gomti: A collection of PLL-based RNG configurations and implementations

							  2023-02-21
							Niibe Yutaka
							Gomti Project

Gomti
=====

Gomti is a collection of configurations and implementations to build a
PLL-based true random number generater (TRNG).

The name "gomti" is an acronym to remember the first part of this
conversation:

	Gen1: One man's trash is...
	Gen2: ... another man's treasure.


Structure of PLL-based TRNG and Its Mathmatical Model
=====================================================

It uses two clocks with rationally related frequencies to generate
random numbers.


     +----+  CLJ  +-----------+
     |Gen1|------>|           |        +-----------------+
     +----+       |           |        |                 | Random numbers
                  |  Sampler  |------->| Post-processing |-------------->
     +----+  CLK  |           |        |                 |
     |Gen2|------>|           |        +-----------------+
     +----+       +-----------+


Generation Speed
================

With common FPGA with common clock setting, the generation speed is
typically like 0.3 to 1.2, in 1000000 bit per second.  Roughly, it's
about 35 KiByte/second to 140 KiByte/second.


Hardware for use
================

FPGA
----

- iCE40 HX8K

- Gowin GW1NR-9/C


Target Boards
-------------

- Alchitry Cu

- iCE40 HX8K Breakout Board

- TEC0117

- SiPeed Tang Nano 9K


Tools
=====

We use free tools;  That is, Yosys and its friends.
For iCE40: Nextpnr-ice40 and icepack.
For GW1NR-9/C: Nextpnr-gowin and gowin_pack.

To test output of RNG, we use the tools from NIST for entropy
assessment (SP800-90B).


License
=======

It is distributed under GNU General Public Licence version 3 or later
(GPLv3+), with additional permission.  Please see COPYING and
EXCEPTION.  EXCEPTION is for convenience when you distribute hardware
using Gomti.

For people (human being) who need, it is also distributed under CC0
1.0 Universal (CC0 1.0).  Please see CC0-1.0.

Code has SPDX-License-Identifier as GPLv3+.  This means that, it is
not intended to be used by any automatic mechanism as public domain,
but anyone can use it freely and enjoy sharing under GPLv3+ or
CC0-1.0.


Release Notes (2023-02-21)
==========================

Two configurations are ready for use (for iCE40):

	240-127-112
	240-127-120

Go to the directory and run the script:

	gomti-240-127-112-uart-alchitry_cu.sh
or

	gomti-240-127-120-uart-alchitry_cu.sh

Then, a bitstream for the FPGA is built.  Flash the bitstream to the
FPGA, then, random number is generated.  With the Alchitry Cu board,
the generated signal can be available by its USB-to-serial interface
(something like /dev/ttyUSB1) on a host PC.

Please note that the build process for "place and route" itself uses
randomness, and it's good to select better result among several
builds.


Future Works
============

Lower-level Analysis and Curated Bitstream
------------------------------------------

You can observe that a bitstream works well on an instance of FPGA,
but not on another.  Given the FPGA chip, it's best if we can find a
bitstream which works among multiple (ideally, most/all) instances
of that FPGA.

Further research is needed to figure out the factors which matter as
RNG, so that we can control its quality better.


As RNG device design
--------------------

- Adding asynchronous FIFO

- Adding Health Tests

- Adding USB function implementation, so that no external USB-to-serial
  chip is needed.

- Adding Cryptographic Conditioning Component


Device to use
-------------

- Design a PCB with FPGA, to make an out-of-box device (instead of
  eval boards), something like TinyFPGA.

- Design a silicon (an ASIC), to make a chip

  - PLL design

  - Possibly SKY130/SKY90?


Footnote
========

Gomti Chakra looks like the Debian logo, but that's a coincidence.
~gniibe/gomti
