How generate REAL random number using STM32 MCU?

c++ random embedded microcontroller stm32
21,442

Solution 1

As pointed out, the chip does not have a hardware RNG.

But you can roll your own. The usual approach is to measure jitter between INDEPENDENT clocks. Independent means that the two clocks are backed by different christals or RC-oscillators and not derived from the same.

I would use:

  • SysTick timer / counter derived from system clock (MHz range)
  • One of the kHz-range RC oscillators

Set up a counter on the kHz-range RC oscillator to give you an interrupt several times a second. In the interrupt handler you read the current value of the SysTick counter. Whether or not SysTick is used for other purposes (scheduling), the lower 5 or so bits are by all means unpredictable.

For getting random numbers out of this, use a normal pseudo RNG. Use the entropy gathered above to unpredictably mutate the internal state of the pseudo RNG. For key generation, don't read all the bits at once but allow for a couple of mutations to happen.

Attacks against this are obvious: If the attacker can measure or control the kHz-range RC oscillator up to MHz precision, the randomness goes away. If you are worried about that, use a smart card or other security co-processor.

Solution 2

This is an old question I just ran across, but I want to answer because I don't find the other answers satisfying.

"I need random numbers for RSA key generation."

This means that a PRNG routine (too often erroneously called RNG, a pet peeve of mine) is UNACCEPTABLE and will not provide the security desired.

An external true RNG is acceptable, but the most elegant answer is to change over to an STM32F2xx or STM32F4xx microcontroller which DOES have a built-in TRUE random number generator, meant precisely for applications such as this. For development I suppose you could use thr F1 and any PRNG, but the temptation there would be "it works, let's ship it" before using a true RNG, shipping a faulty product when the RIGHT component (certainly the ST F4, and I think also the F2 chips have been around since before this question was asked) is available.

This answer may be unacceptable for non-technical reasons (the chip was already specified, the OP had no input to the features needed), but whoever chose the chip should have picked it based on what on-chip peripherals and features needed for the application.

Solution 3

F1 series does not seem to have RNG (hardware random number generator), so your only options are to use pseudo-randoms or ask external input (some consider e.g. human hand movement random). You often get better pseudo-randoms using some crypto library instead of standard C++ libraries.

Solution 4

There is another method I found and tested that works quite well. It can generate true random 32bit numbers, I never checked how fast it is, may take a few milliseconds per number. Here is how it goes:

  • Read the noisy internal temperature at the fastest speed possible to generate the most ADC noise
  • Run the values through the hardware CRC generator, available on most (all?) STM32 chips

Repeat a few times, I found 8 times gives pretty good randomness. I checked randomness by sorting the output values in ascending order and plotting them in excel, with good random numbers this generates a straight line, bad randomness or 'clumping' of certain numbers is immediately visible. Here is the the code for STM32F03:

uint32_t getTrueRandomNumber(void) {

ADC_InitTypeDef ADC_InitStructure;

//enable ADC1 clock
RCC_APB2PeriphClockCmd(RCC_APB2Periph_ADC1, ENABLE);

// Initialize ADC 14MHz RC
RCC_ADCCLKConfig(RCC_ADCCLK_HSI14);
RCC_HSI14Cmd(ENABLE);
while (!RCC_GetFlagStatus(RCC_FLAG_HSI14RDY))
    ;

ADC_DeInit(ADC1);
ADC_InitStructure.ADC_ContinuousConvMode = DISABLE;
ADC_InitStructure.ADC_DataAlign = ADC_DataAlign_Right;
ADC_InitStructure.ADC_Resolution = ADC_Resolution_12b;
ADC_InitStructure.ADC_ScanDirection = ADC_ScanDirection_Backward;
ADC_InitStructure.ADC_ExternalTrigConvEdge = ADC_ExternalTrigConvEdge_None;
ADC_InitStructure.ADC_ExternalTrigConv = ADC_ExternalTrigConv_T1_TRGO; //default
ADC_Init(ADC1, &ADC_InitStructure);

//enable internal channel
ADC_TempSensorCmd(ENABLE);

// Enable ADCperipheral
ADC_Cmd(ADC1, ENABLE);
while (ADC_GetFlagStatus(ADC1, ADC_FLAG_ADEN) == RESET)
    ;

ADC1->CHSELR = 0; //no channel selected
//Convert the ADC1 temperature sensor, user shortest sample time to generate most noise
ADC_ChannelConfig(ADC1, ADC_Channel_TempSensor, ADC_SampleTime_1_5Cycles);

// Enable CRC clock
RCC_AHBPeriphClockCmd(RCC_AHBPeriph_CRC, ENABLE);

uint8_t i;
for (i = 0; i < 8; i++) {
    //Start ADC1 Software Conversion
    ADC_StartOfConversion(ADC1);
    //wait for conversion complete
    while (!ADC_GetFlagStatus(ADC1, ADC_FLAG_EOC)) {
    }

    CRC_CalcCRC(ADC_GetConversionValue(ADC1));
    //clear EOC flag
    ADC_ClearFlag(ADC1, ADC_FLAG_EOC);
}

//disable ADC1 to save power
ADC_Cmd(ADC1, DISABLE);
RCC_APB2PeriphClockCmd(RCC_APB2Periph_ADC1, DISABLE);

return CRC_CalcCRC(0xBADA55E5);

}

Share:
21,442
Ehsan Khodarahmi
Author by

Ehsan Khodarahmi

^(C((\+\+)|#)?&amp;JAVA(SCRIPT)?&amp;PHP&amp;SOLIDITY(⬨)&amp;RUST)(?=(enthusiast&amp;developer)) Co-funder, head of the board, and senior software engineer at Rahbord Rayaneh Rastak corporation.

Updated on October 12, 2020

Comments

  • Ehsan Khodarahmi
    Ehsan Khodarahmi over 3 years

    I'm working on a project with STM32F103E arm cortex-m3 MCU in keil microvision IDE.
    I need to generate random numbers for some purposes, but I don't want to use pseudo-random numbers which standard c++ libraries are generating, so I need a way to generate REAL random numbers using hardware features, but I don't know how I can do it.
    Any idea? (I'm a software engineer & not an electronic professional, so please describe it simple :P)

  • JimmyB
    JimmyB over 7 years
    Your approach is flawed. You cannot determine the quality of an entropy source (ADC) by looking at the output after whitening (CRC). Also, a simple histogram of the output values will only detect the most simple flaw in an RNG. The fact that you need 8 rounds to produce something that even looks random at the first glance indicates that you get very little entropy per ADC sample, if any. Hence, without further analysis, you cannot make any assumption about your RNG's entropy, and thus cannot use it for cryptographic key generation.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

STM32F103 microcontroller CAN messages
How to flash STM32 via Serial Port
RAM, Heap, and Stack memory for an STM32 board
FreeRTOS: osDelay vs HAL_delay
C++ for 8051 microcontroller?
std::mt19937 doesn't return random number
rand() generating same number upon compilation
Improving the quality of random number generation in Qt 5.3
C++ random number generation
Program with probability