Design and Implementation of a
True Random Number Generator
Based on Digital Circuit Artifacts
Michael Epstein1, Laszlo Hars2, Raymond Krasinski1, Martin Rosner3
and Hao Zheng4
(1) Philips Electronics, Philips Intellectual Property and Standards, 345
Scarborough Road, Briarcliff Manor, NY 10510,
(2) Seagate Technology, 1251 Waterfront Place Pittsburgh, PA 15222,
(3) Philips Electronics, Philips Research, 345 Scarborough Road,
Briarcliff Manor, NY 10510,
(4) ActiveEye, 286 Broadway, Pleasantville, NY 10570,
Presented by: Karandeep Singh
Introduction
• True random numbers are critical in many
applications
– Cryptography
– Statistical sampling
– Simulations
• Current random number generators are
difficult to integrate in ICs
– ‘Analog Noise’ based random number generators
are not area or power efficient
– Generators based on other physical phenomena
don’t provide easy interface to electronic devices
ENEE 698B
2
Background
• Authors propose a random number
generator that consists of only digital
circuit elements
– Uses elements from standard libraries
– Utilizes standard placement tools
• Designed and implemented a prototype
chip with nine distinct random number
generators
• Generated numbers were tested using
the ‘DIEHARD’ suite of tests
ENEE 698B
3
Circuit Description
• Design consists of two inverters and four
switches
• Based on switch positions, circuit can either
be a pair of ring oscillators or a bi-stable
memory device
ENEE 698B
4
Basic Concepts - Metastability
• Digital circuits are normally predictable,
but under certain conditions they are
unpredictable
• Digital flip-flop or a latch may exhibit
unpredictable behavior (metastability) in
response to certain inputs
– Pair of logic gates with feedback
– Have unpredictable or oscillatory output for
certain inputs
• Three uncertainties
– Whether circuit will enter a metastable state
– The final state the flip-flop would settle into
– Length of time that circuit remains metastable
ENEE 698B
5
Metastability
•
•
Recovery from metastable state displayed on a TDS7254 Tektronix
oscilloscope
Lower intensity (lighter traces) shows more frequent signal traces
ENEE 698B
6
Basic Concepts - Oscillator jitter and drift
• Clock period is never a precise constant,
the oscillating signal has slight changes
of phase
– Such perturbations are called jitter
– Some components of jitter are random
• Design uses two free-running oscillators,
which are allowed to drift from each other
• Resulting phase jitter utilized as a source
of randomness
• Instantaneous voltage is latched by a
digital bi-stable circuit, capturing the
random state
ENEE 698B
7
Theory of Operation
• Switches 1 and 4 are closed
while switches 2 and 3 are
open: inverters form two
independent, free-running
ring oscillators
• Switches 1 and 4 are
opened while switches 2 and
3 are closed: the connected
inverters form a bi-stable
memory device
• Because of positive feedback the outputs of the inverters
eventually resolve, by clipping, to a consistent logic state
• This final logic state creates one random bit.
ENEE 698B
8
Integrated Circuit Design
• An IC containing nine distinct
styles of RNGs was constructed
• Each style was replicated in 15
to 31 different varieties for a
total of 247 distinct RNGs
• All gates were drawn from a
standard 0.18 micron CMOS
library and laid out automatically
• Every variety from a particular
style was also connected to a
network of XOR gates
– Combines all of the varieties of a
style into a single output
• Selection of various RNG
designs was designated through
multiple levels of multiplexers
ENEE 698B
9
Circuit Details
• ‘Select’ signal is used to drive the multiplexers that choose
between acquisition and oscillation phase of the random number
generator
– When the select signal is high circuit is in oscillation state and each
inverter operates independently
– When the select line goes low the circuit is in the bi-stable
configuration and resolves to a single value, either a 1 or 0, via
metastable oscillations
• The rising edge of the select signal can be used to acquire the
random bit
ENEE 698B
10
Data Gathering and Analysis
• For each RNG, a sequence of 80 megabits
was collected
• Each sequence was submitted to DIEHARD
tests for evaluation
• Collection of 16 tests that produce 215 results
(Pvalues)
• Pvalue = Fi(X), i = 1 to 215
– Fi seeks to establish a distribution function of
sample random variable X
• For a random sequence only few Pvalues of
should be close to 0 or 1
ENEE 698B
11
Results
• Only two designs passed the DIEHARD tests
ENEE 698B
12
Results with Varying Voltage
• To simulate real world conditions, circuit was
tested at various voltages
ENEE 698B
13
Conclusions
• Authors demonstrate a practical and
power efficient RNG
– Uses standard digital gates
– Uses standard layout tools
• Stable over large changes in operating
voltage
• Likely to have good resistance to
attacks by variation in voltage or
temperature
ENEE 698B
14