True Random Number Generators
AuthenTec’s True Random Number Generators (TRNG) are typically deployed in semiconductors for secure data communications, secure electronic transactions, and secure data storage. They are typically used for generation of keys, initialization vectors, cookies, and nonces. The TRNG's can also be used for statistical sampling, timers in communications protocols, as well as noise generation. The TRNGs provide a hardware-based, nondeterministic noise source.
The TRNGs are designed using shot noise generators that create unpredictable jittering output when asynchronously sampled by the system clock provided to the TRNGs. The outputs from the shot noise generators feed a complex, non-linear combinatorial circuit that produces the final TRNG output.
The TRNGs are designed for compliance with Federal Information Processing Standards (FIPS) Publication 140-2 and 140-3, facilitating system certification to this standard. An American National Standards Institute (ANSI) X9.17 Annex C / ANSI X9.31 Annex A post processor or NIST SP80-900 Deterministic Random Bit Generator is available to meet the FIPS PUB 140-2 and 140-3 requirements.
The TRNG cores can be used for: Key Generation, Initialization Vectors, Generation of Cookies and Nonces or other, non-cryptographic purposes such as: Statistical Sampling, Re-try timers in communications protocols, Noise generation.
SafeXcel-IP-76: True Random Number Generators
The SafeXcel-IP-76 cores are new state-of-the-art design for very fast true random number generation, targeting 65nm, 45nm and next generation small CMOS technologies. It provides semiconductor designers with a silicon-proven solution that has been deployed in AuthenTec’s leading VPN accelerator chips, as well as in several chips manufactured by AuthenTec semiconductor customers. The SafeXcel-IP-76 implements state of the art reliable Shot Noise oscillator implementation allowing operation across very wide PVT ranges as encountered in modern small-feature size (90 nm and below) technologies. It offers a configurable number of oscillators to allow a tradeoff between hardware complexity, instantaneous power consumption and entropy generation rate. The default number of 24 generally allows a startup time well below 5 milliseconds. For less demanding applications, standard versions with 8 oscillators are available.
The SafeXcel-IP-76 core family has four members:
• SafeXcel-IP-76a: no post processing
• SafeXcel-IP-76b: 3DES post processing (X9.31 and FIPS140-2)
• SafeXcel-IP-76c: AES-256 post processing (X9.31 and FIPS140-2)
• SafeXcel-IP-76d: SP800-90 DRBG post processing (FIPS140-2 and FIPS140-3)
The SafeXcel-IP-76 TRNG is a Security Aware design:
• Patented test circuits on the oscillators to detect locking to periodic signals
• Repeating output data detection in hardware (according to FIPS 140-3)
• Secure random data buffer wipe-after-read and zeroize functions (for FIPS 140-2 and FIPS 140-3 compliance)
• Secure reading mode where data is only available on request, for a (configurable) limited time
• Detection of noise source failure in hardware (according to AIS-31)
• Automatic shut-down on fatal errors
• Continuous noise source randomness monitoring with ‘monobit test’, ‘poker test’, ‘runs test’ and ‘long runs test’ (all according to AIS-31) built in hardware
• On-line known-answer tests on post-processor and ‘monobit’/‘poker’/‘runs’ test logic without loosing already gathered entropy
• Various off-line integrity and known-answer tests on the oscillator self-test circuits
SafeXcel-IP-75: True Random Number Generators
The SafeXcel-IP-75 cores target very fast true random number generation in 90nm, 130nm and larger CMOS technologies. It provides semiconductor designers with a silicon-proven solution that has been deployed in AuthenTec’s leading VPN accelerator chips, as well as in several chips manufactured by AuthenTec semiconductor customers.
The SafeXcel-IP-75 core family has two members:
• SafeXcel-IP-75a: no post processing
• SafeXcel-IP-75b: 3DES post processing (X9.31 and FIPS140-2)
• Hardware-based non-deterministic Random Number Generator
• Optional ANSI X9.31 (Appendix A.2.4) compliant 3DES post-processor to meet the NIST requirements of FIPS 140-2
• Redundant ‘Fail-Safe’ design with self-test circuits
• Reliable Shot Noise oscillator implementation with auto-tuning across PVT range of up to a factor 10 between worst case and best case delay
• Output ready interrupt
• Optional alarm count overflow and auto-tuning error interrupt
• Reset selectable between synchronous and asynchronous
• Optional separate (fixed frequency) sampling clock to allow variable frequency system clock
• Startup time can be controlled between 28 and 225 sampling clock cycles to adapt entropy accumulation time to basic entropy generation rate (which varies with the implementation technology)
• Selectable sequential or parallel operation of FROs to reduce power consumption or speed up initialization
• Glitch-free starting and stopping of FRO-generated clocks
• Debug outputs to allow monitoring of internal operations
• Silicon-proven implementation
• Fast and easy to integrate into SoCs
• Flexible layered design.
• Software support available:
• Generic driver library
• Configurations with/without post-processor and single/dual clocks.
• World-class technical support