HARDWARE ENABLED CRYPTO AND RANDOMNESS

Security has become a critical requirement for most applications. Robust security typically requires strong hardware foundations. HECTOR’s objective was to bridge the gap between the mathematical heaven of theoretically secure cryptographic algorithms and the challenges when it comes to implementing them securely and efficiently into hardware. The project focused on how to improve the hardware efficiency and robustness of 3 elementary security building blocks, namely crypto algorithms, random numbers generators, and physically unclonable functions (PUFs), as well as opportunities to optimize their interactions.

For true random number generators (TRNGs), the requirement is to fulfil demanding security requirements such as specified by the AIS20/31 standard in order to guarantee the generation of enough entropy, and/or detect and report when this is no longer the case. Besides designing hardware-efficient TRNG cell(s), the main ambition was to propose a process allowing to meet the requirements while minimizing the necessary expertise, design-iterations, and efforts.

Compared to TRNGs, so far there is no AIS20/31-like framework for PUFs. The objective was therefore to research if such an approach could be proposed.

Cryptography relies on good random numbers for keys, protocols and side-channels protection. On one hand, the project was assuming the availability of good random numbers, and researching more hardware-efficient crypto approaches. Efficiency has been addressed both from the design-process point of view, researching how to minimize the path towards a validated, protected crypto implementation, as well as from a crypto building block and system efficiency point of view, with research on authenticated encryption and hardware-friendlier crypto algorithms. The project has also been investigating if there are efficiency gains to be made by relaxing TRNG quality requirements and through more random-tolerant crypto designs.

The project was structured around 6 work packages.

WP1 captured, studied and specified requirements for the work that needed to be performed within the technical work packages:
1) The demonstration scenarios have been refined. This allowed defining the hardware platforms to be developed for the demonstrators as well as the required building blocks from WP2 and WP3.
2) Opportunities, requirements and constraints from the consortium’s commercial partners have been studied in order to try to align developments with exploitation opportunities.
3) A common evaluation platform has been defined and distributed to partners, together with sample firmware and FPGA-designs. It consists in an FPGA-based motherboard with features to ease security characterization, and a set of low-cost daughter modules allowing to evaluate HECTOR primitives implemented in different FPGA families or ASICs.

WP2 focused on TRNG and PUFs. Several candidate principles have been proposed. A set of comparison and evaluation criteria have been defined. Preliminary implementations helped compare and rank the candidates. Selected TRNG and PUF principles together with dedicated embedded tests and post-processing have been designed for both FPGAs and ASICs. Several hick-ups and manufacturing delays (external factors) repeatedly pushed-out silicon availability and forced to limit physical evaluations to FPGA implementations. HECTOR ASIC test chips will still be used and characterized but after the official completion of the project.

WP3 focused on cryptographic algorithms and countermeasures. Since these rely heavily on random numbers (cryptographic keys, random IVs, masking), a first line of research has been to study the effect of non-ideal randomness on cryptography and on the effectiveness of countermeasures. Known-key and related-key attacks have been studied. Matlab scripts to generate standardized sets of degraded random numbers have been developed to test the effect of weak random numbers on commonly used side-channel countermeasures. The second line of research has been focusing on efficient cryptography and countermeasures. The consortium has been very active in the CAESAR authentication encryption competition. Five of the fifteen candidates of the third round of the competition were proposals from consortium members and 3 proposals remain among the 7 finalists. An important improvement in the usage of the sponge construction for Authenticated Encryption has been introduced, easing the interface between a TRNG/PUF, its crypto post-processing and the cryptographic algorithm itself. HECTOR also worked on design-process efficiency with bottom-up and top-down methodologies for design-time evaluation of side-channel protection.

WP4 focused on the development of demonstrators to illustrate how the technical developments from WP2 and WP3 can be combined for relevant applicative use cases. Three demonstrators have been developed: A dedicated, high-throughput random numbers generators, a secure USB storage, as well as a secure messaging system.

WP5 focused on dissemination, communication, exploitation, standardization and training. The project generated 59 articles and publications, participated to 48 conferences and workshops, as well as 12 other dissemination activities (web site, newsletters, etc.). HECTOR also participated to key cryptography and TRNG related standardization efforts and events, most notably the CAESAR authenticated encryption competition and the NIST TRNG workshop.

WP6 has been the project management work package providing the necessary processes and tools and to ensure proper execution.

HECTOR enabled stronger European knowledge integration through collaboration among key security actors. In particular:

- We proposed TRNGs designs with provable entropy guarantees and robustness to physical attacks, paving the way for more robust products and lower cost security certification. We discussed about the AIS20/31 with the BSI and participated to the second NIST RBG workshop, providing feedback on the draft and influencing the content of the final NIST SP800-90B TRNG specification.

- By researching and proposing an approach similar to AIS31 for PUFs we hope to have shown the way forward for tackling the challenges related to PUF-security specification and assessment.

- Through our contributions on sponges, Authenticated-Encryption schemes and to the CAESAR competition we hope to have contributed to what could become tomorrow’s hardware-friendlier, easier-to-secure (side-channels) and more-hardware-efficient cryptography standards.

Adoptions (over time) of HECTOR technologies into partner products should provide a first way to propagate the benefits to a wide range of applications and actors of the partner’s respective value chains. For example HECTOR’s pre-evaluated, AIS31-compliant TRNGs are already being adopted by two commercial members of the consortium, for the benefit and improved protection of their respective customers and end-users.

Dissemination of HECTOR results through teaching, publications and other dissemination events and through inputs to standardization will broaden the propagation of those benefits beyond the project’s commercial partners’ respective value chains.