Random numbers find application in various fields. One important application domain is cryptography, where random numbers may be used in security systems to create secret keys, as parameters in a challenge-response protocol, padding values, masks and so on. Other application fields may be games (e.g. dice throw, card shuffling, roulette), signal and image processing, modelling of financial and scientific systems etc. A random number generator is used in such applications. True random numbers are generated from a physical noise source that acts as a source of randomness, are unpredictable and thus do not have periodicity.
Implementing True Random Number Generators (TRNGs) on reconfigurable hardware devices like e.g. Field-Programmable Gate Arrays (FPGAs) is challenging due to the limited TRNG specific resources and techniques available to the designer. Due to the availability of only digital resources in hardware devices like FPGAs, designs for such TRNGs are usually based on one of two possible noise generating processes, namely metastability of memory elements or timing jitter in free running oscillators. Although metastability has good stochastic properties, precise control is required on the timing of the events that lead to a metastable state. This requirement makes this type of TRNGs difficult to design and impractical for real-world applications.
Therefore TRNG designs tailored for implementation on a reconfigurable hardware device mostly make use of timing jitter as a source of entropy. However, also when adopting this approach, designers are confronted with substantial implementation challenges. The TRNG designer needs to deal with additional design constraints such as portability of the entropy source across e.g. different FPGA families and vendors, or even more importantly, reproducibility of the design across identical reconfigurable hardware devices. Process variations present in all deep sub-micrometer CMOS technologies ensure every manufactured device has unique characteristics. For jitter based TRNGs, these process variations express themselves primarily in terms of variations in the logic timing delay. In order to produce a minimum level of entropy density at the output, certain TRNG designs require these timing delay variations to be bounded to some maximal value. However, achieving low timing delay variability is non-trivial, as the designer has e.g. in FPGA implementations very limited control on the physical placement and routing of the primitives (i.e. the basic building blocks) that make up the TRNG circuitry.
TRNGs usually also require some manual setup or placement and routing constraints. For example, designs based on Self-Timed Ring oscillators (STRs) and delay chains require placement constraints that have to be set up for each FPGA family, thus limiting the portability of these designs. In addition, some entropy sources do not work correctly on all locations on an FPGA. Therefore, a search procedure is required for each individual device until a suitable placement is found.
In order to achieve good portability TRNG designs are thus preferably constructed by only using fundamental hardware primitives which are available in any reconfigurable hardware device. These designs should therefore preferably only require components like LookUp Tables (LUTs) and Flip-Flops (FFs) for logic and memory implementation, respectively. Designs are available that fulfil these constraints. One such design is the COherent Sampling ring Oscillator based TRNG (COSO-TRNG). COSO-TRNG implementations have been described which can achieve a throughput in the order of 1 Mbit/s, while requiring only minimal chip area. The entropy source of such a TRNG design consists of two identically designed ring oscillators (ROs) which generate two oscillating signals with similar periods. Due to process and interconnect delay variations, however, it is very challenging to match the periods of the two ROs in a reconfigurable device like an FPGA. For this reason, a search procedure has to be applied until by chance two well matched ROs are found. This high effort renders state of the art COSO-TRNG implementations unpractical as this procedure has to be repeated for every device, even from a same FPGA family.
Hence, there is a need for a random number generator wherein only basic building blocks are employed to ensure good portability and reproducibility.