From c07c15a8b8424954980ad8fdc1b3db0fcc143a47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joachim=20Str=C3=B6mbergson?= Date: Wed, 19 Oct 2022 09:37:58 +0200 Subject: [PATCH] Update README to describe the new ROSC based TRNG --- hw/application_fpga/core/trng/README.md | 58 ++++++++++++++++++------- 1 file changed, 43 insertions(+), 15 deletions(-) diff --git a/hw/application_fpga/core/trng/README.md b/hw/application_fpga/core/trng/README.md index 97619fa..330d02e 100644 --- a/hw/application_fpga/core/trng/README.md +++ b/hw/application_fpga/core/trng/README.md @@ -1,29 +1,57 @@ # trng -Implementation of the FiGaRO TRNG for FPGAs +Implementation of the Tillitis True Random Number Generator (TRNG). ## Introduction -# figaro +Applications running on the Tillitis Key device may have a need of random numbers. +As unpredictable initial vectors, as challnges, random tokens etc. + +The Tillitis TRNG supports these applications by providing a hardware based +source of entropy (digital noise) with a uniform distribution. + +Note that the data provided by the TRNG is entropy, not processed random numbers. +The data should NOT be used directly, but used as seed for a (cryptographically safe) +random number generator algorithm. ## Status First version completed. In testing. Use with caution. +## How to use +The ready bit in the status register indicates that there is a new word of +entropy available to read out. Applications requiring multiple words of +entropy MUST wait for the ready bit to be set before reading ut +subseqent words. Not waiting for the ready bit to be set will lead to reading out +the same entropy data more than once. -## Introduction -This is a an implementation of the FiGaRO true random -number generator (TRNG) [1]. The main FPGA target is Lattice iCE40 -UltraPlus, but adaption to other FPGAs should be easy to do. +Applications that need cryptographically safe random number should use the output +from the TRNG as seed to a Digital Random Bit Generator (DRBG), for example a Hash_DRBG. ## Implementation details -The implementation instantiates four FiRO and four GaRO modules. The -modules includes state sampling. The polynomials used for the -oscillators are given by equotions (9)..(16) in paper [1]. The eight -outputs are then XORed together to form a one bit random value. +The implementation is based on free running digital oscillators. The implementation creates +two sets of oscillators by instantiating a number if LCs configured as one bit inverter gates, +where the output of the inverter is connected to its own input. The oscillators will have a toggle +rate based on the given internal gate delay and the wire delay through given by the feedback +circuit. -The random bit value is sampled at a rate controlled by a 24 bit -divisor. +After a given number of clock cycles the outputs from the oscillators in each group are +XOR combined and sampled into two separate registers. This process is repeated a second time, +producing two more bits, one for each group. These two sets of two bits are then XOR combined +to produce a single entropy bit. This means that an entropy bit is the XOR combined result +from two oscillator groups over two sampling events. -## References -[1] [True Random Number Generator Based on Fibonacci-Galois -Ring Oscillators for FPGA](https://www.mdpi.com/2076-3417/11/8/3330/pdf) +Entropy bits are collected into an entropy word. When at least 32 bits have been collected, +the ready bit is set, indicating to SW that a new entropy word is available. + +Note that the entropy word is not held for the SW to read out. Sampling and collection is running +continuosly, and the word read by SW will contain the latest 32 bits collected. Entropy bits +not read by SW will be discarded at the same rate as new bits are collected. + +Currently the following build time parameters are used to configure the implementation: + +- 4096 cycles between sampling +- 16 oscillators in each group +- 64 bits collected before setting the ready flag + + +---