[Cryptography] Open hardware RNG design: Hector, Cryptech, OpenTitan, others?

John-Mark Gurney jmg at funkthat.com
Wed Apr 1 17:37:33 EDT 2020

Ondrej Mikle wrote this message on Wed, Apr 01, 2020 at 18:23 +0200:
> Let's say you have to implement RNG in your hardware (core/SoC).
> I know about two that are older and had more peer review:
> - https://hector-project.eu/about (based on PLL jitter)
> - https://cryptech.is/ (based on avalanche breakdown on diode)
> There is a new project, OpenTitan, but its backing looks solid:
> - https://docs.opentitan.org/hw/ip/entropy_src/doc/
> So far the OpenTitan's ENTROPY_SRC is just LFSR PRNG design without the analog
> noise part.
> Any opinions comparison of these projects?

An LFSR is not an acceptable entropy source... it's actually pretty
useless since it's entirely predictable, and if the state of the LSFR
is observed, all future values will be known...

Though, as it says:
This IP block provides an entropy source that is part of a larger
solution to generate true random numbers (a TRNG mechanism).

And it also says:
This is a pseudo-random type of entropy source, as opposed to a truly random entropy source.

It does look like they know that this isn't an acceptable TRNG, and
likely it's just a placeholder block to enable development, but that
they even attempt to call it a entropy source is just wrong.  It should
be clearly labeled as not a usable entropy source.

> What I liked especially about Hector project is that it seemed really thorough
> on researching the alternatives. Also it focused on one important question -
> "how do I know the analog noise source will not fail/skew?" and actually had a
> reasonable answer.
> The OpenTitan feels more geared towards creating IP cores to be used in designs
> than research-geared goal. I am wondering if you could use e.g. the Cyptech's
> NoisyDiode to feed OpenTitan's ENTROPY_SRC and how much straightforward it is
> (since RNG design is not exactly simple).

They really need to find someone who knows TRNGs before they get much farther.

  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

More information about the cryptography mailing list