Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
METHOD FOR ENVIRONMENTAL RESISTANT TRUE RANDOM NUMBER GENERATION
Document Type and Number:
WIPO Patent Application WO/2018/122240
Kind Code:
A1
Abstract:
A true random number generator (TRNG) system includes a first noise source configured to generate first analog noise signals and a second noise source identical to the first noise source and configured to generate second analog noise signals. An analog comparator receives the first analog noise signals and the second analog noise signals as inputs and outputs digital signals based on comparisons of the first analog noise signals and the second analog noise signals. A conversion system receives the digital signals and generates a random bit stream signal from the digital signals. An output pin is coupled to receive the random bit stream signal from the conversion system.

Inventors:
GUAJARDO MERCHAN JORGE (US)
DUPLYS PAULIUS (DE)
HUTH CHRISTOPHER (DE)
Application Number:
PCT/EP2017/084611
Publication Date:
July 05, 2018
Filing Date:
December 27, 2017
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
BOSCH GMBH ROBERT (DE)
International Classes:
G06F7/58
Foreign References:
US20040006580A12004-01-08
US20070011217A12007-01-11
US6070178A2000-05-30
Other References:
None
Download PDF:
Claims:
CLAIMS

What is claimed is:

1. A true random number generator (TRNG) system comprising:

a first noise source configured to generate first analog noise signals;

a second noise source, the second noise source being identical to the first noise source, the second noise source being configured to generate second analog noise signals;

an analog comparator that receives the first analog noise signals and the second analog noise signals as inputs and outputs digital signals based on comparisons of the first analog noise signals and the second analog noise signals; a conversion system that receives the digital signals and generates a random bit stream signal from the digital signals; and

an output connections coupled to receive the random bit stream signal from the conversion system.

2. The TRNG system of claim 1 , wherein the first noise source comprises a first analog input pin and the second noise source comprises a second analog input pin, the first and the second analog input pins being unconnected.

3. The TRNG system of claim 2, wherein the first analog noise signals and the second analog noise signals are voltage signals indicative of voltages at the first analog input pin and the second analog input pin, respectively.

4. The TRNG system of claim 3, wherein the first noise source further comprises a first amplifier that amplifies the first noise signals, and

wherein the second noise source further comprises a second amplifier that amplifies the second noise signals.

5. The TRNG system of claim 1 , wherein each of the digital signals is indicative of a predefined number of digital bits, and

wherein the conversion system is configured to use at least one bit from each of the digital signals to generate the random bit stream.

6. The TRNG system of claim 5, wherein the at least one bit from each of the digital signals is a least significant bit.

7. The TRNY system of claim 1 , wherein the first noise source, the second noise source, the analog comparator, the conversion system and the output connection are implemented in a mobile device.

8. A method of generating a true random number, the method comprising:

outputting first analog noise signals from a first noise source; outputting a second analog noise signals from a second noise source, the second noise source being identical to the first noise source;

comparing the first analog noise signals and the second analog noise signals with an analog comparator;

outputting digital signals from the analog comparator indicative of the comparisons of the first analog noise signals and the second analog noise

signals;

converting the digital signals to a random bit stream signal using a conversion system;

outputting the random bit stream signal.

9. The method of claim 8, wherein the first noise source comprises a first analog input pin and the second noise source comprises a second analog input pin, the first and the second analog input pins being unconnected.

10. The method of claim 9, wherein the first analog noise signals and the second analog noise signals are voltage signals indicative of voltages at the first analog input pin and the second analog input pin, respectively.

1 1 . The method of claim 10, wherein the first noise source further comprises a first amplifier that amplifies the first noise signal and supplies a first amplified noise signal to the analog comparator, and wherein the second noise source further comprises a second amplifier that amplifies the second noise signal and supplies a second amplified noise signal to the analog comparator.

12. The method of claim 8, wherein each of the digital signals is indicative of a predefined number of digital bits, and

wherein the conversion system is configured to use at least one bit from each of the digital signals to generate the random bit stream.

13. The method of claim 12, wherein the at least one bit from each of the digital signals is a least significant bit.

14. The method of claim 13, wherein the first noise source, the second noise source, the analog comparator and the conversion system are implemented in a mobile device.

15. The method of claim 8, further comprising:

supplying the random bit stream to a cryptographic system.

16. The method of claim 15, further comprising:

generating a cryptographic key from the random bit stream.

17. A true random number generator (TRNG) system comprising:

a first noise source configured to generate first analog noise signals;

a second noise source, the second noise source being identical to the first noise source, the second noise source being configured to generate second analog noise signals;

a differential amplifier that receives the first analog noise signals and the second analog noise signals as inputs and outputs amplified difference signals indicative of a difference between the first analog noise signals and the second analog noise signals; an analog comparator that receives the amplified difference signals, compares the analog difference signals to an analog reference signal and outputs digital signals based on the comparisons;

a conversion system that receives the digital signals and generates a random bit stream signal from the digital signals; and

an output connections coupled to receive the random bit stream signal from the conversion system.

18. The TRNG system of claim 17, wherein the first noise source comprises a first analog input pin and the second noise source comprises a second analog input pin, the first and the second analog input pins being unconnected.

19. The TRNG system of claim 18, wherein the first analog noise signals and the second analog noise signals are voltage signals indicative of voltages at the first analog input pin and the second analog input pin, respectively.

20. The TRNG system of claim 17, wherein each of the digital signals is indicative of a predefined number of digital bits, and

wherein the conversion system is configured to use least significant bits of the digital signals to generate the random bit stream.

Description:
METHOD FOR ENVIRONMENTAL RESISTANT

TRUE RANDOM NUMBER GENERATION

CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This application claims priority to U.S. Provisional Application Serial No. 62/440,763 entitled "A METHOD FOR ENVIRONMENTAL RESISTANT TRUE

RANDOM NUMBER GENERATION" by Merchan et al., filed December 30, 2016, the disclosure of which is hereby incorporated herein by reference in its entirety.

TECHNICAL FIELD

[0002] The present invention relates to random number generators (RNG) and more particularly to a system and method for implementing a true random number generator (TRNG).

BACKGROUND

[0003] This random number can be used in electronics and computing applications and aspects can be applied in probability, statistics, or numerical analysis. Example applications can include generation of data-encryption keys, simulation and modeling, random sample selection from large data sets, or gaming applications. In a more detailed example, the simulation can be wireless channel simulation (e.g., the random number is used for multiple iterations of a simulated loop) and/or simulation of white noise on a modeled electronic circuit or photonic system.

[0004] Random numbers are created by a random number generator. There are logically two kinds of random number generator: a True Random Number Generator (TRNG) and a Pseudo Random Number Generator (PRNG). [0005] A PRNG is an algorithm that given some "seed" will produce a deterministic sequence of pseudo random numbers and is also known as a Deterministic Random Bit Generator (DRBG). The PRNG generates random numbers using a deterministic process (that is, predictable given knowledge of the process) to generate a series of outputs derived from an initial seed state. That initial seed state is best if provided from a true random number generator. Most "random" number sources used in systems today are built in software and are based upon a pseudo-random generator.

[0006] PRNGs have historically been faster than TRNGs but PRNGs cannot generate a true random number because PRNGs employ deterministic algorithms. Thus, if the seed can be determined, the supposedly random numbers can be deterministically known

[0007] Every TRNG requires a physical source of entropy. Entropy is in general a measure of disorder in a physical system. In this specification, entropy refers to a measure of how unpredictable the measured properties of the entropy source are. A TRNG can only be built using a HW-based "entropy source" and can produce a nondeterministic sequence of truly random numbers. The TRNG is often used to "seed" software PRNGs and is also known as a Nondeterministic Random Bit Generator (NRBG). The TRNG generates random numbers from a physical non-deterministic entropy source, such as white noise generated by a resistor, diode, or other electronic device, the time between radioactive particle decay, or other signal source that is essentially random.

[0008] The major use for hardware random number generators is in the field of data encryption, for example to create random cryptographic keys to encrypt data. They are a more secure alternative to pseudorandom number generators (PRNGs), software programs commonly used in computers to generate "random" numbers. PRNGs use a deterministic algorithm to produce numerical sequences. Although these pseudorandom sequences pass statistical pattern tests for randomness, by knowing the algorithm and the conditions used to initialize it, called the "seed", the output can be predicted.

Because the sequence of numbers produced by a PRNG is predictable, data encrypted with pseudorandom numbers is potentially vulnerable to cryptanalysis. Hardware random number generators produce sequences of numbers that are assumed not to be predictable, and therefore provide the greatest security when used to encrypt data.

[0009] A dedicated TRNG is oftentimes not available on resource-constrained and/or space limited devices, such as mobile or portable electronic devices including phones, tablets and the like, for various reasons. For example, it is not always convenient or cost-effective to incorporate a physical process, such as radioactive decay, into resource-constrained devices and/or to place monitoring equipment near such physical processes. Also, the monitoring equipment for certain physical processes can tend to be bulky, which makes it unsuitable for space limited applications.

[0010] For resource-constrained devices without a dedicated TRNG, several on-chip components, such as RC oscillators, resistors, diodes, unconnected analog input pins, and the like, have been proposed as sources of entropy for random number generation. These components and the way they are used in the existing proposals are (highly) sensitive to the environmental conditions, such as ambient temperature, during the generation of the random numbers. Effectively, this leads to environment-dependent statistical biases in the generated random numbers, rendering them unsuitable for cryptographic purposes.

[0011] Using biased measurements for cryptographic purposes need to be handled with great care. One of the greatest risk poses, that a potential attacker can alter the temperature, e.g. putting the device under attack in a refrigeration or freezer, so that the device is not able to generate good random numbers any longer. In an extreme case these bad random numbers would be all zero (or all one) and the inherent randomness and entropy is close to 0.

[0012] What is needed is a TRNG that can be implemented in resource-constrained and space limited devices that can produce high-quality random numbers in a cost- effective and space conserving manner in a way that is not sensitive to the

environmental conditions of the device.

SUMMARY OF THE CLAIMED SUBJECT MATTER

[0013] According to one embodiment, a true random number generator (TRNG) system includes a first noise source configured to generate first analog noise signals and a second noise source identical to the first noise source and configured to generate second analog noise signals. An analog comparator receives the first analog noise signals and the second analog noise signals as inputs and outputs digital signals based on comparisons of the first analog noise signals and the second analog noise signals. A conversion system receives the digital signals and generates a random bit stream signal from the digital signals. An output pin is coupled to receive the random bit stream signal from the conversion system. [0014] According to another embodiment, a method of generating a true random number, the method includes outputting first analog noise signals from a first noise source, and outputting a second analog noise signals from a second noise source, the second noise source being identical to the first noise source. The first analog noise signals and the second analog noise signals are compared with an analog

comparator. Digital signals are output from the analog comparator which are indicative of the comparisons of the first analog noise signals and the second analog noise signals. The digital signals are converted to a random bit stream signal using a conversion system, and the random bit stream signal is outputted.

[0015] According to yet another embodiment, TRNG system includes a first noise source configured to generate first analog noise signals, and a second noise source identical to the first noise source and configured to generate second analog noise signals. A differential amplifier receives the first analog noise signals and the second analog noise signals as inputs and outputs amplified difference signals indicative of a difference between the first analog noise signals and the second analog noise signals. An analog comparator receives the amplified difference signals, compares the analog difference signals to an analog reference signal and outputs digital signals based on the comparisons. A conversion system receives the digital signals and generates a random bit stream signal from the digital signals. An output connections is coupled to receive the random bit stream signal from the conversion system. BRIEF DESCRIPTION OF THE DRAWINGS

DETAILED DESCRIPTION

[0016] For the purposes of promoting an understanding of the principles of the disclosure, reference will now be made to the embodiments illustrated in the drawings and described in the following written specification. It is understood that no limitation to the scope of the disclosure is thereby intended. It is further understood that the present disclosure includes any alterations and modifications to the illustrated embodiments and includes further applications of the principles of the disclosure as would normally occur to a person of ordinary skill in the art to which this disclosure pertains.

[0017] FIG. 1 depicts a first embodiment of a true random number generation (TRNG) system 12. As depicted in FIG. 1 , the TRNG system 12 includes a first noise source 14, a second noise source 16, an analog comparator 22 and a conversion system 24. The TRNG system 12 is implemented in a resource-constrained device 10, such as a mobile phone, tablet or other type of portable electronic device. The components of the TRNG system 12 can be implemented in any suitable combination of hardware, software, firmware, or combinations thereof on the resource-constrained device.

[0018] The first noise source 14 and the second noise source 14 are configured to output or generate first and second noise signals, respectively. In one embodiment, the first and second noise sources 14, 16 comprise unconnected analog pins. In this case, the noise signals are indicative of the voltages at the respective pins. As used herein, the term "unconnected" means that the pins are not electronically connected to an external source or influence. Therefore, the voltages at the analog pins in theory should be 0 V. However, the ambient environmental conditions, such as temperature, can add "noise", such as thermal noise, to the voltage present at the pins. The thermal noise influencing the voltages at the analog pins is random. This randomness is used by the system as entropy for generating true random numbers.

[0019] The analog pins 14, 16 are identical for all intents and purposes. Because the pins are essentially identical, they will be equally affected by environmental bias. The analog pins may be incorporated onto a circuit board. In alternative embodiments, other components which are susceptible to environmental bias can be used to generate noise signals. For example, resistors, diodes, and the like can be used to provide noise signals. Preferably, the components used for both the first noise source and the second noise source are identical. For example, if resistors or diodes are used, the resistors or diodes should have the same specifications and should preferably be from the same manufacturer so that the environmental influence on the components can be expected to be the same.

[0020] The noise signals may be amplified. In the embodiment of FIG. 1 , the first noise source further comprises a first amplifier 18 that receives the noise signal (i.e., voltage) from the first analog pin 14, and the second noise source further comprises a second amplifier 20 that receives the noise signal from the second analog pin 16. Any suitable type of amplifier may be used. In one embodiment, the amplifiers 18, 20 comprise op-amps with the inputs tied together. Preferably, the amplifiers have the same gain. The amplified noise signals enable a higher sampling rate.

[0021] The amplified noise signals are fed to the analog comparator 22. In particular, the first noise signal is connected to a first input of the analog comparator 22, and the second noise signal is connected to a second input of the analog comparator 22. The output of the analog comparator 22 is a digital signal which alternates between a high and low value depending on which of the voltages at the inputs is greater. Because both noise signals are affected by the same bias, e.g., temperature, this bias gets canceled out.

[0022] The digital signal output by the comparator 22 is supplied to the conversion system 24. The conversion system 24 is configured to generate a random number stream 30 from the digital signals received from the comparator 22. The random number stream 30 is supplied to an output connection, such as an output pin, where it is made available to other systems and applications. The conversion system 24 includes any necessary components for generating the random number stream from the digital signals, such as shift registers, flip-flops, latches, counters, and the like.

[0023] In one embodiment, the digital signal output by the comparator 22

corresponds to a 10-bit measurement signal. The conversion system 24 may be configured to extract certain bits from the 10-bit signals for use in generating the random number stream 30. In one embodiment, the conversion system 24 is

configured to identify the least significant bit of each digital measurement signal for the random number stream. As can be seen in FIG. 1 , the conversion system 24 may be coupled to receive a reference clock signal which can be used for timing the reading of the bits of the digital signal.

[0024] FIG. 2 depicts another embodiment of TRNG system 12'. In this embodiment, TRNG system 12' comprises a first noise source 14, a second noise source 16, a differential amplifier 28, and an analog comparator 22. Similar to the first embodiment, the first and second noise sources 14, 16 may comprise unconnected analog pins (or alternatively other suitable components). The first and second noise signals output by the first and second noise sources 14, 16 are supplied to the inputs of the differential amplifier 28. As is known in the art, the differential amplifier 28 outputs an amplified signal which is proportional to the difference between the voltages at the inputs of the amplifier. The amplified difference signal is supplied to a first input of the analog comparator 22.

[0025] In this embodiment, the second input of the analog comparator 22 is connected to receive a reference voltage signal. In one embodiment, the reference voltage is 0 V. In the embodiment of FIG. 2, the reference voltage is provided by reference voltage source 32 as a digital voltage. The digital reference voltage 32 is converted to an analog voltage signal by a digital to analog (D/A) converter 34. The output of the D/A converter 34 is supplied to the second input of the analog comparator 22.

[0026] The digital reference voltage source is in the same device 10' as the first and second noise sources 14, 16 so they are affected by the same environmental bias. Similar to above, the output of the analog comparator 22 is a digital signal which alternates between a high and low value depending on which of the voltages at the inputs is greater. Because both noise signals are affected by the same bias, e.g., temperature, this bias gets canceled out.

[0027] FIG. 3 is graph of actual 10-bit measurements yielded by the comparator 22. The measurements are indicated by the jagged line in the graph. As can be seen, the digital output of the comparator still exhibits bias in the form of a sine curve. With postprocessing, this sine can be removed. The conversion system may be configured to implement any suitable kind of post-processing, such as Fast Fourier transforms, to eliminate bias from the digital signal output by the comparator.

[0028] The output of the conversion system 24 in the embodiments described above is a random number stream or random bit stream 30. The random number stream 30 can be supplied to other systems for use in different applications. For example, the TRNG system may be configured to supply the random number stream 30 to a cryptographic system 26. The cryptographic system 26 can use the random number stream to generate cryptographic keys, as known in the art. The cryptographic key can be used for data encryption and decryption, digital signature verification, digital signature creation, message authentication, key transport, key wrapping, and the like.

[0029] As noted above, the least significant bit of the measurement signals may be used to generate a stream of random bits. During testing, ten million measurements were performed and the least significant bit was extracted from the measurement signals to generate a random bit stream for testing. The ten million bits were tested using the National Institute of Standards and Technology (NIST) Statistical Test Suite. The generated random bit stream passed these tests.

[0030] While the disclosure has been illustrated and described in detail in the drawings and foregoing description, the same should be considered as illustrative and not restrictive in character. It is understood that only the preferred embodiments have been presented and that all changes, modifications and further applications that come within the spirit of the disclosure are desired to be protected.