CEA-Leti today announced an open-source project to produce physical True Random Number Generators (TRNG) using ring-oscillator-based architectures. Targeting industry and academic researchers, the comprehensive toolkit includes reference designs, emulation tools and analytical tools to facilitate development and characterization of hardware TRNG implementations.
TRNGs play a pivotal role in domains such as cybersecurity and cryptography, where they are used to generate unpredictable random numbers such as cryptographic keys that ensure confidentiality and integrity of corporate, institutional and citizen private data against potential hackers.
OpenTRNG, the open-source initiative, was announced at the October International Conference on Design, Test and Technology of Integrated Systems (IEEE DTTIS) in the paper, “OpenTRNG: an Open-Source Initiative for Ring-Oscillator-Based TRNGs”.
Ensuring Integrity of Sensitive Data and Communication
“TRNGs are fundamental for generating random cryptographic keys used in encryption algorithms, digital signatures and secure communication protocols, ensuring the integrity, confidentiality, and authenticity of sensitive data and communications,” the paper explained. “Random numbers are also essential in scientific research, simulations, data analysis, gaming and various applications.”
The project’s launch is timely because EU state organizations are preparing to release new recommendations or requirements for TRNG security certification. For large companies, SMEs, and startups, OpenTRNG will support developing robust TRNGs compatible with the certification methodology. For the academic hardware-security community, the project could be used as a framework to enhance research efforts and provide a teaching platform for students.
“OpenTRNG should be seen as a framework that provides either tools helping developers build and integrate a TRNG into a product, or tools helping researchers test new TRNG structures or approach new physical random-noise sources,” said Florian Pebay-Peyroula, a CEA-Leti researcher and lead author of the paper.
Open Standards Can Be Validated
“In the field of security, there are two main approaches: proprietary solutions and open standards. While it may seem counterintuitive, open standards are the better option,” he said. “Unlike closed solutions, open designs can be reviewed and validated by international experts. By offering open-source TRNG designs and tools, we believe the project will make the field more accessible and help the community to grow.”
CEA-Leti said it created the framework as part of its commitment to help its industrial partners improve their competitiveness and is now making it widely available to industry and academia. This initiative is supported by the French Directorate General of Armaments (DGA) (Direction générale de l’armement). The institute welcomes additional external contributors and is open to including their names in the initiative.