Building Physical y Random Number Generators from Logic Gates Markus Dichtl Siemens AG Copyright © Siemens AG 2010. All rights reserved.

Topics not covered in this talk Analogue methods of physical random number generation Postprocessing of physical random numbers Statistical tests for random numbers Do we really need a physical random number generator would a cryptograpically strong pseudo generator, random number generator not do? generators, Certification of physical random number generators AIS 31

Page 2

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Why do we need random numbers? Many cryptographic protocols use random elements. E Examples: l

Key generation

Nonces without memory

ElGamal-procedures

Randomized implementations against side channel attacks

Page 3

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Environment for FPGA experiments All my experiments used Xilinx Spartan 3 FPGAs

Page 4

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Looking for the simplest digital random number generator

Page 5

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Ring Oscillators Ring Oscillators (ROs) consist of an odd number of inverters forming a loop. fRO = 1/(2*n*dinv) fRO frequency of RO n number b off inverters i t dinv delay time of inverter Page 6

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Pseudorandomness from Sampling ROs Many RO-based TRNG design are really pseudo random number generators, as the rate of jitter accumulation is overestimated. Pseudorandomeness from sampling a deterministic oscillation:

Page 7

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Broken Motorola TRNG design

The Motorola RNG p presented at CHES 2002 was broken at CHES 2003, as the ROs do not accumulate jitter fast enough But Werner Schindler (BSI) showed that it produces enough entropy if the sampling rate is reduced by a factor of 60000 Page 8

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

How to Distinguish True and Pseudo Randomness

Statistical tests can not distinguish good pseudo randomness from true randomness Repeated restarting the generator from the same state helps to distinguish: Pseudorandomness P d d lleads d tto th the same b behaviour h i ffor each h restart t t True randomness shows varied behaviour despite identical starting conditions diti

Page 9

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Restarting a Ring Oscillator I

Even after 148 oscillation periods, 100 traces of restarts of a 296 MHz RO only a small amount of jitter has accumulated

Page 10

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Restarting a Ring Oscillator II

The figure shows the standard deviation of the output voltage of 1000 restarts of a 296 MHz RO. Page 11

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Restarting a Ring Oscillator III

The figure shows the mean of the output voltage of 1000 restarts of a 296 MHz RO. Page 12

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Must we wait for so long?

No, just sample always close to the edge Marco Bucci, Raimondo Luzzi: Design of Testable Random Bit Generators: CHES 2005 Holger Bock, Marco Bucci, Raimondo Luzzi: An OffsetCompensated Oscillator-Based Random Bit Source for Security Applications, CHES 2006

Page 13

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

The current Infineon smartcard RNG A feedback loop keeps sampling close to the edge of the sampled p signal. g time of sampling

sampled RO signal voltage

time

Control of the (relative) sampling time with a precision of 40 ps Page 14

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Pro and Contra of the Infineon Approach Very clear principle Power efficient design Can use standard cell library Hand layout of cells necessary to achieve required precision of timing Impossible on FPGAs Feedback loop makes generated bits dependent Dependencies complicate postprocessing

Page 15

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Do many ROs achieve more?

Idea: Use more ROs to get more entropy Sunar, Martin, Stinson: A Provably Secure True Random Number Generator with Built-in Tolerance to Active Attacks, IEEE Trans. Computers, vol. 56(1), pp. 109-119, Jan. 2007 Schellekens, Preneel, Verbauwhede: FPGA Vendor Agnostic True Random Number Generator Generator, FPL 2006 2006, August 2006

Page 16

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

The „provably secure“ TRNG design (Leuven version)

Page 17

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

First Reason why the Security Proof Fails The „security proof“ is based on a very unrealistic statistical model of jitter: It is assumed that each RO has a built in perfect clock, and that jitter occurs only around the edges of the imaginary clock. The model does not allow the accumulation of jitter over time.

Page 18

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Second Reason why the Security Proof Fails In the security proof, all the ROs are assumed to be statistically independent. independent In reality, ROs implemented on the same chip interact strongly.

Page 19

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Interaction of two ROs on the same FPGA Chip

Page 20

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Non-Interaction of Two ROs on Two FPGA Boards

Page 21

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Third Reason why the Security Proof Fails The XOR of many high frequency oscillations results in an extremely high frequency signal impossible to compute. In the Leuven design, the output of the XOR would have to make 139 billions of transitions per second, which is clearly impossible with current technology.

Page 22

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Third Reason why the Security Proof Fails (II)

SPICE simulation of the design with 114 ROs of length 13. 98 8 % of the transitions are lost in the XOR tree 98.8 Page 23

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Fourth Reason why the Security Proof Fails Even if the extremely high speed XOR-signal could be computed it could not be sampled computed, sampled, as the sampling flip-flop has to respect setup and hold times. The signal has to be constant for some time in order to be sampled reliably. The Leuven FPGA has to sample a signal with on average 23.8 transitions during the 170 ps the input has to be constant constant.

Page 24

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Is it secure? The design is definitely not “provably secure”, but is it secure? Statistical tests do not help, as they can not distinguish between true randomness and pseudorandomness The completely deterministic XOR of only 16 oscillators with slightly different frequencies is so complex that it passes the Diehard test suite suite.

Page 25

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Restarting the XOR of 114 ROs

The results are surprisingly good, but sampling results in quite biased output Page 26

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

How the „provably secure“ RNG was cured Knut Wold and Chik How Tan, Analysis and Enhancement of Random Number Generator in FPGA Based on Oscillator Rings Rings, ReConfig ’08

The idea: To sample each RO individiually, and to XOR onlyy the sampled p values

Page 27

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

How the „provably secure“ RNG was cured II • No more theoretical “provable security”, but convincing experimental evidence by restarting • It works well, but why does it work so well ?

Page 28

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Going beyond ROs Jovan Golić (Telecom Italia) invented two strongly improved variants of ROs ROs, Fibonacci ring oscillators (FIRO) and Galois ring g oscillators ((GARO)) The designs show similarities with Fibonacci and Galois LFSR albeit LFSRs, lb it the th registers i t are replaced l d with ith iinverters t JJ. Dj. Dj Golić , “New New Methods for Digital Generation and Postprocessing of Random Data,” IEEE Trans. Computers, vol. 55(10), pp. 1217-1229, 1217 1229, Oct. 2006 Page 29

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

FIRO

Page 30

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

GARO

Page 31

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Example of FIRO Output

Is it really random?

(Feedback polynomial x15+x14+x7+x6+x5+x4+x2+1) Page 32

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

FIRO Restarts from Identical States (I)

Page 33

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

FIRO Restarts from Identical States (II)

Page 34

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

FIRO Restarts from Identical States (III)

Page 35

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Standarrd deviation of outpu ut voltage iin V

Standard Deviation of 1000 FIRO Restarts

Page 36

1.4

1.2

1

0.8

0.6

0.4

0.2

Time in ns after restart

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

ASICs with FIROs and GAROs

Asymmetric RFID with GARO Page 37

February 2010

Markus Dichtl

Asymmetric authentication chip with FIRO Siemens Corporate Research and Technology

Problems with FIROs and GAROs on CMOS ASICS Non-random behaviour of the FIRO on the SPIKE-Chip and the GARO on the asymmetric RFID RFID-Chip Chip Problems: • On ASICs, XORs are up to 10 times slower than inverters • Problems of sampling the high speed output signal of the FIRO/GARO

Page 38

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

First Steps Towards Modelling FIROs and GAROs (I) Analysis of the numbers of inverter-delays and XORdelays leads to fractal structures

Page 39

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

First Steps Towards Modelling FIROs and GAROs (II)

Page 40

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

A Cute Idea

Ihor Vasyltsov, Vasyltsov Eduard Hambardzumyan, Hambardzumyan Young-Sik Kim, Bohdan Karpinskyy (Samsung) suggest gg in „Fast Digital g TRNG Based on Metastable Ring Oscillator“ (CHES 2008) a new design of a stateless RO variant called meta-RO, which starts for the generation ti off each h bit ffrom th the iinverter t state t t where h the th input and output voltage are identical.

Page 41

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

A Meta-RO

Page 42

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

A Cute Idea which Does Not Work So Well on FPGAs

Problem: An inverter with feedback from output to input starts to oscillate with a frequency of about 680 MHz on Spartan p 3. It seems to be q quite tricky y to g get a stable state on Virtex 2.

Page 43

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

A Cute Idea which Does Not Work So Well on ASICs either

Problem: Due to asymmetries in the circuits circuits, meta-ROs tend to show very often the same output signal after restarts.

Page 44

February 2010

Markus Dichtl

Siemens Corporate Research and Technology

Conclusion • •

• • • •

ROs are a reliable, albeit slow source of randomness The „provably provably secure“ secure design is definitely not provably secure, but may be secure anyway for unclear reasons. The construction can be made sound byy sampling p g each RO individually. FIROs and GAROs are the way to go on FPGAs, but t turned d outt to t be b problematic bl ti on ASIC ASICs Meta-ROs were a nice idea, but did not meet the promises No ideal low cost TRNG solution yet Many nice research topics

Page 45

February 2010

Markus Dichtl

Siemens Corporate Research and Technology