ECE 6332: VLSI Design Project Review 1

ECE 6332: VLSI Design Project Review 1

Chunhu Zhang and Yu Yao

Our research project investigates into the Hardware Random Number Generators (HRNG), which relies on physical random source to generate true random numbers and serves for cryptographic applications.

PART1: Summaries of Related Publications:

1. Hardware random number generators, Robert Davis, Statistics Research Associates Limited
   This paper assessed several existing commercial HRNG with random source generated from resistor /semiconductor noise and radioactive decay. A hypothetical HRNG model was proposed: the analog noise is collected, and fed into an amplifier. Then the amplified analog signal was digitalized into 0s and 1s. The following corrector makes the data unbiased by bringing the average value close to 0.5. Finally, the unbiased data serve as the random numbers for application.
   The author made statistical test for HRNG and pointed out the ways to find defects. The tests are conducted on different phases of hypothetical HRNG model. Several defects may worth noticing: 1. the bias may drift over time; 2. the adjacent bits may correlate; 3. new frequency may appear with external electrical interference; 4 semiconductor noises tends to be of low frequency.
   
2. A Noise-Based IC Random Number Generator for Applications in Cryptography
   Craig S. Petrie, Member, IEEE, and J. Alvin Connelly, Fellow, IEEE
   Three common RNGs are discussed: 1. Direct Amplification; 2. Oscillator Sampling; 3. Discrete-Time Chaos. A new RNG is proposed which combine the advantages of these methods.
   The direct amplification method (1) has some intrinsic drawbacks in that it is more vulnerable to the nonrandom influences coupled into the white noise source. The nonrandom influence must be at least an order of magnitude below the random noise source for the direct amplification technique to maintain unaffected. The other two schemes are much more robust and thus have greater promise for mixed-signal environment. The ring oscillator (2) may not have enough level of jitter to produce statistical randomness. And the discrete-time chaos (3) obtains the randomness from robust dynamics rather than from noise, and the limit A/D resolution also brings nonrandomness.
   
3. An Integrated Analog/Digital Random Noise Source
   W. Timothy Holman, Member, IEEE, J. Alvin Connelly, Fellow, IEEE, and Ahmad B. Dowlatabadi, Member, IEEE
   In this paper, an integrated noise source is generated by amplifying the thermal noise of large transistors and digitalized to bit stream. There are two available wideband white noises in low voltage CMOS integrated circuits, the shot noise which is generated by current flowing across the p-n junction, and the thermal noise which is generated by the random electron motion in a resistor.
   
4. The Intel® random number generator
   Cryptography Research, Inc. White Paper Prepared for Intel Corporation
   Intel RNG adopts the Oscillator Sampling approach, which samples the thermal noise present in un-driven resistors and reduces the nonrandom influences such as electromagnetic radiation, temperature, and power supply fluctuation by subtracting the signals sampled from two adjacent resistors. The thermal noise is used to modulate the frequency of a slower clock so that the slow oscillator frequency is significantly perturbed by the noise. The fast clock signal is sampled on the rising edge of the slower clock using flip-flop.
   
5. InitialSRAMState as a Fingerprint and Source of True Random Numbers for RFID Tags
   Daniel E. Holcomb, Wayne P. Burleson, and Kevin Fu
   This paper explores the manufacture-time variation to provide identity and utilizes run-time physically random noise to produce random numbers within the memory cell. Once the power is applied, the memory cell that has large transistor threshold mismatches are heavily skewed towards one state, which can be used for identification/fingerprint; while the one with well matched thresholds are highly sensitive to noise, which can be used for RNG. However, the drawback is that only one random number can be generated per power on.
   
6. PUF-Based Random Number Generation
   Charles W. O’Donnell, G. Edward Suh, and Srinivas Devadas
   Leveraging on the variation during manufacturing process, the same PUF structure could behave as different hash function on chips after manufacture. The silicon PUF explores the circuit delay and race condition so that given a challenge to the PUF, the response is unique to the chip.
   To generate a random number, a confirmed random number is fed into the PUF structure as challenge and the response from the PUF is unbiased and checked to confirm its randomness. Then this random number combined with some other data is fed into the PUF again. Through this iterative procedure, it is believed the PUF can generate random numbers due to the inherent unpredictability of the PUF response.
   

PART II Methodology and Simulation:

We plan to test the effects of different approaches to implement HRNG using PTM model and Monte Carlo simulation. To get familiar with these tools, we studied the cadence SKILL programming language, the ocean script, the netlist and spectre simulator. We also did the Monte Carlo analysis for a simple inverter and the Monte Carlo analysis for a memory cell is on the way.
Here attached is the simulation result of Monte Carlo analysis with PTM models using ocean script.

To perform the Monte Carlo analysis for memory cell, we need to extract the netlist for memory cell and changes the ocean scripts accordingly, especially the parameters for monteCarlo() and monteExpr() function in the script. We are still working on it and looking through the spectre document which covers the Monte Carlo Analysis.

PART III Research Plan:

Phase 1: (before proposal)

1. Get familiar with the simulation tools
2. Survey the research in the HRNG area
3. Identify the nondeterministic parts in a typical integrated circuit, such as

thermal noise, shot noise, flicker noise with resistor

radioactive decay

circuit delay, PUF, subthreshold dependency on process variation

race condition

crosstalk, power supply noise, substrate noise, clock signal, oscillator jitter

1. Construct a general idea of HRNG
   Our general idea is that due to the high sensitivity of subthreshold circuit to the process variation and noise, it could be useful in generating identity and random source. The advantage of using subthreshold circuit to generate random number over InitialSRAMState (paper 5) is that potentially, the subthreshold circuit doesn’t have to power up again everytime to generate a new random number.
   We try to investigate into the possibility of harnessing the vulnerability to noise influence of sub-threshold circuits for designing a HRNG. Circuits working in sub-threshold region are especially prone to be influenced by process variation, noise signal and other environmental randomness. By combining the design techniques of RNG based on bitcell, PUFs and oscillators, and knowledge into sub-threshold circuits, we can look into constructing a new HRNG and test its performance.
   

Phase 2: (after proposal)

1. Experiment and scrutinize several typical approaches in HRNG design and summarize their pros/cons
2. Complete our design of HRNG
3. Do the simulation to verify our HRNG and compare with others.