Embedded Evaluation of Randomness in Oscillator Based Elementary TRNG by Fischer, Viktor & Lubicz, David
Embedded Evaluation of Randomness in Oscillator
Based Elementary TRNG
Viktor Fischer, David Lubicz
To cite this version:
Viktor Fischer, David Lubicz. Embedded Evaluation of Randomness in Oscillator Based Ele-
mentary TRNG. Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES
2014), Sep 2014, Busan, South Korea. 16 p., 2014. <ujm-01010404>
HAL Id: ujm-01010404
https://hal-ujm.archives-ouvertes.fr/ujm-01010404
Submitted on 26 Jun 2014
HAL is a multi-disciplinary open access
archive for the deposit and dissemination of sci-
entific research documents, whether they are pub-
lished or not. The documents may come from
teaching and research institutions in France or
abroad, or from public or private research centers.
L’archive ouverte pluridisciplinaire HAL, est
destine´e au de´poˆt et a` la diffusion de documents
scientifiques de niveau recherche, publie´s ou non,
e´manant des e´tablissements d’enseignement et de
recherche franc¸ais ou e´trangers, des laboratoires
publics ou prive´s.
Embedded Evaluation of Randomness
in Oscillator Based Elementary TRNG
Viktor Fischer1 and David Lubicz2,3
1 Laboratoire Hubert Curien, Universite´ Jean Monnet, Universite´ de Lyon,
F-42000 Saint-Etienne, France
2 DGA-Maˆıtrise de l’information, BP 7419, F-35174 Bruz, France
3 Intitut de Mathe´matiques de Rennes, Universite´ de Rennes 1, Campus de Beaulieu,
F-35042 Rennes, France
Abstract. Jittery clock signals produced in oscillators, particularly in ring os-
cillators are commonly used as a source of randomness in true random number
generators (TRNG). The robustness of the generators, and hence their security,
is closely linked to the entropy of the generated bit stream, which depends on
the size of the jitter. Known jitter size can be used as an input parameter in a
stochastic model for the estimation of entropy. Good entropy management can
guarantee the security of the generator. We propose a simple precise method for
measuring jitter that can be easily embedded in logic devices. It can be used to
calibrate an oscillator based TRNG and/or for assessment of the entropy rate
while the TRNG is in operation. The method was thoroughly evaluated in simu-
lations and hardware tests and we show that despite its simplicity and small area
requirements, it enables the jitter to be measured with an error of less than 5 %.
1
Keywords: hardware random number generators, ring oscillators, jitter model, entropy,
statistical tests.
1 Introduction
Random numbers play a crucial role in modern cryptography: they are used as confiden-
tial keys, initialization vectors, padding values, and also as random masks in side-channel
attack countermeasures. Since the era of Kerckhoff, cryptographic algorithms have been
designed to be secure so that even if their principle is known by adversaries, useful infor-
mation cannot be accessed without knowledge of the secret key. The security of modern
cryptographic systems using approved cryptographic algorithms is thus based on the
confidentiality of the cryptographic keys generated in random number generators. If the
secret key is compromised, the whole cryptographic system may be compromised.
This is why random number generators have attracted the attention of researchers,
especially in last two decades. Nevertheless, designing a good true random number gen-
erator (TRNG) that can be easily implemented in logic devices is still a challenge, mainly
1 c©IACR 2013. This article is the final version submitted by the authors to the IACR and
to Springer-Verlag on June 14 2014. The version published by Springer-Verlag is available at
DOI.
because digital integrated circuits offer only a limited choice of sources of randomness,
such as clock jitter [14], metastability [19], oscillatory metastability [18], write collisions
in dual-port RAMs [7] or random initialization of a bi-stable circuit [16]. Furthermore,
most of these sources are very sensitive to variations in environmental conditions. This
makes even a seamlessly good TRNG vulnerable to attacks [12].
Although some published designs were said to be provably secure, it turned out that
they cannot resist some active attacks [2]. Instead of relying on the robustness of the
proposed principles, designers should thus propose efficient, on-line tests that are capable
of rapidly detecting any deviation from normal behavior. Unfortunately, high quality
standard statistical tests [13] are too slow and too expensive.
The aim of this paper is to provide a simple efficient way to evaluate the source of
randomness directly in the device and to estimate on-line the entropy of the generated
signal in a dedicated and consequently efficient and rapid statistical test.
Very few methods of the embedded measurement of the clock jitter as a source of
randomness were published up to now. Moreover, they are complex and not aimed for
cryptography [20] or they cannot distinguish the jitter coming from the thermal noise
from that coming from the flicker noise that is known to be autocorrelated [17].
Our contribution
1. We propose an original, simple, precise method of jitter measurement that can be
implemented inside logic devices.
2. We demonstrate that together with a suitable statistical model (e. g. [1]), the mea-
sured jitter can be used to estimate entropy at the output of the generator.
3. We show that the proposed entropy estimator can serve as a basis for a rapid on-line
dedicated statistical test, that is perfectly adapted to the generator’s principle. This
approach complies with recent recommendations for evaluation of TRNGs [10].
Organization of the paper: in Section 2, we discuss basic security requirements for random
number generators in cryptography. In Section 3, we describe an elementary oscillator-
based random number generator and its characteristics. Section 4 is dedicated to the new
randomness evaluation method, which is then evaluated by simulations in Section 5. In
Section 6 we describe the implementation of the method in hardware. We discuss our
results in Section 7 and in Section 8 we draw some conclusions.
2 Security Requirements on RNGs in Cryptography
Security of a TRNG design must be thoroughly evaluated [5]. Namely, two security
requirements must be fulfilled:
– The statistical quality of generated numbers guarantees that attacks can only succeed
by using an exhaustive search for the secret.
– Unpredictability means that even knowing the last generator’s output, no other out-
put can be predicted with non-negligible probability in a forward or backward direc-
tion.
2
While the statistical quality of the generated numbers is relatively easy to verify,
evaluating unpredictability is not straightforward, since it cannot be measured or tested.
The entropy (and thus unpredictability) can only be estimated using a stochastic model.
A perfect generator should be robust against environmental fluctuations, aging and
attacks. In practice, perfect and permanent robustness against attacks and manipulations
cannot be reached. Even a generator that is robust to all known attacks may be vulnerable
to new attacks in the future. The only way to ensure long term resistance against attacks
is to execute permanently dedicated on-line tests able to detect, quickly and reliably, even
temporary reduction of the entropy rate. Embedded tests must be based on existing
stochastic model having, as an input parameter, the size of the physical phenomenon
that is used as a source of entropy (e. g. the clock jitter).
We can conclude that permanent evaluation of the entropy contents of the raw binary
signal, which is the main objective of this paper, will ensure all security requirements are
respected.
3 Elementary Oscillator-Based Random Number Generator
In this section, we present a structure called an elementary oscillator-based TRNG (EO
TRNG). This structure is useful for several reasons: (1) it is simple enough so that a
comprehensive and relatively simple statistical model can be created (see [1]); (2) it can
be used as a basic building block for almost an entire class of oscillator-based TRNGs;
(3) it can be used as a construction element for a scalable TRNG.
3.1 Definition of the Elementary Oscillator-Based TRNG
An elementary oscillator-based TRNG is composed of two oscillators, Osci for i = 1, 2.
The output of one oscillator is used to determine the instants of sampling the output of
the second one in a sampling unit, e. g. a synchronous D flip-flop (see Figure 1). The
frequency of the sampling oscillator is divided by KD. The division factor KD makes
it possible to determine the time interval needed to accumulate the phase jitter to a
sufficient extent, to ensure a suitable entropy rate in the TRNG output bit stream. In
the rest of the paper, we suppose that Osc1 is the oscillator generating the sampled signal
and that oscillator Osc2 generates the sampling clock signal.
Osc2
Osc1
Sampler
(D flip-flop)
Frequency 
divider by KD
D
clk
Q
TRNG outputs1(t)
s2(t)
Fig. 1. Structure of an oscillator-based elementary TRNG
3
For i = 1, 2, the output signal of Osci is given by a periodic function of time t that
takes the form
si(t) = f(ωi(t+ ξi(t))), (1)
where f can generally be any real valued function with period 1. In our case, we suppose
that we are dealing with TRNG implementation in logic devices and therefore for α ∈
[0, 1), we define fα as a specific real valued 1-periodic function such that fα(x) = 1 for
all 0 < x < α and fα(x) = 0 for α < x < 1, and fα(0) = fα(α) = 1/2. We use fα
as a convenient model for the digital clock signal produced by a clock generator and in
particular by a ring oscillator. Note that the clock edge is not necessarily in the middle
of the interval [0, 1), since oscillators can often have imbalanced half periods. We do not
consider amplitude fluctuations in our model since their contribution to phase jitter is
negligible in clock signal generation as explained in [11, p. 134].
In practice, we accept that the frequencies of both signals si(t), i = 1, 2, fluctuate.
Therefore, ωi is the mean frequency of the signal si(t), (ωi(t+ ξi(t))) is the phase of the
oscillator and the function ξi(t) represents the absolute phase drift. Similarly, Ti = 1/ωi
is the mean period of si(t). The parameter ζ = ω1/ω2 is the relative mean frequency of
the elementary TRNG.
As we mainly deal with the relative phase between Osc1 and Osc2, we make the
simplifying assumption that Osc1 is a perfectly stable oscillator and that all the phase
drift of the elementary TRNG comes from Osc2, so that we have ξ1 = 0 and we would
like to characterize the phase jitter ξ2 = ξ.
As shown in [1], the evolution of the phase can be modeled by an ergodic stationary
Markov process Φ(t): for any time t, t0, such that t ≥ t0, the phase Φ(t) determined by the
initial value Φ(t0) = x0 follows a probability distribution depending only on ∆t = t− t0
with mean ξ(t0) + µ(∆t) and variance V (∆t) where V, µ are real valued functions. In
the following, we only consider a realization ξ(t) of Φ(t) and use the stationarity of the
process to compute probabilities, which are independent of the time of the realization. For
instance, as P{Φ(t0+∆t)−x0 ≤ x|Φ(t0) = x0} is independent of t0, this probability can be
computed by taking the probability over t0 of the realization: Pt0{ξ(t0+∆t)−ξ(t0) ≤ x}.
As s2(t) = fα(ω2(t + ξ(t))) where ω2 is the mean frequency of s2, we deduce that
µ(∆t) = ω2∆t. Thus, if the Markov process is Gaussian (i.e.
d
dxP{Φ(t) ≤ x|Φ(t0) = x0}
is a Gaussian distribution), it is completely determined by V (∆t). The random walk
component of the phase jitter is produced by noise sources which affect each transition
independently. This component is described by a Gaussian probability distribution of
variance σ20∆t.
Other noise sources, such as the 1/fβ noises, where 0 < β < 2, also contribute to phase
jitter. Unfortunately, they are usually autocorrelated. Moreover, because their variance
depends quadratically on the jitter accumulation time interval, after longer accumulation,
they dominate the jitter coming from the thermal noise. For this reason, the accumulation
time should be as short as possible, but long enough to obtain a measurable jitter. In
practice, both uncorrelated and correlated noise sources exist and a typical log-log plot
of V (∆t) versus the measurement delay ∆t can be used to separate regions with slope 1
and 2 as explained in [8].
4
4 Randomness Evaluation Method
In this section, we present a kind of Monte Carlo method to recover the probability
density function ddxP{Φ(t) ≤ x|Φ(t0) = x0} of the jitter accumulated during time interval
∆t from knowledge of an output bit sequence of an elementary oscillator-based TRNG
depicted in Figure 1 with KD = 1 so that the mean frequency of the sampling signal is
ω2. For n ∈ N∗, let (tj)j∈{1,...,n} be the time sequence and (bj)j∈{1,...,n}) be the output
bit sequence corresponding to the rising edges of Osc2 as depicted in Fig. 2. Recall that
the sampled signal is s1(t) = fα(ω1t) for α ∈ [0, 1) and that by definition tj = jT2−ξ(tj).
Next, we introduce a notation of ǫ-uniformity that we use in the remainder of the
paper. It uses the modulo operation on real numbers illustrated in Fig. 2: for all x ∈ R
and T ∈ R, let x mod T = x−max{i ∈ Z|x− iT ≥ 0}T .
t1 t2 t3 t4
b1
b2 b3
b4
0 T1
b1
b2b3
b4
bj = fα(tj )
s1(t)
s2(t) x0 αT1 t4 = t4 mod T1t3 = t3 mod T1
Þ 
t0
Fig. 2. Relation between the sampling process and function fα(·)
Let J be a subset of {1, . . . , n} and ǫ > 0, we say that the distribution of samples
{(jT2 − ξ(tj)) mod T1}j∈J is ǫ-uniform if for all [a, b] ⊂ [0, T1], we have:
∣∣#{j ∈ J |(jT2 − ξ(tj)) mod T1 ∈ [a, b]}
#J
− b− a
T1
∣∣< ǫ.
In other words, the number of samples in interval [a, b] inside the translated period T1,
over the number of samples in subset J is ǫ-close to the size of interval [a, b] over period
T1. With this definition, we can state the following fact:
Fact 1 Let N ∈ N and for i ∈ {1, . . . , n − N + 1}, we set Si = {i, . . . , i + N − 1}. Let
ǫ > 0 be such that for all i ∈ {1, . . . , n−N +1} the distribution of samples {(jT2− ξ(tj))
mod T1}j∈Si is ǫ-uniform. Let N ∈ N be small enough so that the differences between
successive values δ(j) = ξ(tj+M )− ξ(tj) are negligible (in other words, the value of δ(j)
is almost constant, but sufficiently big) when j runs across all the elements of Si for a
fixed i ∈ {1, . . . , n−N −M + 1}. For i0 ∈ {1, . . . , n−N −M + 1}, we define
PSi0
{bj 6= bj+M} = #{j ∈ Si0 |bj 6= bj+M}
#Si0
.
We see that if (MT2 + ξ(ti0)− ξ(ti0+M )) mod T1 ≤ min(αT1, (1− α)T1), then∣∣∣∣PSi0 {bj 6= bj+M} −
(
2(MT2 + ξ(ti0)− ξ(ti0+M ))
T1
mod 1
)∣∣∣∣ < ǫ,
5
if (MT2 + ξ(ti0)− ξ(ti0+M )) mod T1 ≥ max(αT1, (1− α)T1), then∣∣∣∣PSi0 {bj 6= bj+M}+
(
2(MT2 + ξ(ti0)− ξ(ti0+M ))
T1
mod 1
)∣∣∣∣ < ǫ,
otherwise ∣∣PSi0 {bj 6= bj+M} − 2min(α, 1− α)
∣∣ < ǫ.
Proof of Fact 1 is given in Appendix A. It can be observed that for given values M ,
T1, and T2, the variance of the phase difference between samples at distance M (of the
accumulated jitter we want to measure) is proportional to the variance of number of
different samples in the given set of samples over the total number of samples in this set.
In the following, we present a very interesting application of Fact 1 that is able
to recover the distribution of the phase jitter accumulated over a given number M of
periods of Osc2. We make M big enough so that the jitter accumulated during MT2 is
not negligible and N small enough so that the phase jitter can be considered as almost
constant in the time period NT2. Then Fact 1 signifies that it is possible to recover a
good approximation of (2(MT2 + ξ(ti0) − ξ(ti0+M ))/T1) mod 1 or −(2(MT2 + ξ(ti0) −
ξ(ti0+M ))/T1) mod 1 by computing PSi0 {bj 6= bj+M}. More precisely, if we denote C
the set of convergents of the continued fraction decomposition of T2/T1 (see [9] for the
definition of the convergents of continued fraction decomposition) a careful analysis shows
that in Fact 1, we can take ǫ = 1/κ where κ = max{q < N |p/q ∈ C }. In practice, we have
ǫ ≈ 1/N . If we makeM small enough so that the standard deviation of the distribution of
the jitter accumulated during MT2 is small compared to min(αT1, (1−α)T1), the values
of samples (−MT2 − ξ(ti0) + ξ(ti0+M ))/T1 mod 1/2 or (MT2 + ξ(ti0) − ξ(ti0+M ))/T1
mod 1/2 follow the probability density function ddxP{Φ(MT2) ≤ x|Φ(0) = x0} up to
a translation. If we denote V (t) the variance of the probability distribution P{Φ(t) ≤
x|Φ(0) = x0}, we obtain Algorithm 1 to compute V (MT2).
input : The output sequence [b1, . . . , bn] of an elementary TRNG with KD = 1, K, M
and N integers.
output: V0 = 4V/T
2
1 where V is the variance of the jitter accumulated during MT2.
for i = 0, . . . ,K do
Si ← [Ni+ 1, . . . , Ni+N ];
c[i] = PS(bj 6= bj+M );
end
V0 ←
1
K
∑K
i=0
c[i]2 −
(
1
K
∑K
i=0
c[i]
)2
;
return V0;
Algorithm 1: Algorithm for computing the variance V of the jitter
It can be seen that Altorithm 1 is very simple: for computing the variance, it is
necessary to count K-times, in successive N couples of bits, the number of couples having
different bit values. The distance between the two bits in each couple is M . In practice,
K ∼ 10000, N ∼ 100 and M > N , we let M vary between 200 and 1600.
6
It should be noted that PSi0 {bj 6= bj+M} may not return an approximation of
(2(MT2 + ξ(ti0) − ξ(ti0+M ))/T1) mod 1 or (−2(MT2 + ξ(ti0) − ξ(ti0+M ))/T1) mod 1
if (MT2+ξ(ti0)−ξ(ti0+M )/T1 mod 1 ∈ [min(α, 1−α),max(α, 1−α)] but, as in practice
|α− 1/2| is always small, these occurrences are rare and easy to detect.
5 Evaluation of the Method by Simulations
We evaluated the principle of the jitter measurement by simulations. In order to main-
tain coherence with later hardware simulations, we used VHDL package rng.pkg [15] for
generating jittery clock signals. Using this package, we dynamically modified the tim-
ing of the two signals by adding a Gaussian jitter with zero mean and known standard
deviation to each generated half period. The obtained clocks were used to generate a
bitstream according to Fig. 1. The obtained bitstream file was then used as an input in
mathematical evaluations. The objective of the simulations was to recover the jitter size
that was indeed introduced to generated clocks, independently from the frequency ratio.
First, the mean clock period of the sampled oscillator Osc1 was T1 = 8923 ps and
that of the sampling oscillator Osc2 was T2 = 8803 ps. For i = 1, 2, the output clock
signal of Osci was given by fi = f1/2(1/Ti(t+ ξi(t))), where ξi is the random walk phase
drift such that ddxP{ξi(t+∆t) ≤ x|ξi(t)} follows a Gaussian distribution of mean 0 and
variance σ2c∆t/Ti. It is satisfactorily approximated by oscillator Osc1 with a fixed period
and oscillator Osc2 with a relative jitter ξ(t) such that
d
dxP{ξ(t + ∆t) ≤ x|ξ(t)} is a
Gaussian distribution G∆t(x) with mean 0 and variance σ
2
T2
∆t/T1 ≃ 2σ2c∆t/T1 (see [1,
Appendix C] for justification).
For σc = 10 ps, 15 ps, and 20 ps, we generated EO TRNG output bit sequences
using the rng.pkg package. Next, using Algorithm 1, we computed the variance V (M) of
G(MT2) as a function of M and we plotted the graphs of V (M) as a function of M for
three above mentioned sizes of injected jitter (see left panel in Fig. 3 for σc = 10 ps).
Similar results were obtained for different frequency ratios.
The variance was satisfactorily approximated by a linear function with slope a. We
then compared the size of the injected jitter (σc/T1) with that obtained from the slope
(
√
a/2). The results presented in the right panel in Fig. 3 show that we were able to
recover expected noise parameters with good precision – the error was less than 5 %.
Note that our simulation does not take the 1/f noises into account, because there are
no generators of such noises generating sufficiently long sequences available right now.
Also note, that global noises need not be included: because of the use of the differential
measurement principle – two ring oscillators implemented in the same device – impact
of the global noise sources is eliminated (see [6] for more details).
6 Hardware Implementation of the Embedded Jitter
Measurement
The jitter variance measurement was implemented in hardware according to Algorithm
1. It is presented in two blocks. The first block (see Fig. 4) computes K successive values
ci = Nc[i] by comparing the output values of the first and the last stage of an (M + 1)-
stage shift register and counting unequal bits during N periods of s2(t).
7
 0.002
 0.004
 0.006
 0.008
 0.01
 0.012
 0.014
 0.016
 0.018
 200  400  600  800  1000  1200  1400  1600
M
V(M
)
Injected 
jitter 
Calculated 
slope 
 c/T1       Error  percentage c a 
10 ps 9.299909 10-6 0.00156 0.00152 2 % 
15 ps 2.03211 10-5 0.00234 0.00225 3 % 
20 ps 2.03211 10-5 0.00312 0.00297 5 % 
Fig. 3. Simulation results, left panel: V (M) as a function of M (jitter with σc = 10 ps
was injected); right panel: error percentage for three sizes of the jitter – 10 ps, 15 ps, and
20 ps.
M = 3
s1(t)
s2(t)
y0(t)
y6(t)
x(t)
y0(t)
y3(t)
x(t)
M = 6
4 5 6 71 2 3 10 11 128 9
1 2 3 4 5 6 7 8
Osc2
Osc1
Sampler
D
clk
Q
s1(t)
s2(t)
D
clk
Q D
clk
Q D
clk
Q D
clk
QD
clk
Q ...
0 1 2 3 M
Ena
clk
Counter
ci = Nc[i]
clk
new_i
Shift Register
Control Unit
y0(t)
yM(t)
x(t)
rst
Frequency 
divider by KD
D
clk
Q
TRNG output
Fig. 4. Structure of the block aimed at counting successive values ci = Nc[i] = NPS(bj 6=
bj+M ) and two waveform examples for M = 6 (top panel) and M = 3 (bottom panel).
The lower panel in Fig. 4 shows waveforms for the relative mean frequency ζ =
T2/T1 = 10/7 and given initial phase ξ0. The sampler output features a repetitive pattern
(in bold), depending on ζ and ξ0. Two cases are depicted: in one, the distance between
samples is M = 6 and in the other, M = 3. Since ζ and ξ0 are constant, the pattern
remains the same, but the XOR gate output differs. In fourteen (N = 14) clock periods
T2, we see 12 different bits in the first case and 8 in the second. According to Fact 1, for
jitter-free clocks, these values will remain constant in all successive blocks of N bits, but
8
in the presence of the jitter, their variance will be proportional to the variance of the
jitter.
A compromise must be found when determining the distance (M) between samples:
for short distances, the accumulated jitter is too small and the precision is thus reduced;
for long distances, two phenomena can occur: 1) the proportion of the flicker noise can
become dominant or 2) accumulated jitter can become too big.
M= 20
0
M= 25
0
M= 30
0
M= 35
0
M= 40
0
M= 45
0
M= 50
0
M= 55
0
M= 60
0
M= 65
0
M= 70
0
M= 75
0
M= 80
0
M= 85
0
M= 90
0
M= 95
0
0.0 0.2 0.4 0.6 0.8 1.0
0.
0
0.
1
0.
2
0.
3
0.
4
0.
5
M= 10
00
Fig. 5. Example of distribution of values c[i] between 0 and 1 (dashed vertical lines), for
different values of M in steps of 50.
One important fact must be considered: since the relative mean frequency and phase
cannot be controlled (oscillators are free running), the mean number of unequal samples
can be any value from interval [0, N ], depending on ζ = ω1/ω2 and distance M . If the
mean value is close to the border values of this interval, some measurements may fall
outside the interval and cause a measurement error (see curves for M=750 and 800 in
Fig. 5). Of course, this error could be corrected by translating the period T1. However,
this would require some additional computations. It is consequently more practical to
ensure that the standard deviation of the accumulated jitter is much smaller than period
T1 and the mean values of c[i] are sufficiently far from the interval borders. Distance
M , whose values c[i] do not fulfill the last condition should not be used for variance
computation. The practical setup of the distance M will be discussed later.
The second block computes the relative variance 4V/T 21 from K values c[i] according
to Algorithm 1 (see Fig. 6). The implementation of the block is quite straightforward. It
uses two accumulators, two multipliers connected as squaring units and one subtractor.
If the K value is chosen so that it is a power of two, division by K and K2 can be
implemented at no cost by shifting the result log2K and 2 log2K positions to the right,
respectively.
Notice also, that this second computing block is used once per N periods T2 and can
thus be easily shared by several EO TRNGs without loss of performance.
Both blocks were implemented in VHDL as parameterized modules depending on
parameters {NDE1, NDE2, M , N , and K}. The two oscillators were implemented as
NDE1- and NDE2-element ring oscillators. Parameters M , N , and K represent the dis-
tance between samples, the length of measurement and the number of measurements,
respectively.
9
clk
Accu
ci
clk
S ci
Mult
ci
2
+
new_i
clk´
 
clk
Accu
Mult
clk
´ 
+
(S ci )2
Control Unit
: K2
: K
Div
DivS ci2rst rst
rst rst
ena ena
ena ena
clk
Sub- 
+
ena
N2V0 = 1/KS ci2 - (1/KS ci )2
 
finished
clk
Fig. 6. Structure of the block aimed at computing variance V0 using K successive values
c[i] = PS(bj 6= bj+M ).
6.1 Hardware Implementation Results
We tested the jitter measurement method in two different hardware configurations: 1)
EO TRNG, jitter measurement and data interface (USB) were implemented in the same
device; 2) the EO TRNG core in Fig. 1 was implemented in one FPGA and the jitter
measurement and data interface were implemented in another. The aim of these two
implementations was to observe the impact of the jitter measurement circuitry on the
generator.
The first hardware configuration was implemented using an evaluation board dedi-
cated to TRNG designs, featuring Altera Cyclone III FPGA and low noise linear power
supplies (because of blind review, we will give the reference for the card only in the final
version of the paper). As mentioned above, the elementary oscillator based TRNG is
negligibly small. Its size is determined essentially by the number of delay elements of the
two ring oscillators.
The size of the jitter measurement circuitry is determined by parameters M , N , and
K. Practical experiments showed that the shift register should have between 200 and
500 stages (we recall that the depth of the shift register is linked to parameter M , which
determines the jitter accumulation time). For less than 200 stages, the accumulated jitter
variance only differed by a few bits and the precision was not sufficient (see Fig. 7). For
bigger register sizes, the unwanted jitter coming from the correlated flicker noise became
non negligible. According to Fact 1 and the simulation results presented in Section 5, to
increase the precision of the measurement, the value of parameter N (number of samples
used for computing mean values c[i] from Algorithm 1) should be less than that ofM . For
this reason, we selected the N value to be around 150 and M between 250 and 450. For
easy division by K, its value was set at 8192. The value V0 = 4V/T
2
1 was then computed
according to Algorithm 1 using 32-bit arithmetic operations and sent to PC via USB
interface for further analysis. In the given configuration, the EO TRNG including jitter
measurement circuitry occupied 301 logic cells (LEs), maximum 450 memory bits, plus
one DSP block 9x9 and four DSP blocks 18x18.
10
Results of the jitter measurement in the first hardware configuration implemented in
Altera Cyclone III FPGA for M varying between 250 and 1200, N ∼ 120 and K = 8192
are depicted in Fig. 7. The left panel of the figure shows, that the variance increases
linearly for 250 < M < 450. This interval corresponds to accumulation times, during
which the thermal noise dominates. The right graph in Fig. 7 is a zoom on this zone.
From the dependence of the variance on M (the slope) and the period T1 = 7.81 ns, we
were able to compute the jitter size σ = 5.01 ps per period T1.
0
50
100
150
200
250
300
0 200 400 600 800 1000 1200
V
0
M
y = 0,1491x - 20,873
0
10
20
30
40
50
200 250 300 350 400 450 500
V
0
M
Fig. 7. Results of the jitter measurement in hardware.
The same measurement method was applied in the second hardware configuration,
in which EO TRNG was implemented in a separate FPGA and the jitter measurement
circuitry and data interface were implemented in the same evaluation board as the first
configuration described above (Cyclone III FPGA). Both FPGAs were interconnected
via the LVDS (low voltage differential signaling) interface for the transmission of two
signals: the reference clock and the EO TRNG sampler output signal.
It is important to underline that because the TRNG signal was output after the
sampler, the FPGA input/output circuitry did not have any impact on the jitter mea-
surement, as is the case when standard jitter measurement methods are used to measure
the jitter of outputs of the two rings using external equipment (e.g. oscilloscope).
The result of this second experiment was that the jitter standard deviation was σ =
4.9 ps per period T1 = 7.69 ns. This is a negligible change from the jitter of 5.01 ps in
the previous experiment. This means that the jitter measurement can be embedded in
the same device as the EO TRNG.
7 Discussion on Entropy Management Using Embedded Jitter
Measurement
During the jitter evaluation described in the previous section, we calculated jitter from
the slope of the variance depending on M . This method was useful to determine the
interval in which variance depends linearly on the accumulation time. However, for im-
plementation inside the device, this would require additional circuitry (to compute the
slope and variance from the slope) to be implemented inside the device. Fortunately,
11
knowing that the dependence in the selected interval is linear, it is sufficient to perma-
nently measure just one point of the curve, i.e. just one value V0 = 4V/T
2
1 . We measured
the jitter at M = 300. The measured standard deviation was σ0 = 2
√
V /T1 = 5.01 ps.
As explained in Sec. 6, for practical reasons, the variance should not be computed for
values M , whose mean values c[i] are close to zero or one. These values are not known
in advance since oscillators are free running. If the jitter is sufficiently small compared
to the T1 period, which is always true for small accumulation times, these cases are rare,
but unavoidable. For this reason, the shift register has several outputs around stage 300
and we selected one of the outputs, for which the computed values c[i] were close to 0.5.
This means the computation of their variance is free of errors.
Knowing the size of the jitter, we were able to manage the EO TRNG entropy: by
entering the known jitter size in the model presented in [1], we computed the value of
frequency divider KD, to ensure that the entropy per bit is higher than Hmin = 0.997, as
required by AIS 31 [10]. The formula is derived from [1] and it gives KD as an expression
of σc, T1, T2 and Hmin.
KD =
− ln
(
π
2
√
(1−Hmin) ln(2)
)
2π2 T2T1
σ2
c
T 2
1
(2)
For T1 = 8.9 ns, T2 = 8.7 ns, σc = 5.01 ps and Hmin = 0.997, we got KD ≈ 430 000.
In this context, the role of the proposed jitter measurement circuitry is different: the
continuous jitter measurement can be used as an on-line test, which should guarantee
that the jitter never falls under the value that was used for entropy estimation and
management (in our case, σ = 5.01 ps per period T1 and KD = 430 000).
As mentioned above, the jitter measurement circuitry we proposed can be used in
conjunction with a suitable stochastic model as a dedicated statistical test. In comparison
with standard statistical tests, this test is performed closer to the source of randomness
and can thus more accurately and more rapidly detect incorrect behavior of the generator.
For example, the tests FIPS 140-1 included in the AIS 31 RNG evaluation methodol-
ogy require 20 000 input bits. Note that in our case, to obtain 20 000 bits at the generator
output, we would need KD = 430 000 times more bits at the sampler output, i.e. at least
8.6 · 109 bits. However, in order to perform our dedicated test, which is better adapted
to the detection of specific TRNG weaknesses (reduction in the jitter from the thermal
noise or locking of the rings [3]), we only need N ·K bits (around 1 · 106 sampler output
bits). The dedicated test is thus more than 8 600 times faster and still very efficient. Our
experiments showed that FIPS 140-1 tests were far less restrictive – the RNG output
passed these tests for KD as low as 100 000, probably because of the flicker noise.
As an example, we demonstrate the efficiency of the proposed test during a temper-
ature attack on real hardware in Appendix B.
8 Conclusion
In this paper, we presented an original, simple and precise method of jitter measurement
that can be implemented inside logic devices. We demonstrated that in conjunction with
a suitable statistical model, the measured jitter can be used to estimate entropy at the
12
output of the generator. We also showed that the proposed entropy estimator can be
used to build a rapid dedicated on-line statistical test that is perfectly adapted to the
generator’s principle. This approach complies with recent recommendations for TRNG
evaluation [10] and ensures a high level of security by rapidly detecting all deviations
from correct behavior.
Since the EO TRNG is the basic construction element of many oscillator based
TRNGs including those based on self-timed rings [4], the proposed principle can be
widely applied. However, in order to prevent attacks like those described in [12] and [2]
(locking of rings), the jitter needs to be evaluated for all ring oscillators exploited in the
generator. If necessary, the variance computation circuitry, as well as shift registers and
counters of unequal samples, can be shared by all the rings in time.
References
1. M. Baudet, D. Lubicz, J. Micolod, and A. Tassiaux. On the security of oscillator-based
random number generators. Journal of Cryptology, 24:398–425, 2011.
2. P. Bayon, L. Bossuet, A. Aubert, V. Fischer, F. Poucheret, B. Robisson, and P. Maurine.
Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number
Generator. In W. Schindler and S. A. Huss, editors, Constructive Side-Channel Analysis
and Secure Design – COSADE 2012, volume 7275 of LNCS, pages 151–166. Springer, 2012.
3. N. Bochard, F. Bernard, V. Fischer, and B. Valtchanov. True-Randomness and Pseudoran-
domness in Ring Oscillator-Based True RandomNumber Generators. International Journal
ofReconfigurable Computing, Article ID 879281, page 13, 2010.
4. A. Cherkaoui, V. Fischer, L. Fesquet, and A. Aubert. A Very High Speed True Random
Number Generator with Entropy Assessment. In Coron J. S. Bertoni, G., editor, Cryp-
tographic Hardware and Embedded Systems – CHES 2013, volume 8086 of LNCS, pages
179–196. Springer, 2013.
5. V. Fischer. A Closer Look at Security in Random Number Generators Design. In
W. Schindler and S. A. Huss, editors, Constructive Side-Channel Analysis and Secure Design
– COSADE 2012, volume 7275 of LNCS, pages 167–182. Springer, 2012.
6. V. Fischer, F. Bernard, N. Bochard, and M. Varchola. Enhancing Security of Ring Oscillator-
based RNG Implemented in FPGA. In Proceedings of Field Programmable Logic and Ap-
plications – FPLA 2008, 2008.
7. T. Guneysu. True random number generation in block memories of reconfigurable devices.
In Kang Zhao Jinian Bian, Qiang Zhou, editor, Field-Programmable Technology – FPT 2010,
pages 200–207. IEEE Press, 2010.
8. A. Hajimiri, S. Limotyrakis, and T. Lee. Jitter and phase noise in ring oscillators. IEEE
Journal of Solid-State Circuits, 34(6):790–804, 1999.
9. A. Ya. Khinchin. Continued fractions. The University of Chicago Press, Chicago, Ill.-
London, 1964.
10. W. Killmann and W. Schindler. A proposal for: Functionality classes for random number
generators, version 2.0. Technical report, Bundesamt fur Sicherheit in der Informationstech-
nik (BSI), Bonn, September 2011. Accessed: 2014-01-03.
11. W. Maichen. Digital Timing Measurements: From Scopes and Probes to Timing and Jitter.
Frontiers in Electronic Testing. Springer, 2010.
12. A. T. Markettos and S. W. Moore. The Frequency Injection Attack on Ring-Oscillator-Based
True Random Number Generators. In Gaj K. Clavier, C., editor, Cryptographic Hardware
and Embedded Systems – CHES 2009, volume 5747 of LNCS, pages 317–331. Springer, 2009.
13
13. NIST SP800-22 rev. 1. A statistical test suite for random and pseudorandom number
generators for cryptographic applications, August 2008. Available at http://csrc.nist.
gov/CryptoToolkit/tkrng.html.
14. B. Sunar, W.J. Martin, and D.R. Stinson. A Provably Secure True Random Number Gen-
erator with Built-In Tolerance to Active Attacks. IEEE Transactions on Computers, pages
109–119, 2007.
15. G. Swaminathan. Random number generators (RNG) VHDL package. http://www.ittc.
ku.edu/EECS/EECS_546/magic/files/vlsi/vhdl/random.pkg, 1992. Accessed: 2014-01-03.
16. G. Taylor and G. Cox. Behind Intels New Random-Number Generator. http://spectrum.
ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0, 2011.
Accessed: 2014-01-03.
17. Boyan Valtchanov, Alain Aubert, Florent Bernard, and Viktor Fischer. Modeling and ob-
serving the jitter in ring oscillators implemented in FPGAs. In 11th IEEE Workshop on
Design and Diagnostics of Electronic Circuits and Systems, (DDECS 2008), pages 1–6, 2008.
18. M. Varchola and M. Drutarovsky. New High Entropy Element for FPGA Based True Ran-
dom Number Generators. In Standaert F.X. Mangard, S., editor, Cryptographic Hardware
and Embedded Systems – CHES 2010, volume 6225 of LNCS, pages 351–365. Springer, 2010.
19. I. Vasyltsov, E. Hambardzumyan, Y.-S. Kim, and B. Karpinskyy. Fast Digital TRNG Based
on Metastable Ring Oscillator. In E. Oswald and P. Rohatgi, editors, Cryptographic Hard-
ware and Embedded Systems – CHES 2008, volume 5154 of LNCS, pages 164–180. Springer,
2008.
20. Wang Xueqing, William R. Eisenstadt, and Robert M. Fox. Embedded jitter measurement
of high-speed i/o signals. 2007.
14
Appendix
A Proof of Fact 1
In this section, we use the following notations: for interval I and t ∈ R, I + t is the
interval {x + t|x ∈ I}. If I, J are intervals, I + J is the interval ∪t∈JI + t. We consider
intervals that are invariant under translation by T ∈ R. Thus, if I ⊂ R is an interval, we
let IT = ∪n∈Z(I + nT ). For instance, [0, 1)2 = ∪i∈Z[2i, 2i+1). If I = [x, y] is an interval,
by convention, we set I = ∅ if x > y, and we have the obvious extension for open or
semi-open intervals.
Proof. We suppose that α ≤ (1 − α), if necessary by changing fα by 1 − fα. For j ∈
{1, . . . , n}, we let τj = jT2 − ξ(tj) mod T1. By definition, for all j ∈ {1, . . . , n −M},
bj = fα(ω1(jT2 − ξ(tj))) and bj+M = fα(ω1((j +M)T2 − ξ(tj+M ))). As fα is 1-periodic,
we have bj 6= bj+M if and only if the cardinality of the intersection of the interval
[τj , τj+M ]T1 = [0, (MT2+ ξ(tj)− ξ(tj+M )) mod T1]T1 +((jT2− ξ(tj)) mod T1) with the
set {0, αT1} is equal to 1 (see Figure 8).
0 T1
bj + M
bj
αT1 tj + M tj0 T1
bj + Mbj
αT1tj + M tj
bj = fα(tj ) bj = fα(tj )
Fig. 8. Keeping the notations of the proof of Fact 1, we have bj = bj+M = 1 (left) and
bj = 1 6= bj+M = 0 (right).
Let i0 ∈ {1, . . . , n−N −M + 1}, using the hypothesis that δ(j) = ξ(tj+M )− ξ(tj) is
almost a constant equal to δ(i0) when j runs across all the values of {i0, . . . , i0+N − 1},
we deduce that PSi0 {bj 6= bj+M} is given by
P = PX{#(([0, (MT2 + ξ(ti0)− ξ(ti0+M )) mod T1]T1 +X) ∩ {0, αT1}) = 1},
where X is a random variable, which follows the same distribution in the interval [0, T1]
as the sample {(jT2− ξ(tj)) mod T1}j∈Si0 . Let ℓ = (MT2+ ξ(i0)− ξ(i0+M)) mod T1.
Suppose that ℓ ≤ αT1, then the set of x ∈ [0, T1] such that #([x, x+ ℓ]T1 ∩ {0, αT1}) = 1
is ([−ℓ, 0]T1 ∪ [αT1 − ℓ, αT1]T1) ∩ [0, T1]. The size of the last interval is 2ℓ. The case
ℓ ≥ (1−α)T1 comes down to the preceding case by replacing ℓ by T1 − ℓ and computing
the complementary event. We obtain the size of x ∈ [0, T1] such that #([x, x + ℓ]T1 ∩
{0, αT1}) = 1 is 2(T1−ℓ). On the other hand, if αT1 ≤ ℓ ≤ (1−α)T1, the set of x ∈ [0, T1]
such that #([x, x+ ℓ]T1 ∩ {0, αT1}) = 1 is ([−ℓ, αT1 − ℓ]T1 ∪ [0, αT1]T1) ∩ [0, T1], the size
of which is 2αT1.
Finally, by assuming that the distribution of X is ǫ-uniform in the interval [0, T1],
we find that if ℓ ≤ αT1 then |P − 2ℓT1 | < ǫ, if ℓ ≥ (1 − α)T1 then |P − 2 + 2ℓT1 | < ǫ, and
otherwise |P − 2α| < ǫ. This concludes the proof.
15
B Experiments on detection of attacks using the proposed
dedicated test
The studied elementary oscillator based TRNG can be attacked by reducing the jitter,
e. g. by decreasing the temperature and thus the thermal noise causing the jitter. We
evaluated reaction of the proposed dedicated test on this attack.
In our experiments, we modified the temperature of the generator and we observed
the size of the measured jitter and compared it with the pre-computed threshold in the
dedicated test. The temperature was rapidly reduced to −20 ◦C and left to rise back to
21 ◦C. We repeated this cycle several times. The results of the jitter measurement in one
experiment are depicted in Fig. 9.
2
3
4
5
6
7
0 5 10 15 20 25 30 35
M
e
a
su
re
d
 j
it
te
r 
(p
s)
Time
cooled to -20°Ccooled to -20°C
threshold=5,01ps
Fig. 9. Evolution of the temperature attack in time.
We see that as expected, the test was able to detect the jitter reduction coming from
the temperature decrease and activate the alarm.
16
