[Cryptography] Open hardware RNG design: Hector, Cryptech, OpenTitan, others?
joachim at strombergson.com
Thu Apr 2 02:02:09 EDT 2020
On 2020-04-01 18:23, Ondrej Mikle wrote:
> Let's say you have to implement RNG in your hardware (core/SoC).
> I know about two that are older and had more peer review:
> - https://hector-project.eu/about (based on PLL jitter)
> - https://cryptech.is/ (based on avalanche breakdown on diode)
(Joachim from the Cryptech core team here.)
Cryptech uses two entropy sources in parallel. One outside of the FPGA
is based on avalanche noise. The second inside the FPGA is based on
jitter between 32 free running digital oscillators. The specific core
for the rosc can be found here:
Entropy collected from the two sources are mixed using SHA-512 to create
seeds for a CSPRNG based on ChaCha.
All cores used in Cryptech, including the whole RNG chain is open under
BSD license. If I may take the opportunity, the new Modexpng cores for
example provides state of the art RSA acceleration, allowing the
Cryptech Alpha to match and exceed performance provided by commercial HSMs.
> The OpenTitan feels more geared towards creating IP cores to be used in designs
> than research-geared goal. I am wondering if you could use e.g. the Cyptech's
> NoisyDiode to feed OpenTitan's ENTROPY_SRC and how much straightforward it is
> (since RNG design is not exactly simple).
Sure you can, and it should be quite easy. The avalanche_noise design
has been copied over to other designs without any problems. There are
KiCAD designs for the complete Cryptech Alpha including the noise
source. There are also a separate design by Fredrik Thulin for a board
with a STM32 and the noise source.
I'm happy to try and answer any questions regarding the Cryptech design.
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the cryptography