TRNG added to quantum-derived side-channel protected PUF hardware IP block

Crypto Quantique, a provider of quantum-driven security for the IoT, has boosted the functionality of its semiconductor hardware security IP block, QDID, adding a TRNG to the PUF. The PUF is inherently resilient against side-channel attacks because the entropy source is quantum-derived, and seeds are read on demand.

The QDID PUF is a hardware silicon IP that harnesses quantum tunnelling current variations on a standard CMOS process as an entropy source. The PUF supplies multiple, internally generated, unclonable identities. These are consistent, device-specific outputs for a given input (challenge), making them appropriate for applications that require repeatable, unique identifiers or keys tied to a specific hardware instance.

The TRNG produces unlimited new, unpredictable random numbers each time it is used, which is crucial for many cryptographic operations that need fresh randomness. Examples are session keys for protocols like TLS/SSL and cryptographic protocols that need nonces or initialisation vectors.

In practice, many secure systems use PUFs and TRNGs together. For example, a PUF might generate a root key for a device, while a TRNG generates session keys or other ephemeral random values required during the device's operation.

QDID eradicates costly secret key injection processes. Identities and keys are not stored in memory, where they are vulnerable to side-channel attacks, and cannot be counterfeited, copied or hacked, even in a post-quantum era. As a result, QDID offers a secure foundation for a root of trust in any IoT device.

The QDID IP has passed CC EAL4+ tests following an independent third-party assessment provided by eShard. The assessment of EMI emissions of the IP proved that there is no correlation with either the tunnelling current variation as the source of entropy or the cryptographic secret keys generated in the semiconductor.

QDID has been verified for use with standard CMOS manufacturing processes at nodes from 55nm down to 12nm. It generates seeds of between 64 and 256 bits. At 22nm, it needs a silicon area of less than 0.15mm2 and is approved for use with TSMC, UMC and Global Foundries CMOS processes. Other certifications include NIST SP 800-22 verification for randomness and PSA Level 2 Ready.

Crypto Quantique's CEO, Shahram Mossayebi, commented: "Side-channel attacks continue to pose a growing threat to connected devices and IoT networks. The source of entropy is particularly vulnerable to such attacks yet is often neglected. The QDID PUF and TRNG provide the ultimate protection against such risks because of the unique characteristics of gate tunnelling as a source of entropy."