Security IP icon


TRNG-IP-76 / EIP-76 Family of FIPS Approved True Random Generators

The TRNG-IP-76 (EIP-76) is a FIPS approved IP core for true random number generation. Designed for easy integration the 100% digital standard cell based TRNG-IP-76 random number generator provides a reliable and cost-effective Embedded IP solution for our customer’s SoCs.

True Random Number Generator, FIPS-140 approved.

High performance, low power, fully digital, standard cell only, supports all CMOS nodes.

Implements NIST approved SP800-90 NRBGs and DRBGs.

How the TRNG-IP-76 works

True Random Number Generators (TRNGs) are typically deployed in semiconductors for secure data communications, secure electronic transactions, and secure data storage. They are typically used for generation of keys, initialization vectors, cookies, and nonces. The TRNGs can also be used for statistical sampling, timers in communications protocols, as well as noise generation.

To provide a hardware-based, nondeterministic noise source the TRNG-IP-76 uses a state of the art reliable Shot Noise oscillator implementation allowing operation across very wide PVT ranges as encountered in modern small-feature size (45nm and below) semiconductors. The Shot Noise oscillators create unpredictable jittering output when asynchronously sampled by the system clock provided to the TRNGs. The outputs from the shot noise generators feed a complex, non-linear combinatorial circuit that produces the final TRNG output. This function is referred to as a hardware-implemented Non-deterministic Random Bit Generator (NRBG).

TRNG-IP-76 family of FIPS approved True Random Generators
TRNG-IP-76 family of FIPS approved True Random Generators

The TRNGs are designed for compliance with Federal Information Processing Standards (FIPS) Publication 140-2, facilitating system certification to this standard. The design is compliant with the latest versions for NIST SP80-900a/b/c, NIST SP80-900 Deterministic Random Bit Generator (DRBG) are available for the required post processing.

Introduction to Side-Channel Attacks eBook

Introduction to Side-Channel Attacks

Side-channel attacks conducted against electronic gear are relatively simple and inexpensive to execute. Such attacks include simple power analysis (SPA) and Differential Power Analysis (DPA). As all physical electronic systems routinely leak information, effective side-channel countermeasures should be implemented at the design stage to ensure protection of sensitive keys and data.

TRNG-IP-76 Information

Key benefits:

  • Silicon-proven implementation.
  • FIPS approved in Vault-IP
  • Fast and easy to integrate into SoCs.
  • Flexible layered design.
  • Complete range of configurations.
  • World-class technical support.
  • Driver Development Kit.

All configurations operate with four or eight Free Running Oscillators (FROs). Standard configurations of the TRNG-IP-76 include

  • TRNG-IP-76a-8: base configuration with 8 FROs
  • TRNG-IP-76d-8-SHA2: 8 FROs and DRBG
  • TRNG-IP-76d-8-BC_DF: 8 FROs, DRBG with BC_DF.

In addition to this base functionality, the TRNG-IP-76 offers several configurable options that are described in SP800-IP-90:

  • A SHA-2 based conditioning function, can be embedded in the NRBG. These conditioning functions append their previous output value to the Noise Source input string to smooth out variations in Noise Source behavior.
  • A Deterministic Random Bit Generator, (DRBG) using AES-256 as the underlying block cipher, can be added.

The TRNG-IP-76 is a Security Aware design:

  • Patented test circuits on the oscillators to detect locking to periodic signals.
  • Repeating output data detection on NRBG and DRBG (compliant with FIPS-140).
  • Hardware implemented ‘Repetition Count’ and ‘Adaptive Proportion’ tests on the Noise Source (compliant with FIPS-140).
  • Continuous tests on the Noise Source (compliant with AIS-31): ‘monobit test’, ‘poker test’, ‘runs test’, ‘long runs test’ and ‘Noise Source failure’.
  • Secure random data buffer wipe-after-read and zeroize functions (compliant with FIPS-140).
  • Secure reading mode where data is only available on request, for a (configurable) limited time.
  • Automatic shutdown on fatal errors.
  • Various on-line and off-line integrity and known-answer tests on the Conditioning Function, DRBG and self-test circuits.

Upcoming Webinar: AI Requires Tailored DRAM Solutions