Multi-channel TRNG based on Scalable Cascaded Full Feedback Ring Oscillator

As the number of IoT devices increases, security is one of the critical factors. Since random numbers are used to generate nonce and encryption keys, degradation of the randomness generated by TRNGs (True Random Number Generators) causes damage to system security. Several attacks have been proposed to reduce the randomness of the TRNG by changing the operating conditions, such as frequency injection, glitch impact, temperature change, and power supply voltage manipulation. In addition, the side-channel attack against TRNG is proposed to predict the random number output. This paper evaluates temperature variation and proposes side-channel attacks against COSO-based TRNG (coherent sampling ring oscillator-based TRNG). The results show that the temperature variation does not affect the randomness of the TRNG under the temperature range of 0°C to 80°C. On the other hand, the side-channel attack correctly read the random output numbers in 97.9 % of the cases. Note that the target circuit was connected to the output pin and side channel information was obtained from it. We propose two countermeasures against the side-channel attacks and demonstrate their effectiveness.

True random number generators (TRNGs) based on ring oscillators are employed in many devices because they can be constructed with logic gates only. Random numbers generated by TRNGs are used for various cryptographic systems as session keys, nonces, and masks. The randomness of a TRNG is characterized by uniformity, nonreproducibility, and unpredictability. Moreover, the quality of random numbers affects cryptographic systems. In particular, degradation of the unpredictability can reduce the security of the cryptographic system because random numbers can be easily estimated. Side-channel attacks, which exploit additional information leaked from a cryptographic module to reveal secret information, are well known. If some additional information reflecting the output bit can be measured from electromagnetic (EM) emission as a side-channel leakage against a TRNG, the unpredictability of the TRNG may decrease. Accordingly, this article introduces the leakage model that reflects an output bit generated by a transition effect ring oscillator (TERO) based TRNG, and an attack that estimates random number bits by measuring EM emission from an integrated circuit against TERO-based TRNG. We propose a leakage model against a TERO-based TRNG and demonstrate that the output bits of the TRNG can be estimated by analyzing the radiated emissions. We also consider a countermeasure against the proposed attack.

As an important hardware security primitive, the true random number generator (TRNG) has been widely utilized in many critical applications. The performance and security of TRNGs are always dominant features that determine the usability of a TRNG scheme. In this article, we propose a novel TRNG design method based on a self-timed ring structure. Different from most existing self-timed circuit-based TRNGs that use ring oscillators, the basic circuit component of the proposed TRNG is a digital realization of a chaotic cellular automata topology. We utilize three different methods to validate the proposed TRNG method, including HSpice simulation, FPGA prototype, and ASIC test chips. As the proposed TRNG structure is pure digital, thus it is synthesizable with standard all-digital components. The test chips of the proposed TRNG structure are fabricated with 40 nm TSMC technology node, with a hardware footprint equals to 75 NAND gates and a die area of 270 μm <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> . With a PCIe setup connecting the testchip and computer, the TRNGs achieves high throughput as 1600 Mb/s. The FPGA implementation is built on a Virtex6 family FPGA from Xilinx, which also achieves lightweight overhead: 53 look-up-table (LUT) and 22 D Flip-flops (DFF). The collected random numbers from FPGA implementations and ASIC testchips are comprehensively tested with three test suites, including NIST SP800-22, NIST SP800-90B, and AIS-31 with a high pass-rate. Further, the security of the TRNG testchips and FPGA implementations are validated by applying three different attacks, including frequency injection attacks, power attacks, and thermal attacks. The experimental results demonstrate that the proposed TRNG structure is immune to these attacks with trivial entropy loss.

Secure chips implement cryptographic algorithms and protocols to ensure self-protection (e.g., firmware authenticity) as well as user data protection (e.g., encrypted data storage). In turn, cryptography needs to defer to incorruptible sources of entropy to implement their functions according to their mandatory usage guidance. Typically, keys, nonces, initialization vectors, tweaks, etc. shall not be guessed by attackers. In practice, True Random Number Generators (TRNGs) are in charge of producing such sensitive elements.Fully aware of the central role of TRNGs in the proper implementation of security in chips, stakeholders have been formalizing the requirements recently. The methods to strengthen such requirements are manifold. In this paper, we discuss and apply three of them by targeting the Set-Reset Latch TRNG which is an alternative to Ring-Oscillator (RO) TRNGs as it provides faster throughputs. The first method concerns the confidence in the TRNG being random enough. It explores how the TRNG properties can be reliably predicted by simulation, compared to real silicon experiments. The second aspect dealt with in this paper is the assessment of the TRNG properties over time, i.e., considering the impact of aging in the TRNG properties. Such knowledge is important as secure chips are expected to be in service for a long period, and it would be detrimental to the service they render if the quality of the entropy they deliver would be declining over time. Eventually, the third aspect of this paper is the timely detection of unforeseen failures or malevolent attacks. The mitigation lies in leveraging "health tests" launched prior to using random numbers.This paper focuses on a particular type of TRNG that is not prone to biasing by attackers: it is the so-called Set-Reset Latch (SR-latch) TRNG and exploits a race condition in an arbitration gate. Such kind of TRNG is of great practical interest as an alternative design compared to the mainstream "Ring Oscillator" TRNG, and it is also very amenable to analyses by various sorts of simulations aiming at properly characterizing its security in various operational environments.

A true random number generator (TRNG) is suitable for generating secure keys and nonces. TRNGs implemented in IoT devices must be small in scale and have low power consumption. The random number sequence generated by TRNG needs to have high entropy immediately after startup and a stable state. In this paper, three types of ring oscillator type TRNGs, TERO-based, COSO-based, and STR-based TRNG, are implemented on Zynq-7010. When these TRNGs are implemented as a single entropy source, it is challenging to implement them because it is necessary to evaluate the layout and wiring for each FPGA. This paper proposes a TRNG configuration, which exclusively ORs the outputs of multiple entropy sources. We show that this configuration can reduce the implementing difficulty and realize high entropy. For the random number sequence evaluation, we use the statistical test of NIST SP800-90B and BSI AIS 20/31. In addition, the random number sequence immediately after the startup is also statistically evaluated. As a result, our proposed TRNGs generate high entropy random numbers and are easy to implement on FPGA when we implement TRNGs with eight single entropy sources for TERO-based TRNG, 48 for COSO-based TRNG, and two for STR-based TRNG, respectively.

True Random Number Generator (TRNG) performs an important role in the field of information security systems for secure system design. The TRNGs designs are used as initialization vectors, as generating random bits and nonces in encryption protocols. TRNGs when implemented on Field Programmable Gate Array (FPGA), becomes viable for integration into designs of Internet of Things (IoT) products for cyber security applications. The most important component of TRNG is its entropy source. Implementation in FPGA exploits the jitter from ring oscillator (RO) circuits as a source of entropy. In this work, various TRNG architectures were reviewed and implemented on FPGA Xilinx Zynq Z7. We have implemented Ring Oscillators by varying number of inverters and analysed its performance. It was seen that RO TRNG with 24 inverters gave the best performance even without post-processing. We have also reviewed various chaotic circuits for TRNG and implemented chaotic oscillator based TRNG and compared it with ring oscillator based TRNG. The randomness performance of all TRNGs was analysed using National Institute of Standards and Technology (NIST) test suite. To improve the randomness using the chaotic circuit, we used a circuit having chaos in the ring oscillator. We also propose a new architecture for FPGA implementation of chaotic ring oscillator based TRNG. The proposed chaotic circuit passed all NIST tests which is crucial for cyber security aspects of Internet of Things products.

In this paper, we present an ultra-low power true random number generator (TRNG) based on ring oscillator (RO) with current-biased inverters. Random numbers are extracted by symmetrically designed arbiter depending on the jitter-noise-caused phase difference of a pair of ROs. Using a bias transistor shared by 16 inverters (8 for each RO), we can obtain a virtual power supply lower than V <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">DD</sub> (denoted as V V <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">DD</sub> ) and a subthreshold bias current to increase the oscillation frequency while ensuring high randomness. In addition, power consumption is significantly lowered by using V V <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">DD</sub> to reduce the amplitude of oscillation. Moreover, V V <sub xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">DD</sub> can be designed with high temperature and supply voltage stability by optimizing the transistor sizes, which allows the proposed implementation to generate random numbers and pass both NIST and auto-correlation test suites over wide ranges of supply voltage (1.0V~1.4V) and temperature (0°C~120°C). The proposed TRNG is implemented using standard 65nm CMOS process, with the bit generation rate and energy efficiency reported to be 169Mbps and 30fJ/bit, respectively (1.2V and 27°C).

True random number generator (TRNG) is essential for the implementation of cryptographic applications, such as digital signature algorithms and security protocols. The quality of generated sequences would directly influence the security of the cryptographic application. Furthermore, in order to enhance the generation rate of random numbers, a TRNG based on multiple ring oscillators (ROs), i.e., MRO-TRNG for short, has been proposed by Sunar et al. There exist potential risks threatening the security of the MRO-TRNG, like pseudo-randomness and phase interlock. For MRO-TRNG, experimental observation and statistical test results have been well investigated. However, these methods cannot distinguish the pseudo-randomness. The concept of entropy is used to quantify the amount of randomness. As far as we know, there is no entropy estimation method for MRO-TRNGs. In this regard, this paper provides an entropy estimation method to analyze the security of MRO-TRNG based on the method for oscillator-based TRNG, and calculates a lower bound of entropy. The theoretical results are verified through Matlab simulations and FPGA experiments. The conclusions can further guide the setting of design parameters (i.e., number of ROs, sampling frequency, etc.) to generate outputs with sufficient entropy.

Exploiting Random Chemistry for Digital Security

It is critical in terms of security that numbers used in cryptographic systems are generated by hardware such as Field Programmable Gate Array (FPGA). The most common method to develop high-quality and fast True Random Number Generators (TRNGs) is to use Ring Oscillator (RO). Jitter is mostly used as an approach to provide randomness source in clock signals generated by RO so that random numbers can be generated. Numbers generated by RO based TRNGs are random because jitter generated by RO is random. However, it is a disadvantage that these numbers do not have good statistical properties. Post-processing is applied so as to overcome this disadvantage. In this article, a duplicate system to generate numbers with statistically good properties without post-processing is proposed. The system consists of two TRNGs developed by ROs on two different FPGA boards. The proposed system has six different scenarios with different frequencies and quantity of ROs. It is shown in the proposed system that post-processing is not needed, and numbers are generated in high data rates such as 47.68, 71.52 and 95.37 Mbit/s. The proposed system also successfully passed NIST 800.22 tests. DOI: http://dx.doi.org/10.5755/j01.eee.21.4.12779

True Random Number Generator (TRNG) has become a central element of today’s secure communication. TRNGs developed through FPGA implementation have a significant role in a number of applications in multimedia communication. Ring Oscillator (RO) has been adopted extensively for developing device-independent TRNG structures. The proposed design is a generic TRNG architecture based on an arrangement of ROs with post-processing. This TRNG was initially tested on Altera Cyclone II FPGA which consumed only 64 inverters to produce good randomness. Also, the device-independent capability of this design has been verified by implementing it on other two FPGA families Xilinx Artix – 7 and Microsemi Smart Fusion2. True randomness was also verified by conducting restart experiment, and the statistical properties of TRNG were evaluated through entropy analysis and NIST SP 800–22 tests. The proposed TRNG yields 26.640650 Mbps as throughput with a sampling clock of 27 MHz. Going beyond the regular key generation utility, the evolving random bits of TRNG were packed suitably to perform confusion of grayscale images producing a near-zero correlation of pixels, thereby extending the application of TRNG to image encryption.

Random numbers are at the heart of diverse fields, ranging from simulations of stochastic processes to classical and quantum cryptography. The requirement for true randomness in these applications has motivated various proposals for generating random numbers based on the inherent randomness of quantum systems. The generation of true random numbers with arbitrarily defined probability distributions is highly desirable for applications, but it is very challenging. Here we show that single-photon quantum walks can generate multi-bit random numbers with on-demand probability distributions, when the required “coin” parameters are found with the gradient descent (GD) algorithm. Our theoretical and experimental results exhibit high fidelity for various selected distributions. This GD-enhanced single-photon system provides a convenient way for building flexible and reliable quantum random number generators. Multi-bit random numbers are a necessary resource for high-dimensional quantum key distribution.

Harvard architecture based post processed True random number generator

SummaryConventional complementary metal oxide semiconductor (CMOS)‐based dedicated true random number generator (TRNG) and physically unclonable function (PUF) designs have exhibited higher energy consumption and large area overhead with technology scaling. In contrast, this paper for the first time presents emerging tunnel field‐effect transistor (TFET)‐based ultra‐lightweight reconfigurable TRNG and PUF design. A unique methodology is proposed that considers p‐i‐n forward current characteristics to generate random keys for PUF and TRNG designs. Leveraging the p‐i‐n forward current of TFET, a ring oscillator (RO) is designed that exhibits variation in the operating frequency and acts as the main source of entropy for both PUF and TRNG. The TRNG in the proposed design is robust and passed all the National Institute of Standards and Technology (NIST) tests. Considering the variation in p‐i‐n forward current, the uniqueness of PUF is calculated as 47.5% and 46% at a supply voltage of 0.5 and 0.45 V, respectively. Moreover, PUF achieves high reliability of 82% and 88.7% with supply voltage and temperature variations, respectively. The proposed design is proved to be compact with relatively lower gate count and shows low energy consumption of 4.8 pJ/bit at 0.5‐V supply voltage. With these performance metrics, the proposed design is highly suitable for resource‐constrained internet of things (IoT).

Physically Unclonable Functions (PUFs) and True Random Number Generators (TRNGs) are cryptographic primitives very well suited for secure IoT devices. This paper proposes a circuit, named multibit-RO-PUF-TRNG, which offers the advantages of unifying PUF and TRNG in the same design. It is based on counting the oscillations of pairs of ring oscillators (ROs), one of them acting as reference. Once the counter of the reference oscillator reaches a fixed value, the count value of the other RO is employed to provide the TRNG and the multibit PUF response. A mathematical model is presented that supports not only the circuit foundations but also a novel and simple calibration procedure that allows optimizing the selection of the design parameters. Experimental results are illustrated with large datasets from two families of FPGAs with different process nodes (90 nm and 28 nm). These results confirm that the proposed calibration provides TRNG and PUF responses with high quality. The raw TRNG bits do not need post-processing and the PUF bits (even 6 bits per RO) show very small aliasing. In the application context of obfuscating and reconstructing secrets generated by the TRNG, the multibit PUF response, together with the proposal of using error-correcting codes and RO selection adapted to each bit, provide savings of at least 79.38% of the ROs compared to using a unibit PUF without RO selection. The proposal has been implemented as an APB peripheral of a VexRiscv RV32I core to illustrate its use in a secure FPGA-based IoT device.