ABSTRACT. Random number generators represent one of basic cryptographic primitives used in creating cryptographic protocols. Their security evaluation represents very important part in the design, implementation and employment phase of the generator. One of important security requirements is the existence of a mathematical model describing the physical noise source and the statistical properties of the digitized noise derived from it. The aim of this paper is to propose the model of a class of generators using two jittery clocks with rationally related frequencies. The clock signals with related frequencies can be obtained using phase-locked loops, delay-locked loops or ring oscillators with adjusted oscillation periods. The proposed mathematical model is used to provide entropy per bit estimators and expected bias on the generated sequence. The model is validated by hardware experiments.
Introduction
Random number generators (RNGs) represent one of the basic cryptographic primitives used in creating cryptographic protocols. Their applications include the generation of cryptographic keys, initialization vectors, challenges, nonces and padding values, and also the implementation of counter-measures against side-channel attacks, etc. Depending on the intended security level, RNGs aimed at cryptographic applications must fulfill several security requirements, but first of all, their output values must have good statistical properties and be unpredictable. While deterministic (or pseudo-random) RNGs can easily fulfill the first condition, their output can be guessed with a non negligible probability because of an existing underlying algorithm. This is the reason why such a generator must be cryptographically strong and initialized by a truly random seed. On the other side, physical (or true-random) RNGs use some uncontrollable physical phenomena and generated numbers are unpredictable, but their statistical parameters are very often insufficient and have to be enhanced by post-processing.
Recently, a very frequent requirement in RNGs design refers to their feasibility in logic devices, such as Application Specific Integrated Circuits (ASICs) or Field Programmable Logic Devices (FPGAs). Because of the nature of these devices, only limited inherent sources of randomness are available. Most generators use the timing jitter of the clock signal generated in free-running oscillators [1] , [2] , [3] , [4] , while others use the tracking jitter of phase-locked loops (PLLs) [5] , [6] or metastability [7] , [8] .
Security evaluation represents a very important part in the RNG design and applications [9] , [10] . One important requirement in RNG security evaluation is the existence of a mathematical model of the physical noise source and the statistical properties of the digitized noise derived from it [9] . In [11] , K i l l m a n n and S c h i n d l e r have developed a model for the physical RNG using a pair of noisy diodes. However, it is not directly applicable to generators employing jittery clock signal especially generators based on coherent sampling. The aim of this paper is to give a mathematical model of a class of RNGs that use two noisy clocks with rationally related frequencies. Such signals can be obtained using PLLs, Delay-locked loops (DLLs) or ring oscillators with adjusted oscillation periods. The proposed mathematical model is used to estimate the expected entropy per bit of the randomness source and to compute the bias on the generated sequence. The model is validated by hardware experiments.
The paper has the following structure: Section 2 presents mathematical modeling of physical RNGs based on the coherent sampling using two related-frequency signals. In Section 3, entropy per bit estimators of the randomness source are given and the expected bias is computed thanks to the model. Finally, Section 4 concludes the paper.
RNG based on the coherent sampling

Sampling
The general principle of the RNG based on the sampling of a jittery clock is presented in Figure 1 . At least one jittery clock signal clj having a T clj period is sampled using a synchronous or asynchronous flip-flop at instants defined by a reference clock signal clk having a T clk period.
The sampling process produces the 'das' (digitized analog signal) random numbers, which can be post processed to finally give internal random numbers [10] . In this paper, we focus on the randomness extraction process, which generates das random numbers and determines the level of entropy included in the generated numbers. The objective is to characterize the entropy in relationship with the source of randomness and the randomness extraction in order to maximize it. If the obtained entropy is high enough, the post-processing of the das signal is not necessary (but still possible). For this reason, post-processing is not considered in this paper. 
Coherent sampling
Coherent sampling is a well-known technique to capture repetitive signals at finer time intervals than a sampling clock cycle time and it is widely used to implement waveform measurement with high time resolution. More precisely, coherent sampling is defined as follows:
Ò Ø ÓÒ 1 (Coherent sampling)º Coherent sampling refers to a rational relationship between input sampled signal with frequency f clj , sampling signal with frequency f clk , number of cycles of a sampled signal, N cyc , and number of samples, M samp , such as
Remark 1º
Even if coherent sampling is defined for arbitrary values of N cyc and M samp it is recommended to choose them relatively high and coprimes in order to have the highest repetition period of samples or in other words the highest resolution of the sampled signal. In the following, we will only consider coherent sampling when N cyc and M samp are coprimes.
One of the way to guarantee this relationship in electronic devices is to employ the PLL as clock generator of one or both related clocks. Indeed, the PLL provides two positive integer coefficients, a multiplicative one K M and a dividing one K D such as
where f out is the frequency of the output signal from the PLL and f in is the frequency of the input signal of the PLL.
The principle of the RNG based on coherent sampling using PLL is presented in Figure 2 . The jittery clock signal clj having a T clj period is sampled (using a synchronous or asynchronous flip-flop) by a signal clk having a T period, while both signal frequencies are mutually related thanks to the use of PLLs as given above. The clk signal can be produced by a quartz or another PLL. The decimator employed in the generator has to be included in the stochastic model, as it is used to extract randomness. The decimator process consists in a XOR operation of the K D bits sampled. The result of this operation is one bit from which we want to estimate the entropy. 
Mathematical Model
First, we suppose that both clj and clk signals are ideal. That means related frequencies/periods are constant and signals do not contain any randomness.
In reality signals are seen as random variables with given distributions described with a mean and a variance. The ideal behavior is important because it corresponds to the description of the mean of these random variables.
Ideal behavior
is defined to be a continuous function of time t expressing the phase of the clj signal at time t.
The clj signal is sampled with the clk signal every T clk seconds. Samples are obtained at discrete moment of time: i × T clk with i ∈ N. Ò Ø ÓÒ 3 (Samples)º Let i ∈ N, we define ϕ i the phase of the signal clj at 
and
In the case of coherent sampling, frequencies f clj and f clk are rationally related: there exist two co-prime positive integers K M and K D such that
is sufficiently high, the set {ϕ i } i∈{0,...K D −1} allows to rebuild the shape of clj signal.
Based on these definitions, Figure 3 presents an example of such a coherent sampling.
Then following Proposition 1, we have: ÈÖÓÔÓ× Ø ÓÒ 2 (Ideal behavior of coherent sampling)º
and Figure 3 . Ideal clock sampling example with rationally related frequencies.
From Equation (4), it is easy to get all informations needed to characterize the output of the RNG (e.g., number of bits equal to one per period T Q , since if it is odd (or even), the bit after the decimation process is 1 (or 0 ), . . . ).
Behavior with timing jitter
In electronic devices, signals are not ideal because of electronic noise. They contain randomness that can be expressed in the frequency domain as a phase noise or in the time domain as the timing jitter.
Ò Ø ÓÒ 5 (Timing jitter)º Let n be a positive integer. The timing jitter δ n is the timing deviation of a rising edge that appears at time t n from its ideal position n × T 0 where T 0 is the ideal constant period of the signal:
Each signal (clj or clk) contains its own absolute timing jitter. But in reality, when sampling clj with clk, we measure the relative timing jitter.
Ò Ø ÓÒ 6 (Relative timing jitter)º The relative timing jitter is obtained when supposing that the reference clock signal is jitter-free and the sampled clock clj is the only jittery clock containing both clj and clk absolute jitter contributions.
Therefore signal clk has a constant period T clk and signal clj has a period which is considered to be a random variable T j with mean T clj and variance σ 2 j . Remark 2º It is not necessary to know precisely the law of T j since we just need the mean and the variance of this random variable.
Describing the ith sample as it is done in equation (3) makes no sense because the operation mod T clj supposes T clj to be constant which is no longer the case. Instead, we use cumulative sums of realizations of T j : Ò Ø ÓÒ 7 (Cumulative sums)º Let i ∈ N, and let {T j 1 , . . . , T j i } be a set of i independent realizations of the random variable T j . The cumulative sum of these realizations, denoted T j acc (i) is defined as:
The following proposition gives the expression of ϕ i .
ÈÖÓÔÓ× Ø ÓÒ 3 (Relative timing jitter behavior)º Let i ∈ N and let
Then
The value of T j acc (m) is not precisely known because it depends on the relative timing jitter between signals clk and clj. In other words,
where δ m has a mean 0 and a variance σ 
Behavior in the special case of the coherent sampling
It can be seen in Figure 3 that successive samples are not sorted in an increasing order. In [12] , a reorganization of these samples is proposed when K M and K D are co-primes. The reorganization is given with the formula
K M and K D are co-primes so this application is bijective. Then the reciprocal transformation is
and we have:
The first (i ≥ 1) sample after the reorganization is defined to be the closest one to the initial phase ϕ 0 = ϕ i(0) and following samples are sorted in an increasing order. This allows to get a reconstruction of the T clj period. The expression of ϕ i as a random variable can also be simplified as it is shown in the following proposition. 
ÈÖÓÔÓ× Ø ÓÒ
We should distinguish between two cases:
The difference modulo K D between i(j + 1) and i(j) is the general case.
With the presented model of the random variable ϕ i(j) , we are now able to give the probability for each sample to be at logic level '1'. Let us denote by X i(j) the random variable with values in {0, 1}, that determines the logical level of the sampled bit at time ϕ 0 + i(j) × T clk .
Even if the mean of ϕ i(j) is in the interval [0, T clj [, the influence of the σ ind(i(j)) jitter can make a realization of this random variable to be < 0 or > T clj . For this reason, the probability to sample a 1 is given by
Remark 3º
The condition ϕ i(j) < 3
T clj 2 should normally be true most of the time because σ ind(i(j)) << T clj 2 . This is what we suppose in the following, therefore
And we have the following proposition:
ÈÖÓÔÓ× Ø ÓÒ 5 (Probability to sample a '1' in a coherent sampling)º
Application: Entropy estimators and bias for the TRNG based on coherent sampling
In the previous section, we did not need to know the law of the random variable ϕ i(j) . In the following, one has to know what is the probability distribution of the random variable. In order to model the generator behavior, designers have to investigate and to model the source of the electronic noise (law, mean, variance) inside electronic devices before employing it.
In general, it is a difficult problem, however, it is assumed that in electronic devices many independent perturbations contribute to the noise. According to the central limit theorem, many researchers assume that the source of randomness should follow a normal distribution.
To show the validity of our model, we apply this assumption on the TRNG principle based on PLLs proposed in [5] .
PLL based TRNG
The principle was presented in Figure 2 . Due to phase locking, the clock jitter of T j acc (m), ∀ m ∈ N is supposed to be constant and equals to the clock jitter obtained in one period T j .
Using results of Section 2 and the normal distribution of the electronic noise, we can claim that ϕ i(j) is a random variable following a normal distribution with mean
Then, according to equation (12) , the probability to sample a 1 is given by
FLORENT BERNARD -VIKTOR FISCHER -BOYAN VALTCHANOV Using equation (13), we plot for each sample in one period T Q the point i(j), P (X i(j) = 1 ) . Then, according to our mathematical model, we can rebuild the "ideal" period T clj as it is shown in Figure 4 for parameters K D = 203 and K M = 260. Figure 5 represents the reconstruction of the T clj period from real hardware-the FPGA device. 1 We can see that the reality is sufficiently well described by our mathematical model. After the validation of the model, we can use it to compute the entropy per bit and the bias at the generator output, depending on the standard deviation σ j of the clock jitter.
Bias and entropy
Following the decimation process, the output bit B out is defined as follows.
Ò Ø ÓÒ 8 (Output bit for one period T Q )º
The probability that B out = 1 is given by
The proof of this result, based on the independence of random variables {X i } i , can be found in [13] . The independence of {X i } i is derived from the independence of electronic noise realizations inside the chip. If the output bits B out were unbiased,
Thus, according to equation (14), the bias is defined as follows:
The entropy of the output bit B out is defined as usually.
Ò Ø ÓÒ 10 (Entropy)º
Then using our model, it is possible to plot the bias ( Figure 6 ) and the entropy (Figure 7 ) of the output bit B out , depending on the value of the clock jitter σ j . These plots are very interesting because they can be used to derive what is the value of the jitter that is needed to obtain a sufficiently low bias and sufficiently high entropy value (close to one) for B out at the output.
Example. For example, if we want the entropy to be greater than 0.999 and the bias lower than 0.001, the clock jitter must be greater than 80 ps as it can be seen in Figure 8 and 9.
Conclusion
Security evaluation of physical RNGs is a difficult and important task. Statistical tests are definitely not absolute criteria for their evaluation. For this reason, a mathematical characterization of the generator principle including randomness extraction (e.g., decimation process) must be done during the RGN evaluation process. The main contribution of this paper is the proposal of a statistical model of the RNG using two jittery clocks with rationally related frequencies describing random number generators based on coherent sampling. One of the way to guarantee the clock relationship is to use PLLs in hardware. They have some useful properties simplifying the mathematical model (rational related frequencies, phase locking, limited jitter accumulation. . . ). The proposed model is validated by a hardware implementation. Finally, it is used to estimate the entropy per bit and the bias of the output bit-stream depending on the clock jitter value. This relationship can be used for tuning the parameters of the generator and estimating its robustness against manipulations and attacks.
