On the security of oscillator-based random number generatorsasync/CCIS/talk_12/Lubicz_talk.pdf ·...

RNG and cryptography

Experiments on ring oscillators

Differential measure

Statistical analysis

On the security of oscillator-based random

number generators

Mathieu Baudet David Lubicz Julien Micolod André

Tassiaux

Mathieu Baudet, David Lubicz, Julien Micolod, André Tassiaux On the security of RNGs





Outline

1 RNG and cryptography

2 Experiments on ring oscillators

3 Differential measure

4 Statistical analysis






Introduction

Random Number Generators (RNGs) are crucial components

for the security of cryptographic systems. Typical usages

include

key generation,

initialization vectors or

counter measures against side-channel attacks.

But it is not easy to design hardware-based RNGs with a

proved entropy rate.






Ring oscillators I

A source of randomness commonly used in FPGA and ASIC

implementations of TRNGs :

instability of signal propagation time across logic gates;

accumulated in so-called ring oscillators, consisting in a

series of inverters or delay elements connected in a ring.






Ring oscillators II

The phase jitter of a ring oscillator is then extracted by means

of a sampling unit.

Oscillateur A

Oscillateur B Q’

QD






Classical approach

The classical approach goes through the following steps:

design a source of randomness;

test it using a general purpose test suite (NIST for

instance);

tune the parameters of the GDA so that it passes the

statistical tests.

Not a satisfying approach since it does not guaranty the

entropy rate of the generator.






Goals

The goal of our work is to obtain:

a comprehensive statistical model of such a basic random

unit;

an experimental protocol to obtain a precise assessment of

the parameters of the statistical model;

the probabilities to output certain bit patterns and the

entropy rate of the generator;

design statistical tests to check the good operation of the

generator.






Ring oscillators

We would like to verify that:

the frequency of the clock signal is subject to small random

variations;

these variations add up like in a random walk.






Experimental device I






Experimental device II






Oscilloscope output

-80

-60

-40

-20

0

20

40

60

80

0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

"./plot/C2gda100Mo00000.trc.raw"






Oscilloscope output (more detailed)

-80

-60

-40

-20

0

20

40

60

80

0 100 200 300 400 500 600 700 800 900 1000

"./plot/C2gda100Mo00000.trc.raw"






Experiments

We obtain:

~t = (t0, . . . , tn), increasing sequence of flipping times;

xk = tk+1 − tk , mX = E(Xk ) and variance s2X = V(Xk).

In order to measure very small jitters we let

Vs(ℓ) = V̂(tℓ − t0, t2ℓ − tℓ, . . . , t⌊ nℓ⌋ ℓ − t(⌊ n

ℓ⌋−1) ℓ) (1)

and carry on a linear regression on Vs(ℓ).






Mean period

Mean period

Number of measures : 5.107

Nbr inverters NI Period P (100 ps) Ratio NI/P

9 115 12.77

19 242 12.73

29 443 15.27

39 606 15.53

49 780 15.91

59 947 16.05

69 1164 16.86

79 1364 17.26

89 1550 17.41

99 1686 17.03






Jitter distributions I

Jitter distribution (ℓ = 40).

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

24571 24572 24573 24574 24575 24576 24577 24578

periods mean:24574 var:1.4






Jitter distribution II

Jitter distribution (ℓ = 900).

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

552905 552910 552915 552920 552925 552930 552935 552940

periods mean:552922 var:57






Variance accumulation (Stratix)

-100

0

100

200

300

400

500

0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000

"./plot/C2RO0900000.trc.dat"f(x)






Variance per period s2X

TA=normal temperature TF=cold

Conditions Period Variance per period m2X/s2

X

best area/TA 837 0.00009 8992320

best perf/TA 613 0.00010 5773739

best perf/TF 597 0.00011 5026783

39 inverters 606 0.00031 1933556

49 inverters 780 0.00027 2797763

59 inverters 947 0.00030 3132579

69 inverters 1164 0.00031 3650809

79 inverters 1364 0.00023 5847969

89 inverters 1550 0.00023 6528099

99 inverters 1686 0.00020 8048541






Quartz oscillator

2.6

2.8

3

3.2

3.4

3.6

3.8

4

0 100 200 300 400 500 600 700 800 900 1000

"./plot/C2clockEM00000.trc.dat"f(x)






Measure perturbation

In real life implementation, the phase jitter decomposes in

local Gaussian jitters ⇒ actual random noise ;

global deterministic jitter ⇒ not random variations.

The global deterministic jitter comes for instance from voltage

variation of the power supply and may be controlled by an

attacker.

⇒ The global deterministic jitters must be filtered out of the

measures.







Differential measure :

idea : compare the clock signal of two ring oscillators ;

the Gaussian jitter will add ;

the global jitter will cancel out.






Example : simple vs differential measure

1000

1500

2000

2500

3000

3500

4000

4500

5000

5500

2000 2500 3000 3500 4000






Example : simple vs differential measure

50

100

150

200

250

300

2000 2500 3000 3500 4000






Model for a sampled oscillator

the duration Xk = Tk+1 − Tk between the flipping times Tk

are i.i.d random variables;

The output signal is s(t) = max{k + 1 |Tk ≤ t} mod 2.

This model is often referred to as an alternated renewal process






A model based on Wiener processes

Hypothesis

The phase ϕ of an oscillator is analogue to a (stationary)

one-dimensional Brownian motion. The phase ϕ(t) conditioned

on the values (ϕ(t ′))t ′≤t0 prior to t0 follows a Gaussian

distribution of mean ϕ(t0) + µ(t − t0) and variance σ2(t − t0).






Hypothesis

Equivalently, in term of conditional density of probability, we

have for all t , t0, x , x0,

d

dxP[

ϕ(t) ≤ x | ϕ(t0) = x0, (ϕ(t′))t ′<t0 = . . .

]

=1

σ√

2π(t − t0)exp

(

−(x − x0 − µ(t − t0))2

2σ2(t − t0)

)

(2)






Sampling function

Given a value x of the phase at a given time t , the output

bit s(t) is then modeled by a random variable such that the

probability of s(t) = 1 is equal to g1(x), for some fixed

1-periodic function g1. Again, in term of conditional probability,

we have for all t , b, x

P[

s(t) = b | ϕ(t) = x , (ϕ(t ′), s(t ′))t ′ 6=t = . . .]

= gb(x). (3)






Sampling function

g1(x) =

1 if x mod 1 ∈ ]12,1[,

0 if x mod 1 ∈ ]0, 12 [,

12

if x mod 1 ∈ {0, 12}.

(4)






Quality factor

The quality factor Q =s2

X∆t

4 m3X

of an oscillator-based TRNG is

the phase variance accumulated between two samples.

The RNG has a good level of security of Q ≫ 1.

ν = ∆t2 mX

be frequency ratio between the sampling and the

sampled signal.






A result

Proposition

Consider a Wiener process (ϕ(t)) with parameters µ and σ2

and define (s(t)) as previously. Let ν and Q be defined as

above.

The probability to sample 1 at time t ≥ 0 conditioned on

the phase at time 0 verifies

P [s(t) = 1 | ϕ(0) = x ] =1

2−

2

πsin(2π(µt + x))e−2π2σ2t

+O(e−4π2σ2t).






Proposition

The probability to output a vector ~b = (b1, . . . ,bn) ∈ {0,1}n

at sampling times 0,∆t , . . . (n − 1)∆t satisfies

p(~b) = P [s(0) = b1, . . . , s((n − 1)∆t) = bn]

=1

2n+

8

2nπ2

n−1∑

j=1

(−1)bj+bj+1

cos(2πν)e−2π2Q

+O(e−4π2Q).






Proposition

The entropy of such an output is

Hn =∑

~b∈{0,1}n

− p(~b) log p(~b) (5)

= n −32(n − 1)

π4 ln(2)cos2(2πν)e−4π2Q + O(e−6π2Q).(6)






Auto-correlation test

The proposition leads us to consider the estimator defined by

c(~b) =1

n − 1

n−1∑

j=1

(−1)bj+bj+1

where ~b = (b1, . . . ,bn) ∈ {0,1}n is an output vector.

The expectation of c(~b) is

0 for a perfect random source ;

∑

~b

c(~b)p(~b) =8

π2cos(2πν)e−2π2Q + O(e−4π2Q)

on a random generator.






Another experiment

��

��

��

Ringoscillator

Dflip flop

:k

b[t]

We have

Q ≈s2

X

4 m3X

D

f≈

D

157286.

Div. fact. Qual. fact. c(~b) 1√n

2559 0.016 0.0994 0.0011

22598 0.143 0.0181 0.0034

99245 0.630 0.0080 0.007






Maximum likelihood estimations

0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 0.5 0

0.2

0.4

0.6

0.8

1

0 0.2 0.4 0.6 0.8

1 1.2 1.4 1.6

"output.22598.1MS.5000.dat"






Idea of the proof

From the point of view of an outside observer, the state of

the generator at a given time t corresponds to a certain

probability measure on the phase ϕ(t).

Let pt(x | α) be the density of probability (possibly a

distribution) of ϕ(t) after a certain experiment described by

precondition α.

We introduce the Fourier coefficients pt(x | α):

ct(k | α) =

∫ +∞

−∞pt(x | α)e−2πikxdx

for every k ∈ Z.






The reason why we restrict k to integer values is that we are

only interested in the probability measure of ϕ(t) = ϕ(t)mod 1, which is described by the 1-periodic density function:

pt(x | α) =∑

k∈Zpt(x + k | α) (7)

ct(k | α) =∑

u∈Z

∫ 1

0

pt(x + u | α)e−2πikxdx (8)

=

∫ 1

0

pt(x | α)e−2πikxdx (9)

Assuming that the inverse formula for Fourier series holds for

ct(k | α), we obtain:

pt(x | α) =∑

k∈Zct(k | α)e2πikx (10)






Effect of time evolution

The following lemma expresses the effect of time evolution on

the Fourier coefficient of a density of probability pt(x | α).

Lemma

Assume an average drift speed µ and diffusion factor σ for the

Brownian process ϕ(t). For any t0 ≤ t and for every

precondition α concerning only events prior to t0, we have

ct(k | α) = ct0(k | α) e−2πiµ(t−t0) k e−2π2σ2(t−t0) k2

(11)






Effect of sampling

The next lemma expresses the effect of sampling a bit b on the

Fourier coefficient of a density pt(x | α).

Lemma

For any t and for every precondition α concerning only events

prior to t, we have

ct(j | α, s(t) = b) =1

P

∑

k∈Zγb(j − k) ct(k | α) (12)

where γb(k) =∫ 1

0gb(x)e

−2πikxdx is the k-th Fourier coefficient

of the (periodic) sampling probability gb, and

P = P [s(t) = b | α] =∑

k∈Zγb(−k) ct(k | α) (13)






A new design






Questions ?


On the security of oscillator-based random number generatorsasync/CCIS/talk_12/Lubicz_talk.pdf ·...

Documents

Transcript of On the security of oscillator-based random number generatorsasync/CCIS/talk_12/Lubicz_talk.pdf ·...