nach oben

Journal of Cryptographic Engineering

Erschienen in:

06.01.2022 | Regular Paper

Development of the RISC-V entropy source interface

verfasst von: Markku-Juhani O. Saarinen, G. Richard Newell, Ben Marshall

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 4/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The RISC-V true random number generator (TRNG) architecture breaks with previous ISA TRNG practice by splitting the entropy source (ES) component away from cryptographic DRBGs into a separate privileged interface, and in its use of polling. The modular approach is suitable for the RISC-V hardware IP ecosystem, allows a significantly smaller implementation footprint on platforms that need it, while directly supporting current standards compliance testing methods. We describe the interface, its use in cryptography, and offer additional discussion, background, and rationale for various aspects of it. The design was informed by lessons learned from earlier mainstream ISAs, recently introduced SP 800-90B and FIPS 140-3 entropy audit requirements, AIS 31 and common criteria, current and emerging cryptographic needs such as post-quantum cryptography, and the goal of supporting a wide variety of RISC-V implementations and applications. Many of the architectural choices result from quantitative observations about random number generators in secure microcontrollers, the Linux kernel, and cryptographic libraries.

Vorheriger Artikel The ASHES 2020 special issue at JCEN

Nächster Artikel Secret-free security: a survey and tutorial

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Separate entropy source validation scope was discussed at the NIST “SP 800-90B Entropy Source Validation Workshop” held in April 2021. There is an automated entropy source validation test system (ESVTS) being developed by NIST.

EntropyAssessment: https://github.com/usnistgov/SP800-90B_EntropyAssessment.

(In German) AIS 31-Implementierung in Java: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_testsuit_zip.

September 5, 2013 (after Snowden): https://news.ycombinator.com/item?id=6336505.

AMD: AMD random number generator. AMD TechDocs (2017). https://www.amd.com/system/files/TechDocs/amd-random-number-generator.pdf

Anderson, R.J.: Security engineering—a guide to building dependable distributed systems (3 edn). Wiley (2020). https://www.cl.cam.ac.uk/rja14/book.html

ARM: ARM TrustZone true random number generator (TRNG): software integrator’s manual. ARM 101049_0000_00_en (2017). https://github.com/ARM-software/TZ-TRNG/raw/master/trustzone_trng_software_integrators_manual_101049_0000_00_en.pdf

ARM: ARM TrustZone true random number generator (TRNG): technical reference manual. ARM 100976_0000_00_en (Second release r0p0 0000-01) (2020). http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.100976_0000_00_en

Bak, P.: The devil’s staircase. Phys. Today 39(12), 38–45 (1986). https://doi.org/10.1063/1.881047

Bardou, R., Focardi, R., Kawamoto, Y., Simionato, L., Steel, G., Tsay, J.: Efficient padding oracle attacks on cryptographic hardware. In: R. Safavi-Naini, R. Canetti (eds.) Advances in Cryptology–CRYPTO 2012—32nd Annual Cryptology Conference, Santa Barbara, CA, USA, August 19–23, 2012. Proceedings, Lecture Notes in Computer Science, vol. 7417, pp. 608–625. Springer (2012). https://doi.org/10.1007/978-3-642-32009-5_36

Barker, E., Kelsey, J.: Recommendation for random number generation using deterministic random bit generators. NIST Special Publication SP 800-90A Revision 1 (2015). https://doi.org/10.6028/NIST.SP.800-90Ar1

Barker, E., Kelsey, J., Roginsky, A., Turan, M.S., Buller, D., Kaufer, A.: Recommendation for random bit generator (RBG) constructions. Draft NIST Special Publication SP 800-90C (2021)

Baudet, M., Lubicz, D., Micolod, J., Tassiaux, A.: On the security of oscillator-based random number generators. J. Cryptol. 24(2), 398–425 (2011). https://doi.org/10.1007/s00145-010-9089-3MathSciNetCrossRefMATH

10.

Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware trojans: extended version. J. Cryptogr. Eng. 4(1), 19–31 (2014). https://doi.org/10.1007/s13389-013-0068-0CrossRef

11.

Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2), 364–383 (1986). https://doi.org/10.1137/0215025MathSciNetCrossRefMATH

12.

Blum, M.: Independent unbiased coin flips from a correlated biased source—a finite state Markov chain. Combinatorica 6(2), 97–108 (1986). https://doi.org/10.1007/BF02579167MathSciNetCrossRefMATH

13.

Brown, G.W.: History of RAND’s random digits—summary. Research Paper P-113, RAND Corporation (1949). https://www.rand.org/pubs/papers/P113.html. Also appeared in: Monte Carlo Method, Nat. Bur. Stand., Appl. Math. Ser. 12, pp. 31–32 (1951)

14.

Checkoway, S., Maskiewicz, J., Garman, C., Fried, J., Cohney, S., Green, M., Heninger, N., Weinmann, R., Rescorla, E., Shacham, H.: Where did I leave my keys? Lessons from the juniper dual EC incident. Commun. ACM 61(11), 148–155 (2018). https://doi.org/10.1145/3266291CrossRef

15.

Evtyushkin, D., Ponomarev, D.V.: Covert channels through random number generator: Mechanisms, capacity estimation and mitigations. In: E.R. Weippl, S. Katzenbeisser, C. Kruegel, A.C. Myers, S. Halevi (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24–28, 2016, pp. 843–857. ACM (2016). https://doi.org/10.1145/2976749.2978374. http://dl.acm.org/citation.cfm?id=2976749

16.

Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, STOC ’96, pp. 212–219. ACM (1996). https://doi.org/10.1145/237814.237866. http://arxiv.org/pdf/quant-ph/9605043

17.

Hajimiri, A., Lee, T.H.: A general theory of phase noise in electrical oscillators. IEEE J. Solid-State Circuits 33(2), 179–194 (1998). https://doi.org/10.1109/4.658619CrossRef

18.

Hajimiri, A., Limotyrakis, S., Lee, T.H.: Jitter and phase noise in ring oscillators. IEEE J. Solid-State Circuits 34(6), 790–804 (1999). https://doi.org/10.1109/4.766813CrossRef

19.

Hamburg, M., Kocher, P., Marson, M.E.: Analysis of intel’s ivy bridge digital random number generator. Technical Report, Cryptography Research (Prepared for Intel) (2012)

20.

Hurley-Smith, D., Hernández-Castro, J.C.: Quantum leap and crash: searching and finding bias in quantum random number generators. ACM Trans. Privacy Sec. 23(3), 1–25 (2020). https://doi.org/10.1145/3403643CrossRef

21.

Intel: SRBDS mitigation impact on intel® secure key. Intel Developer Zone (2020). https://software.intel.com/security-software-guidance/insights/srbds-mitigation-impact-intel-secure-key

22.

ITU: Quantum noise random number generator architecture. Recommendation ITU-T X.1702 (2019). https://www.itu.int/rec/T-REC-X.1702-201911-I/en

23.

Jaques, S., Naehrig, M., Roetteler, M., Virdia, F.: Implementing grover oracles for quantum key search on AES and LowMC. In: A. Canteaut, Y. Ishai (eds.) Advances in Cryptology—EUROCRYPT 2020—39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings, Part II, Lecture Notes in Computer Science, vol. 12106, pp. 280–310. Springer (2020). https://doi.org/10.1007/978-3-030-45724-2_10. https://arxiv.org/pdf/1910.01700.pdf

24.

Davenport, W.B., Root, W.L.: Introduction to the Theory of Random Signals and Noise. McGraw-Hill, New York (1958)CrossRef

25.

Karaklajic, D., Schmidt, J., Verbauwhede, I.: Hardware designer’s guide to fault attacks. IEEE Trans. Very Large Scale Integr. Syst. 21(12), 2295–2306 (2013). https://doi.org/10.1109/TVLSI.2012.2231707

26.

Killmann, W., Schindler, W.: A proposal for: Functionality classes and evaluation methodology for true (physical) random number generators. AIS 31, Version 3.1, English Translation, BSI (2001). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_evaluation_methodology_for_true_RNG_e.html

27.

Killmann, W., Schindler, W.: A proposal for: functionality classes for random number generators. AIS 20/AIS 31, Version 2.0, English Translation, BSI (2011). https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.html

28.

Lacharme, P.: Post-processing functions for a biased physical random number generator. In: K. Nyberg (ed.) Fast Software Encryption, 15th International Workshop, FSE 2008, Lausanne, Switzerland, February 10–13, 2008, Revised Selected Papers, Lecture Notes in Computer Science, vol. 5086, pp. 334–342. Springer (2008). https://doi.org/10.1007/978-3-540-71039-4_21

29.

Liberty, J.S., Barrera, A., Boerstler, D.W., Chadwick, T.B., Cottier, S.R., Hofstee, H.P., Rosser, J.A., Tsai, M.L.: True hardware random number generation implemented in the 32-nm SOI POWER7+ processor. IBM J. Res. Dev. (2013). https://doi.org/10.1147/JRD.2013.2279599CrossRef

30.

Markettos, A.T., Moore, S.W.: The frequency injection attack on ring-oscillator-based true random number generators. In: C. Clavier, K. Gaj (eds.) Cryptographic Hardware and Embedded Systems—CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6–9, 2009, Proceedings, Lecture Notes in Computer Science, vol. 5747, pp. 317–331. Springer (2009). https://doi.org/10.1007/978-3-642-04138-9_23

31.

Marshall, B. (ed.): RISC-V Cryptographic Extension Proposals. Volume I: Scalar & Entropy Source Instructions. RISC-V International (2021). https://github.com/riscv/riscv-crypto

32.

Marshall, B., Newell, G.R., Page, D., Saarinen, M.J.O., Wolf, C.: The design of scalar AES instruction set extensions for RISC-V. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(1), 109–136 (2020). https://doi.org/10.46586/tches.v2021.i1.109-136

33.

Mechalas, J.P.: Intel® digital random number generator (drng) software implementation guide. Intel Technical Report, Version 2.1 (2018)

34.

Moghimi, D., Sunar, B., Eisenbarth, T., Heninger, N.: TPM-FAIL: TPM meets timing and lattice attacks. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 2057–2073. USENIX Association (2020). https://www.usenix.org/conference/usenixsecurity20/presentation/moghimi-tpm

35.

Müller, S.: Documentation and analysis of the linux random number generator, version 3.6. Prepared for BSI by atsec information security GmbH (2020). https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/LinuxRNG/LinuxRNG_EN.pdf

36.

NCSC: Quantum security technologies. White paper, Version 1.0. National Cyber Security Centre (UK) (2020). https://www.ncsc.gov.uk/whitepaper/quantum-security-technologies

37.

NIST: Advanced Encryption Standard (AES). Federal Information Processing Standards Publication FIPS 197 (2001). https://doi.org/10.6028/NIST.FIPS.197

38.

NIST: Secure hash standard (SHS). Federal Information Processing Standards Publication FIPS 180-4 (2015). https://doi.org/10.6028/NIST.FIPS.180-4

39.

NIST: SHA-3 standard: permutation-based hash and extendable-output functions. Federal Information Processing Standards Publication FIPS 202 (2015). https://doi.org/10.6028/NIST.FIPS.202

40.

NIST: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. Official Call for Proposals, National Institute for Standards and Technology (2016). http://csrc.nist.gov/groups/ST/post-quantum-crypto/documents/call-for-proposals-final-dec-2016.pdf

41.

NIST: Security requirements for cryptographic modules. Federal Information Processing Standards Publication FIPS 140-3 (2019). https://doi.org/10.6028/NIST.FIPS.140-3

42.

NIST, CCCS: implementation guidance for FIPS 140-3 and the cryptographic module validation program. CMVP (2021). https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf

43.

NSA/CSS: Commercial national security algorithm suite (2015). https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm

44.

Ragab, H., Milburn, A., Razavi, K., Bos, H., Giuffrida, C.: Crosstalk: speculative data leaks across cores are real. In: IEEE Symposium on Security & Privacy 2021 (to appear). IEEE (2021). https://download.vusec.net/papers/crosstalk_sp21.pdf

45.

Rambus: TRNG-ip-76/EIP-76 family of FIPS approved true random generators. Commercial Cryptographic IP data sheet (2020). https://www.rambus.com/security/crypto-accelerator-hardware-cores/basic-crypto-blocks/trng-ip-76/

46.

Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., JamesDray, Vo, S.: A statistical test suite for random and pseudorandom number generators for cryptographic applications (2010). https://doi.org/10.6028/NIST.SP.800-22r1a

47.

Saarinen, M.J.O.: On entropy and bit patterns of ring oscillator jitter. Preprint (2021). arXiv:2102.02196

48.

Saarinen, M.J.O., Newell, G.R., Marshall, B.: Building a modern TRNG: an entropy source interface for RISC-V. In: 4th Workshop on Attacks and Solutions in Hardware Security (ASHES’20), November 13, 2020, Virtual Event, USA., pp. 93–102. ACM (2020). https://doi.org/10.1145/3411504.3421212

49.

Salter, J.: How a months-old AMD microcode bug destroyed my weekend. Ars Technica (2019). https://bit.ly/3yCAczz

50.

Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134. IEEE (1994). https://doi.org/10.1109/SFCS.1994.365700, https://arxiv.org/abs/quant-ph/9508027

51.

Turan, M.S., Barker, E., Kelsey, J., McKay, K.A., Baish, M.L., Boyle, M.: Recommendation for the entropy sources used for random bit generation. NIST Special Publication SP 800-90B (2018). https://doi.org/10.6028/NIST.SP.800-90B

52.

Valtchanov, B., Fischer, V., Aubert, A., Bernard, F.: Characterization of randomness sources in ring oscillator-based true random number generators in fpgas. In: E. Gramatová, Z. Kotásek, A. Steininger, H.T. Vierhaus, H. Zimmermann (eds.) 13th IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems, DDECS 2010, Vienna, Austria, April 14–16, 2010, pp. 48–53. IEEE Computer Society (2010). https://doi.org/10.1109/DDECS.2010.5491819. https://ieeexplore.ieee.org/xpl/conhome/5484099/proceeding

53.

Varchola, M., Drutarovský, M.: New high entropy element for FPGA based true random number generators. In: S. Mangard, F. Standaert (eds.) Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17–20, 2010. Proceedings, Lecture Notes in Computer Science, vol. 6225, pp. 351–365. Springer (2010). https://doi.org/10.1007/978-3-642-15031-9_24

54.

von Neumann, J.: Various techniques used in connection with random digits. In: A.S. Householder, G.E. Forsythe, H.H. Germond (eds.) Monte Carlo Method, National Bureau of Standards Applied Mathematics Series, vol. 12, chap. 13, pp. 36–38. US Government Printing Office, Washington, DC (1951). https://mcnp.lanl.gov/pdf_files/nbs_vonneumann.pdf

55.

Waterman, A., Asanović, K. (eds.): The RISC-V Instruction Set Manual, Volume II: Privileged Architecture. RISC-V Foundation (2019). https://riscv.org/specifications/. Document Version 20190608-Priv-MSU-Ratified

56.

Waterman, A., Asanović, K., Hauser, J. (eds.): The RISC-V Instruction Set Manual, Volume II: Privileged Architecture. RISC-V Foundation (2021). https://github.com/riscv/riscv-isa-manual. Document Version 1.12-draft

Titel: Development of the RISC-V entropy source interface
verfasst von: Markku-Juhani O. Saarinen
G. Richard Newell
Ben Marshall
Publikationsdatum: 06.01.2022
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 4/2022
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-021-00275-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2022

Secret-free security: a survey and tutorial

A framework for leaking secrets to past instructions

Fault analysis of the PRINCE family of lightweight ciphers

Differential fault analysis of NORX using variants of coupon collector problem

The ASHES 2020 special issue at JCEN

A comprehensive survey of physical and logic testing techniques for Hardware Trojan detection and prevention

Premium Partner