[Cryptography] The best TRNG architecture, comming soon?

Jonathan Thornburg jthorn4242 at gmail.com
Mon Aug 26 12:29:41 EDT 2019 

On Sun, Aug 25, 2019 at 06:14:11AM -0700, Bill Cox wrote:
> The best, but patented IIRC, architecture for a TRNG is super simple.
> 
[[ring oscillator with an even number of inversions in the loop,
and two NAND gates at opposite points in the loop]]
> 
> In real life, you probably want to add more inverters than this.  This is
> like a traditional ring oscillator, but with an *even* number of
> inverters.  You take two inverters at opposite ends of the ring and turn
> them into NAND gates.  The other inputs of both NAND gates are tied
> together to make the ENABLE input.  When ENABLE is low, OUT is low.  When
> ENABLE goes high, two edges in the ring oscillator chase each other.
> Eventually, due to thermal or other noise, one edge catches the other, and
> they annihilate each other.  The oscillator stops oscillating at this point.

Problem: what if the layout (& hence 0->1 and 1->0 propagation times)
is such that (say) inverter #3 in the loop is a lot slower than the
others *and* has asymmetric rise/fall?  The result could well be that
when the first edge reaches inverter #3, it's slow to propagate, so
the second edge catches up with it right there (inverter #3) resulting
in the "TRNG" outputting a stream of constant values.  :(


> - The layout matters little.  Just let the place and route tools place it
> however it likes.
[[...]]
> This circuit retains the nice properties of traditional ring oscillator
> TRNGs, which make them so popular:
> 
> - Simle and tiny.
> - Easy to implement on CPLDs, FPGAs, and ASICs.
> - Purely digital: no analog design skills required.

The only way I can see to rule out my scenario is very careful layout
and analog design/simulation/verification.

-- 
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   currently on the west coast of Canada
   "There was of course no way of knowing whether you were being watched
    at any given moment.  How often, or on what system, the Thought Police
    plugged in on any individual wire was guesswork.  It was even conceivable
    that they watched everybody all the time."  -- George Orwell, "1984"

More information about the cryptography mailing list