Cryptography depends on entropy. More specifically, every cryptographic protocol requires a source of non-deterministic (random) data to seed its security algorithms. While entropy is everywhere and, per the second law of thermodynamics, always increasing, it is exceedingly hard to create an unpredictable, statistically independent, uniformly distributed and protected source of data. In other words, creating a true random number generator is quite the feat.
Demonstrating that one has successfully done so requires rigorous proof. To that end, NIST developed the Special Publication (SP) 800-90 series of standards for the construction and validation of Random Bit Generators (RBGs). As NIST describes in the scope of these publications, the SP 800-90 series “provide a basis of validation by NIST’s Cryptographic Algorithm Validation Program (CAVP) and Cryptographic Module Validation Program (CMVP)” for FIPS 140-2 and FIPS 140-3 certification.
SP 800-90B lays out the rigorous design and testing requirements for entropy sources. To date, only three parties have successfully certified their products against this standard, and only one for IP that chip designers can incorporate into their SoCs and FPGAs: Rambus with its TRNG-IP-76 True Random Number Generator.
The Rambus TRNG-IP-76 True Random Number Generator is offered to our customers as a fully digital standard cell design and comes in a variety of configurations ranging from “an entropy only” NRBG (non-deterministic random bit generator) to complete solutions with AIS-31 HW diagnostics, SHA-2 conditioning and a FIPS 140 compliant DRBG (deterministic random bit generator).
While the TRNG-IP-76 can be implemented as a discrete security core, there’s even better news for customers. The TRNG-IP-76 is incorporated into the Rambus Root of Trust RT-100 series solutions which have achieved FIPS 140-2 CMVP certification. The same TRNG-IP-76 is also incorporated into specific Rambus Root of Trust RT-630 and RT-660 configurations that are currently being evaluated against FIPS 140-2 CMVP certification. Designed to be integrated in power and space-constrained SoCs or FPGAs, the RT-100 and RT-600 series Root of Trust hardware cores guard the most sensitive assets on chips and establish the foundation for platform security.
Leave a Reply