http://www.technologyreview.com/printer_friendly_article.aspx?id=25670&channel=Briefings§ion=Microprocessors Tuesday, June 29, 2010 Nanoscale Random Number Circuit to Secure Future Chips Intel unveils a circuit that can pump out truly random numbers at high speed. By Tom Simonite It might sound like the last thing you need in a precise piece of hardware, but engineers at Intel are pretty pleased to have found a way to build a circuit capable of random behavior into computer processors. Generating randomness--an unpredictable stream of numbers--is much harder than you might think. It's also crucial to creating the secure cryptographic keys needed to keep data safe. Building a random-number-generating ability into the Central Processing Unit (CPU) at a computer's heart is ideal, says Ram Krishnamurthy, an engineer at Intel's Microprocessor Technology Labs, in Hillsboro, OR. It should speed up any process that requires the generation of an encrypted key, for example securing sensitive data on a hard drive, and make it harder for an attacker to compromise that encryption. Building circuitry capable of producing random numbers into a CPU has proved difficult. "Today random numbers are either generated in software, or in the chip set outside the microprocessor," explains Krishnamurthy, one of the Intel researchers on the project. Neither solution is ideal. Software produces only pseudo random numbers (given enough computing power, patterns can be found within that randomness). "If the random numbers are not truly random, for example, if they are biased in some way, then an adversary has a better chance of guessing/determining the value," explains mathematician Elaine Barker, at the National Institute for Standards and Technology (NIST), in Gaithersburg, MD. "In the case of cryptographic keys, if the adversary can determine the key without an excessive amount of computing power, then he can breach the confidentiality of that data." Installing a source of random numbers outside of a computer's core microprocessor provides another avenue of opportunity to attackers, says Krishnamurthy. "You are vulnerable to side channel attacks," he explains, "there are many ways by which the key can be directly read off of the bus, or attacks that look at how the power supply varies and look for signatures that indicate what the key looks like." Building the circuit into the main processor shuts off that possibility, says Krishnamurthy, although the barrier to doing that has been practicality. The best-established methods of generating random numbers use analog circuits that rely on thermal noise as a source of randomness, and those circuits are not easily fabricated with the techniques used to make the digital circuits of a microprocessor. Nor are they easily scaled down to the size of components on modern chips. Intel's new circuit has a fully-digital design, making it possible to incorporate it into the microprocessor die. At the heart of the new design is a cross-coupled inverter, a combination of two basic circuit components that is essentially a memory capable of storing a single 1 or 0. This memory, though, is designed to be unreliable; it can be tipped between its two possible outputs by the influence of thermal noise from the surrounding silicon. Since that thermal noise is random, the circuit's output should be, too. In reality, though, the influence of fluctuations in voltage and temperature normal inside a chip could bias that output to be less-than-random, requiring Krishnamurthy and colleagues to develop additional measures to counteract their influence. Benchmarks for "true" randomness maintained by NIST were used to confirm they had been successful. "We exceeded all of those thresholds," he says. The speed at which the new circuit cranks out numbers--2.4 billion a second or 2.4Gbps--is also around 200 times faster than anything before, Krishnamurthy adds. Having built the circuit with a smallest feature size of 45 nanometers, he and colleagues are now working toward proving it can be built using 32 and 22 nanometer manufacturing processes with minimal design tweaks. Passing existing benchmarks of randomness, though, does not mean the new circuit is perfect. Current techniques do not make it possible to be certain that any source of randomness is truly random, says Barker. "We just don't know enough to design tests that catch all the problems, and tests may not always catch the point at which a noise source starts to go bad if the change is subtle." Research by groups like that at NIST will generate smarter tests that help industry engineers raise the bar further.
participants (1)
-
Eugen Leitl