Microchip’s new RNG90 provides a cost-effective, ready-to-use, stand-alone random number generator IC device for systems requiring FIPS 140 certification.
How Does an RNG Work?
Random Number Generators (RNGs) do exactly what you think: generate a sequence of random numbers—created from an algorithm—that can be used as secure keys for cryptographic operation purposes. To be truly effective, especially in security applications, an RNG must have a high level of entropy. This means the generated numbers have a high level of uncertainty or randomness which makes the sequence nearly impossible to predict.
As with most things, there are federal guidelines and certifications in place to regulate RNG entropy. Because not every random number is random enough, FIPS 140-2 or FIPS 140-3 certification is required to prove the entropy quality of your system.
Where Are FIPS Required?
The Federal Information Processing Standards (FIPS) publications 140-2 and 140-3 are national, government standards that outline the security requirements used to validate cryptographic modules. These standards must be met for products to be certified under the Cryptographic Module Validation Program (CMVP). This designation is critically important for defense products, data centers and some automotive applications.
Part of the process to secure FIPS 140 validation is to go through an accredited Cryptographic Security Testing Laboratory to obtain a public Entropy Source Test Validation System (ESTVS) certification verifying conformance to National Institute of Standards and Technology (NIST) SP800-90.
This is a long and consequently costly process, including a lot of paperwork, NDA contracts and the potential for certification failure, which extends the process even more.
Microchip’s new Random Number Generator 90 (RNG90) eases those pain points by providing a cost-effective, ready-to-use, stand-alone RNG IC device. The RNG90 can reduce the ESTVS process time by about 20% as a ready-to-use, compliant solution. Our device meets the design principles and requirements for the entropy sources used by random-bit generators and the test validations of such as SP800-90 A/B/C as well as the ESTVS. Risk is also reduced as the RNG90 is specifically designed to help pass FIPS certifications. Once an entropy source has been validated, it will now be allowed to be used by end systems without each end system having to recertify the entropy source. This will help to reduce the certification time of a system and improve the overall time to market. Microchip is committed to making security more accessible to everyone. As standards evolve, so do our products. With the RNG90, we identified a need for a simple random generator device for systems requiring FIPS 140 certification and found an efficient way to meet that need.
To learn more about the RNG90 or Microchip’s full portfolio of security products visit our embedded security web page.
Xavier Bignalet, Jun 29, 2023