[Cryptech Tech] TRNG is alive!

[Joachim Strömbergson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

tryggve.mathiesen at informasic.com wrote:
> Two comments about Xilinx: 1) Placement and routing, as well as
> reduction optimization around comb loops can be controlled/solved in
> ISE/Vivado tool chain.

True. (One step ahead of you ;-)

> 2) Consider to use the existing ring osc in Xilinx FPGAs a) JTAG
> clock is Ring Osc based - accessable after FPGA load b) Spatran6 and
> others using Ring OSc. for DCI and DelayI/DelayO timing reference. c)
> 7-Series have RingOSc for the GTP clockbase in low speed modes (only 
> GTP macro FPGAs)

No, we don't want to do that, at least not as a complete replacement for
the ones we use in the entropy source. For several reasons.

First we need more than just a few. Currently we are using 32 instances
of the same type of oscillator, but may add more. The ones you point to
are fewer and of different types with different fmax.

Secondly we don't want to add vendor specific dependencies unless we
have very good reasons to do so. And imho this is not the case here.
Using device specific oscillators could probably be a good, separate
research project though.

The ring oscillator we are using has been tested on several FPGA models
from more than one vendor. Using technology, hardwired specific
oscillators means that we need to do analysis of each of those
oscillators as well as the combination of them for different models and
vendors - and there might not even be similar oscillators.

Finally we don't know how these hard oscillators actually work. You can
probably point to documentation that provides a description of them. But
the ones we use we can actually see how they are being mapped onto the
FPGA CLB/LE/ALM structures.

What we might need to do is kick of a separate entropy source project
that looks into the PLL-style entropy source as described by Fischer et al:

http://www.radioeng.cz/fulltexts/2011/11_01_094_101.pdf
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.161.3295

The really interesting thing with this source is that you actually
fairly easy can test and then know that is works and that it will be robust.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJULTYwAAoJEF3cfFQkIuyNI2sQANeaNoeyCOSXtaNww7Bhgb4n
lhlNR0PZ3ZDULch+Y7ASqPqZMvNyaWVv/gmS2o4rydp+Lf2sm6rrIZCWpvSQBHvq
q0bg3EPJkmy1JmDEHcyPM/bN3LwbPWGSC9gcUyLf/19QODUpAgBgpHWU3yV+ULrI
jA3udZTw81rvGfROMBpFcWhINRSwBmdT7Ke23vAd+wnYnncgsqL74Z7zY3euL0si
/2M1Pon15kEI/hW65oERUdt9OTGNn5GNynnQgJP/u1RHKJcgRd+ifAr/6R4QN45R
tNvjEOyOsWXdtiQtFe7xFQ2BvUNlCudxYO0R0U+dAicTosQ+zGCKJQcU98OHW9xK
wS3cilWv5Cr3rRUJTKIh3mxU0XTEPy6yhPuWBdbx/K17MxKyr3Rzb7DwheL/gzbA
3X07+D8zglSC869q6emjQGvYXcgKPS2VvzRnhkgjFah/dzCVdnwypKmYAkGQNg/W
cQBjgRkoQTXwtOO5S9W3kQMi9ZhSljvjgbpnuWhFn5WVpikbZrWYC5IOt5aUCw10
HmRb7moXjhFlZQljucSJpFTYzJVBTVdNBVKaghmOUZHOkJHXK9q9foDwwaWUBN+e
pIIpqGb/mNUyu9VVwgg5sp55DVgmis1cAPkz2PJBmFAGa0e5HN6lQrTyr2xaV/jX
MPJBm8PbT0ZNUuFo44Uq
=U3WZ
-----END PGP SIGNATURE-----