Implementing and Testing Self-Timed Rings on a FPGA as Entropy Sources / Implementation och Testning av Self-Timed Rings på en FPGA som Entropikällor

Einar, Marcus

January 2015

Random number generators are basic building blocks of modern cryptographic systems. Usually pseudo random number generators, carefully constructed deter- ministic algorithms that generate seemingly random numbers, are used. These are built upon foundations of thorough mathematical analysis and have been subjected to stringent testing to make sure that they can produce pseudo random sequences at a high bit-rate with good statistical properties. A pseudo random number generator must be initiated with a starting value. Since they are deterministic, the same starting value used twice on the same pseudo random number generator will produce the same seemingly random sequence. Therefore it is of utmost importance that the starting value contains enough en- tropy so that the output cannot be predicted or reproduced in an attack. To gen- erate a high entropy starting value, a true random number generator that uses sampling of some physical non-deterministic phenomenon to generate entropy, can be used. These are generally slower than their pseudo random counterparts but in turn need not generate the same amount of random values. In field programmable gate arrays (FPGA), generating random numbers is not trivial since they are built upon digital logic. A popular technique to generate entropy within a FPGA is to sample jittery clock signals. A quite recent technique proposed to create a robust clock signals, that contains such jitter, is to use self- timed ring oscillators. These are structures in which several events can propagate freely at an evenly spaced phase distribution. In this thesis self-timed rings of six different lengths is implemented on a spe- cific FPGA hardware. The different implementations are tested with the TestU01 test suite. The results show that two of the implementations have a good oscilla- tory behaviour that is well suited for use as random number generators. Others exhibit unexpected behaviours that are not suited to be used in a random num- ber generator. Two of the implemented random generators passed all tests in the TestU01 batteries Alphabit and BlockAlphabit. One of the generators was deemed not fit for use in a random number generator after failing all of the tests. The last three were not subjected to any tests since they did not behave as ex- pected.

Self-Timed Rings

FPGA

Field Programmable Gate Array

Entropy Generation

Computer Engineering

Datorteknik

Générateurs de nombres véritablement aléatoires à base d'anneaux asynchrones : conception, caractérisation et sécurisation / Ring oscillator based true random number generators : design, characterization and security

Cherkaoui, Abdelkarim

16 June 2014

Les générateurs de nombres véritablement aléatoires (TRNG) sont des composants cruciaux dans certaines applications cryptographiques sensibles (génération de clés de chiffrement, génération de signatures DSA, etc). Comme il s’agit de composants très bas-niveau, une faille dans le TRNG peut remettre en question la sécurité de tout le système cryptographique qui l’exploite. Alors que beaucoup de principes de TRNG existent dans la littérature, peu de travaux analysent rigoureusement ces architectures en termes de sécurité. L’objectif de cette thèse était d’étudier les avantages des techniques de conception asynchrone pour la conception de générateurs de nombres véritablement aléatoires (TRNG) sûrs et robustes. Nous nous sommes en particulier intéressés à des oscillateurs numériques appelés anneaux auto-séquencés. Ceux-ci exploitent un protocole de requêtes et acquittements pour séquencer les données qui y circulent. En exploitant les propriétés uniques de ces anneaux, nous proposons un nouveau principe de TRNG, avec une étude théorique détaillée sur son fonctionnement, et une évaluation du cœur du générateur dans des cibles ASIC et FPGA. Nous montrons que ce nouveau principe permet non seulement de générer des suites aléatoires de très bonne qualité et avec un très haut débit (>100 Mbit/s), mais il permet aussi une modélisation réaliste de l’entropie des bits de sortie (celle-ci peut être réglée grâce aux paramètres de l’extracteur). Ce travail propose également une méthodologie complète pour concevoir ce générateur, pour le dimensionner en fonction du niveau de bruit dans le circuit, et pour le sécuriser face aux attaques et défaillances / True Random Number Generators (TRNG) are ubiquitous in many critical cryptographic applications (key generation, DSA signatures, etc). While many TRNG designs exist in literature, only a few of them deal with security aspects, which is surprising considering that they are low-level primitives in a cryptographic system (a weak TRNG can jeopardize a whole cryptographic system). The objective of this thesis was to study the advantages of asynchronous design techniques in order to build true random number generators that are secure and robust. We especially focused on digital oscillators called self-timed rings (STR), which use a handshake request and acknowledgement protocol to organize the propagation of data. Using some of the unique properties of STRs, we propose a new TRNG principle, with a detailed theoretical study of its behavior, and an evaluation of the TRNG core in ASICs and FPGAs. We demonstrate that this new principle allows to generate high quality random bit sequences with a very high throughput (> 100 Mbit/s). Moreover, it enables a realistic estimation for the entropy per output bit (this entropy level can be tuned using the entropy extractor parameters). We also present a complete methodology to design the TRNG, to properly set up the architecture with regards to the level of noise in the circuit, and to secure it against attacks and failures

Cryptographie appliquée

Nombres aléatoires

TRNG

Jitter

Oscillateurs en anneau

Anneaux auto-séquencés

Modélisation stochastique

Applied cryptography

Random numbers

TRNG

Jitter

Ring oscillators

Self-timed rings

Stochastic modeling