Development of the RISC-V entropy source interface

Source: Journal of Cryptographic Engineering (2022)
Authors: Markku-Juhani O. Saarinen (PQShield), Ben Marshall (PQShield), G. Richard Newell

Abstract

The RISC-V true random number generator (TRNG) architecture breaks with previous ISA TRNG practice by splitting the entropy source (ES) component away from cryptographic DRBGs into a separate privileged interface, and in its use of polling. The modular approach is suitable for the RISC-V hardware IP ecosystem, allows a significantly smaller implementation footprint on platforms that need it, while directly supporting current standards compliance testing methods. We describe the interface, its use in cryptography, and offer additional discussion, background, and rationale for various aspects of it. The design was informed by lessons learned from earlier mainstream ISAs, recently introduced SP 800-90B and FIPS 140-3 entropy audit requirements, AIS 31 and common criteria, current and emerging cryptographic needs such as post-quantum cryptography, and the goal of supporting a wide variety of RISC-V implementations and applications. Many of the architectural choices result from quantitative observations about random number generators in secure microcontrollers, the Linux kernel, and cryptographic libraries.