Building Physical Random Number Generators from Logic ......First Steps Towards Modelling FIROs and...

$: Building Physical Random Number Generators from Logic ......First Steps Towards Modelling FIROs and GAROs (I) Analysis of the numbers of inverter-delays and XOR-delays leads to fractal$
Corporate Research and Technology

BuildingBuilding Physical Random Number Generators y

from Logic Gates

Markus DichtlMarkus Dichtl

Siemens AG

Copyright © Siemens AG 2010. All rights reserved.

Topics not covered in this talk

Analogue methods of physical random number

generationgeneration

Postprocessing of physical random numbers

Statistical tests for random numbersStatistical tests for random numbers

Do we really need a physical random number

generator would a cryptograpically strong pseudogenerator, would a cryptograpically strong pseudo

random number generator not do?

Certification of physical random number generatorsCertification of physical random number generators,

AIS 31

Page 2 February 2010 Siemens Corporate Research and TechnologyMarkus Dichtl

Why do we need random numbers?

Many cryptographic protocols use random elements.

E lExamples:

Key generation

Nonces without memory

ElGamal-procedures

Randomized implementations against side

channel attacks


Environment for FPGA experiments

All my experiments used Xilinx Spartan 3 FPGAs


Looking for the simplest digital random number generator


Ring Oscillators

Ring Oscillators (ROs) consist of an odd number of inverters forming a loop.forming a loop.

fRO = 1/(2*n*dinv)

fRO frequency of RO

b f i tn number of inverters

dinv delay time of inverter


Pseudorandomness from Sampling ROs

Many RO-based TRNG design are really pseudo random number generators, as the rate of jitter accumulation isof jitter accumulation is overestimated.

Pseudorandomeness fromPseudorandomeness from sampling a deterministic oscillation:


Broken Motorola TRNG design

The Motorola RNG presented at CHES 2002 was broken at CHES p2003, as the ROs do not accumulate jitter fast enough

But Werner Schindler (BSI) showed that it produces enough entropy if


the sampling rate is reduced by a factor of 60000

How to Distinguish True and Pseudo Randomness

Statistical tests can not distinguish good pseudo randomness from true randomness

Repeated restarting the generator from the same state helps to distinguish:

P d d l d t th b h i f h t t Pseudorandomness leads to the same behaviour for each restart

True randomness shows varied behaviour despite identical starting diticonditions


Restarting a Ring Oscillator I

Even after 148 oscillation periods, 100 traces of restarts of a 296 MHz RO only a small amount of jitter has accumulated


Restarting a Ring Oscillator II

The figure shows the standard deviation of the output voltage of 1000 restarts of a 296 MHz RO.


Restarting a Ring Oscillator III

The figure shows the mean of the output voltage of 1000 restarts of a 296 MHz RO.


Must we wait for so long?

No, just sample always close to the edge

Marco Bucci, Raimondo Luzzi: Design of Testable Random Bit Generators: CHES 2005

Holger Bock, Marco Bucci, Raimondo Luzzi: An Offset-Compensated Oscillator-Based Random Bit Source for Security Applications, CHES 2006


The current Infineon smartcard RNG

A feedback loop keeps sampling close to the edge of the sampled signal.p g

sampled RO signal time of sampling

voltage

Control of the (relative) sampling time with a precision of 40 ps

time


Control of the (relative) sampling time with a precision of 40 ps

Pro and Contra of the Infineon Approach

Very clear principle Power efficient design Power efficient design Can use standard cell library

Hand layout of cells necessary to achieve required precision of timingprecision of timing

Impossible on FPGAs Feedback loop makes generated bits dependent Feedback loop makes generated bits dependent Dependencies complicate postprocessing


Do many ROs achieve more?

Idea: Use more ROs to get more entropy

Sunar, Martin, Stinson: A Provably Secure True Random Number Generator with Built-in Tolerance to Active Attacks, IEEE Trans. Computers, vol. 56(1), pp. 109-119, Jan. 2007

Schellekens, Preneel, Verbauwhede: FPGA Vendor Agnostic True Random Number Generator FPL 2006 August 2006True Random Number Generator, FPL 2006, August 2006


The „provably secure“ TRNG design (Leuven version)


First Reason why the Security Proof Fails

The „security proof“ is based on a very unrealistic statistical model of jitter:statistical model of jitter:It is assumed that each RO has a built in perfect clock, and that jitter occurs only around the edges ofclock, and that jitter occurs only around the edges of the imaginary clock. The model does not allow the accumulation of jitter over time.


Second Reason why the Security Proof Fails

In the security proof, all the ROs are assumed to be statistically independentstatistically independent. In reality, ROs implemented on the same chip interact strongly.strongly.


Interaction of two ROs on the same FPGA Chip


Non-Interaction of Two ROs on Two FPGA Boards


Third Reason why the Security Proof Fails

The XOR of many high frequency oscillations results in an extremely high frequency signal impossible toin an extremely high frequency signal impossible to compute.

In the Leuven design, the output of the XOR would have to make 139 billions of transitions per second, which is clearly impossible with current technology.


Third Reason why the Security Proof Fails (II)

SPICE simulation of the design with 114 ROs of length 13. 98 8 % of the transitions are lost in the XOR tree


98.8 % of the transitions are lost in the XOR tree

Fourth Reason why the Security Proof Fails

Even if the extremely high speed XOR-signal could be computed it could not be sampled as the samplingcomputed, it could not be sampled, as the sampling flip-flop has to respect setup and hold times. The signal has to be constant for some time in orderThe signal has to be constant for some time in order to be sampled reliably.

The Leuven FPGA has to sample a signal with on average 23.8 transitions during the 170 ps the input has to be constanthas to be constant.


Is it secure?

The design is definitely not “provably secure”, but is it secure?secure?

Statistical tests do not help, as they can not distinguishStatistical tests do not help, as they can not distinguish between true randomness and pseudorandomness

The completely deterministic XOR of only 16 oscillators with slightly different frequencies is so complex that it passes the Diehard test suitepasses the Diehard test suite.


Restarting the XOR of 114 ROs

The results are surprisingly good, but sampling results in


quite biased output

How the „provably secure“ RNG was cured

Knut Wold and Chik How Tan, Analysis and Enhancement of Random Number Generator in FPGA Based on Oscillator RingsRandom Number Generator in FPGA Based on Oscillator Rings, ReConfig ’08

The idea: To sample each RO individiually, and to XOR only the sampled valuesy p


How the „provably secure“ RNG was cured II

• No more theoretical “provable security”, but convincing experimental evidence by restartingexperimental evidence by restarting

• It works well, but why does it work so well ?


Going beyond ROs

Jovan Golić (Telecom Italia) invented two strongly improved variants of ROsvariants of ROs,Fibonacci ring oscillators (FIRO) and Galois ring oscillators (GARO)g ( )

The designs show similarities with Fibonacci and Galois LFSR lb it th i t l d ith i tLFSRs, albeit the registers are replaced with inverters

J Dj Golić “New Methods for Digital Generation andJ. Dj. Golić , New Methods for Digital Generation and Postprocessing of Random Data,” IEEE Trans. Computers, vol. 55(10), pp. 1217-1229, Oct. 2006


vol. 55(10), pp. 1217 1229, Oct. 2006

FIRO


GARO


Example of FIRO Output

Is it really random?


(Feedback polynomial x15+x14+x7+x6+x5+x4+x2+1)

FIRO Restarts from Identical States (I)


FIRO Restarts from Identical States (II)


FIRO Restarts from Identical States (III)


Standard Deviation of 1000 FIRO Restarts

1.4

in V

1

1.2

ut v

olta

ge i

0.8

1

n of

out

pu

0.4

0.6

rd d

evia

tio

0.2

Time in ns after restartStan

dar


ASICs with FIROs and GAROs

Asymmetric RFID with GAROAsymmetric authentication


Asymmetric RFID with GAROchip with FIRO

Problems with FIROs and GAROs on CMOS ASICS

Non-random behaviour of the FIRO on the SPIKE-Chip and the GARO on the asymmetric RFID Chipand the GARO on the asymmetric RFID-Chip

Problems:Problems:• On ASICs, XORs are up to 10 times slower than

inverters• Problems of sampling the high speed output signal of

the FIRO/GARO


First Steps Towards Modelling FIROs and GAROs (I)

Analysis of the numbers of inverter-delays and XOR-delays leads to fractal structuresdelays leads to fractal structures


First Steps Towards Modelling FIROs and GAROs (II)


A Cute Idea

Ihor Vasyltsov Eduard Hambardzumyan Young-SikIhor Vasyltsov, Eduard Hambardzumyan, Young-Sik Kim, Bohdan Karpinskyy (Samsung)suggest in „Fast Digital TRNG Based on Metastable gg gRing Oscillator“ (CHES 2008) a new design of a stateless RO variant called meta-RO, which starts for the

ti f h bit f th i t t t h thgeneration of each bit from the inverter state where the input and output voltage are identical.


A Meta-RO


A Cute Idea which Does Not Work So Well on FPGAs

Problem: An inverter with feedback from output to inputProblem: An inverter with feedback from output to input starts to oscillate with a frequency of about 680 MHz on Spartan 3. It seems to be quite tricky to get a stable state p q y gon Virtex 2.


A Cute Idea which Does Not Work So Well on ASICs either

Problem: Due to asymmetries in the circuits meta-ROsProblem: Due to asymmetries in the circuits, meta-ROs tend to show very often the same output signal after restarts.


Conclusion

• ROs are a reliable, albeit slow source of randomness • The provably secure“ design is definitely not provably• The „provably secure design is definitely not provably

secure, but may be secure anyway for unclear reasons. The construction can be made sound by sampling each y p gRO individually.

• FIROs and GAROs are the way to go on FPGAs, but t d t t b bl ti ASICturned out to be problematic on ASICs

• Meta-ROs were a nice idea, but did not meet the promisespromises

• No ideal low cost TRNG solution yet• Many nice research topics


Building Physical Random Number Generators from Logic ......First Steps Towards Modelling FIROs and...

Documents

Transcript of Building Physical Random Number Generators from Logic ......First Steps Towards Modelling FIROs and...