TY - GEN
T1 - Building a Modern TRNG
T2 - 4th ACM Workshop on Attacks and Solutions in Hardware Security, ASHES 2020
AU - Saarinen, Markku Juhani O.
AU - Newell, G. Richard
AU - Marshall, Ben
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/11/13
Y1 - 2020/11/13
N2 - The currently proposed RISC-V True Random Number Generator (TRNG) architecture breaks with previous ISA TRNG practice by splitting the Entropy Source (ES) component away from cryptographic PRNGs into a separate interface, and in its use of polling. We describe the interface, its use in cryptography, and offer additional discussion, background, and rationale for various aspects of it. This design is informed by lessons learned from earlier mainstream ISAs, recently introduced SP 800-90B and FIPS 140-3 entropy audit requirements, AIS 31 and Common Criteria, current and emerging cryptographic needs such as post-quantum cryptography, and the goal of supporting a wide variety of RISC-V implementations and applications. Many of the architectural choices are a result of quantitative observations about random number generators in secure microcontrollers, the Linux kernel, and cryptographic libraries. We further compare the architecture to some contemporary random number generators and describe a minimalistic TRNG reference implementation that uses the Entropy Source together with RISC-V AES instructions.
AB - The currently proposed RISC-V True Random Number Generator (TRNG) architecture breaks with previous ISA TRNG practice by splitting the Entropy Source (ES) component away from cryptographic PRNGs into a separate interface, and in its use of polling. We describe the interface, its use in cryptography, and offer additional discussion, background, and rationale for various aspects of it. This design is informed by lessons learned from earlier mainstream ISAs, recently introduced SP 800-90B and FIPS 140-3 entropy audit requirements, AIS 31 and Common Criteria, current and emerging cryptographic needs such as post-quantum cryptography, and the goal of supporting a wide variety of RISC-V implementations and applications. Many of the architectural choices are a result of quantitative observations about random number generators in secure microcontrollers, the Linux kernel, and cryptographic libraries. We further compare the architecture to some contemporary random number generators and describe a minimalistic TRNG reference implementation that uses the Entropy Source together with RISC-V AES instructions.
KW - entropy source
KW - fips 140-3
KW - random
KW - risc-v
KW - sp 800-90b
KW - trng
UR - http://www.scopus.com/inward/record.url?scp=85097337230&partnerID=8YFLogxK
U2 - 10.1145/3411504.3421212
DO - 10.1145/3411504.3421212
M3 - Conference contribution
AN - SCOPUS:85097337230
T3 - ASHES 2020 - Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security
SP - 93
EP - 102
BT - ASHES 2020 - Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security
PB - ACM
Y2 - 13 November 2020
ER -