8 % of the transitions are lost in the XOR tree
Fourth Reason why the Security Proof Fails
Even if the extremely high speed XOR-signal could be computed it could not be sampled as the samplingcomputed, it could not be sampled, as the sampling flip-flop has to respect setup and hold times. The signal has to be constant for some time in orderThe signal has to be constant for some time in order to be sampled reliably.
The Leuven FPGA has to sample a signal with on average 23.8 transitions during the 170 ps the input has to be constanthas to be constant.
Page 24 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Is it secure?
The design is definitely not “provably secure”, but is it secure?secure?
Statistical tests do not help, as they can not distinguishStatistical tests do not help, as they can not distinguish between true randomness and pseudorandomness
The completely deterministic XOR of only 16 oscillators with slightly different frequencies is so complex that it passes the Diehard test suitepasses the Diehard test suite.
Page 25 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Restarting the XOR of 114 ROs
The results are surprisingly good, but sampling results in
Page 26 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
quite biased output
How the „provably secure“ RNG was cured
Knut Wold and Chik How Tan, Analysis and Enhancement of Random Number Generator in FPGA Based on Oscillator RingsRandom Number Generator in FPGA Based on Oscillator Rings, ReConfig ’08
The idea: To sample each RO individiually, and to XOR only the sampled valuesy p
Page 27 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
How the „provably secure“ RNG was cured II
• No more theoretical “provable security”, but convincing experimental evidence by restartingexperimental evidence by restarting
• It works well, but why does it work so well ?
Page 28 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Going beyond ROs
Jovan Golić (Telecom Italia) invented two strongly improved variants of ROsvariants of ROs,Fibonacci ring oscillators (FIRO) and Galois ring oscillators (GARO)g ( )
The designs show similarities with Fibonacci and Galois LFSR lb it th i t l d ith i tLFSRs, albeit the registers are replaced with inverters
J Dj Golić “New Methods for Digital Generation andJ. Dj. Golić , New Methods for Digital Generation and Postprocessing of Random Data,” IEEE Trans. Computers, vol. 55(10), pp. 1217-1229, Oct. 2006
Page 29 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
vol. 55(10), pp. 1217 1229, Oct. 2006
FIRO
Page 30 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
GARO
Page 31 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Example of FIRO Output
Is it really random?
Page 32 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
(Feedback polynomial x15+x14+x7+x6+x5+x4+x2+1)
FIRO Restarts from Identical States (I)
Page 33 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
FIRO Restarts from Identical States (II)
Page 34 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
FIRO Restarts from Identical States (III)
Page 35 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Standard Deviation of 1000 FIRO Restarts
1.4
in V
1
1.2
ut v
olta
ge i
0.8
1
n of
out
pu
0.4
0.6
rd d
evia
tio
0.2
Time in ns after restartStan
dar
Page 36 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
ASICs with FIROs and GAROs
Asymmetric RFID with GAROAsymmetric authentication
Page 37 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Asymmetric RFID with GAROchip with FIRO
Problems with FIROs and GAROs on CMOS ASICS
Non-random behaviour of the FIRO on the SPIKE-Chip and the GARO on the asymmetric RFID Chipand the GARO on the asymmetric RFID-Chip
Problems:Problems:• On ASICs, XORs are up to 10 times slower than
inverters• Problems of sampling the high speed output signal of
the FIRO/GARO
Page 38 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
First Steps Towards Modelling FIROs and GAROs (I)
Analysis of the numbers of inverter-delays and XOR-delays leads to fractal structuresdelays leads to fractal structures
Page 39 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
First Steps Towards Modelling FIROs and GAROs (II)
Page 40 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
A Cute Idea
Ihor Vasyltsov Eduard Hambardzumyan Young-SikIhor Vasyltsov, Eduard Hambardzumyan, Young-Sik Kim, Bohdan Karpinskyy (Samsung)suggest in „Fast Digital TRNG Based on Metastable gg gRing Oscillator“ (CHES 2008) a new design of a stateless RO variant called meta-RO, which starts for the
ti f h bit f th i t t t h thgeneration of each bit from the inverter state where the input and output voltage are identical.
Page 41 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
A Meta-RO
Page 42 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
A Cute Idea which Does Not Work So Well on FPGAs
Problem: An inverter with feedback from output to inputProblem: An inverter with feedback from output to input starts to oscillate with a frequency of about 680 MHz on Spartan 3. It seems to be quite tricky to get a stable state p q y gon Virtex 2.
Page 43 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
A Cute Idea which Does Not Work So Well on ASICs either
Problem: Due to asymmetries in the circuits meta-ROsProblem: Due to asymmetries in the circuits, meta-ROs tend to show very often the same output signal after restarts.
Page 44 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl
Conclusion
• ROs are a reliable, albeit slow source of randomness • The provably secure“ design is definitely not provably• The „provably secure design is definitely not provably
secure, but may be secure anyway for unclear reasons. The construction can be made sound by sampling each y p gRO individually.
• FIROs and GAROs are the way to go on FPGAs, but t d t t b bl ti ASICturned out to be problematic on ASICs
• Meta-ROs were a nice idea, but did not meet the promisespromises
• No ideal low cost TRNG solution yet• Many nice research topics
Page 45 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl