International Association for Cryptologic Research

International Association
for Cryptologic Research


Florent Bernard


Enhancing Quality and Security of the PLL-TRNG
Field Programmable Gate Arrays (FPGAs) are used more and more frequently to implement cryptographic systems, which need random number generators (RNGs) to be embedded in the same device. The main challenge related to the implementation of a generator running inside FPGAs is that the physical source of randomness, such as jittered clock generator, is implemented in the configurable logic area, i.e. in the close vicinity of noisy running algorithms, which can have significant impact on generated numbers or even serve to attack the generator. A possible approach to prevent such influence is the use of Phase-Lock Loops (PLLs), which are separated from the re-configurable logic area inside the FPGA chip. In this paper, we propose a new architecture of the PLL-based TRNG including a method to avoid correlation in the output through control of timing in the sampling process, as well as new embedded tests based on the enhanced stochastic model. We also propose a workflow to help find the best parameters, such as output bitrate and entropy rate. We show that bitrates of around 400 kb/s or more can be achieved, while guaranteeing min-entropy rates per bit higher than 0.98 as required by the latest security standards.
Low Cost and Precise Jitter Measurement Method for TRNG Entropy Assessment
Random number generators and specifically true random number generators (TRNGs) are essential in cryptography. TRNGs implemented in logic devices usually exploit the time instability of clock signals generated in freely running oscillators as source of randomness. To assess the performance and quality of oscillator-based TRNGs, accurate measurement of clock jitter originating from thermal noise is of paramount importance. We propose a novel jitter measurement method, in which the required jitter accumulation time can be reduced to around 100 reference clock periods. Reduction of the jitter accumulation time reduces the impact of the flicker noise on the measured jitter and increases the precision of the estimated contribution of thermal noise. In addition, the method can be easily embedded in logic devices. The fact that the jitter measurement can be placed in the same device as the TRNG is important since it can be used as a basis for efficient embedded statistical tests. In contrast to other methods, we propose a thorough theoretical analysis of the measurement error. This makes it possible to tune the parameters of the method to guarantee a relative error smaller than 12% even in the worst cases.
From Physical to Stochastic Modeling of a TERO-Based TRNG
Security in random number generation for cryptography is closely related to the entropy rate at the generator output. This rate has to be evaluated using an appropriate stochastic model. The stochastic model proposed in this paper is dedicated to the transition effect ring oscillator (TERO)-based true random number generator (TRNG) proposed by Varchola and Drutarovsky (in: Cryptographic hardware and embedded systems (CHES), 2010, Springer, 2010 ). The advantage and originality of this model are that it is derived from a physical model based on a detailed study and on the precise electrical description of the noisy physical phenomena that contribute to the generation of random numbers. We compare the proposed electrical description with data generated in two different technologies: TERO TRNG implementations in 40 and 28 nm CMOS ASICs. Our experimental results are in very good agreement with those obtained with both the physical model of TERO’s noisy behavior and the stochastic model of the TERO TRNG, which we also confirmed using the AIS 31 test suites.
Evaluation and Monitoring of Free Running Oscillators Serving as Source of Randomness
In this paper, we evaluate clock signals generated in ring oscillators and self-timed rings and the way their jitter can be transformed into random numbers. We show that counting the periods of the jittery clock signal produces random numbers of significantly better quality than the methods in which the jittery signal is simply sampled (the case in almost all current methods). Moreover, we use the counter values to characterize and continuously monitor the source of randomness. However, instead of using the widely used statistical variance, we propose to use Allan variance to do so. There are two main advantages: Allan variance is insensitive to low frequency noises such as flicker noise that are known to be autocorrelated and significantly less circuitry is required for its computation than that used to compute commonly used variance. We also show that it is essential to use a differential principle of randomness extraction from the jitter based on the use of two identical oscillators to avoid autocorrelations originating from external and internal global jitter sources and that this fact is valid for both kinds of rings. Last but not least, we propose a method of statistical testing based on high order Markov model to show the reduced dependencies when the proposed randomness extraction is applied.