Survey of Hardware Random Number Generators (RNGs) Dr. Robert W. Baldwin Plus Five Consulting, Inc.

Similar documents
Random Bit Generation

Random Number Generation Is Getting Harder It s Time to Pay Attention

Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 2 Basics

What is the Q in QRNG?

IX. TRANSISTOR CIRCUITS

pickup from external sources unwanted feedback RF interference from system or elsewhere, power supply fluctuations ground currents

Real Randomness with Noise and Chaos

Topics in Computer Mathematics

Looking at Cosmic Muons to verify Einstein's Special Relativity

ECE 340 Lecture 27 : Junction Capacitance Class Outline:

Using a Microcontroller to Study the Time Distribution of Counts From a Radioactive Source

arxiv: v1 [cs.it] 23 Dec 2014

What can laser light do for (or to) me?

Entropy Extraction in Metastability-based TRNG

OPTI510R: Photonics. Khanh Kieu College of Optical Sciences, University of Arizona Meinel building R.626

Physics 201: Experiment #1 Franck-Hertz Experiment

Contents. ID Quantique SA Tel: Chemin de la Marbrerie 3 Fax : Carouge

Entropy Evaluation for Oscillator-based True Random Number Generators

of Digital Electronics

D/A-Converters. Jian-Jia Chen (slides are based on Peter Marwedel) Informatik 12 TU Dortmund Germany

Muon Lifetime Notes. Let the singles event rate be R. This is displayed on the scaler/counter on the instrument rack.

CSCB58:Computer Organization

EECS150 - Digital Design Lecture 26 - Faults and Error Correction. Types of Faults in Digital Designs

Lecture 16: Circuit Pitfalls

Lecture Notes. Advanced Discrete Structures COT S

Random number generators

Electronics and Communication Exercise 1

Chapter 13: Photons for quantum information. Quantum only tasks. Teleportation. Superdense coding. Quantum key distribution

Information Security

1. The range of frequencies that a measurement is sensitive to is called the frequency

Quantum Computing. Separating the 'hope' from the 'hype' Suzanne Gildert (D-Wave Systems, Inc) 4th September :00am PST, Teleplace

CCD OPERATION. The BBD was an analog delay line, made up of capacitors such that an analog signal was moving along one step at each clock cycle.

A Simple Model of Quantum Trajectories. Todd A. Brun University of Southern California

Lecture 1. Crypto Background

The Entropy Bogeyman. Ed Morris and Khai Van November 5, 2015 International Crypto Module Conference

c 2009 Michael Alan Wayne

They keep the voltage the same and use this circuit to measure the current. Variable resistor. Reading on ammeter in amps

Notes for Lecture 9. 1 Combining Encryption and Authentication

Cryptographic Hashing

Energetic particles and their detection in situ (particle detectors) Part II. George Gloeckler

Construction of a reconfigurable dynamic logic cell

EE214 Early Final Examination: Fall STANFORD UNIVERSITY Department of Electrical Engineering. SAMPLE FINAL EXAMINATION Fall Quarter, 2002

Stream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden

Single Photon detectors

The GERDA Phase II detector assembly

Lecture 9: Digital Electronics

EE371 - Advanced VLSI Circuit Design

Lecture 3: Lower bound on statistically secure encryption, extractors

Atomic Structure & Nuclear Chemistry Unit 3 Notes

An Electronic Thermal Transducer

COURSE OUTLINE. Introduction Signals and Noise Filtering Sensors: PD5 Avalanche PhotoDiodes. Sensors, Signals and Noise 1

Ultra-fast Quantum Random Number Generator

RECALL?? Electricity concepts in Grade 9. Sources of electrical energy Current Voltage Resistance Power Circuits : Series and Parallel

Unit 6 Current Electricity and Circuits

AIR FORCE INSTITUTE OF TECHNOLOGY

Digital Electronics Final Examination. Part A

Promise of Quantum Computation

MATA GUJRI COLLEGE FATEHGARH SAHIB , PUNJAB

Investigations of Power Analysis Attacks on Smartcards *

Implementation of Boolean Logic by Digital Circuits

SCINTILLATION DETECTORS & GAMMA SPECTROSCOPY: AN INTRODUCTION

In this unit, we will examine the movement of electrons, which we call CURRENT ELECTRICITY.

in Electronic Devices and Circuits

Chapter 1 :: From Zero to One

LINEAR FEEDBACK SHIFT REGISTER BASED UNIQUE RANDOM NUMBER GENERATOR

Topics. Probability Theory. Perfect Secrecy. Information Theory

Principles and Applications of Superconducting Quantum Interference Devices (SQUIDs)

Digital Electronics. Delay Max. FF Rate Power/Gate High Low (ns) (MHz) (mw) (V) (V) Standard TTL (7400)

Bernoulli variables. Let X be a random variable such that. 1 with probability p X = 0 with probability q = 1 p

Radioactivity and Ionizing Radiation

Massachusetts Tests for Educator Licensure (MTEL )

EECS150 - Digital Design Lecture 23 - FFs revisited, FIFOs, ECCs, LSFRs. Cross-coupled NOR gates

Bits. Chapter 1. Information can be learned through observation, experiment, or measurement.

Message Authentication Codes (MACs)

Chapter 27: Current & Resistance. HW For Chapter 27: 6, 18, 20, 30, 42, 48, 52, 56, 58, 62, 68

LAB I WHAT IS IN IT AND WHY?

Cryptographic Hash Functions

Practical 1P4 Energy Levels and Band Gaps

CIRCUITS AND ELECTRONICS. Dependent Sources and Amplifiers

4.4 The MOSFET as an Amp and Switch

Homework (due Wed, Oct 27) Chapter 7: #17, 27, 28 Announcements: Midterm exams keys on web. (For a few hours the answer to MC#1 was incorrect on

Practical 1P4 Energy Levels and Band Gaps

EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs)

Figure 1.1: Schematic symbols of an N-transistor and P-transistor

Uncertainty, Errors, and Noise in Experimental Measurements

Chap. 1 (Introduction), Chap. 2 (Components and Circuits)

II/IV B.Tech. DEGREE EXAMINATIONS, NOV/DEC-2017

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

CPSC 467: Cryptography and Computer Security

0 volts. 2 volts. 5 volts

EE 5344 Introduction to MEMS CHAPTER 5 Radiation Sensors

Entropy Estimation by Example

Department of Electrical- and Information Technology. ETS061 Lecture 3, Verification, Validation and Input

Quantum Physics & From Ideas to Implementation. Underlying concepts in the syllabus

per chip (approx) 1 SSI (Small Scale Integration) Up to 99

Absorption and Backscattering ofβrays

Tutorial: Device-independent random number generation. Roger Colbeck University of York

Entropy Analysis and System Design for Quantum Random Number Generators in CMOS Integrated Circuits

Network Security (NetSec)

Dan Boneh. Stream ciphers. The One Time Pad

Transcription:

Survey of Hardware Random Number Generators (RNGs) Dr. Robert W. Baldwin Plus Five Consulting, Inc.

Outline True vs. Pseudo Randomness Radiation Noise RNG Removing Bit-Bias Thermal Resistive Noise RNG Diode Breakdown Noise RNG Summary

Importance of Randomness Generate Long-Term Cryptographic Keys Ensure That Breaking One Key Does NOT Help Break Other Keys Generate Challenges That Have Never Been Used Before Input To US Gov. Digital Signature Algorithm

What is True Randomness? Accepted Examples Unacceptable Examples Criteria

Accepted Examples Toss Coin & Call-It In The Air This Has Two RNGs: Coin & Caller Tries To Avoid Flipper s Influence Lots of Experience Confirms Outcome Hard To Control Short Toss Is Not Acceptable Initial Conditions Don t Matter

Accepted Examples Wheel of Fortune or Roulette Wheel Short Spin Is Not Acceptable Simple Tamper Detection Can Verify Lack of Control Better Randomness Takes Longer

Unacceptable Examples Card Shuffling By Expert Lots of Experience With This Some People Can Break It Design Allows For Undetected Manipulation

Unacceptable Examples X = Encrypt (Key1, N) xor Encrypt (Key2, N) N = N + 1 Keys Chosen By Government But In Hardware X Values Pass All Statistical Tests If Encrypt Function Is Strong Like AES Candidates With Large Key and Block Sizes Must Trust Key-Holders If Keys Revealed, Easy To Find All Past And Future Output Values

Criteria For Randomness All Statistical Tests Should Not Distinguish Generated Values From Theoretical Sequence of Independent Uniformly Distributed (IUD) Bits. Uniform Means 50-50 chance of One or Zero Independent Means Bits Not Related All Tests Means The Ones We Have Thought Of So Far

Criteria For True Randomness Output Hard To Influence Temperature, Vibration, RF, Power, Etc. Knowledge Of Past Outputs Does Not Help Predict Future Outputs Even If Attacker Has Lots Of Information and Computational Resources

Is True Randomness Possible? Newton: No Position & Velocity Future Heisenberg: Yes Cannot Know Both At Same Time Schoedinger: Yes Probability Waves Are Fundamental Gibbs, Helmholtz: Yes Entropy Implies Information Is Lost

Outline True vs. Pseudo Randomness Radiation Noise RNG Removing Bit-Bias Thermal Resistive Noise RNG Diode Breakdown Noise RNG Summary

Radiation Noise RNG General Idea: Radioactive Material Produces Decay Particles at Unpredictable Intervals. Construction Theory Engineering Issues Randomness Properties

Construction of Radiation RNG Detect Decay and Convert to Binary Radioactive Source Detector Digitizer Whitening (remove bias) Clock

Theory of Radiation RNG Krypton Decay to Rubidium Kr 85 Rb 85 + e - + γ

Theory of Radiation RNG Atoms Decay Independently Decay Follows Poisson Distributions Event Count Time Interval Radioactivity

Engineering Issues Can Use Low-Level Background Radiation for Low Bit-Rates High Bit-Rates Require High Radiation Radiation Harms Other Components Extensive Safety Regulations and Laws

Engineering Issues Vacuum Tube Detectors Are Large and Require High Voltage Silicon Detectors Fatigue With Usage Hard To Shield Against Attacker Influencing Radiation Level

Randomness Properties Independent, But Non-Uniform Bits Chance of Detection Increases With Time Window. Hard to Get Exactly 50-50 Decay Rate Decreases Over Years Problem: How Remove Bias in Bits?

Outline True vs. Pseudo Randomness Radiation Noise RNG Removing Bit-Bias Thermal Resistive Noise RNG Diode Breakdown Noise RNG Summary

Whitening Algorithms Purpose Is To Remove Bias White Noise From Audio Engineering Like Hiss on a Radio Means Equal Energy in All Frequency Bands Analog Equivalent of IUD Bits

VN Whitening Algorithm Von Neumann Algorithm 1. Sample Two Equal Sized Time Intervals. 2. If Neither Detects Decay, go to 1. 3. If Both Detect Decay, go to 1. 4. Output Zero if First Detected Decay, Else Output One.

VN Whitening Algorithm Let p = Probability of Decay in Interval Let q = 1 p = Probability of No Decay Probability of Outputting Zero: (p * q) / ((p*q) + (q*p)) = ½ No Clicks q * q 2 st Click q * p 1 st Click p * q Both Clicks p * p

VN Whitening Algorithm Advantage Provably Removes Bit-Bias Drawbacks May Have To Wait A Long Time to Generate Next Bit Bias in Size of Time Intervals Used To Sample Events Will Show Up in Output

Hash Whitening Algorithm Gather N Bits, Reduce to M Bits Ex: 8 1 Output Parity of Raw Byte Ex: M-Bit Linear Feedback Shift Register Each Output Value Produced by 2 (N-M) Inputs Hope Hash Mapping Is Unrelated to Bit Bias Runs in Fixed Time Slower Process Produces Better Bits

Outline True vs. Pseudo Randomness Radiation Noise RNG Removing Bit-Bias Thermal Resistive Noise RNG Diode Breakdown Noise RNG Summary

Thermal Resistive Noise RNG General Idea: Voltage Across Resistor Varies Randomly Due To Vibration of Atoms. Construction Theory Engineering Issues Randomness Properties

Construction of Thermal RNG Amplify Variation and Digitize It Power Metal Film Resistor Ground Fixed Current Sink Amplifier Digitizer Clock

Theory of Thermal RNG Electrons Loose Energy as They Pass Through Atoms of the Resistor. Electrons Collide With Atoms Rebound in Unpredictable Directions Lost Energy Heats-Up the Resistor Light Bulb Filaments Get Hot Enough to Glow Voltage Across Resistor = Total Loss

Theory of Thermal RNG Collision Governed by Quantum Mechanics Rebound Depends on Atom s Vibration e - e -

Theory of Thermal RNG Johnson: Thermal Noise Has Equal Energy In All Frequency Bands P( f) = 4 k T R f Power of Noise Signal is Proportional to Boltzman Constant, Temperature, Resistance, and Bandwidth

Theory of Thermal RNG

Engineering Issues Ordinary Resistors: Additional Noise Tube Packed With Carbon Particles Humidity, Vibration, RF, Static Electricity Metal Film Resistors: Just Thermal Noise Easy To Fabricate on Silicon RNG Operates at Low Chip Voltages

Engineering Issues Easy to Shield From Influence Attacker and Other Components in System Must Filter Power Supply To Amplifier Digitizer and Amplifier Limit Bit-Rate Whitening Still Helpful

Randomness Properties Raw Bits Have Excellent IUD Statistics Within Bandwidth of the Device Noise Energy Varies With Temperature But Remains Uniform Collisions Depends on Quantum Scattering Rebound Depends on Vibration of Each Atom (Temperature)

Outline True vs. Pseudo Randomness Radiation Noise RNG Removing Bit-Bias Thermal Resistive Noise RNG Diode Breakdown Noise RNG Summary

Diode Breakdown Noise RNG General Idea: Reverse Current Through Diode Varies Randomly Due To Tunneling of Electrons. Construction Theory Engineering Issues Randomness Properties

Construction of Diode RNG Amplify Current Variation and Digitize It Power Reversed Diode Current To Voltage Amp Digitizer Clock Ground

Theory of Diode RNG P-N Junction Acts as One-Way Gate Electrons Easily Flow From P to N Regions Only Loose 0.6 Volts of Energy Reverse Flow Requires 10 to 30 Time More 6 to 18 Volts Ground P-Region P-N N-Region Power

Theory of Diode RNG Rate of Reverse Flow Depends On: Thermal Resistive Effects Avalanche Breakdown Effect (Shot Noise) Thermal Effect Happens When Electron Crosses Junction In One Step Dominant Effect for Larger Reverse Voltage

Theory of Diode RNG Avalanche Begins When Electrons Pile-Up Part-Way Across P-N Junction First Electron Stuck in Middle Makes It Easier for Next Electron To Get That Far When Enough Electrons Build Up They All Jump Across Remaining Distance Observed as Pulse or Shot of Current

Theory of Diode RNG Avalanche (Shot) Noise is Not Uniform High Frequency Noise Less Likely Due to Time Needed to Reload the Avalanche P( f) = 2 q I f f Power of Noise Signal is Proportional to Electron Charge, Current, Bandwidth and Inversely Proportional to Frequency

Theory of Diode RNG

Engineering Issues Diodes Easy to Fabricate on Chips Reverse Voltage Higher Than CPU Uses Voltage Must Be Controlled to Balance Avalanche vs. Thermal Noise Post-Processing Required to Remove Bias Favoring Lower Frequencies

Randomness Properties Output Combines Avalanche & Thermal Biased Towards Low Frequencies Unpredictable Due To Quantum and Chaotic Avalanche Effect Noise Energy Spectrum Changes With Temperature and Voltage

Outline True vs. Pseudo Randomness Radiation Noise RNG Removing Bit-Bias Thermal Resistive Noise RNG Diode Breakdown Noise RNG Summary

Summary Practical Designs Can Produce True Random Numbers Past Output Cannot Predict Future Hard For Attacker To Influence Well Understood Theory & Engineering Thermal Resistive Well Suited to VLSI High Bit-Rates Conflict With High Quality

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback