TRNG-IP-76 FIPS-Certified True Random Number Generators

The TRNG-IP-76 is a FIPS-compliant IP core for True Random Number Generation (TRNG) with an optional post-processor and several internal self-tests. Designed for easy integration into ASICs and SOCs, the 100% digital standard cell based TRNG-IP-76 provides a reliable and cost-effective embedded IP solution for our customer’s SoCs.

True Random Number Generator, FIPS-140 SP800-90A/B compliant.
High performance, low power, fully digital, standard cell only, supports all CMOS nodes.

Certified per NIST SP800-90A/B for NRBGs and DRBGs as part of the RT-130 Root of Trust.

How the TRNG-IP-76 works

TRNGs are typically deployed in semiconductors for securing data communications, electronic transactions, and data storage. They are used for generation of keys, initialization vectors, cookies, and nonces. Additionally, TRNGs can also be used for statistical sampling, communications protocol timers, as well as noise generation.

In providing a hardware-based, nondeterministic noise source, the TRNG-IP-76 uses a state-of-the-art reliable shot noise oscillator implementation. This  allows stable operation across very wide process, voltage, and temperature (PVT) ranges, as required for modern process node (45nm and below) semiconductors.

The shot noise oscillators create an unpredictable jittering output when asynchronously sampled by the system clock provided to the TRNGs. The outputs from the shot noise generators feed a complex, non-linear combinatorial circuit that produces the final TRNG output. This function is referred to as a hardware-implemented Non-deterministic Random Bit Generator (NRBG).

TRNG-IP-76 (EIP-76) family of FIPS approved True Random Generators
TRNG-IP-76 (EIP-76) family of FIPS approved True Random Generators

The TRNG-IP-76 is a security aware design:

  • Patented test circuits on the oscillators that detect locking to periodic signals.
  • Repeating output data detection on NRBG and DRBG (compliant with FIPS-140).
  • Hardware-implemented ‘Repetition Count’ and ‘Adaptive Proportion’ tests on the Noise Source (compliant with FIPS-140).
  • Continuous tests on the Noise Source (compliant with AIS-31): ‘monobit test’, ‘poker test’, ‘runs test’, ‘long runs test’ and ‘Noise Source failure’.
  • Secure random data buffer wipe-after-read and zeroize functions (compliant with FIPS-140).
  • Secure reading mode where data is only available on request, for a (configurable) limited time.
  • Automatic shutdown on fatal errors.
  • Various on-line and off-line integrity and known-answer tests on the Conditioning Function, DRBG and self-test circuits.
 

The TRNG-IP-76 is compliant with Federal Information Processing Standards (FIPS) Publication 140-2, facilitating system certification. The design is compliant with the latest versions for NIST SP800-90A/B/C. A NIST SP800-90 Deterministic Random Bit Generator (DRBG) is available for the required post processing. The TRNG-IP-76 is FIPS-approved when integrated into Rambus Root of Trust solutions.

The TRNG-IP-76 is silicon proven, and its flexible, layered design makes it easy to integrate into SoCs. A driver development kit is included.

Introduction to Side-Channel Attacks eBook

Introduction to Side-Channel Attacks

Side-channel attacks conducted against electronic gear are relatively simple and inexpensive to execute. Such attacks include simple power analysis (SPA) and Differential Power Analysis (DPA). As all physical electronic systems routinely leak information, effective side-channel countermeasures should be implemented at the design stage to ensure protection of sensitive keys and data.

Rambus logo