Skip to main content
SpringerLink
Log in

Tight-ES-TRNG: Improved Construction and Robustness Analysis

  • Original Research
  • Published:
SN Computer Science Aims and scope Submit manuscript

Abstract

Recently in CHES-2018 Yang et al. demonstrated a very low cost and high performance true random number generator (TRNG) dubbed ES-TRNG. The main novelty of this class of TRNGs is in the methodology of extracting entropy from the accumulated phase jitter, i.e., by using a mechanism of repeatedly sample high-speed clock-edges with high resolution. In this manuscript, we demonstrate how it is possible to increase the number of edges in a cycle (with a very low cost) such that edges accommodate more and more from the full distribution of the phase jitter (this is where the “tightness” is coming from). By utilizing this mechanism we are able to reduce the number of required “repeated samples” (as compared to the ES-TRNG) and to substantially increase the achievable entropy level. We show how it is possible to fine-grain balance the implemented Ring-Oscillators (ROs) periods on FPGAs by using specialized constraints, such as controlling LUTs inputs and distance between elements. We evaluate the validity of our design with the NIST SP800-90B entropy evaluation suite and support the results with a stochastic model which augments the model of Yang et al. to take into account our new design characteristics. The proposed design is able to achieve 5.6 Mbps with an estimated (worst-case) min-entropy level of 0.88 bits—without post-processing (on the raw samples). On the same platform and under the same conditions (i.e. without post-processing), the ES-TRNG was able to maximally produce 1.6 Mbps with min-entropy of 0.5. The manuscript is concluded with a cautionary note and robustness analysis of this class of TRNGs. We demonstrate how dangerous is the affect of parameters such as the external temperature, slow drifts in the power supply voltage, and transient noise (due to logic activity). In essence, we show how small drifts in these parameters concretely reduce both efficiency and the estimated min-entropy levels of the TRNG.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

Notes

  1. We interchangeably use the terms clock and oscillator where the intention is clear from the context.

  2. The ‘real’ shift is of T02 in [s]. In practice, we are only interested in its effect on \(\mu _i\) which is ((T02/T01)-\(\lfloor\)(T02/T01)\(\rfloor\))\(\cdot\)T01. However, for simplicity we keep the notation of T02/T01 similar to [15].

  3. However, it also induces tight timing margins, which under environmental changes should be maintained—see the cautionary-note in “Temperature Dependence” and “External Voltage Dependence—Low and High Frequency Noise”.

  4. Though, more variables do exist and they relate to the adversarial set of assumptions and the security model, e.g. the clock frequency.

  5. In fact, all have been implemented on a Xilinx Spartan-6 device.

References

  1. Parker RJ. Entropy justification for metastability based nondeterministic random bit generator. In 2017 IEEE 2nd International Verification and Security Workshop (IVSW), pp 25–30. IEEE, 2017.

  2. Vasyltsov I, Hambardzumyan E, Kim Y-S, and Karpinskyy B. Fast digital TRNG based on metastable ring oscillator. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 2008, pp 164–80.

  3. Suresh VB and Burleson WP. Entropy extraction in metastability-based TRNG. In 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 135–40. IEEE, 2010.

  4. Wieczorek PZ, Gołofit K. Dual-metastability time-competitive true random number generator. IEEE Trans Circ Syst I Regul Pap. 2014;61(1):134–45.

    Article  Google Scholar 

  5. Tokunaga C, Blaauw D, Mudge T. True random number generator with a metastability-based quality control. IEEE J Solid-State Circ. 2008;43(1):78–85.

    Article  Google Scholar 

  6. Srinivasan S, Mathew S, Ramanarayanan R, Sheikh F, Anders M, Kaul H, Erraguntla V, Krishnamurthy R, and Taylor G. 2.4 GHz 7mW all-digital PVT-variation tolerant true random number generator in 45 nm CMOS. In 2010 Symposium on VLSI Circuits, pp. 203–4. IEEE, 2010.

  7. Mathew SK, Johnston D, Satpathy S, Suresh V, Newman P, Anders MA, Kaul H, Agarwal A, Hsu SK, Chen G, et al. \(\mu\) RNG: a 300–950 mV, 323 Gbps/W All-Digital full-entropy true random number generator in 14 nm FinFET CMOS. IEEE J Solid-State Circ. 2016;51(7):1695–704.

    Article  Google Scholar 

  8. Bucci M and Luzzi R. Design of testable random bit generators. In International Workshop on Cryptographic Hardware and Embedded Systems, pp. 147–156. Springer, 2005.

  9. Sunar B, Martin WJ, Stinson DR. A provably secure true random number generator with built-in tolerance to active attacks. IEEE Trans Comput. 2007;56(1):109–19.

    Article  MathSciNet  Google Scholar 

  10. Wold K and Petrović S. Behavioral model of TRNG based on oscillator rings implemented in FPGA. In 14th IEEE international symposium on design and diagnostics of electronic circuits and systems, pages 163–6. IEEE, 2011.

  11. Haddad P, Fischer V, Bernard F, and Nicolai J. A physical approach for stochastic modeling of TERO-based TRNG. In: International workshop on cryptographic hardware and embedded systems, pp. 357–72. Springer, 2015.

  12. Callegari S, Rovatti R, Setti G. Embeddable ADC-based true random number generator for cryptographic applications exploiting nonlinear signal processing and chaos. IEEE Trans Signal Process. 2005;53(2):793–805.

    Article  MathSciNet  Google Scholar 

  13. Cherkaoui A, Fischer V, Fesquet L, and Aubert A. A very high speed true random number generator with entropy assessment. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 179–96. Springer, 2013.

  14. Fischer V and Drutarovskỳ M. True random number generator embedded in reconfigurable hardware. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 415–30. Springer, 2002.

  15. Yang B, Rožic V, Grujic M, Mentens N, and Verbauwhede I. ES-TRNG: a high-throughput, low-area true random number generator based on edge sampling. IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 267–92, 2018.

  16. Cassiers G, Grégoire B, Levi I, Standaert F-X. Hardware private circuits: from trivial composition to full verification. IEEE Trans Comput. 2020;70(10):1677–90.

    Article  MathSciNet  Google Scholar 

  17. Salomon D and Levi I. On the performance gap of a generic C optimized assembler and wide vector extensions for masked software with an ascon-\(\{\)\(\backslash\)it \(\{\)p\(\}\) test case. Cryptology ePrint Archive, 2022.

  18. Levi I, Bellizia D, Bol D, Standaert F-X. Ask less, get more: side-channel signal hiding, revisited. IEEE Trans Circ Syst I Regul Pap. 2020;67(12):4904–17.

    Article  Google Scholar 

  19. Levi I, Bellizia D, Standaert F-X. Beyond algorithmic noise or how to shuffle parallel implementations? Int J Circ Theory Appl. 2020;48(5):674–95.

    Article  Google Scholar 

  20. Bilgin B, De Meyer L, Duval S, Levi I, Standaert F-X. Low AND depth and efficient inverses: a guide on s-boxes for low-latency masking. IACR Trans Symmetric Cryptol. 2020;2020(1):144–84.

    Article  Google Scholar 

  21. Turan MS, Barker E, Kelsey J, McKay KA, Baish ML, Boyle M. Recommendation for the entropy sources used for random bit generation. NIST Special Public. 2018;800:90B.

    Google Scholar 

  22. Klein N, Harel E, Levi I. The cost of a true random bit-on the electronic cost gain of ASIC time-domain-based TRNGs. Cryptography. 2021;5(3):25.

    Article  Google Scholar 

  23. Xilinx. Constraints guide, UG625 (v. 14.5). 1 April 2013.

  24. Petura O, Mureddu U, Bochard N, Fischer V, and Bossuet L. A survey of AIS-20/31 compliant TRNG cores suitable for FPGA devices. In 2016 26th international conference on field programmable logic and applications (FPL), pp. 1–10. IEEE, 2016.

  25. Yang B, Rožić V, Mentens N, Dehaene W, and Verbauwhede I. TOTAL: TRNG on-the-fly testing for attack detection using lightweight hardware. In: Proceedings of the 2016 Conference on Design, Automation & Test in Europe, pp. 127–32. EDA Consortium, 2016.

  26. Grujić M, Rožić V, Yang B, and Verbauwhede I. A closer look at the delay-chain based TRNG. In 2018 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1–5. IEEE, 2018.

  27. Yang B, Rožić V, Grujić M, Mentens N, and Verbauwhede I. On-chip jitter measurement for true random number generators. In: 2017 Asian hardware oriented security and trust symposium (AsianHOST), pp. 91–96. IEEE, 2017.

  28. Guntur H, Ishii J, and Satoh A. Side-channel attack user reference architecture board SAKURA-G. In: 2014 IEEE 3rd global conference on consumer electronics (GCCE), pp. 271–4. IEEE, 2014.

  29. Dichtl M. Bad and Good ways of post-processing biased random numbers.

  30. Baudet M, Lubicz D, Micolod J, Tassiaux A. On the security of oscillator-based random number generators. J Cryptol. 2011;24(2):398–425.

    Article  MathSciNet  Google Scholar 

  31. Kohlbrenner P and Gaj K. An embedded true random number generator for FPGAs. In: Proceedings of the 2004 ACM/SIGDA 12th international symposium on Field programmable gate arrays, pp. 71–8. ACM, 2004.

  32. Bernard F, Fischer V, Valtchanov B. Mathematical model of physical RNGs based on coherent sampling. Tatra Mt Math Publ. 2010;45(1):1–14.

    MathSciNet  MATH  Google Scholar 

  33. Varchola M and Drutarovsky M. New high entropy element for FPGA based true random number generators. In: International workshop on cryptographic hardware and embedded systems, pp. 351–65. Springer, 2010.

  34. Yang K, Blaauw D, and Sylvester D. A robust -40 to 120\(^\circ\)C all-digital true random number generator in 40 nm CMOS. In: 2015 Symposium on VLSI Circuits (VLSI Circuits), pp. C248–9. IEEE, 2015.

  35. Yang K, Fick D, Henry MB, Lee Y, Blaauw D, and Sylvester D. 16.3 A 23Mb/s 23pJ/b fully synthesized true-random-number generator in 28 nm and 65 nm CMOS. In: 2014 IEEE international solid-state circuits conference digest of technical papers (ISSCC), pp. 280–1. IEEE, 2014.

  36. Kim E, Lee M, and Kim J-J. 8.2 8Mb/s 28Mb/mJ robust true-random-number generator 65nm CMOS based on differential ring oscillator with feedback resistors. In: 2017 IEEE international solid-state circuits conference (ISSCC), pp. 144–5. IEEE, 2017.

Download references

Funding

This research was supported by H2020 European Research Council (Grant 724725) and Israel Science Foundation (ISF) (Grant 2569/21).

Author information

Authors and Affiliations

  1. Bar-Ilan University, Ramat Gan, Israel

    Itamar Levi

  2. Université catholique de Louvain, Ottignies-Louvain-la-Neuve, Belgium

    Davide Bellizia & François-Xavier Standaert

Authors
  1. Itamar Levi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Davide Bellizia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Itamar Levi.

Ethics declarations

Conflict of Interest

On behalf of all authors, the corresponding author states that there are no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix A: Additional Results and Illustrations

Appendix A: Additional Results and Illustrations

In this Appendix we give one example for the SP 800-90B i.i.d-track sequential test results which process \(1\cdot 10^6\) raw samples from the Tight-ES-TRNG in nominal conditions (as referenced in the manuscript). As discussed above, for each experimental point {voltage, noise-level, temperature, \(t_A\)} etc. up to 10 similar experiments were performed and the reports on the figures in the manuscript represent the worst (min) entropy levels. In addition, we provide here Fig. 16 which illustrate the timing diagram of the different control signals in the design (as discussed in “Tight-ES-TRNG—Simple Structure and Intuition”).

Table 3 An exemplary SP 800-90B suite results i.i.d-track sequential test over a sequence of 1\(\cdot 10^6\) binary elements
Full size table
Fig. 16
figure 16

Control circuitry illustrative timing-diagram

Full size image

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Levi, I., Bellizia, D. & Standaert, FX. Tight-ES-TRNG: Improved Construction and Robustness Analysis. SN COMPUT. SCI. 3, 321 (2022). https://doi.org/10.1007/s42979-022-01219-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s42979-022-01219-5

Keywords

Search

Navigation