220 likes | 437 Views
A High Speed TRNG Based on SRAM for Resource Constrained Devices Chunhu Zhang and Yu Yao Dec 1st, 2009. Motivation. Foundation of Hardware Secuirty Mifare Classic RFID was cracked RNG is fundamental to cryptographic applications. Background. Traditional ways to generate RNG
E N D
A High Speed TRNG Based on SRAM for Resource Constrained Devices Chunhu Zhang and Yu Yao Dec 1st, 2009
Motivation • Foundation of Hardware Secuirty • Mifare Classic RFID was cracked • RNG is fundamental to cryptographic applications
Background • Traditional ways to generate RNG • 1. Pseudo-random Number Generators based on mathematical algorithm • 2. direct/indirect applification of thermal noise on large resistors • Our approach: Hardware-based True RNG based on Highly Phase-noise-sensitive Bitcell
Key Ideas • Start from the metastable point of bitcell • Release the bitcell, the final state will be determined by noise/jitter • Capture the clock jitter by taking advantage of positive feedback and fast response of the bitcell
Approach • 1. principles of the bitcell structure • 2. our efforts in improving the bitcell performance • 3. robustness to manufacturing variation • 4. phase noise response and phase noise simulation • 5. summary and future work
Jitter Sensitive Bitcell • Initially, the looped INV is clamped close to Vm point by short-circuiting Q, QB, then noise is introduced through the jitter • When CLK1, CLK2 rising edge comes, pos spikes on Q,QB • When CLK1B, CLK2B falling edge comes, neg spikes on Q,QB
Jitter Sensitive Bitcell So if CLK1(CLK1B) comes earlier/later than CLK2(CLK2B), the bitcell will eventually resolve to 1/0
Jitter Sensitive Bitcell • When jitter is larger than a threshold value • CLK1 is earlier CLK1 is lagged behind • jittering is 500ps
Jitter Sensitive Bitcell • When jitter is smaller than a threshold value • CLK1 is earlier CLK1 is lagged behind • jitter is 10ps
Jitter Sensitive Bitcell • Efforts to improve the bitcell's sensitivity to jittering • 1. make the working point closer to the Vm point of butterfly curve • 2. make the voltage spikes on Q, QB nodes higher when the MOSFETs at the pass gate is turned off
Jitter Sensitive Bitcell • 1. scale down Vdd
Jitter Sensitive Bitcell • 2. sizing effect • a. • the greater the • size of the pass • gate, the greater • the voltage • spike
Jitter Sensitive Bitcell • 2. sizing effect • b. • size the inverters bigger • → mitigate the pass gate current influence on the inverters • → working point closer to the Vm point • → higher sensitivity • In all, achieve a balanced size ratio for inverters and pass gate FETs
MC simulation • Manufacture Variation → biased inverter → biased bitstream output
Evaluation • How do we generate the clock signals we need?
Evaluation • Mathematical model for jittering in inverter chain • The time delay of a signal passing through an inverter chain is • t = t0 + δt • where t0 is the mean time delay along the chain and δt is a random variable following the distribution N(0, σ2). • Note that δt is essentially caused by thermal noise in the MOSFETs and is varying with time.
Evaluation • Matlab Simulation • We used Matlab to generate a set of N(0, σ2) random numbers, used them as jittering for rising/falling edges to construct the clock waveforms, directed the waveform into bitcell, simulated and obtained an output of bitstream. • We can also calculate the theoretical ouput bitstream from the set of random numbers, keeping in mind the property of the bitcell that, if the relative jittering is greater than 25ps, earlier CLK rising edge gives Q=0; while if the relative jittering is less than 25ps, earlier CLK rising edge gives Q=1.
Summary and Future Work • Advantages of our circuits: • 1. low power requirement, widely applicable to low power devices such as RFID • 2. on-chip generation of random bitstream, immune to hacking • 3. simple and easily integrable to digital systems • 4. secure and truly random HRNG • 5. high speed
Summary and Future Work • Future Work • 1. Use SpectreRF to simulate the jittering in inverter chains; • 2. generate a long enough bitstream for randomness test using NIST randomness test toolkit; • 3. and more...
Summary and Future Work • Thanks!