Abstract-We describe a practical and efficient method to estimate the entropy rate of a TRNG based on free running oscillators that does not require outputting and analyzing the clock signals with external equipment. Rather it relies on very simple computations that can be embedded in any logic device such as FPGA or ASIC. The method can be used for the calibration of an oscillator based TRNG or for online certification of its entropy rate. Our approach, which is inspired by the coherent sampling method, works under the general assumption that the period jitter is small compared to the period of the generated clock signal. We show that, in this case, it is possible to measure the relative phase between clocks of two oscillators with far higher precision than the time resolution given by the period of any internal clock signal. We use this observation to recover, under some reasonable heuristics, the distribution of the random walk component of the jitter, from which it is possible to obtain a lower bound on the entropy rate of the TRNG. Our method was thoroughly tested in simulations and in hardware. At the end of the paper, we draw some conclusions and make recommendations for a reliable implementation of TRNGs in cryptographic applications.
INTRODUCTION
R ANDOM number generators (RNGs) are crucial components of cryptographic systems-typical applications include key generation, initialization vectors and even countermeasures against side-channel attacks. In addition to providing output bitstreams with good statistical properties, RNGs used for cryptographic applications must fulfill additional security requirements: they should be testable in real time and their security should be proved under thoroughly tested physical assumptions. In general, cryptographic RNGs comprise two stages: a true random number generator (TRNG in the following) that produces the entropy, and cryptographic post-processing, used to obtain a certain level of security even in the case of an undetected failure of the underlying TRNG (see [10] ). In this paper, we are only concerned by the TRNG part of a RNG.
For cryptographic applications, the security of a TRNG depends on its entropy rate (or min-entropy rate), which is the measure of unpredictability of the TRNG. The usual way to evaluate the security of a TRNG is to use a general purpose statistical test suite (see for instance [13] ). However, it is not possible to determine the entropy rate of a TRNG solely from knowledge of a long output sequence of the generator: the entropy rate has to be estimated using statistical model of the TRNG. The statistical model describes the distribution of the output sequence of a TRNG from knowledge of physical parameters. By approximating this distribution by a source of information, it is possible to recover the entropy rate of the TRNG.
A source of randomness commonly used in TRNGs implemented in logic devices such as field programmable gate arrays (FPGAs) and digital application specific integrated circuits (ASICs), is the instability of the signal propagation time across logic gates. This instability produces a jitter which is, by definition [11, p. 122 ], a short term deviation of a signal's transition time from its ideal position in time. This jitter is typically accumulated in so-called ring oscillators, which consist in a series of inverters or delay elements connected in a ring. The jitter can be extracted by means of a sampling unit, triggered by a reference clock, which can be an external clock signal or the output from another ring oscillator. This simple structure, which in this paper, we call an elementary true random number generator (elementary TRNG), and the underlying physical phenomena are widely reported in the literature, since the elementary TRNG is often used as a building block for on-chip TRNGs [3] , [4] , [15] . There are two classical ways to describe the jitter of a clock signal either as a edge-to-edge jitter or a edge-to-reference jitter: in the first approach, the edge timing is referenced to the preceding edge (period jitter) or to the Nth-preceding (N-period jitter), while in the other approach, the edge position is referenced to a separate reference signal (see [11, p. 127] ).
The jitter is a complex phenomenon that results from the superposition of different noise sources. Following [16] , it is important to distinguish the local component of the jitter, which is the entropy source of the TRNG, from the global deterministic noises, which can be manipulated from outside the device. But even the local component of the jitter is made of a combination of different types of noise with different statistical properties (see [14, p. 23] random walk phase noise. This statistical model has two parameters: the drift and the volatility parameters of the Wiener stochastic model. With knowledge of these two parameters, that characterize the random walk component of the jitter, it is possible to recover a lower bound on the entropy rate of an elementary generator. A usual way to characterize the jitter is to output the signal produced by the ring oscillator and to analyze it with an oscilloscope or a spectrum analyzer [11] . The problem with this technique is that it introduces extra jitter and distortions in the measured signal coming from the data acquisition chain. Moreover, it does not provide a simple method for quantifying parameters of individual chips on a production line or for checking the proper behavior of the circuitry when in operation. The purpose of this paper is to present a simple method, easy to implement, to measure the drift and volatility of the random walk component of the jitter of an elementary TRNG inside the chip.
Our method can be seen as a special purpose statistical test applied on the bitstream of an elementary TRNG (composed of two ring oscillators). Unlike other similar designs, we use TRNG with a high sampling frequency (i.e., comparable with the frequency of the sampled signal) and the statistical parameters of the generated bitstream are thus biased, since the variance of the jitter accumulated between two output bits is very small. We recover the statistical parameters of the source by analyzing the bias of the generated bitstream. Knowing these parameters, we can then compute a lower bound on the entropy rate of the source corresponding to the random walk component of the jitter. Using the lower bound on entropy rate and the statistical model in [1] , designers can set the frequency of the sampling clock in order to guarantee the required entropy rate at the TRNG output. Our technique is a simple extension of the classical design of an elementary TRNG. It can be easily implemented in FPGA and ASIC and used to calibrate an elementary TRNG or to implement efficient dedicated online tests (specific to the TRNG principle) as required by AIS31 [10] .
The paper is organized as follows: in Section 2, we detail the statistical parameters we want to measure. In Section 3, we analyze a simple intuitive method that can be used to measure them. We then explain why the results of this straightforward method are not completely satisfactory, in order to introduce more sophisticated approaches. In Section 4, we explain how to deduce the relative phase of a couple of oscillators from knowledge of the output sequence of an elementary TRNG. We use these results to present an algorithm aimed at computing statistical parameters of the jitter in Section 5. In Section 6 we present the experimental results and in Section 7 we describe some possible applications.
Notations used in the remainder of this paper. For all x 2 R and T 2 R, we let x mod T ¼ x À maxfi 2 Zjx À iT ! 0gT . For interval I and t 2 R, I þ t is the interval fx þ tjx 2 Ig. If I; J are intervals, I þ J is the interval [ t2J I þ t. We have to consider intervals that are invariant under translation by T 2 R. Thus, if I & R is an interval, we let
If I ¼ ½x; y is an interval, by convention, we set I ¼ ; if x > y, and we have the obvious extension for open or semi-open intervals. For x; y 2 R, we let dðx; yÞ T ¼ minðju À vj; u 2 x þ ZT; v 2 y þ ZT Þ be the distance modulo T .
THE PERIOD JITTER OF AN ELEMENTARY TRNG
We consider outputs of two oscillators O i for i ¼ 1; 2. They can be described by periodic functions of time t having the form
where f can be any real-valued function with period 1.
is the total phase of f and i ðtÞ is the phase shift due to the jitter. In the following, for a 2 ½0; 1Þ, we define f a as the unique real-valued oneperiodic function such that f a ðxÞ ¼ 1 for all 0 < x < a, f a ðxÞ ¼ 0 for a < x < 1, and f a ð0Þ ¼ f a ðaÞ ¼ 1=2. We use f a as a convenient model for the clock signal produced by a ring oscillator, which generally has imbalanced half periods (a 6 ¼ 1=2). The reason we chose 1=2 for the value of f a ð0Þ (rising edge of the clock signal) and f a ðaÞ (falling edge) is to be coherent with the notations of [1] but in fact, this is of little concern for the results presented in this paper. We do not consider amplitude fluctuations since, as explained in [11, p. 134] , their contribution to the jitter is negligible in the case of a clock signal. For i ¼ 1; 2, v i is the mean frequency of the signal s i ðtÞ and the function i ðtÞ models the absolute phase drift of this signal. Let T i ¼ 1=v i for i ¼ 1; 2 be the mean period of s i ðtÞ. An elementary TRNG is composed of two oscillators. The output of one is used to sample the output of the other by means of a sampling unit, for instance a D flip-flop (see Fig. 1 ). The frequency of the sampling oscillator is divided by D. The parameter D is very important since it makes it possible to reduce the sampling frequency and thus to accumulate the jitter for a longer time in order to increase the entropy rate of the output bit stream of the TRNG (while decreasing the bit rate). In the following, we assume that the output clock of oscillator O 1 is sampled at moments determined by the output of oscillator O 2 . As we are mainly concerned with the relative phase between O 1 and O 2 output clocks, we make the simplifying assumption that O 1 is a perfectly stable oscillator and that the whole phase drift of the elementary TRNG comes from O 2 so that we have 1 ¼ 0 and we would like to characterize 2 ¼ .
We make the assumption that the evolution of the total phase of O 2 can be modeled by an ergodic stationary Markov process FðtÞ: for any time t; t 0 , such that t ! t 0 , the phase FðtÞ conditioned by the value Fðt 0 Þ ¼ x 0 follows a probability distribution depending only on Dt ¼ t À t 0 with mean x 0 þ mðDtÞ and variance ðDtÞ where ; m are real valued functions. In the following, we only consider a realization fðtÞ of FðtÞ and use the ergodicity of the process to compute probabilities that are independent of the time from the knowledge of the realization. For instance, as PfFðt 0 þ DtÞ À x 0 xjFðt 0 Þ ¼ x 0 g is independent of t 0 (it depends only on Dt), this cumulative distribution function can be computed by taking the probability of the realization over t 0 : P t 0 ffðt 0 þ DtÞ À fðt 0 Þ xg.
As s 2 ðtÞ ¼ f a ðv 2 ðt þ ðtÞÞÞ, where v 2 is the mean frequency of s 2 , we deduce that mðDtÞ ¼ v 2 Dt. Thus, if the Markov process is Gaussian (i.e.
, it is completely determined by v 2 and ðDtÞ. The random walk component of the jitter is produced by noise sources that affect each transition independently. It is described by a probability distribution T 2 D and n ¼ T 2 =T 1 , where Q is the quality factor and n is the frequency ratio introduced in [1, Section 2.4] . In this paper, we propose a method to determine the values of Q ¼ Qð1Þ and n in order to obtain the entropy lower bound for the total entropy rate at the output of the generator. As Q and n are dimensionless quantities, there is no a priori obstacle to computing these values from the data of an output bit stream of an elementary TRNG.
Other closely correlated noise sources, such as the 1=f noises, also contribute to the jitter. In this case, the variance of the jitter is in the form s 1=f ðDtÞ 2 . In practice, both uncorrelated and correlated noise sources exist and a typical log-log plot of ðDtÞ versus the measurement delay Dt will demonstrate regions with slope 1 and 2 as explained in [7] (or see Fig. 3 below): for a shorter delay Dt the variance of the jitter grows linearly with Dt while for higher value of Dt the 1=f component of the jitter becomes dominant and the variance follows a quadratic law.
THE COUNTER METHOD
Here we present a simple approach, introduced in [16] , we call the counter method, to measure Q and n inside the device. For i ¼ 1; 2, the output signal of O i increments counter C i . When C 2 reaches a certain n, the value of C 1 is stored (see Fig. 2 ). When this experiment is repeated, the different outcomes of the value of C 1 , can be modeled by a random variable C 1 ðnÞ. According to our model for the random walk noise of the jitter, the variance of C 1 ðnÞ is well approximated by
T 2 n as long as n is sufficiently small that the 1=f component of the jitter is negligible. Thus, by computing the variance of C 1 ðnÞ for different values of n that satisfy the above condition, we obtain a linear law with the slope Q.
Denote by EðC 1 ðnÞÞ the expected value of C 1 ðnÞ. The expected time for the counter C 2 to reach the value n is nT 2 . Thus we have bn
c þ 1 from which we deduce that
Denote by s C ðnÞ the standard deviation of C 1 ðnÞ. Suppose that we obtain N outcomes C 1;i for i ¼ 1; . . . ; N of the experiment. We can then evaluate EðC 1 ðnÞÞ by way of the estimator E ðnÞ ¼ 1=N P N i¼1 C 1;i which follows a probability distribution with the standard deviation s C ðnÞ= ffiffiffiffi ffi N p . By Bienaym e-Chebychev's inequality, for all > 0, PfjE ðnÞ À EðC 1 ðnÞj > g s C ðnÞ 2 N . By taking ¼ 1 in the preceding equation and by combining it with Equation (2), we obtain: We will see from experiments that we obtain an upper bound for s C ðnÞ. As a consequence, Equation (3) shows that by ensuring that n and N are big enough, we can obtain an evaluation of T 2 =T 1 with high probability and an arbitrarily small error.
This method was implemented using an evaluation board dedicated to TRNG benchmarking [5] . Different families from the three main manufacturers (Actel-Microsemi, Altera and Xilinx) were tested and gave similar results. In the following, we consequently present only one representative experiment featuring Altera Cyclone-III FPGA. The two oscillators were built using seven delay elements connected in a loop: one inverter and six non-inverting delay elements were mapped to LUT-based logic cells (LCELL) from the Altera library. The mean frequencies of the two oscillators were measured using a Lecroy WaveRunner 640ZI oscilloscope with D420 differential probes. The value measured on LVDS output was approximately 186 MHz. Fig. 3 (bottom) shows the standard deviation of C 1 ðnÞ as a function of the number n of accumulated periods T 2 . We observe that under 8;000 accumulated periods (corresponding to an accumulation time of less than 40 ms) the standard deviation of C 1 ðnÞ cannot be measured with the counter method since it is smaller than T 1 . On the other hand, if the number of accumulated periods is over 8,000, the distribution of C 1 ðnÞ can be measured using the counter method, but the standard deviation increases linearly with the accumulation time. This means that the measurements are made in the frequency range in which the random walk noise we want to measure is dominated by 1=f noises.
Our experiments showed that the standard deviation of the period jitter accumulated during time nT 2 is much smaller than T 1 for n in the range 1 to 10 3 . From Equation (3) we deduce that it is possible to measure T 2 =T 1 with an error of less than 2 Á 10 À3 with only one outcome of the counter method with n ¼ 10 3 . On the other hand, to produce an observable distribution of the outcomes of C 2 , we have to wait for such a long time that the random walk noise is dominated by 1=f noise even if O 1 has the highest possible frequency achievable inside the chip (oscillator O 1 with one inverter and two delay elements). We conducted many experiments to identify the range of accumulation times in which the random walk noises are still measurable: by plotting the accumulated standard deviation of the period jitter as a function of the time in log scale (see Fig. 3 top) , we saw that the order of magnitude of the accumulation time can not exceed a few hundred periods of the ring oscillators. In conclusion, the counter method is a simple and efficient way of precisely assessing the ratio T 2 =T 1 but does not provide a way to obtain Q.
The time resolution of the jitter measurement can be improved by using the coherent undersampling method. The idea behind this approach is to magnify the distribution of the jitter by taking T 1 ¼ T 2 þ dT with a very small dT , resulting in a temporal aliasing of the clock signal of the sampled oscillator. Unfortunately, this method requires a fine control of T 1 and T 2 in order to obtain sufficiently small dT . This is very difficult to obtain in practice and especially in FPGA, since it implies perfect control of the placement and routing of the ring oscillators. In the following, we explain how to tweak the coherent undersampling method so that it works under very general assumptions for any ratio T 2 =T 1 .
RELATIVE PHASE MEASUREMENT
In this section, we come back to the elementary TRNG described in Fig. 1 . We set D ¼ 1 so that the mean frequency of the sampling signal is v 2 . We denote by ðt i Þ i2N (resp. ðb i Þ i2N ) the time sequence (resp. the output bit sequence) corresponding to the rising edges of O 2 . We have
Let N ! 1 be an integer. A first important observation is that for k 2 N, the data of the pattern ½b k ; . . . ; b kþN gives a precise evaluation of the value ðtÞ for t 2 ½t k ; t kþN . To this end, we first suppose that ðtÞ is a constant 0 in the time interval ½t k ; t kþN . We denote by r k (or simply by r when there is no ambiguity) the unique permutation of the set f0; . . . ; Ng such that for all i; j 2 f0; . . . ; Ng with i < j, we have w kþr k ðiÞ < w kþr k ðjÞ . Then fact 1 says roughly that the pattern ½b kþrð0Þ ; . . . ; b kþrðNÞ is of the form ½1; . . . ; 1; 0; . . . ; 0; 1; . . .;
where all ones (resp. zeros) are grouped together and the position of the transition from one to zero (resp. from zero to one) corresponds to the time of a falling edge (resp. a rising edge), from which we can deduce the phase 0 .
Before stating and proving Fact 1, we give a concrete example to illustrate it. Let k ¼ 1 and N ¼ 3, and suppose that ðtÞ ¼ 0 in the time interval ½0; 5:T 2 . In addition we suppose that a ¼ 1=2 and that T 2 mod T 1 ¼ 4=5 Á T 1 so that for j ¼ 1; 2; 3; 4, w j ¼ ð5 À jÞ=5:T 1 as it is at the top of looking
; . . . ; b 1þrð4Þ ¼ ½1; 1; 1; 0. In other words, the data of the pattern ½b 1þrð1Þ ; . . . ; b 1þrð4Þ allows the value of 0 to be recovered with a known error margin. This is exactly the content of Fact 1 except that in Fact 1, in order to recover the relative phase 0 , we consider the rising edge rather than the falling edge. Fact 1. Suppose that for all i 2 f0; . . . ; N À 1g, jw kþrðiÞ À w kþrðiþ1Þ j < minðaT 1 ; ð1 À aÞT 1 Þ:
Suppose that there exists a couple of integers i; j 2 fk; . .
From the above, we deduce that 0 2 ðx; x þ ð1 À aÞT 1 Þ T 1 \ ðy À aT 1 ; yÞ T 1 . Thus, we have 0 2 [ k2Z I k where I k ¼ ðmaxðx; y À aT 1 þ kT 1 Þ; minðx þ ð1 À aÞT 1 ; y þ kT 1 ÞÞ T 1 . Suppose first that i u 2 fk; . . . ; k þ N À 1g, then we have x < y by definition of r. Thus, as by assumption jx À yj < minðaT 1 ; ð1 À aÞT 1 Þ, we have
We deduce that I 0 ¼ ðx; yÞ T 1 and I k ¼ ; if k 6 ¼ 0, so that 0 2 ðx; yÞ T 1 . The case x > y can be treated in the same way. The uniqueness of i u is a consequence of the fact that each pair in the set of intervals ðw kþrðiÞ ; w kþrðiþ1Þ Þ T 1 for i 2 fk; . . . ; N þ k À 1g and ðw kþrðNÞ À T 1 ; w kþrð0Þ Þ T 1 has an empty intersection. Thus 0 can only belong to a unique interval. t u
It is possible to obtain a similar, more precise result by taking into account the small variability of fðtÞ in the time interval ½t k ; t kþN (see the Appendix).
To exploit the above results, we need to compute the permutation r k . A first remark is that for all i 2 f0; . . . ; Ng, we have w kþi ¼ ðw k þ w i Þ mod T 1 so that for all k; k 0 2 N, we have r k ¼ r c r k 0 where r c is a circular permutation. But the statement of Fact 1 depends only on the way we arrange the w i for i 2 fk; . . . ; k þ Ng along the fixed circle ½0; T 1 (where we merged 0 with T 1 ) which, as a consequence, are independent of the permutation r c . Thus, it is sufficient to be able to compute r 0 . To compute r 0 , one can obtain the value of w i for i 2 f0; . . . ; Ng and then use a sorting algorithm. Finally, as w i ¼ iT 2 mod T 1 , the whole problem is reduced to the precise evaluation of z ¼ T 2 =T 1 mod 1, which can be accomplished with the simple counter method described in Section 3. Knowing z, the simple Algorithm 1 makes it possible to recover the permutation r 0 .
ALGORITHM OF THE JITTER COMPUTATION
We want to measure the distribution of the jitter accumulated during M periods of O 2 from the knowledge of a sample ½b 1 ; . . . ; b n of the output bit sequence of the elementary TRNG. We choose an N < n and using the counter method, we can recover z ¼ T 2 =T 1 mod 1. We define r as the unique permutation of the set f0; . . . ; Ng such that for all i; j 2 f0; . . . ; Ng such that i < j, we have ðrðiÞz mod 1Þ < ðrðjÞz mod 1Þ. Let M be an integer and we would like to compute the cumulative distribution function f MT 2 ðxÞ given by
We take a sufficiently small M so that the contribution of the 1=f noises to this distribution is negligible. Under this condition, as we explained in Section 3, the standard deviation of f MT 2 is small compared to T 1 . To compute it, we only need to recover the values of ðtÞ mod T 1 . We consider patterns of the form ½b kþrð0Þ ; . . . ; b kþrðNÞ . Under the assumption that ffiffiffiffiffiffiffiffiffiffiffi ðNT 2 Þ p is small, we know by Fact 1 (or by Fact 2 in the Appendix) that there will be only one i 2 f0; . . . ; Ng such that b kþrðiÞ ¼ 0 and b kþrððiþ1Þ mod Nþ1Þ ¼ 1. Still, by Fact 1, we know that there exists a t 2 ½t k ; t kþN such that ðtÞ mod T 1 2 ðw kþrðiÞ ; w kþrððiþ1Þ mod ðNþ1ÞÞ Þ. In the same way there exists a unique j 2 f0; . . . ; Ng such that b kþMþrðiÞ ¼ 0 and b kþMþrððiþ1Þ mod Nþ1Þ ¼ 1 and we know that there exists a t 2 ½t kþM ; t kþMþN such that ðtÞ mod T 1 2 ðw kþMþrðjÞ ; w kþMþrððjþ1Þ mod ðNþ1ÞÞ Þ. As a consequence, we approximate the value ðt k þ MT 2 Þ mod T 1 À ðt k Þ mod T 1 by w kþMþrðjÞ À w kþrðiÞ ¼ ðw M þ w kþrðjÞ Þ mod T 1 À w kþrðiÞ .
This principle is used by Algorithm 2 to compute the cumulative distribution function P t fðt þ MT 2 Þ À ðtÞ xg.
We define d as min i2f0;...;Ng ðdðw kþrðiÞ ; w kþrði mod Nþ1Þ Þ T 1 Þ:
The method works if ffiffiffiffiffiffiffiffiffiffi
(see Appendix) so that we can apply Fact 2 and we also need ffiffiffiffiffiffiffiffiffiffiffi
MT 2 p > d so that we can observe a distribution. Consequently, we must have M > 4N. As we will see in the next section, in practice these conditions are always fulfilled.
The method works better if we can assume that the sequence ðw rðiÞ Þ i¼0;...;N is almost regularly spaced in the interval ½0; T 1 . This means that there exists a constant d 0 % 1=N 2 R such that for all i 2 f0; . . . ; Ng, we have dðw rðiÞ ; w rððiþ1Þ mod Nþ1Þ Þ T 1 ¼ d 0 . It is always possible to choose N such that this condition is fulfilled. The theory of continued fraction [9, Theorem 16] states that for N it suffices to take the denominator of one of the convergents of the continued fractions development of T 2 =T 1 mod 1. These denominators can be efficiently computed with the extended euclidean algorithm.
EXPERIMENTS AND RESULTS
We thoroughly tested in simulations and in hardware the method of computing the relative jitter of two ring oscillator clocks described in this paper. In this section, we present the details and outcomes of our experiments.
Our demonstrator consists of an FPGA based hardware dedicated to TRNG evaluation composed of two parts: 1) a mother board that contains a Cypress USB interface device powered by an isolated low noise power supply, 2) a daughter module containing the FPGA component plugged into the motherboard [5] .
Different daughter modules based on FPGA from three main manufacturers (Actel-Microsemi, Altera and Xilinx) are available. All modules have the same topology. This made it possible to compare the results of different technologies with maximum objectivity. The elementary TRNG was implemented in the daughter FPGA module and the output bit sequence was transmitted via USB interface to be analyzed by a software running on an external computer. All algorithms were implemented in Python.
Next, we describe step by step the application of our method to the elementary TRNG in Fig. 1 The first 64 bits of the sequence ðb i Þ i2I are 0011001100011001 1001100111001100 0011001100011001 1001100111001100 If we apply the permutation r 0 on this pattern, we obtain 0000000000000000 0000011111111111 1111111111111111 1111000000000000
Note that the ones and zeros in the pattern are grouped together as predicted by Fact 1 and Fact 2 and the arrows show the position of the rising and falling edges, from which we can evaluate ðtÞ mod T 1 for t 2 ½0; NT 2 .
We now explain how to choose N so that the values w i for i 2 f0; . . . ; Ng are regularly spaced. To this end, we used the list K of w i ¼ iz mod T 1 for i ¼ 1; . . . ; N sorted by ascending order and plotted the graph of ði; K½iÞ. For N ¼ 64, in the top part of Fig. 5 the bumpy curve shows that the w i are not regularly spaced in the interval ½0; T 1 . We computed the convergents of the continued fraction development of z, that is ½0; 1=4; 3=13; 25=108; 28=121; . . . and for instance select N ¼ 108. We obtained an almost regularly spaced sequence of w i for i 2 f0; . . . ; 108g (see bottom of Fig. 5 ).
We used Algorithm 2 to recover a list LðMÞ of points corresponding to approximations of ððt þ MT 2 Þ mod T 1 ÞÀ ððtÞ mod T 1 Þ for some t. In Fig. 6 , we show the cumulative distribution graph of LðMÞ for M ¼ 400 and M ¼ 900. If LðMÞ ¼ ½x 1 ; . . . ; x , the graph of the cumulative distribution function is given by the points ðx i ; #fz 2 LðMÞjz x i g=Þ for i ¼ 1; . . . ; . This function corresponds to the cumulative distribution function of the Gaussian distributions shown in Fig. 6 . We can then obtain the mean EðMÞ and variance V ðMÞ of these distributions with the usual estimators that is, keeping the above notations : Fig. 7 shows the graph of V ðMÞ as a function of M in the interval ½400; 580. In this interval, we see that V ðMÞ is well approximated by a linear function, whereas when the accumulation time is longer, the influence of the 1=f noise becomes noticeable (see the bottom graph). As Algorithm 2 computes distances between points of the form w i ¼ iT 2 =T 1 mod 1, the slope of the graph of V ðMÞ for M in the domain where the random walk is dominant is a dimensionless quantity, which is nothing but The fact that the output of our algorithm has no dimension is intrinsic to our method since we used only a bit sequence as input, which does not provide any way to measure the time. But the quantities Q¼ T 2 , we simulated an elementary TRNG using a VHDL simulator. In simulations, we dynamically modified the timing of two ring oscillators by adding a random jitter. The size of the jitter was used as an input parameter in the simulations. Using the proposed method, we were able to calculate the size of the jitter and compare it with the input jitter value. We used ModelSim to simulate two oscillators O 1 and O 2 with a Gaussian jitter added to each period. The output sampled bits were written into an output file during the simulations. The mean clock period of the sampled oscillator O 1 was T 1 ¼ 9;050 ps and that of the sampling oscillator O 2 was T 2 ¼ 9;100 ps. (see [1, Appendix C] We end this section with some concluding remarks about some implementation issues as well as some applications for our method. It should be noted that the implementation of the algorithms presented in this paper is quite straightforward if a basic floating point arithmetic is used. The only non-trivial part is the sorting algorithm included in Algorithm 1. Another important fact is that our algorithm can be implemented without changing the elementary TRNG and it can be executed continuously when the TRNG is in operation. The parameter D can be set to a higher value to achieve the required entropy rate at the output of the TRNG and at the same time, all the output bits of the generator can be used to internally compute the statistical parameters of the random walk component of the jitter (using D ¼ 1 for computations).
The computation of T 2 =T 1 mod 1 can also be used to compute small common approximate harmonics of T 1 and T 2 . By small common approximate harmonics of T 1 and T 2 , we mean small integers 1 ; 2 2 Z such that j 1 T 1 þ 2 T 2 j < , where > 0 is a small real number. It is interesting to be able to compute these harmonics in relation with the frequency lock phenomenon. It was shown in [12] that ring oscillators are sensitive to signal injection attack which lead to synchronization of the ring oscillators and a dramatic reduction in the entropy rate of the TRNG. Further analyses (see [2] , [6] ) showed that even in the absence of signal injection, ring oscillators can lock on small common harmonics of their frequency. It so happens that it is possible to internally compute small common harmonics of a couple of ring oscillators and, as a consequence, predict and detect the most probable frequency-lock occurrences. Indeed, by definition of small harmonics, we look for couple of integers ð 1 ; 2 Þ such that j 1 = 2 þ T 2 =T 1 j is small. We know how to internally evaluate T 2 =T 1 mod 1. So the problem is reduced to the computation of good rational approximation (with small integers) of a real number. But again the theory of continued fractions provides very simple and efficient algorithms to obtain such approximations (see [9, Theorem 16] ).
CONCLUSION AND FURTHER WORKS
In this paper, we presented a simple method to recover the statistical parameters of the random walk component of the jitter of an elementary TRNG. Using the recovered parameters, it is possible to determine a lower bound on the generator's entropy rate, which is essential for TRNG security evaluation and certification. The main advantage of our method is that it does not require modification of the elementary TRNG and that the computations can be performed while the TRNG is in operation. Depending on the entropy assessment proposed, the generator's output bit rate can be set to a value that guarantees the entropy level specified by the security requirements.
The proposed method was validated in simulations and in hardware. Up to now, the analysis of the output bit sequence has been performed outside the device using a computer. However, we believe that it can be easily implemented in an FPGA or ASIC using common floating point arithmetic blocks. The use of integer arithmetic is also under consideration. The accuracy of our method has been evaluated experimentally, but it is possible to carry out exact computations using the techniques of [1] . We now plan to apply our technique as a countermeasure against attacks that attempt to lock the TRNG ring oscillators together or to some external frequencies.
APPENDIX
In Fact 1, we made the assumption that the jitter is constant in the time interval ½0; NT 2 .We want to justify this assumption by establishing a similar result taking into account the small variability of ðtÞ in the time interval ½t k ; t kþN . Indeed, from experiments, we know that the standard deviation of the jitter accumulated during T 2 , i.e., ffiffiffiffiffiffiffiffiffiffiffi ffi ðT 2 Þ p , is very small compared to T 1 . For N; k integers, we define r as above and let d ¼ min i2f0;...;Ng ðdðw kþrðiÞ ; w kþrððiþ1Þ mod Nþ1Þ Þ T 1 Þ. We assume that we have
where k is an integer that will be set later on. The last approximation of (5) is true because we assume that N is small enough that the random walk model of the noise is valid.
As the Markov process ðtÞ is well approximated in the time interval ½t k ; t kþN by a Wiener process, by the reflection principle [8, p. 346 (3.1)], we have
On the other hand, as t kþN À t k % NT 2 (we could be more precise here by saying that with probability near to 1 we have t kþN À t k % NT 2 still using the fact that the jitter is small in the time interval ½t k ; t kþN ), by Chebyshev's inequality and (5), we have 
Moreover, Pf#I u ! 2jI u 6 ¼ ;g < 1=k 2 . Fact 2 says that with a high probability the pattern ½b kþrð0Þ ; . . . ; b kþrðNÞ is of the form ½1; . . . ; 1; 0; . . . ; 0; 1; . . . where the transition from 0 to 1 corresponds to the time of a rising edge which gives a bound on the variation of ðtÞ during the time interval ½t k ; . . . ; t kþN .
Proof. The proof follows the same reasoning as Fact 1. Assuming that I u 6 ¼ ;, let i u 2 I u , we set (8), we deduce that we have with a probability greater than 1 À 1=k 2 , for all t 2 ½t k ; t k þ N, ðtÞ 2 ððx; x þ ð1 À aÞT 1 Þ T 1 þ ½Àd; dÞ \ ððy À aT 1 ; yÞ T 1 þ ½Àd; dÞ:
If i u 2 f0; . . . ; N À 1g, we have ððx; x þ ð1À aÞT 1 Þ T 1 þ ½ Àd; dÞ \ ððy À aT 1 ; yÞ T 1 þ ½ Àd; dÞ ¼ ðx; yÞ T 1 þ ½ Àd; d whence (10) . If i u ¼ N, we have ððx; x þ ð1 À aÞT 1 Þ T 1 þ ½Àd; dÞ \ ððy À aT 1 ; yÞ T 1 þ ½Àd; dÞ ¼ ðx À T 1 ; yÞ T 1 þ ½Àd; d from which we deduce (11) .
In the case that #I u ! 2, it means that there exists,fj 0 ; ðj 0 þ 1Þ mod ðN þ 1Þ; j 1 ; ðj 1 þ 1Þ mod ðN þ 1Þg & f0; . . . ; Ng, four distinct integers such that, for all t 2 ½t k ; t k þ N, for a ¼ 0; 1, we have ðtÞ 2 ðw kþrðjaÞ À aðj a ÞT 1 ; w kþrððjaþ1Þ mod ðNþ1ÞÞ Þ T 1 þ ½Àd; d;
where aðj a Þ ¼ 0 for j a 2 f0; . . . ; N À 1g and aðNÞ ¼ 1.
The intersection of two such intervals is either empty, and in this case we are done, or is contained in an interval of the form ðw kþrðjÞ ; w kþrððjþ1Þ mod ðNþ1ÞÞ for " For more information on this or any other computing topic, please visit our Digital Library at www.computer.org/publications/dlib.
