[go: up one dir, main page]

TW202147097A - Physical unclonable function based true random number generator and method for generating true random numbers - Google Patents

Physical unclonable function based true random number generator and method for generating true random numbers Download PDF

Info

Publication number
TW202147097A
TW202147097A TW110118674A TW110118674A TW202147097A TW 202147097 A TW202147097 A TW 202147097A TW 110118674 A TW110118674 A TW 110118674A TW 110118674 A TW110118674 A TW 110118674A TW 202147097 A TW202147097 A TW 202147097A
Authority
TW
Taiwan
Prior art keywords
seed
random number
entropy
circuit
volatile memory
Prior art date
Application number
TW110118674A
Other languages
Chinese (zh)
Other versions
TWI782540B (en
Inventor
游鈞元
劉用翔
莊愷莘
Original Assignee
熵碼科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/211,799 external-priority patent/US11487505B2/en
Application filed by 熵碼科技股份有限公司 filed Critical 熵碼科技股份有限公司
Publication of TW202147097A publication Critical patent/TW202147097A/en
Application granted granted Critical
Publication of TWI782540B publication Critical patent/TWI782540B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Physics (AREA)
  • Computational Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Semiconductor Integrated Circuits (AREA)
  • Seasonings (AREA)
  • Saccharide Compounds (AREA)
  • Adhesives Or Adhesive Processes (AREA)
  • Storage Device Security (AREA)

Abstract

A Physical Unclonable Function (PUF) based true random number generator (TRNG) and a method for generating true random numbers are provided. The PUF based TRNG may include a first obfuscation circuit, a cryptography circuit coupled to the first obfuscation circuit, and a second obfuscation circuit coupled to the cryptography circuit. The first obfuscation circuit obtains a first PUF value from a PUF pool of the electronic device, and performs a first obfuscation function on a preliminary seed based on the first PUF value to generate a final seed. The cryptography circuit utilizes the final seed as a key of a cryptography function to generate preliminary random numbers. The second obfuscation circuit obtains a second PUF value from the PUF pool, and performs a second obfuscation function on the preliminary random numbers based on the second PUF value to generate final random numbers.

Description

基於物理不可複製功能的真隨機數產生器以及用於產生真隨機數的方法A true random number generator based on a physically unreproducible function and a method for generating true random numbers

本發明係關於真隨機數產生器,尤指一種基於物理不可複製功能的真隨機數產生器以及用於產生真隨機數的方法。The present invention relates to a true random number generator, especially a true random number generator based on a physical non-reproducible function and a method for generating true random numbers.

物理不可複製功能可視為晶片上的指紋,由於不同晶片的物理特性會因為製造過程中的某些不可控因素而有些微差異,這些差異是無法被複製或預測的,因此可被用以當作靜態熵(entropy)值以用於資安相關應用。在某些相關技術中,物理不可複製功能池在電子裝置中需要儲存空間,尤其,為了改善基於物理不可複製功能的輸出值的隨機性,所需的硬體資運也會相應地增加。因此,需要一種新穎的架構以及相關方法,以在沒有副作用或較不會帶來副作用的情況下改善基於物理不可複製功能的真隨機數產生器的輸出隨機性。The physical non-reproducible function can be regarded as the fingerprint on the wafer. Since the physical characteristics of different wafers will be slightly different due to some uncontrollable factors in the manufacturing process, these differences cannot be reproduced or predicted, so they can be used as Static entropy value for information security related applications. In some related technologies, the physical non-replicable function pool requires storage space in the electronic device. In particular, in order to improve the randomness of the output value based on the physical non-replicable function, the required hardware resources will also increase accordingly. Therefore, there is a need for a novel architecture and related methods to improve the output randomness of physically non-reproducible function based true random number generators with no or less side effects.

因此,本發明的目的在於提供一種基於物理不可複製功能的真隨機數產生器以及用於產生真隨機數的方法,以在不大幅增加整體硬體成本的情況下改善基於物理不可複製功能的真隨機數產生器的整體效能。Therefore, the object of the present invention is to provide a true random number generator based on a physical non-replicable function and a method for generating a true random number, so as to improve the true random number based on the physical non-replicable function without greatly increasing the overall hardware cost. The overall performance of the random number generator.

本發明至少一實施例提供一種用於一電子裝置之基於物理不可複製功能(Physical Unclonable Function, PUF)的真隨機數產生器。該基於物理不可複製功能的真隨機數產生器可包含一第一混淆(obfuscation)電路、耦接至該第一混淆電路的一密碼(cryptography)電路、以及耦接至該密碼電路的一第二混淆電路。該第一混淆電路是用以自該電子裝置的一物理不可複製功能池取得一第一物理不可複製功能值,並且基於該第一物理不可複製功能值對一初步種子進行一第一混淆功能以產生一最終種子。該密碼電路是用以利用該最終種子作為一密碼功能的一金鑰(key)以產生一初步隨機數序列。該第二混淆電路是用以自該物理不可複製功能池取得一第二物理不可複製功能值,並且基於該第二物理不可複製功能值對該初步隨機數序列進行一第二混淆功能以產生一最終隨機數序列。At least one embodiment of the present invention provides a true random number generator based on a Physical Unclonable Function (PUF) for an electronic device. The physically non-replicable function-based true random number generator may include a first obfuscation circuit, a cryptography circuit coupled to the first obfuscation circuit, and a second cryptography circuit coupled to the cryptographic circuit Obfuscated circuit. The first obfuscation circuit is used to obtain a first physical non-replicable function value from a physical non-replicable function pool of the electronic device, and perform a first obfuscation function on a preliminary seed based on the first physical non-replicable function value to produces a final seed. The cryptographic circuit is used for generating a preliminary random number sequence using the final seed as a key for a cryptographic function. The second obfuscation circuit is used to obtain a second physical non-replicable function value from the physical non-replicable function pool, and perform a second obfuscation function on the preliminary random number sequence based on the second physical non-replicable function value to generate a The final random number sequence.

本發明的至少一實施例提供了一種用於產生真隨機數的方法,其中該方法是可應用於(applicable to)一電子裝置。該方法可包含:利用一第一混淆電路基於一第一物理不可複製功能值對一初步種子進行一第一混淆功能以產生一最終種子;利用一密碼電路將該最終種子當作一密碼功能的一金鑰以產生一初步隨機數序列;以及利用一第二混淆電路基於一第二物理不可複製功能值對該初步隨機數序列進行一第二混淆功能以產生一最終隨機數序列。尤其,該第一物理不可複製功能值以及該第二物理不可複製功能值是自該電子裝置的一物理不可複製功能池取得。At least one embodiment of the present invention provides a method for generating true random numbers, wherein the method is applicable to an electronic device. The method may include: using a first obfuscation circuit to perform a first obfuscation function on a preliminary seed based on a first physical non-reproducible function value to generate a final seed; using a cryptographic circuit to treat the final seed as the result of a cryptographic function a key to generate a preliminary random number sequence; and using a second obfuscation circuit to perform a second obfuscation function on the preliminary random number sequence based on a second physical non-copyable function value to generate a final random number sequence. Especially, the first physical non-replicable function value and the second physical non-replicable function value are obtained from a physical non-replicable function pool of the electronic device.

本發明的實施例提供的基於物理不可複製功能的真隨機數產生器以及相關方法能以各種特性諸如密碼功能(例如良好的安全性、以及良好的偽隨機性)、動態熵(例如提供「活的」(live)熵給系統,尤指該電子裝置)以及靜態熵(例如物理不可複製功能,其可視為晶片上的指紋)來提升整體效能。因此,本發明的實施例能在沒有副作用或較不會帶來副作用的情況下改善基於物理不可複製功能的真隨機數產生器的安全性以及輸出隨機性。The physical non-replicable function-based true random number generator and related methods provided by the embodiments of the present invention can have various characteristics such as cryptographic functions (such as good security, and good pseudo-randomness), dynamic entropy (such as providing "live" "live" entropy to the system, especially the electronic device) and static entropy (such as physical non-reproducible functions, which can be viewed as fingerprints on the chip) to improve overall performance. Therefore, embodiments of the present invention can improve the security and output randomness of a true random number generator based on a physically non-replicable function with no or less side effects.

第1圖為依據本發明一實施例之一電子裝置10的示意圖,其中電子裝置10可包含一物理不可複製功能(Physical Unclonable Function,簡稱PUF)池15、以及耦接至PUF池15的一基於PUF的真隨機數產生器100。如第1圖所示,基於PUF的真隨機數產生器100可包含一第一混淆(obfuscation)電路諸如混淆電路110、一密碼(cryptography)電路120、以及一第二混淆電路諸如混淆電路130,其中密碼電路120耦接至混淆電路110,而混淆電路130耦接至密碼電路120。在本實施例中,混淆電路110可用來自PUF池15取得一第一PUF值諸如PUF值PUF1,並且基於PUF值PUF1對一初步種子進行一第一混淆功能以產生一最終種子SEEDFINAL 。密碼電路120可用來利用最終種子SEEDFINAL 作為一密碼功能的一金鑰(key)以產生一初步隨機數序列{RNPRE }。例如,密碼電路120可進行DES、AES、RSA或MD5的密碼演算法。混淆電路130可用來自PUF池15取得一第二PUF值諸如PUF值PUF2,並且基於PUF值PUF2對初步隨機數序列{RNPRE }進行一第二混淆功能以產生一序列最終隨機數{RNFINAL },其中最終隨機數序列{RNFINAL }中的每個隨機數在需要時可作為基於PUF的真隨機數產生器100的一輸出隨機數。FIG. 1 is a schematic diagram of an electronic device 10 according to an embodiment of the present invention, wherein the electronic device 10 may include a Physical Unclonable Function (PUF) pool 15 and a base coupled to the PUF pool 15 True random number generator 100 for PUF. As shown in FIG. 1, the PUF-based true random number generator 100 may include a first obfuscation circuit such as obfuscation circuit 110, a cryptography circuit 120, and a second obfuscation circuit such as obfuscation circuit 130, The encryption circuit 120 is coupled to the obfuscation circuit 110 , and the obfuscation circuit 130 is coupled to the encryption circuit 120 . In this embodiment, the obfuscation circuit 110 can obtain a first PUF value such as the PUF value PUF1 from the PUF pool 15 and perform a first obfuscation function on a preliminary seed based on the PUF value PUF1 to generate a final seed SEED FINAL . The cryptographic circuit 120 can be used to generate a preliminary random number sequence {RN PRE } using the final seed SEED FINAL as a key for a cryptographic function. For example, the cryptographic circuit 120 may perform cryptographic algorithms of DES, AES, RSA or MD5. The obfuscation circuit 130 can obtain a second PUF value such as the PUF value PUF2 from the PUF pool 15 and perform a second obfuscation function on the preliminary random number sequence {RN PRE } based on the PUF value PUF2 to generate a sequence of final random numbers {RN FINAL } , wherein each random number in the final random number sequence {RN FINAL } can be used as an output random number of the PUF-based true random number generator 100 when needed.

在本實施例中,基於PUF的真隨機數產生器100可另包含一熵(entropy)電路140以用來提供一熵種子諸如動態熵種子SEEDDYN 以作為該初步種子。例如,熵電路140可至少包含一振盪器以用來輸出多個隨機單位元值。詳細來說,該振盪器能產生一週期性訊號,該週期性訊號是在一振盪頻率下於邏輯值「0」與邏輯值「1」之間變動,以及該週期性訊號的值是在一取樣頻率下被取樣(例如藉由建置在該振盪器的輸出端子的取樣器來取樣,其中該取樣器是由該取樣頻率來控制),以輸出該多個隨機單位元值,其中該取樣頻率異於該振盪頻率(例如該取樣頻率可低於該振盪頻率)。因為某些因素諸如溫度、雜訊等,該週期性訊號所產生的邏輯值「1」及邏輯值「0」會以隨機的方式被取樣,從而使得邏輯值「1」與邏輯值「0」隨機地出現在該多個隨機單位元值中。另外,不同晶片的物理特性會因為在製造過程中的某些不可控因素而有些微差異,這些差異是無法被複製或預測的,而差異會反映在電子裝置10的PUF池15中的PUF值(例如PUF1及PUF2)上。因此,這些PUF值可被視為晶片上的指紋,而在本實施例中這些PUF值提供了靜態熵。在某些實施例中,該第一PUF值可異於該第二PUF值(例如PUF1 ≠ PUF2)。In this embodiment, the PUF-based true random number generator 100 may further include an entropy circuit 140 for providing an entropy seed such as a dynamic entropy seed SEED DYN as the preliminary seed. For example, the entropy circuit 140 may include at least one oscillator for outputting a plurality of random unit cell values. Specifically, the oscillator can generate a periodic signal, the periodic signal varies between a logic value "0" and a logic value "1" at an oscillation frequency, and the value of the periodic signal is a is sampled at a sampling frequency (eg, by a sampler built at the output terminal of the oscillator, where the sampler is controlled by the sampling frequency) to output the plurality of random unit values, wherein the sampled The frequency is different from the oscillation frequency (eg, the sampling frequency can be lower than the oscillation frequency). Due to some factors such as temperature, noise, etc., the logic value "1" and the logic value "0" generated by the periodic signal will be sampled in a random manner, so that the logic value "1" and the logic value "0" occurs randomly among the plurality of random unit cell values. In addition, the physical properties of different wafers may vary slightly due to some uncontrollable factors in the manufacturing process. These differences cannot be replicated or predicted, and the differences will be reflected in the PUF value in the PUF pool 15 of the electronic device 10. (eg PUF1 and PUF2). Therefore, these PUF values can be considered as fingerprints on the wafer, and in this embodiment these PUF values provide static entropy. In some embodiments, the first PUF value may be different from the second PUF value (eg, PUF1 ≠ PUF2).

為了判斷一隨機數序列是否為可用的(available),該隨機數序列需要通過國家標準暨技術研究院(National Institute of Standards and Technology,簡稱NIST)-800-22所定義的某些測試項目。雖然基於一振盪器種子所產生的動態熵種子SEEDDYN 具有某個程度的隨機性,但動態熵種子SEEDDYN 可能仍然難以通過NIST-800-22的全部測試項目。例如,動態熵SEEDDYN 或許能通過二進制矩陣秩測試(binary matrix rank test)、非重疊模板匹配測試(non-overlapping template matching test)、線性複雜度測試(linear complexity test)以及隨機偏移變異測試(random excursion variant test),但可能無法通過頻率測試諸如單位元測試(monobit test)、區塊內頻率測試(frequency within a block test)、連串測試(runs test)、區塊內運行時間最長者測試(longest run ones in a block test)、離散傅立葉變換測試(discrete Fourier transform test)諸如離散傅立葉變換頻譜測試(discrete Fourier transform spectral test)、重疊模板匹配測試(Overlapping template matching test)、馬尤厄通用統計測試(Maurer’s universal statistical test)、串列測試(serial test)、近似熵測試、累積總和測試(cumulative sums test)以及隨機偏移測試(random excursion test)。然而,經過混淆電路110與密碼電路120的處理後,初步隨機數序列{RNPRE }能通過上列的全部測試項目。頻率(單位元)測試是用來偵測「0」與「1」出線的機率是否互相接近,連串測試是用來偵測最長的連續「0」與最長的連續「1」是否合理(例如是否低於一預定臨界值),非重疊模板匹配測試是用來偵測一隨機數序列的重複形態是否合理(例如判斷該形態是否規律地重複或隨機地重複)。由於這些測試項目是被定義在為人熟知的NIST-800-22標準,因此本領域中具通常知識者理應了解這些測試項目的涵義,而相關細節為簡明起見在此不贅述。In order to determine whether a random number sequence is available, the random number sequence needs to pass certain test items defined by the National Institute of Standards and Technology (NIST)-800-22. Although the dynamic entropy seed SEED DYN generated based on an oscillator seed has a certain degree of randomness, the dynamic entropy seed SEED DYN may still fail to pass all the test items of NIST-800-22. For example, dynamic entropy SEED DYN might pass the binary matrix rank test, the non-overlapping template matching test, the linear complexity test, and the random offset mutation test ( random excursion variant test), but may fail frequency tests such as monobit test, frequency within a block test, runs test, longest running time in block test (longest run ones in a block test), discrete Fourier transform tests such as discrete Fourier transform spectral test, Overlapping template matching test, Mayuer general statistics Tests (Maurer's statistical universal test), serial test (serial test), approximate entropy test, cumulative sums test (cumulative sums test) and random excursion test (random excursion test). However, after processing by the obfuscation circuit 110 and the encryption circuit 120, the preliminary random number sequence {RN PRE } can pass all the above-mentioned test items. The frequency (unit) test is used to detect whether the probabilities of "0" and "1" are close to each other, and the serial test is used to detect whether the longest continuous "0" and the longest continuous "1" are reasonable ( For example, if it is below a predetermined threshold), the non-overlapping template matching test is used to detect whether the repeated pattern of a random number sequence is reasonable (for example, to determine whether the pattern repeats regularly or randomly). Since these test items are defined in the well-known NIST-800-22 standard, those with ordinary knowledge in the art should understand the meaning of these test items, and the relevant details are not repeated here for brevity.

在本實施例中,該第一混淆功能以及該第二混淆功能的任一者(例如每一者)可包含加法算數(例如加法運算)、乘法算數(例如乘法運算)、置換(permutation)、代換(substitution)、單向函式(one-way function)、加密(encryption)或其組合。例如,混淆電路110及130的任一者(例如每一者)可為互斥或(exclusive-OR, XOR)邏輯電路,以實施加法算術功能。本領域中具通常知識者理應了解如何實施與上述其他類型的混淆功能對應的邏輯電路,而相關細節為簡明起見在此不贅述。在某些實施例中,該第一混淆功能可和該第二混淆功能相同(例如混淆電路110及130可由相同類型的邏輯電路實施)。在某些實施例中,該第一混淆功能可異於該第二混淆功能(例如混淆電路110及130可由不同類型的邏輯電路實施)。當混淆電路110及130的每一者均為互斥或邏輯電路時,混淆電路110對動態熵種子SEEDDYN 與PUF值PUF1進行互斥或運作以產生最終種子SEEDFINAL ,而混淆電路130對初步隨機數序列{RNPRE }與PUF值PUF2進行互斥或運作以產生最終隨機數序列{RNFINAL }。In this embodiment, any (eg, each) of the first obfuscation function and the second obfuscation function may include addition arithmetic (eg, addition), multiplication (eg, multiplication), permutation, Substitution, one-way function, encryption, or a combination thereof. For example, any (eg, each) of obfuscation circuits 110 and 130 may be an exclusive-OR (XOR) logic circuit to implement an additive arithmetic function. Those skilled in the art should understand how to implement logic circuits corresponding to the other types of obfuscation functions mentioned above, and the related details are not repeated here for the sake of brevity. In some embodiments, the first obfuscation function may be the same as the second obfuscation function (eg, obfuscation circuits 110 and 130 may be implemented by the same type of logic circuits). In some embodiments, the first obfuscation function may be different from the second obfuscation function (eg, obfuscation circuits 110 and 130 may be implemented by different types of logic circuits). When each of the obfuscation circuits 110 and 130 are mutually exclusive OR logic circuits, the obfuscation circuit 110 performs a mutually exclusive OR operation on the dynamic entropy seed SEED DYN and the PUF value PUF1 to generate the final seed SEED FINAL , while the obfuscation circuit 130 performs an exclusive OR operation on the initial seed SEED FINAL . The random number sequence {RN PRE } is mutually exclusive ORed with the PUF value PUF2 to generate the final random number sequence {RN FINAL }.

在一實施例中,混淆電路110可將該初步種子諸如動態熵種子SEEDDYN 與PUF值PUF1進行串接(concatenation),例如藉由依序地排列動態熵種子SEEDDYN 與PUF值PUF1,以產生最終種子SEEDFINAL 。例如,假設動態熵種子SEEDDYN 為M位元數位值而PUF值PUF1為N位元數位值,而混淆電路110可將動態熵種子SEEDDYN 作為最終種子SEEDFINAL 的前M個位元並且另將PUF值PUF1作為最終種子SEEDFINAL 的後N個位元,以產生M+N位元的最終種子SEEDFINALIn one embodiment, the obfuscation circuit 110 may concatenate the preliminary seeds such as the dynamic entropy seed SEED DYN and the PUF value PUF1, eg, by sequentially arranging the dynamic entropy seed SEED DYN and the PUF value PUF1, to generate the final Seed SEED FINAL . For example, assuming that the dynamic entropy seed SEED DYN is an M-bit value and the PUF value PUF1 is an N-bit value, the obfuscation circuit 110 may use the dynamic entropy seed SEED DYN as the first M bits of the final seed SEED FINAL and add another after the final PUF value PUF1 seed sEED fINAL as the N bits to produce the final seed sEED fINAL M + N bits.

在一實施例中,該密碼功能可包含一密文函式(cipher function)(例如串流加密(stream cipher)諸如Trivium密碼)或雜湊函式(hash function)。當一特定金鑰(例如最終種子SEEDFINAL )被輸入至密碼電路120,一對應的位元串流會被輸出且此位元串流具備良好安全性與良好偽隨機性。若該金鑰在電子裝置10每一次開機時都時不變的,該對應的位元串流在每一次也會是不變的。為了進一步改善安全性與隨機性,密碼電路120所使用的金鑰可為動態的。由於最終種子SEEDFINAL 是基於動態熵種子SEEDDYN 以及PUF值PUF1產生的,初步隨機數序列{RNPRE }可帶有使用動態熵種子與PUF值PUF1的好處,從而改善安全性以及隨機性。此外,即使該密碼功能是藉由為人熟知的方法或標準實施,本領域具通常知識者依然難以自最終隨機數序列{RNFINAL }回溯以對該密碼功能進行解密(decipher),這是因為最終輸出(即{RNFINAL })是藉由混淆電路130基於不可預測的PUF值PUF2產生。因此,最終隨機數序列{RNFINAL }的安全性能被進一步提升。需注意的是,該密碼功能並不限於特定類型的密碼功能,而某些為人熟知的演算法也能被採用於本發明的密碼功能。In one embodiment, the cryptographic function may include a cipher function (eg, a stream cipher such as Trivium cipher) or a hash function. When a specific key (eg, the final seed SEED FINAL ) is input to the cryptographic circuit 120 , a corresponding bit stream is output with good security and good pseudo-randomness. If the key is constant every time the electronic device 10 is turned on, the corresponding bit stream will also be constant every time. To further improve security and randomness, the key used by the cryptographic circuit 120 may be dynamic. Since the final seed SEED FINAL is generated based on the dynamic entropy seed SEED DYN and the PUF value PUF1, the preliminary random number sequence {RN PRE } can have the benefit of using the dynamic entropy seed and the PUF value PUF1, thereby improving security and randomness. Furthermore, even if the cryptographic function is implemented by well-known methods or standards, it is still difficult for those skilled in the art to backtrack from the final random number sequence {RN FINAL } to decipher the cryptographic function, because The final output (ie {RN FINAL }) is generated by the obfuscation circuit 130 based on the unpredictable PUF value PUF2. Therefore, the security performance of the final random number sequence {RN FINAL } is further improved. It should be noted that the cryptographic function is not limited to a specific type of cryptographic function, and some well-known algorithms can also be used for the cryptographic function of the present invention.

第2圖為依據本發明一實施例之一電子裝置20的示意圖,其中電子裝置20可包含PUF池15、以及耦接至PUF池15的一基於PUF的真隨機數產生器200。第2圖的實施例與第1圖類似,而其主要差異在於基於PUF的真隨機數產生器200可包含一非揮發性記憶體(non-volatile memory, NVM)150(在圖中標示為「NVM」以求簡明)以用來提供該初步種子,尤其是提供儲存於非揮發性記憶體150內的一非揮發性記憶體種子(簡稱NVM種子)SEEDNVM 以作為該初步種子。另外,一反饋隨機數可在一或多個預定時間點被寫入非揮發性記憶體150,以更新儲存於非揮發性記憶體150內的NVM種子SEEDNVM 。在一實施例中,該反饋隨機數可自初步隨機數序列{RNPRE }取得,如第2圖所示。在另一實施例中,該反饋隨機數可自最終隨機數序列{RNFINAL }取得,如第3圖所示。與第1圖的實施例類似,最終隨機數序列{RNFINAL }中的每個隨機數在需要時可作為基於PUF的真隨機數產生器200的一輸出隨機數。2 is a schematic diagram of an electronic device 20 according to an embodiment of the present invention, wherein the electronic device 20 may include a PUF pool 15 and a PUF-based true random number generator 200 coupled to the PUF pool 15 . The embodiment of FIG. 2 is similar to that of FIG. 1, but the main difference is that the PUF-based true random number generator 200 may include a non-volatile memory (NVM) 150 (marked as "NVM" for simplicity) is used to provide the preliminary seed, especially a non-volatile memory seed (NVM seed for short) SEED NVM stored in the non-volatile memory 150 is provided as the preliminary seed. In addition, a feedback random number can be written into the non-volatile memory 150 at one or more predetermined time points to update the NVM seed SEED NVM stored in the non-volatile memory 150 . In one embodiment, the feedback random number can be obtained from a preliminary random number sequence {RN PRE }, as shown in FIG. 2 . In another embodiment, the feedback random number can be obtained from the final random number sequence {RN FINAL }, as shown in FIG. 3 . Similar to the embodiment of FIG. 1 , each random number in the final random number sequence {RN FINAL } can be used as an output random number of the PUF-based true random number generator 200 when needed.

需注意的是,更新儲存於非揮發性記憶體150內的NVM種子SEEDNVM 的時間點並非對本發明的限制。例如,該反饋隨機數可為初步隨機數序列{RNPRE }或最終隨機數序列{RNFINAL }於電子裝置20開機後的第一個隨機數,而一旦第一個隨機數被產生,這個第一個隨機數即可被寫入非揮發性記憶體150中。又例如,該反饋隨機數可每隔一段預定時間區間就將該反饋隨機數寫入非揮發性記憶體150以更新NVM種子SEEDNVM 。又例如,當電子裝置20接收到關機指令時,該反饋隨機數可為初步隨機數序列{RNPRE }或最終隨機數序列{RNFINAL }於電子裝置20開機後的最新的隨機數,而該最新的隨機數可在電子裝置20被關閉前寫入非揮發性記憶體150以更新NVM種子SEEDNVM It should be noted that the time point of updating the NVM seed SEED NVM stored in the non-volatile memory 150 is not a limitation of the present invention. For example, the feedback random number can be the first random number of the preliminary random number sequence {RN PRE } or the final random number sequence {RN FINAL } after the electronic device 20 is powered on, and once the first random number is generated, the first random number is generated. A random number can be written into the non-volatile memory 150 . For another example, the feedback random number can be written into the non-volatile memory 150 every predetermined time interval to update the NVM seed SEED NVM . For another example, when the electronic device 20 receives a shutdown command, the feedback random number may be the latest random number of the preliminary random number sequence {RN PRE } or the final random number sequence {RN FINAL } after the electronic device 20 is powered on, and the The latest random number can be written to the non-volatile memory 150 to update the NVM seed SEED NVM before the electronic device 20 is turned off.

第4圖為依據本發明一實施例之一電子裝置40的示意圖。如第4圖所示,電子裝置40可包含PUF池15、以及耦接至PUF池15的一基於PUF的真隨機數產生器400,其中基於PUF的真隨機數產生器400可視為第1圖所示之基於PUF的真隨機數產生器100、第2圖與第3圖中任一者所示之基於PUF的真隨機數產生器200、以及一或多個額外電路的組合。具體來說,基於PUF的真隨機數產生器400可包含以上實施例所提及的混淆電路110、密碼電路120、混淆電路130、熵電路140以及非揮發性記憶體150,並且可另包含一測試電路諸如一健康測試電路160、以及一多工器(multiplexer, MUX)170(在圖中標示為「MUX」以求簡明)。在本實施例中,健康測試電路160耦接至熵電路140,而多工器170耦接至熵電路140、非揮發性記憶體150以及健康測試電路160。例如,健康測試電路160可用來測試動態熵種子SEEDDYN (或任意與熵電路140的運作相關的資料/訊號)以產生一測試結果TEST,尤其健康測試電路160是對動態熵種子SEEDDYN 進行健康程度測試,而多工器170可用來因應測試結果TEST從動態熵種子SEEDDYN 與NVM種子SEEDNVM 選擇其中一者,以供作為該初步種子(例如SEEDPRE )被輸出至混淆電路110。FIG. 4 is a schematic diagram of an electronic device 40 according to an embodiment of the present invention. As shown in FIG. 4 , the electronic device 40 may include a PUF pool 15 and a PUF-based true random number generator 400 coupled to the PUF pool 15 , wherein the PUF-based true random number generator 400 can be regarded as FIG. 1 A combination of the PUF-based true random number generator 100 shown, the PUF-based true random number generator 200 shown in any of Figures 2 and 3, and one or more additional circuits. Specifically, the PUF-based true random number generator 400 may include the obfuscation circuit 110 , the encryption circuit 120 , the obfuscation circuit 130 , the entropy circuit 140 and the non-volatile memory 150 mentioned in the above embodiments, and may further include a Test circuits such as a health test circuit 160 and a multiplexer (MUX) 170 (labeled as "MUX" in the figure for simplicity). In this embodiment, the health test circuit 160 is coupled to the entropy circuit 140 , and the multiplexer 170 is coupled to the entropy circuit 140 , the non-volatile memory 150 and the health test circuit 160 . For example, the health test circuit 160 can be used to test the dynamic entropy seed SEED DYN (or any data/signal related to the operation of the entropy circuit 140 ) to generate a test result TEST, especially the health test circuit 160 is used to test the health of the dynamic entropy seed SEED DYN The multiplexer 170 can be used to select one of the dynamic entropy seed SEED DYN and the NVM seed SEED NVM according to the test result TEST to be output to the obfuscation circuit 110 as the preliminary seed (eg SEED PRE ).

具體來說,當測試結果TEST指出熵電路140處在一健康狀態時,多工器170可選擇動態熵種子SEEDDYN 作為初步種子SEEDPRE ,而當測試結果TEST指出熵電路140處在一非健康狀態時,多工器170可選擇NVM種子SEEDNVM 作為初步種子SEEDPRE 。例如,健康測試電路160能每隔一段預定時間區間自熵電路140中的振盪器收集一次某個數量的隨機單位元值以作為一組資料。若健康測試電路160偵測到一組資料內的邏輯值「0」(或邏輯值「1」)的覆蓋率落在一預定範圍內(例如自20%至80%),健康測試電路160可輸出帶有第一邏輯狀態(例如「0」)的測試結果TEST以指出熵電路140是「健康的」,並且多工器170可選擇動態熵種子SEEDDYN 作為初步種子SEEDPRE 。若健康測試電路160偵測到一組資料內的邏輯值「0」(或邏輯值「1」)的覆蓋率並未落在該預定範圍內(例如大於一預定上限諸如80%或低於一預定下限諸如20%),健康測試電路160可輸出帶有第二邏輯狀態(例如「1」)的測試結果TEST以指出熵電路140是「不健康的」,並且多工器170可選擇NVM種子SEEDNVM 作為初步種子SEEDPRE 。需注意的是,與上述至少一測試相關的詳細運作僅為了說明之目的,並非對本發明的限制,例如NIST-800-22標準所定義的測試項目中的一或多者也能被採用於上述至少一測試。Specifically, when the test result TEST indicates that the entropy circuit 140 is in a healthy state, the multiplexer 170 may select the dynamic entropy seed SEED DYN as the preliminary seed SEED PRE , and when the test result TEST indicates that the entropy circuit 140 is in a non-healthy state state, the multiplexer 170 may select the NVM seed SEED NVM as the preliminary seed SEED PRE . For example, the health test circuit 160 can collect a certain number of random unit cell values from the oscillator in the entropy circuit 140 every predetermined time interval as a set of data. If the health test circuit 160 detects that the coverage of the logical value "0" (or the logical value "1") in a set of data falls within a predetermined range (eg, from 20% to 80%), the health test circuit 160 may A test result TEST with a first logic state (eg, "0") is output to indicate that the entropy circuit 140 is "healthy" and the multiplexer 170 may select the dynamic entropy seed SEED DYN as the preliminary seed SEED PRE . If the health test circuit 160 detects that the coverage of the logical value "0" (or the logical value "1") in a set of data does not fall within the predetermined range (eg, greater than a predetermined upper limit such as 80% or less than a predetermined lower limit such as 20%), the health test circuit 160 may output a test result TEST with a second logic state (eg, "1") to indicate that the entropy circuit 140 is "unhealthy," and the multiplexer 170 may select the NVM seed SEED NVM as preliminary seed SEED PRE . It should be noted that the detailed operation related to the above at least one test is only for the purpose of illustration, and is not a limitation of the present invention. For example, one or more of the test items defined by the NIST-800-22 standard can also be used in the above. At least one test.

在某些情況下,熵電路140及非揮發性記憶體150中之任一者會有遭受從電子裝置40以外被駭/入侵(hack)或破壞的風險,從而導致安全性的問題。由於混淆電路110具有兩個來源以供取得初步種子SEEDPRE ,若熵電路140及非揮發性記憶體150的其中一者被駭/入侵或破壞,另一者能取而代之以提供初步種子SEEDPRE 。因此,基於PUF的真隨機數產生器400的強韌性與安全性能被提升。In some cases, either the entropy circuit 140 and the non-volatile memory 150 are at risk of being hacked/hacked or destroyed from outside the electronic device 40, resulting in security concerns. Since the obfuscation circuit 110 has two sources for obtaining the preliminary seed SEED PRE , if one of the entropy circuit 140 and the non-volatile memory 150 is hacked/hacked or corrupted, the other can take its place and provide the preliminary seed SEED PRE . Therefore, the robustness and security performance of the PUF-based true random number generator 400 are improved.

在某些實施例中,健康測試電路160可被省略,而多工器170能因應另一控制訊號以從動態熵種子SEEDDYN 與NVM種子SEEDNVM 選擇其中一者,以供被輸出為初步種子SEEDPRE ,其中這個控制訊號能從電子裝置40的外部取得。例如,藉由控制這個控制訊號的邏輯狀態,使用者能手動的控制多工器170從動態熵種子SEEDDYN 與NVM種子SEEDNVM 選擇其中一者以供被輸出為初步種子SEEDPRE ,而健康測試電路160可被省略,但本發明不限於此。In some embodiments, the health test circuit 160 can be omitted, and the multiplexer 170 can select one of the dynamic entropy seeds SEED DYN and NVM seeds SEED NVM in response to another control signal to be output as a preliminary seed SEED PRE , wherein the control signal can be obtained from outside the electronic device 40 . For example, by controlling the logic state of the control signal, the user can manually control the multiplexer 170 to select one of the dynamic entropy seeds SEED DYN and the NVM seed SEED NVM to be output as the preliminary seed SEED PRE , and the health test The circuit 160 may be omitted, but the present invention is not limited thereto.

第5圖為依據本發明一實施例之一電子裝置50的示意圖。如第5圖所示,電子裝置50可包含PUF池15、以及耦接至PUF池15的一基於PUF的真隨機數產生器500,其中基於PUF的真隨機數產生器500可被視為第4圖所示之基於PUF的真隨機數產生器400的例子,而健康測試電路160並未繪示於第5圖以求簡明。具體來說,第5圖繪示了熵電路140的實施細節。在本實施例中,熵電路140可包含一振盪器141、以及耦接至振盪器141的一收集電路諸如選擇性熵收集器(selective entropy collector)145,其中振盪器141可用來輸出一隨機控制位元SEL(例如上述多個隨機單位元值的每一者),而選擇性熵收集器145可因應隨機控制位元SEL來決定是否藉助於一反饋隨機數RNFB 來更新動態熵種子SEEDDYN 。在第5圖的實施例中,反饋隨機數RNFB 是自最終隨機數序列{RNFINAL }取得,但本發明不限於此。在某些實施例中,反饋隨機數RNFB 是自初步隨機數序列{RNPRE }取得,但本發明不限於此。詳細來說,選擇性熵收集器145可包含一第三混淆電路諸如互斥或邏輯電路142(在圖中標示為「XOR」以求簡明)、耦接至振盪器141及互斥或邏輯電路142的一多工器143(在圖中標示為「MUX」以求簡明)、以及耦接至多工器143及互斥或邏輯電路142的一熵收集器144。例如,該第三混淆電路諸如互斥或邏輯電路142可用來基於反饋隨機數RNFB 對動態熵種子SEEDDYN 進行一第三混淆功能諸如一互斥或運作以產生一更新後熵種子,而多工器143可用來因應隨機控制位元SEL自更新前的熵種子(即來自熵收集器144的輸出的熵種子)與該更新後熵種子選擇其中一者,以輸出一最新熵種子(例如動態熵種子SEEDDYN 的最新版本)。此外,熵收集器144可接收並輸出該最新熵種子以作為動態熵種子SEEDDYN ,以及動態熵種子SEEDDYN 是一反饋熵種子以被傳送至多工器143以及互斥或邏輯電路142。因此,互斥或邏輯電路142進行該互斥或運作以產生該更新後熵種子(其為動態熵種子SEEDDYN 與反饋隨機數RNFB 的互斥或結果),而多工器143可依據隨機控制位元SEL將該更新後熵種子或更新前的動態熵種子SEEDDYN 輸出至熵收集器144,其中熵收集器144可藉由正反器(flip-flop)實施,但本發明不限於此。由於隨機控制位元SEL是隨機地在邏輯狀態「0」與「1」之間切換,因此更新動態熵種子SEEDDYN 的運作能被隨機地執行。例如,當隨機控制位元SEL為「0」,動態熵種子SEEDDYN 不會改變;而當隨機控制位元SEL為「1」,動態熵種子SEEDDYN 則會被更新。需注意的是,互斥或邏輯電路142並非對第三混淆電路的實施方式作限制,其中能改變動態熵種子SEEDDYN 的任意邏輯電路均隸屬於本發明的範疇。FIG. 5 is a schematic diagram of an electronic device 50 according to an embodiment of the present invention. As shown in FIG. 5 , the electronic device 50 may include a PUF pool 15 and a PUF-based true random number generator 500 coupled to the PUF pool 15 , wherein the PUF-based true random number generator 500 may be regarded as the first An example of the PUF-based true random number generator 400 is shown in FIG. 4, and the health test circuit 160 is not shown in FIG. 5 for simplicity. Specifically, FIG. 5 illustrates the implementation details of the entropy circuit 140 . In this embodiment, the entropy circuit 140 may include an oscillator 141 , and a collection circuit such as a selective entropy collector 145 coupled to the oscillator 141 , wherein the oscillator 141 may be used to output a random control bit SEL (eg, each of the plurality of random unit values described above), and the selective entropy collector 145 can decide whether to update the dynamic entropy seed SEED DYN by means of a feedback random number RN FB in response to the random control bit SEL . In the embodiment of FIG. 5, the feedback random number RN FB is obtained from the final random number sequence {RN FINAL }, but the present invention is not limited to this. In some embodiments, the feedback random number RN FB is obtained from the preliminary random number sequence {RN PRE }, but the present invention is not limited thereto. In detail, the selective entropy collector 145 may include a third obfuscation circuit such as the exclusive OR logic circuit 142 (labeled "XOR" in the figure for simplicity), coupled to the oscillator 141 and the exclusive OR logic circuit A multiplexer 143 of 142 (labeled "MUX" in the figure for simplicity), and an entropy collector 144 coupled to the multiplexer 143 and the exclusive OR logic circuit 142 . For example, the third obfuscation circuit such as the mutex OR logic circuit 142 can be used to perform a third obfuscation function such as a mutex OR operation on the dynamic entropy seed SEED DYN based on the feedback random number RN FB to generate an updated entropy seed, and more The processor 143 can be used to select one of the entropy seed before the update (ie the entropy seed from the output of the entropy collector 144 ) and the entropy seed after the update in response to the random control bit SEL to output a newest entropy seed (eg dynamic entropy seed). The latest version of the entropy seed SEED DYN). In addition, the entropy collector 144 can receive and output the latest entropy seed as the dynamic entropy seed SEED DYN , and the dynamic entropy seed SEED DYN is a feedback entropy seed to be sent to the multiplexer 143 and the exclusive OR logic circuit 142 . Therefore, the mutually exclusive OR logic circuit 142 performs the mutually exclusive OR operation to generate the updated entropy seed (which is the mutually exclusive OR result of the dynamic entropy seed SEED DYN and the feedback random number RN FB ), and the multiplexer 143 may The control bit SEL outputs the updated entropy seed or the dynamic entropy seed SEED DYN before the update to the entropy collector 144, wherein the entropy collector 144 can be implemented by a flip-flop, but the present invention is not limited thereto . Since the random control bit SEL is randomly switched between logic states "0" and "1", the operation of updating the dynamic entropy seed SEED DYN can be performed randomly. For example, when the random control bit SEL is "0", the dynamic entropy seed SEED DYN will not change; and when the random control bit SEL is "1", the dynamic entropy seed SEED DYN will be updated. It should be noted that the mutually exclusive OR logic circuit 142 does not limit the implementation of the third obfuscation circuit, and any logic circuit capable of changing the dynamic entropy seed SEED DYN belongs to the scope of the present invention.

在第5圖的實施例中,當多工器170選擇NVM種子SEEDNVM 且多工器143選擇該更新後熵種子時,動態熵種子SEEDDYN 能依據NVM種子SEEDNVM 被產生。詳細來說,當多工器170選擇NVM種子SEEDNVM 作為初步種子SEEDPRE 時,反饋隨機數RNFB 是依據初步種子SEEDPRE 產生(表示反饋隨機數RNFB 是依據NVM種子SEEDNVM 產生),且互斥或邏輯電路142依據反饋隨機數RNFB 產生該互斥或結果。接著,多工器143輸出該互斥或結果以作為該更新後熵種子,而由於該更新後熵種子是依據NVM種子SEEDNVM 產生,因此熵收集器144能依據NVM種子SEEDNVM 產生動態熵種子SEEDDYNIn the embodiment of FIG. 5, when the multiplexer 170 selects the NVM seed SEED NVM and the multiplexer 143 selects the updated entropy seed, the dynamic entropy seed SEED DYN can be generated from the NVM seed SEED NVM. In detail, when the multiplexer 170 selects the NVM seed SEED NVM as the preliminary seed SEED PRE , the feedback random number RN FB is generated according to the preliminary seed SEED PRE (indicating that the feedback random number RN FB is generated according to the NVM seed SEED NVM ), and The mutually exclusive OR logic circuit 142 generates the mutually exclusive OR result according to the feedback random number RN FB. Next, the multiplexer 143 outputs the mutually exclusive OR result as the updated entropy seed, and since the updated entropy seed is generated according to the NVM seed SEED NVM , the entropy collector 144 can generate the dynamic entropy seed according to the NVM seed SEED NVM SEED DYN .

另外,第5圖的實施例並非對本發明的限制。在某些實施例中,第1圖及第4圖所示之熵電路140可藉由不同的架構實施。例如,熵電路140可包含一振盪器以及耦接至該振盪器的一收集電路,其中該振盪器可用來輸出多個隨機單位元值,而該收集電路可用來收集這些隨機單位元值以產生動態熵種子SEEDDYN (例如藉由自這些隨機單位元值串接諸如依序地排列一預定數量的隨機單位元值以產生動態熵種子SEEDDYN ),但本發明不限於此。In addition, the embodiment of FIG. 5 does not limit the present invention. In some embodiments, the entropy circuit 140 shown in FIGS. 1 and 4 may be implemented with different architectures. For example, entropy circuit 140 may include an oscillator and a collection circuit coupled to the oscillator, wherein the oscillator may be used to output a plurality of random unit values, and the collection circuit may be used to collect the random unit values to generate The dynamic entropy seed SEED DYN (eg, by concatenating, such as sequentially arranging, a predetermined number of random identity values from the random identity values to generate the dynamic entropy seed SEED DYN ), but the invention is not limited thereto.

此外,最終隨機數序列{RNFINAL }中的每一最終隨機數較佳為僅傳送至一個客體。例如,基於PUF的真隨機數產生器500可另包含耦接至混淆電路130的一解多工器(de-multiplexer, DEMUX)180(在圖中標示為「DEMUX」以求簡明)。在本實施例中,最終隨機數序列{RNFINAL }可具有三個可能路徑,包含一第一路徑以用來提供一輸出隨機數至基於PUF的真隨機數產生器500的外部、一第二訊號路徑以用來更新NVM種子SEEDNVM 、以及一第三訊號路徑以用來更新動態熵種子SEEDDYN ,其中解多工器180控制這些訊號路徑在單一時間點僅有其中一者被致能(enabled)。因此,自最終隨機數序列{RNFINAL }取得的任何單一最終隨機數不會被不同元件重複使用,因此可確保基於PUF的真隨機數產生器500的安全性。例如,最終隨機數序列{RNFINAL }於電子裝置50上電後的第一個最終隨機數可預設被寫入非揮發性記憶體150(例如該第二訊號路徑於電子裝置50上電後的第一個運作週期會被致能);接著,在儲存於非揮發性記憶體150內的NVM種子SEEDNVM 被更新完成後,該第二訊號路徑會被除能(disabled)而該第三訊號路徑會被致能;而只有當電子裝置50內的另一元件請求依隨機數時,該第一訊號路徑才會被致能。需注意的是,上述致能該第一訊號路徑、該第二訊號路徑以及該第三訊號路徑的排程只是為了說明之目的,並非對本發明的限制。Furthermore, each final random number in the final random number sequence {RN FINAL } is preferably transmitted to only one object. For example, the PUF-based true random number generator 500 may further include a de-multiplexer (DEMUX) 180 (labeled "DEMUX" in the figure for brevity) coupled to the obfuscation circuit 130 . In this embodiment, the final random number sequence {RN FINAL } may have three possible paths, including a first path for providing an output random number to the outside of the PUF-based true random number generator 500, a second path The signal path is used to update the NVM seed SEED NVM , and a third signal path is used to update the dynamic entropy seed SEED DYN , wherein the demultiplexer 180 controls only one of these signal paths to be enabled at a single point in time ( enabled). Therefore, any single final random number obtained from the final random number sequence {RN FINAL } will not be reused by different elements, thus ensuring the security of the PUF-based true random number generator 500 . For example, the first final random number of the final random number sequence {RN FINAL } after the electronic device 50 is powered on can be preset to be written into the non-volatile memory 150 (for example, the second signal path after the electronic device 50 is powered on will be enabled in the first operating cycle); then, after the NVM seed SEED NVM stored in the non-volatile memory 150 is updated, the second signal path will be disabled and the third signal path will be disabled. The signal path is enabled; and the first signal path is enabled only when another element in the electronic device 50 requests to follow the random number. It should be noted that the above-mentioned scheduling of enabling the first signal path, the second signal path, and the third signal path is only for the purpose of illustration, and does not limit the present invention.

第6圖為依據本發明一實施例之一種用於產生真隨機數的方法的工作流程,其中該方法是可應用於(applicable to)一電子裝置諸如第1圖至第5圖所示之電子裝置10、20、40及50。需注意的是,第6圖所示之工作流程僅為了說明之目的,而並非對本發明的限制。只要不影響整體結果,一或多個步驟可在第6圖所示之工作流程中被新增、刪除或修改,而且這些步驟也並非必須完全依照第6圖所示之順序執行。FIG. 6 is a workflow of a method for generating true random numbers according to an embodiment of the present invention, wherein the method is applicable to an electronic device such as the electronic device shown in FIGS. 1 to 5 Devices 10 , 20 , 40 and 50 . It should be noted that, the work flow shown in FIG. 6 is only for the purpose of illustration, rather than limiting the present invention. As long as it does not affect the overall result, one or more steps may be added, deleted or modified in the workflow shown in FIG. 6, and these steps do not have to be performed in exactly the order shown in FIG. 6.

在步驟610中,混淆電路110自PUF池15取得一第一PUF值(例如PUF1)。In step 610 , the obfuscation circuit 110 obtains a first PUF value (eg, PUF1 ) from the PUF pool 15 .

在步驟620中,混淆電路110基於該第一PUF值(例如PUF1)對一初步種子(例如SEEDPRE )進行一第一混淆功能以產生一最終種子(例如SEEDFINAL )。 In step 620, the obfuscation circuit 110 performs a first obfuscation function on a preliminary seed (eg SEED PRE ) based on the first PUF value (eg PUF1 ) to generate a final seed (eg SEED FINAL ).

在步驟630,密碼電路120利用該最終種子(例如SEEDFINAL )作為一密碼功能的一金鑰以產生一初步隨機數序列(例如{RNPRE })。At step 630, the cryptographic circuit 120 uses the final seed (eg, SEED FINAL ) as a key for a cryptographic function to generate a preliminary random number sequence (eg, {RN PRE }).

在步驟640,混淆電路130自PUF池15取得一第二PUF值(例如PUF2)。At step 640 , the obfuscation circuit 130 obtains a second PUF value (eg, PUF2 ) from the PUF pool 15 .

在步驟650,混淆電路130基於該第二PUF值(例如PUF2)對該初步隨機數序列(例如{RNPRE })進行一第二混淆功能(例如互斥或)以產生一最終隨機數序列(例如{RNFINAL })。At step 650, the obfuscation circuit 130 performs a second obfuscation function (eg, mutual exclusive OR) on the preliminary random number sequence (eg, {RN PRE }) based on the second PUF value (eg, PUF2) to generate a final random number sequence ( e.g. {RN FINAL }).

本發明的基於PUF的真隨機數產生器以及相關方法能搭配密碼功能、動態熵及靜態熵的特性來控制相關運作。另外,本發明能在不降低隨機性與安全性的情況下減少PUF池的尺寸需求。因此,本發明能在沒有副作用或較不會帶來副作用的情況下改善基於PUF的真隨機數產生器的整體效能。 以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。The PUF-based true random number generator and the related method of the present invention can control the related operations in combination with the cryptographic function, the characteristics of dynamic entropy and static entropy. In addition, the present invention can reduce the size requirement of the PUF pool without reducing randomness and security. Therefore, the present invention can improve the overall performance of a PUF-based true random number generator with no or less side effects. The above descriptions are only preferred embodiments of the present invention, and all equivalent changes and modifications made according to the scope of the patent application of the present invention shall fall within the scope of the present invention.

10, 20, 40, 50:電子裝置 15:物理不可複製功能池 100, 200, 400, 500:基於物理不可複製功能池的真隨機數產生器 110:混淆電路 120:密碼電路 130:混淆電路 140:熵電路 141:振盪器 142:互斥或邏輯電路 143:多工器 144:熵收集器 145:選擇性熵收集器 150:非揮發性記憶體 160:健康測試電路 170:多工器 180:解多工器 PUF1, PUF2:物理不可複製功能值 SEEDDYN :動態熵種子 SEEDNVM :非揮發性記憶體種子 SEEDPRE :初步種子 SEEDFINAL :最終種子 {RNPRE }:初步隨機數序列 {RNFINAL }:最終隨機數序列 TEST:測試結果 610, 620, 630, 640, 650:步驟10, 20, 40, 50: electronic device 15: physical non-replicable function pool 100, 200, 400, 500: true random number generator based on physical non-replicable function pool 110: obfuscation circuit 120: cryptographic circuit 130: obfuscation circuit 140 : Entropy Circuit 141: Oscillator 142: Mutually Exclusive OR Logic Circuit 143: Multiplexer 144: Entropy Collector 145: Selective Entropy Collector 150: Non-Volatile Memory 160: Health Test Circuit 170: Multiplexer 180: Demultiplexer PUF1, PUF2: Physical non-reproducible function value SEED DYN : Dynamic entropy seed SEED NVM : Non-volatile memory seed SEED PRE : Preliminary seed SEED FINAL : Final seed {RN PRE }: Preliminary random number sequence {RN FINAL }: Final random number sequence TEST: Test results 610, 620, 630, 640, 650: Steps

第1圖為依據本發明一實施例之一電子裝置的示意圖。 第2圖為依據本發明一實施例之一電子裝置的示意圖。 第3圖為依據本發明另一實施例之一電子裝置的示意圖。 第4圖為依據本發明一實施例之一電子裝置的示意圖。 第5圖為依據本發明一實施例之一電子裝置的示意圖。 第6圖為依據本發明一實施例之一種用於產生真隨機數的方法的工作流程。FIG. 1 is a schematic diagram of an electronic device according to an embodiment of the present invention. FIG. 2 is a schematic diagram of an electronic device according to an embodiment of the present invention. FIG. 3 is a schematic diagram of an electronic device according to another embodiment of the present invention. FIG. 4 is a schematic diagram of an electronic device according to an embodiment of the present invention. FIG. 5 is a schematic diagram of an electronic device according to an embodiment of the present invention. FIG. 6 is a workflow of a method for generating a true random number according to an embodiment of the present invention.

10:電子裝置10: Electronics

15:物理不可複製功能池15: Physical non-replicable function pool

100:基於物理不可複製功能池的真隨機數產生器100: True random number generator based on a pool of physically non-replicable functions

110:混淆電路110: Obfuscation circuit

120:密碼電路120: Cryptographic Circuits

130:混淆電路130: Obfuscation circuit

140:熵電路140: Entropy Circuits

PUF1,PUF2:物理不可複製功能值PUF1, PUF2: Physical non-copyable function values

SEEDDYN :動態熵種子SEED DYN : Dynamic Entropy Seed

SEEDFINAL :最終種子SEED FINAL : Final Seed

{RNPRE }:初步隨機數序列{RN PRE }: Preliminary random number sequence

{RNFINAL }:最終隨機數序列{RN FINAL }: final random number sequence

Claims (20)

一種用於一電子裝置之基於物理不可複製功能(Physical Unclonable Function, PUF)的真隨機數產生器,該基於物理不可複製功能的真隨機數產生器包含: 一第一混淆(obfuscation)電路,用以自該電子裝置的一物理不可複製功能池取得一第一物理不可複製功能值,並且基於該第一物理不可複製功能值對一初步種子進行一第一混淆功能以產生一最終種子; 一密碼(cryptography)電路,耦接至該第一混淆電路,用以利用該最終種子作為一密碼功能的一金鑰(key)以產生一初步隨機數序列;以及 一第二混淆電路,耦接至該密碼電路,用以自該物理不可複製功能池取得一第二物理不可複製功能值,並且基於該第二物理不可複製功能值對該初步隨機數序列進行一第二混淆功能以產生一最終隨機數序列。A true random number generator based on a Physical Unclonable Function (PUF) for an electronic device, the true random number generator based on the Physical Unclonable Function comprising: a first obfuscation circuit for obtaining a first physical non-replicable function value from a physical non-replicable function pool of the electronic device, and performing a first Obfuscation function to generate a final seed; a cryptography circuit, coupled to the first obfuscation circuit, for generating a preliminary random number sequence using the final seed as a key for a cryptographic function; and a second obfuscation circuit, coupled to the encryption circuit, for obtaining a second physical non-replicable function value from the physical non-replicable function pool, and performing a random number sequence on the preliminary random number sequence based on the second physical non-replicable function value A second obfuscation function to generate a final random number sequence. 如申請專利範圍第1項所述之基於物理不可複製功能的真隨機數產生器,其中該第一混淆電路將該初步種子與該第一物理不可複製功能值進行串接(concatenation)以產生該最終種子。The true random number generator based on physical non-replicable function as described in claim 1, wherein the first obfuscation circuit concatenates the preliminary seed and the first physical non-replicable function value to generate the final seed. 如申請專利範圍第1項所述之基於物理不可複製功能的真隨機數產生器,其中該基於物理不可複製功能的真隨機數產生器另包含一熵(entropy)電路以提供該初步種子,以及該熵電路包含: 一振盪器,用以輸出多個隨機單位元值;以及 一收集電路,用以收集該多個隨機單位元值以產生該初步種子。The true random number generator based on the physical non-replicable function as described in item 1 of the claimed scope, wherein the true random number generator based on the physical non-replicable function further comprises an entropy circuit to provide the preliminary seed, and This entropy circuit contains: an oscillator for outputting a plurality of random unit cell values; and a collection circuit for collecting the plurality of random unit cell values to generate the preliminary seed. 如申請專利範圍第1項所述之基於物理不可複製功能的真隨機數產生器,其中該基於物理不可複製功能的真隨機數產生器另包含一非揮發性記憶體(non-volatile memory, NVM)以提供該初步種子,其中一反饋隨機數於一或多個預定時間點被寫入該非揮發性記憶體,以更新儲存於該非揮發性記憶體內的該初步種子,以及該反饋隨機數是自該初步隨機數序列或該最終隨機數序列取得。The true random number generator based on the physical non-replicable function as described in item 1 of the scope of the patent application, wherein the true random number generator based on the physical non-replicable function further comprises a non-volatile memory (NVM) ) to provide the preliminary seed, wherein a feedback random number is written into the non-volatile memory at one or more predetermined time points to update the preliminary seed stored in the non-volatile memory, and the feedback random number is automatically The preliminary random number sequence or the final random number sequence is obtained. 如申請專利範圍第1項所述之基於物理不可複製功能的真隨機數產生器,其中該基於物理不可複製功能的真隨機數產生器另包含: 一熵電路,用以提供一熵種子; 一非揮發性記憶體,用以提供一非揮發性記憶體種子,其中一反饋隨機數於一或多個預定時間點被寫入該非揮發性記憶體中,以更新儲存於該非揮發性記憶體內的該非揮發性記憶體種子,以及該反饋隨機數是自該初步隨機數序列或該最終隨機數序列取得; 一測試電路,耦接至該熵電路,用以測試該熵種子以產生一測試結果;以及 一多工器,耦接至該熵電路、該非揮發性記憶體以及該測試電路,用以因應該測試結果以自該熵種子與該非揮發性記憶體種子選擇其中一者,以供輸出為該初步種子。The true random number generator based on the physical non-replicable function as described in item 1 of the scope of the application, wherein the true random number generator based on the physical non-replicable function further comprises: an entropy circuit for providing an entropy seed; A non-volatile memory for providing a non-volatile memory seed, wherein a feedback random number is written into the non-volatile memory at one or more predetermined time points to be updated and stored in the non-volatile memory the non-volatile memory seed and the feedback random number are obtained from the preliminary random number sequence or the final random number sequence; a test circuit, coupled to the entropy circuit, for testing the entropy seed to generate a test result; and a multiplexer, coupled to the entropy circuit, the non-volatile memory and the test circuit, for selecting one of the entropy seed and the non-volatile memory seed according to the test result for outputting the Preliminary seeds. 如申請專利範圍第5項所述之基於物理不可複製功能的真隨機數產生器,其中該測試電路是對該熵種子進行健康程度測試,當該測試結果指出該熵電路處在一健康狀態時,該多工器選擇該熵種子以作為該初步種子,以及當該測試結果指出該熵電路處在一非健康狀態時,該多工器選擇該非揮發性記憶體種子作為該初步種子。The true random number generator based on physical non-replicable function as described in item 5 of the scope of the patent application, wherein the test circuit performs a health level test on the entropy seed, when the test result indicates that the entropy circuit is in a healthy state , the multiplexer selects the entropy seed as the preliminary seed, and when the test result indicates that the entropy circuit is in a non-healthy state, the multiplexer selects the non-volatile memory seed as the preliminary seed. 如申請專利範圍第1項所述之基於物理不可複製功能的真隨機數產生器,其中該基於物理不可複製功能的真隨機數產生器另包含一熵電路以提供一熵種子,以及該熵電路包含: 一振盪器,用以輸出一隨機控制位元;以及 一收集電路,耦接至該振盪器,其中該收集電路因應該隨機控制位元以決定是否藉助於一反饋隨機數來更新該熵種子,以及該反饋隨機數是自該初步隨機數序列或該最終隨機數序列取得。The true random number generator based on the physical non-replicable function as described in claim 1, wherein the true random number generator based on the physical non-replicable function further comprises an entropy circuit to provide an entropy seed, and the entropy circuit Include: an oscillator for outputting a random control bit; and a collection circuit coupled to the oscillator, wherein the collection circuit determines whether to update the entropy seed by means of a feedback random number in response to the random control bit, and the feedback random number is from the preliminary random number sequence or the The final random number sequence is obtained. 如申請專利範圍第7項所述之基於物理不可複製功能的真隨機數產生器,其中該收集電路包含: 一第三混淆電路,用以基於該反饋隨機數對該熵種子進行一第三混淆功能以產生一更新後熵種子;以及 一第一多工器,耦接至該振盪器,用以因應該隨機控制位元以自更新前的該熵種子與該更新後熵種子選擇其中一者,以輸出一最新熵種子。The true random number generator based on physical non-replicable function as described in item 7 of the scope of the application, wherein the collection circuit comprises: a third obfuscation circuit for performing a third obfuscation function on the entropy seed based on the feedback random number to generate an updated entropy seed; and A first multiplexer, coupled to the oscillator, selects one of the entropy seed before updating and the entropy seed after updating according to the random control bit to output a newest entropy seed. 如申請專利範圍第8項所述之基於物理不可複製功能的真隨機數產生器,其中該基於物理不可複製功能的真隨機數產生器另包含: 一非揮發性記憶體,用以提供一非揮發性記憶體種子,其中該反饋隨機數於一或多個預定時間點被寫入該非揮發性記憶體中,以更新儲存於該非揮發性記憶體中的該非揮發性記憶體種子;以及 一第二多工器,耦接至該非揮發性記憶體以及該收集電路,用以自該非揮發性記憶體種子與該熵種子選擇其中一者以作為該初步種子; 其中當該第二多工器選擇該非揮發性記憶體種子時,該反饋隨機數是基於該非揮發性記憶體種子來產生,而該更新後熵種子是基於該反饋隨機數來產生。The true random number generator based on the physical non-replicable function as described in item 8 of the scope of the patent application, wherein the true random number generator based on the physical non-replicable function further comprises: a non-volatile memory for providing a non-volatile memory seed, wherein the feedback random number is written into the non-volatile memory at one or more predetermined time points to update the non-volatile memory the non-volatile memory seed in the; and a second multiplexer, coupled to the non-volatile memory and the collection circuit, for selecting one of the non-volatile memory seed and the entropy seed as the preliminary seed; When the second multiplexer selects the non-volatile memory seed, the feedback random number is generated based on the non-volatile memory seed, and the updated entropy seed is generated based on the feedback random number. 如申請專利範圍第1項所述之基於物理不可複製功能的真隨機數產生器,其中該基於物理不可複製功能的真隨機數產生器另包含一熵電路以用以提供該初步種子,以及該熵電路至少包含: 一振盪器,用以輸出多個隨機單位元值,其中該振盪器產生一週期性訊號,該週期性訊號是在一振盪頻率下於一第一邏輯值與一第二邏輯值之間變動,以及該週期性訊號是在一取樣頻率下被取樣,以使得該第一邏輯值與該第二邏輯值隨機地出現在該多個隨機單位元值中; 其中該取樣頻率異於該振盪頻率。The true random number generator based on the physical non-replicable function as described in item 1 of the claimed scope, wherein the true random number generator based on the physical non-replicable function further comprises an entropy circuit for providing the preliminary seed, and the An entropy circuit contains at least: an oscillator for outputting a plurality of random unit values, wherein the oscillator generates a periodic signal, and the periodic signal varies between a first logic value and a second logic value at an oscillation frequency, and the periodic signal is sampled at a sampling frequency so that the first logic value and the second logic value randomly appear in the plurality of random unit values; Wherein the sampling frequency is different from the oscillation frequency. 一種用於產生真隨機數的方法,可應用於(applicable to)一電子裝置,包含: 利用一第一混淆(obfuscation)電路基於一第一物理不可複製功能(Physical Unclonable Function, PUF)值對一初步種子進行一第一混淆功能以產生一最終種子; 利用一密碼(cryptography)電路將該最終種子當作一密碼功能的一金鑰(key)以產生一初步隨機數序列;以及 利用一第二混淆電路基於一第二物理不可複製功能值對該初步隨機數序列進行一第二混淆功能以產生一最終隨機數序列; 其中該第一物理不可複製功能值以及該第二物理不可複製功能值是自該電子裝置的一物理不可複製功能池取得。A method for generating true random numbers, applicable to an electronic device, comprising: Using a first obfuscation circuit to perform a first obfuscation function on a preliminary seed based on a first Physical Unclonable Function (PUF) value to generate a final seed; Using a cryptography circuit to use the final seed as a key for a cryptographic function to generate a preliminary random number sequence; and Using a second obfuscation circuit to perform a second obfuscation function on the preliminary random number sequence based on a second physical non-replicable function value to generate a final random number sequence; The first physical non-replicable function value and the second physical non-replicable function value are obtained from a physical non-replicable function pool of the electronic device. 如申請專利範圍第11項所述之方法,其中利用該第一混淆電路基於該第一物理不可複製功能值對該初步種子進行該第一混淆功能以產生該最終種子包含: 利用該第一混淆電路將該初步種子與該第一物理不可複製功能值進行串接(concatenation)以產生該最終種子。The method of claim 11, wherein using the first obfuscation circuit to perform the first obfuscation function on the preliminary seed based on the first physical non-reproducible function value to generate the final seed comprises: The preliminary seed is concatenated with the first physical non-replicable function value using the first obfuscation circuit to generate the final seed. 如申請專利範圍第11項所述之方法,另包含: 產生多個隨機單位元值;以及 依據該多個隨機單位元值取得該初步種子。The method described in Item 11 of the scope of the application further includes: generating a plurality of random unit cell values; and The preliminary seed is obtained according to the plurality of random unit element values. 如申請專利範圍第11項所述之方法,另包含: 自一非揮發性記憶體(non-volatile memory, NVM)取得該初步種子,其中一反饋隨機數於一或多個預定時間點被寫入該非揮發性記憶體,以更新儲存於該非揮發性記憶體內的該初步種子,以及該反饋隨機數是自該初步隨機數序列或該最終隨機數序列取得。The method described in Item 11 of the scope of the application further includes: The preliminary seed is obtained from a non-volatile memory (NVM) in which a feedback random number is written into the non-volatile memory at one or more predetermined time points to update the storage in the non-volatile memory The preliminary seed in vivo and the feedback random number are obtained from the preliminary random number sequence or the final random number sequence. 如申請專利範圍第11項所述之方法,另包含: 自一熵(entropy)電路取得一熵種子; 自一非揮發性記憶體取得一非揮發性記憶體種子,其中一反饋隨機數於一或多個預定時間點被寫入該非揮發性記憶體中,以更新儲存於該非揮發性記憶體內的該非揮發性記憶體種子,以及該反饋隨機數是自該初步隨機數序列或該最終隨機數序列取得; 利用一測試電路測試該熵種子以產生一測試結果;以及 利用一多工器因應該測試結果以自該熵種子與該非揮發性記憶體種子選擇其中一者,以供輸出為該初步種子。The method described in Item 11 of the scope of the application further includes: Obtain an entropy seed from an entropy circuit; A non-volatile memory seed is obtained from a non-volatile memory, wherein a feedback random number is written into the non-volatile memory at one or more predetermined time points to update the non-volatile memory stored in the non-volatile memory the volatile memory seed, and the feedback random number is obtained from the preliminary random number sequence or the final random number sequence; testing the entropy seed with a test circuit to generate a test result; and A multiplexer is used to select one of the entropy seed and the non-volatile memory seed in response to the test result for output as the preliminary seed. 如申請專利範圍第15項所述之方法,其中該測試電路是對該熵種子進行健康程度測試,自該熵種子與該非揮發性記憶體種子選擇其中一者的步驟包含: 當該測試結果指出該熵電路處在一健康狀態時,選擇該熵種子以作為該初步種子;以及 當該測試結果指出該熵電路處在一非健康狀態時,選擇該非揮發性記憶體種子作為該初步種子。The method of claim 15, wherein the testing circuit performs a health test on the entropy seed, and the step of selecting one of the entropy seed and the non-volatile memory seed comprises: When the test result indicates that the entropy circuit is in a healthy state, selecting the entropy seed as the preliminary seed; and When the test result indicates that the entropy circuit is in a non-healthy state, the non-volatile memory seed is selected as the preliminary seed. 如申請專利範圍第11項所述之方法,另包含: 產生一隨機控制位元;以及 因應該隨機控制位元以決定是否藉助於一反饋隨機數來更新一熵種子,其中該反饋隨機數是自該初步隨機數序列或該最終隨機數序列取得。The method described in Item 11 of the scope of the application further includes: generating a random control bit; and The random control bit determines whether to update an entropy seed by means of a feedback random number obtained from the preliminary random number sequence or the final random number sequence. 如申請專利範圍第17項所述之方法,其中因應該隨機控制位元以決定是否藉助於該反饋隨機數來更新該熵種子的步驟包含: 基於該反饋隨機數對該熵種子進行一第三混淆功能以產生一更新後熵種子;以及 因應該隨機控制位元以自更新前的該熵種子與該更新後熵種子選擇其中一者,以輸出一最新熵種子。The method of claim 17, wherein the step of determining whether to update the entropy seed by means of the feedback random number in response to the random control bit comprises: performing a third obfuscation function on the entropy seed based on the feedback random number to generate an updated entropy seed; and According to the random control bit, one of the entropy seed before updating and the entropy seed after updating is selected to output a newest entropy seed. 如申請專利範圍第18項所述之方法,另包含: 自一非揮發性記憶體取得一非揮發性記憶體種子,其中該反饋隨機數於一或多個預定時間點被寫入該非揮發性記憶體中,以更新儲存於該非揮發性記憶體中的該非揮發性記憶體種子;以及 自該非揮發性記憶體種子與該熵種子選擇其中一者以作為該初步種子; 其中當該非揮發性記憶體種子被選擇時,該反饋隨機數是基於該非揮發性記憶體種子來產生,而該更新後熵種子是基於該反饋隨機數來產生。The method described in item 18 of the scope of the application further includes: A non-volatile memory seed is obtained from a non-volatile memory, wherein the feedback random number is written into the non-volatile memory at one or more predetermined time points to update the non-volatile memory stored in the non-volatile memory the non-volatile memory seed; and selecting one of the non-volatile memory seed and the entropy seed as the preliminary seed; When the non-volatile memory seed is selected, the feedback random number is generated based on the non-volatile memory seed, and the updated entropy seed is generated based on the feedback random number. 如申請專利範圍第17項所述之方法,其中產生該隨機控制位元的步驟包含: 利用一振盪器產生一週期性訊號,該週期性訊號是在一振盪頻率下於一第一邏輯值與一第二邏輯值之間變動;以及 在一取樣頻率下對該週期性訊號進行取樣,以使得該第一邏輯值與該第二邏輯值隨機地出現在該振盪器輸出的多個隨機單位元值中以產生該隨機控制位元; 其中該取樣頻率異於該振盪頻率。The method of claim 17, wherein the step of generating the random control bit comprises: utilizing an oscillator to generate a periodic signal that varies between a first logic value and a second logic value at an oscillation frequency; and sampling the periodic signal at a sampling frequency, so that the first logic value and the second logic value randomly appear in a plurality of random unit values output by the oscillator to generate the random control bit; Wherein the sampling frequency is different from the oscillation frequency.
TW110118674A 2020-06-04 2021-05-24 Physical unclonable function based true random number generator and method for generating true random numbers TWI782540B (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202063034410P 2020-06-04 2020-06-04
US63/034,410 2020-06-04
US17/211,799 2021-03-24
US17/211,799 US11487505B2 (en) 2020-06-04 2021-03-24 Physical unclonable function based true random number generator, method for generating true random numbers, and associated electronic device

Publications (2)

Publication Number Publication Date
TW202147097A true TW202147097A (en) 2021-12-16
TWI782540B TWI782540B (en) 2022-11-01

Family

ID=78787220

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110118674A TWI782540B (en) 2020-06-04 2021-05-24 Physical unclonable function based true random number generator and method for generating true random numbers

Country Status (2)

Country Link
CN (1) CN113760221B (en)
TW (1) TWI782540B (en)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120079281A1 (en) * 2010-06-28 2012-03-29 Lionstone Capital Corporation Systems and methods for diversification of encryption algorithms and obfuscation symbols, symbol spaces and/or schemas
US9530009B2 (en) * 2013-06-27 2016-12-27 Visa International Service Association Secure execution and update of application module code
CN106020771B (en) * 2016-05-31 2018-07-20 东南大学 A kind of pseudo-random sequence generator based on PUF
EP3958158B1 (en) * 2017-03-22 2023-04-26 Visa International Service Association Privacy-preserving machine learning
EP3407335B1 (en) * 2017-05-22 2023-07-26 Macronix International Co., Ltd. Non-volatile memory based physically unclonable function with random number generator
EP3407336B1 (en) * 2017-05-22 2022-08-17 Macronix International Co., Ltd. Unchangeable phyisical unclonable function in non-volatile memory
CN108664234A (en) * 2018-01-17 2018-10-16 北京智芯微电子科技有限公司 Real random number generator
US11055065B2 (en) * 2018-04-18 2021-07-06 Ememory Technology Inc. PUF-based true random number generation system

Also Published As

Publication number Publication date
CN113760221A (en) 2021-12-07
TWI782540B (en) 2022-11-01
CN113760221B (en) 2024-02-23

Similar Documents

Publication Publication Date Title
CN112286493B (en) Random number generator and method for generating random number output
JP5248328B2 (en) Equipment security based on signal generators
EP2695052B1 (en) Random number generating system based on memory start-up noise
US20090110188A1 (en) Configurable random number generator
TW201944231A (en) PUF-based true random number generator
Wang et al. Lattice PUF: A strong physical unclonable function provably secure against machine learning attacks
Nassar et al. CaPUF: Cascaded PUF structure for machine learning resiliency
CN101663642A (en) Initial seed management for pseudorandom number generator
WO2019212772A1 (en) Key generation and secure storage in a noisy environment
Chen et al. FPGA implementation of SRAM PUFs based cryptographically secure pseudo-random number generator
US11487505B2 (en) Physical unclonable function based true random number generator, method for generating true random numbers, and associated electronic device
JP2014075082A (en) Random number generator and random number generation method
US12149641B2 (en) Circuit apparatus and methods for PUF source and generating random digital sequence
JP6372295B2 (en) Physical random number generation circuit quality test method, random number generator and electronic device
Shariffuddin et al. Review on arbiter physical unclonable function and its implementation in FPGA for IoT security applications
Sivaraman et al. Security in sequence: NIST-adherent design of a hybrid random number generator with SRAM-based PUF
Dang et al. A unified approach to strong PUF and TRNG using ring generator for cryptography
TWI782540B (en) Physical unclonable function based true random number generator and method for generating true random numbers
JP2000242470A (en) Random number generation device and method, and recording medium
US20240313986A1 (en) Determining a physically unclonable function (puf) selection vector
Dang et al. A true random number generator on fpga with jitter-sampling by ring generator
Streit et al. Design and evaluation of a tunable PUF architecture for FPGAs
Irtija et al. True random number generation with the shift-register reconvergent-fanout (sirf) puf
CN117411634A (en) Methods and circuits for protecting electronic devices from side channel attacks
Yu et al. Malicious attacks on physical unclonable function sensors of internet of things