A new dual entropy core true random
number generator
Ihsan Cicek, Ali Emre Pusane & Gunhan
Dundar
Analog Integrated Circuits and Signal
Processing
An International Journal
ISSN 0925-1030
Analog Integr Circ Sig Process
DOI 10.1007/s10470-014-0324-y
1 23
Your article is protected by copyright and all
rights are held exclusively by Springer Science
+Business Media New York. This e-offprint is
for personal use only and shall not be selfarchived in electronic repositories. If you wish
to self-archive your article, please use the
accepted manuscript version for posting on
your own website. You may further deposit
the accepted manuscript version in any
repository, provided it is only made publicly
available 12 months after official publication
or later and provided acknowledgement is
given to the original source of publication
and a link is inserted to the published article
on Springer's website. The link must be
accompanied by the following text: "The final
publication is available at link.springer.com”.
1 23
Author's personal copy
Analog Integr Circ Sig Process
DOI 10.1007/s10470-014-0324-y
A new dual entropy core true random number generator
Ihsan Cicek • Ali Emre Pusane • Gunhan Dundar
Received: 28 February 2014 / Accepted: 7 May 2014
Ó Springer Science+Business Media New York 2014
Abstract The entropy produced by a conventional single
chaotic map based true random number generator (TRNG)
is usually limited due to the finite number of Lyapunov
exponents. In this work, we present a new dual entropy
core TRNG architecture which is capable of producing
high levels of randomness using hardware redundancy.
Mathematical models of conventional and proposed TRNG
architectures have been developed for a comparative analysis of the statistical and randomness properties. Our
theoretical studies showed that the proposed architecture
which employs Bernoulli map as the entropy source, has an
inherently symmetric probability density function with
zero mean. Using a practical information metric,
T-entropy, we demonstrated that the proposed architecture
performs better in terms of randomness, for a wide range of
control parameter values when compared to its single
entropy core counterpart. A proof of concept prototype of
the proposed architecture is designed and implemented
using a field programmable analog array integrated circuit.
Random numbers acquired from the prototype have successfully passed all NIST 800.22 statistical tests.
I. Cicek (&)
Informatics and Information Security Research Center,
TUBITAK BILGEM, 41470 Kocaeli, Turkey
e-mail: [email protected]
A. E. Pusane G. Dundar
Department of Electrical and Electronics Engineering, Bogazici
University, Istanbul, Turkey
e-mail: [email protected]
G. Dundar
e-mail: [email protected]
Keywords True random number generator Discrete
time chaos Entropy Bernoulli map Field programmable
analog array
1 Introduction
True random number generators (TRNGs) are widely
accepted as the most crucial component of any cryptographic
system, since no deterministic cryptographic primitive can
generate more entropy at the output than what is available at
the inputs [1, 2]. Hence, the unpredictability and the security
of a cryptographic system principally depend on the TRNG,
rendering it as the most critical and vital component. Conventional TRNGs based on the sampling of amplified electrical noise are far from satisfying the specific requirements
of modern cryptographic applications due to limited bandwidth of the entropy source [3–7]. Multiple oscillator sampling based TRNGs consume significant amount of power
and area for high-speed generation of random bits [8–16].
The underlying entropy can be adversely affected by side
channel attacks [17, 18]. Design resources required for
achieving a certain level of randomness are considerably
large and usually unacceptable for lightweight cryptographic
applications [19].
Chaos based TRNGs use the chaotic dynamics as the
entropy source since a dynamic system operating in the
chaotic regime can act as information source according to
the ergodic theory [20]. Exponentially divergent and aperiodic nature of chaotic dynamics is driven and characterized by the underlying positive Lyapunov exponent(s),
making the dynamic system extremely sensitive to variations in the initial conditions. Any small disturbance in the
initial conditions is immediately transformed into large
deviations through the spatio-temporal evolution of chaotic
123
Author's personal copy
Analog Integr Circ Sig Process
orbits. Although the non-linear dynamics of chaotic systems are theoretically defined in deterministic terms, their
high sensitivity to small perturbations in the initial conditions make them practically unpredictable. So the unpredictability of the TRNG is established with the help of
electrical noise readily available in circuit components.
When continuous wandering of the initial conditions and
state variables are combined with the divergent behavior of
the chaotic system, it becomes impossible to predict the
initial conditions exactly, due to finite precision of the
measurement instruments.
Evolution characteristics of non-linear dynamics can be
used to classify chaos based TRNGs into two main categories: continuous time and discrete time. Continuous time
chaos based TRNG implementations usually occupy large
area and consume high power as a result of large analog
building blocks, such as OPAMPs, oscillators, OTAs, and
inductors, required to implement the differential equations
that define the chaotic dynamics [21, 22]. On the contrary,
discrete time chaos based TRNGs can be implemented
using much less design resources, hence yielding compact,
lightweight-crypto friendly designs [23–29]. Unlike their
counterparts, discrete time chaos based TRNGs are more
compatible with standard CMOS processes since they do
not require large area occupying components such as
inductors [22]. Furthermore, it is possible to dynamically
control the evolution and bit generation speed of the discrete time chaos based TRNG by adjusting the clock signal. The frequency of the clock signal can be set within
available limits to operate the TRNG at the high throughput
or low power mode according to the specific requirements
of the application without requiring any topological changes. According to Pesin’s theorem, the maximum entropy
that can be produced by a single entropy core discrete time
chaos based TRNG is fundamentally limited by its finite
number of Lyapunov exponents [30]. Theoretical maximum entropy levels are not achievable in practice due to
parameter variations and implementation issues.
In this paper, we introduce a new discrete time chaos
based TRNG architecture that employs dual entropy cores
for enhancing the randomness performance in contrast to
the conventional single entropy core counterpart. In Sect. 2,
we outline the custom mathematical models of the conventional and proposed architectures for comparative
numerical simulations. We also theoretically and numerically calculate the underlying probability density function
of the proposed architecture. In Sect. 3, we evaluate and
compare the randomness performance of the conventional
and proposed architectures using a practical information
measure, T-entropy, as the randomness metric. We present
3D T-entropy plots along with their respective 2D projections for portraying parameter variation sensitivities and
their effect on randomness performance. Section 4 briefly
123
Fig. 1 Single entropy core discrete time chaos based TRNG
architecture
describes the proof of concept implementation of the dual
entropy core TRNG architecture on an off-the-shelf available field programmable analog array (FPAA) integrated
circuit. Finally, Sect. 5 reports the statistical test results for
the bitstream generated by the proof of concept TRNG
circuit.
2 Mathematical modeling
2.1 Mathematical model of single entropy core TRNG
The conventional single entropy core discrete time chaos
based TRNG architecture presented in Fig. 1 is composed
of a non-linear function block, a sample and hold block,
and a comparator block combined with a threshold generator. In this architecture, the non-linear function block
implements the chaotic map of interest and the sample and
hold block drives the chaotic dynamics. The comparator
block along with the threshold generator form the bit
extractor that harvests random bits from the entropy source.
While, in principle, any endomorphic map capable of
exhibiting chaotic behavior can be used as the entropy
source, we have chosen the Bernoulli map, due to its
simplicity, underlying uniform invariant measure, and
robust chaos generation capability. Bernoulli map is composed of two piecewise linear parts that are separated with
a discontinuity point between them as shown in Fig. 2. In
mathematical terms, the Bernoulli map is defined as
lxn ;
0\xn 0:5;
xnþ1 ¼
ð1Þ
lxn 1; 0:5\xn \1;
where l 2 ½0; 2 is the chaos control parameter. The
threshold comparator is defined as
0; 0\xn Th ;
bn ¼ Bðxn Þ ¼
ð2Þ
1; Th \xn \1:
The comparator is used to divide the phase space of the
endomorphic map into two bit generating partitions using the
threshold parameter Th 2 ð0; 1Þ: The single entropy core
discrete time chaos based TRNG model presented in Fig. 1
Author's personal copy
Analog Integr Circ Sig Process
Bernoulli Map
1
1
0.8
Density
0.8
X
n+1
0.6
0.4
0.6
0.4
0.2
Bernoulli map data
0.2
Uniform distribution fit
0
0
0
0.2
0.4
0.6
0.8
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
xn
1
Xn
Fig. 3 Empirical PDF of Bernoulli map
Fig. 2 Bernoulli map function
generates random bits by comparing the spatio-temporal
location of evolving chaotic trajectory in the partitioned
phase space to the threshold parameter. The chaotic trajectory generated by the single entropy core is encoded using a
binary alphabet, in which the probabilities of symbols are
determined by the threshold parameter. For equiprobable bit
generation, the threshold parameter has to be set correctly. In
practical applications, the threshold generator needs to track
the chaotic signal for generating an optimum threshold that
yields equiprobable bits. It is important to note that this
requirement cannot be achieved easily due to practical
implementation issues and creates a design overhead.
In order to have a better understanding of statistical
properties of the entropy source, its underlying probability
density function (PDF) can be constructed empirically
using a histogram to show the frequency with which states
along a trajectory fall into given bins forming the phase
space. Suppose that the phase space [0,1] is composed of
n discrete non-overlapping bins such that the jth bin is
defined by
j1 j
bj ¼
; ;
j ¼ 1; 2; . . .; n:
ð3Þ
n n
A trajectory of length N with N [ [ n; generated by a
discrete time chaotic map M(x), starting from an initial
condition x0 can be denoted as
TN ¼ fx0 ; Mðx0 Þ; M 2 ðx0 Þ; . . .; M N ðx0 Þg:
ð4Þ
If we define the fraction fe of the N states of the dynamic
system that falls into the jth bin, we obtain,
n
fe ¼ f#M j ðx0 Þ 2 bj ; j ¼ 1; 2; . . .; Ng;
ð5Þ
N
where # denotes the cardinality operator. We obtain the
empirical PDF using large values of N to guarantee the
settling of the PDF. For example, with n ¼ 100 bins, the
Bernoulli map defined by (1) with l ¼ 2 is iterated for
N ¼ 105 steps, starting from a random initial condition x0 ;
then the empirical PDF is calculated using (5) and plotted
as shown in Fig. 3.
Fig. 4 Dual entropy core discrete time chaos based TRNG
architecture
Although the time series generated by chaotic systems
exhibit sensitive dependence on the initial state x0 ; statistical distribution of the states over the phase space is
invariant and independent of x0 [20]. The underlying PDF
of the Bernoulli map can also be theoretically calculated
using the Frobenius–Perron operator [31]. Empirically
estimated PDF of the Bernoulli map is in good agreement
with its theoretically calculated distribution as illustrated
by Fig. 3. Statistical characteristics defined by the empirical PDF suggests a uniform distribution, which promotes
the use of Bernoulli map as an efficient entropy source in
TRNG applications.
2.2 Mathematical model of dual entropy core TRNG
The dual entropy core TRNG presented in Fig. 4 generates
random bits by comparing two uniformly distributed,
independent, and uncorrelated random variables [32]. The
proposed new architecture is based on symbolic dynamics
that translates the difference between time series generated
by two chaotic systems into binary strings of ones and
zeros. We use topological redundancy to increase maximum achievable entropy, which is fundamentally limited
by the maximal Lyapunov exponent in the single entropy
123
Author's personal copy
Analog Integr Circ Sig Process
where xi;n ; i ¼ 1; 2; . . .; corresponds to the chaotic time
series generated by the ith entropy core. We construct the
mathematical model of the new architecture using (1) and
(6). As it can be inferred from (6), random bits are generated
by using the sign of the difference between two uniformly
distributed random variable samples. The bit extractor
function is implemented using an ideal comparator. In order
to have a better understanding of the statistical properties of
the new TRNG architecture, we calculate the joint PDF as
follows: let X1 ; X2 be independent, uncorrelated, and uniformly distributed random variables. We can define a random variable Y composed of X1 and X2 as
Y ¼ X1 X 2 :
ð7Þ
Empirical PDF
1
Theoretical PDF
0.8
Density
core architecture. Although a wide spectrum of endomorphic maps is available as candidates for the entropy sources, the Bernoulli map presented in Fig. 2 is chosen in
order to compare the randomness performance with respect
to the single entropy core counterpart. The similarities
between the two entropy cores also reduce hardware
complexity and design overhead.
We can develop a custom mathematical model of the
new TRNG architecture presented in Fig. 4 for numerical
simulations and randomness performance evaluation using
a similar approach presented in Sect. 2.1. Assume that we
have two independent, uncorrelated, and uncoupled Bernoulli maps defined by (1) that are guaranteed to start
operating from different initial conditions with chaos
control parameters fl1 ; l2 g: Then, we can define a bit
extractor function described as
0; x1;n x2;n ;
bn ¼ Bðx1;n ; x2;n Þ ¼
ð6Þ
1; x2;n \x1;n ;
0.6
0.4
0.2
0
−1
−0.5
0
0.5
1
yn
Fig. 5 Probability density function of the composite random variable
Y
dFY ðyÞ
fY ðyÞ ¼
¼
dy
1 þ y;
1 y;
1\y\0;
0 y\1:
ð10Þ
It is interesting to note that the probability density function
of Y has zero mean and symmetric distribution around zero,
which allows generation of equiprobable bits. Using our
model and following a similar approach explained in Sect.
2.1, we numerically simulated the TRNG system using
different random initial conditions for each entropy core
and constructed an empirical probability density function
of the composite random variable Y. The theoretically
derived joint probability function and empirically constructed probability density functions are in good agreement as shown in Fig. 5.
The mathematical models of single and dual entropy
core TRNG architectures presented in Sects. 2.1 and 2.2 are
implemented for numerical simulations. Generated bitstreams are used to study the randomness performance.
The joint probability density function of X1 ; X2 is
fX1 ;X2 ðx1 ; x2 Þ ¼ 1;
x1 ; x2 2 ð0; 1Þ:
ð8Þ
The cumulative distribution function of Y can then be
calculated as
FY ðyÞ ¼ PðY yÞ ¼ PðX1 X2 yÞ
8
1þy
R R1
>
>
>
1 dx2 dx1 ;
1\y\0;
>
<
0 x1 y
¼
>
R1 x1Ry
>
>
>1
1 dx2 dx1 ;
0 y\1;
:
y 0
8
1
1
>
< y2 þ y þ ;
1\y\0;
2
2
¼
>
: 1 y2 þ y þ 1 ;
0 y\1:
2
2
ð9Þ
We can obtain the probability density function of Y by
calculating the derivative of cumulative distribution function as
123
3 Randomness performance evaluation
The numerical simulation models of the single and dual
entropy core discrete time chaos based TRNG architectures
are constructed to explore the randomness performance
using the bitstream generated from each respective model.
For the single entropy core architecture, random bits are
generated as the binary encoding of the chaotic trajectory
of the Bernoulli map, as shown in Fig. 6. In the dual
entropy architecture case, random bits are generated using
the difference between chaotic trajectories created by two
identical, uncoupled Bernoulli maps as presented in Fig. 7,
which are guaranteed to start from different initial conditions. Both single and dual entropy core numerical simulation models are capable of recording the generated
bitstream to a file in binary format for further statistical
testing.
Author's personal copy
Analog Integr Circ Sig Process
Table 1 Statistical test results for single entropy core architecture
Test
Fig. 6 Operation of the single entropy core architecture simulation
model
p value
Proportion
Frequency
0.317972
0.9928
Block frequency
0.167071
0.9952
Cumulative sums
0.393516
0.9928
Runs
0.830035
0.9833
Longest-run
0.727654
0.9881
Rank
0.130351
0.9833
FFT
0.850975
0.9857
Universal
0.512185
0.9857
Apen
0.884326
0.9881
Serial
0.928167
0.9928
Linear-complexity
0.303409
0.9881
Table 2 Statistical test results for dual entropy core architecture
Test
Fig. 7 Operation of the dual entropy core architecture simulation
model
400 Mbits of data generated by the models are tested
using the NIST 800.22 statistical test suite [33]. Test results
are presented in Tables 1 and 2 for the single and dual
entropy core TRNG architectures respectively. While each
p value describes the probability of the bitstream generated
by an ideal TRNG [33], the proportion values represent the
test pass rate for 1 Mbit data blocks. Test results in Tables
1 and 2 show that both architecures pass all NIST 800.22
tests.
However, test results do not tell us which architecture
performs better, in terms of randomness. Unfortunately,
this is a general problem with conventional statistical tests
with pass-fail type binary outputs, because they do not
provide a quantitative measure of entropy for the generated
bitstream. In randomness performance evaluation, we used
a vocabulary based information measure, T-entropy, which
can provide a quantitative measure of the entropy for
generated finite bitstreams [34]. T-entropy calculation is
based on the T-decomposition process which is a recursive
p value
Proportion
Frequency
0.966244
0.9900
Block frequency
Cumulative sums
0.219006
0.838645
0.9975
0.9875
Runs
0.304126
0.9875
Longest-run
0.783973
0.9775
Rank
0.724817
0.9950
FFT
0.143279
0.9925
Universal
0.470189
0.9825
Apen
0.935716
0.9925
Serial
0.117089
0.9825
Linear-complexity
0.779188
0.9925
hierarchical pattern copying (RHPC) algorithm that parses
the bitstream in groups of bit patterns while accounting for
consecutive repetitions of each pattern. The T-entropy of a
finite bitstream is then calculated using the complexity of
the RHPC algorithm [35]. We calculated the T-entropy of
the bitstreams generated by both single and dual entropy
core TRNG models for all possible values of parameters
affecting the statistical properties. 3D projections of
T-entropy calculations of single and dual entropy core
TRNG models are plotted in Fig. 8(a, b) respectively. In
both cases, we observed that T-entropy increases as the
chaos control parameter l approaches to its ideal value of
2. In the single entropy core case, any deviation in the
comparator threshold parameter Th reduces the maximum
achievable entropy level of 0.693 drastically, as observed
in Fig. 8a. We noticed that entropy dependency on the
threshold parameter is higher than that of the chaos control
parameter. On the other hand, in the dual entropy core case
shown in Fig. 8b, both the maximum achievable entropy
level and the associated parameter intervals are larger,
which enables generation of high entropy bits for a wider
123
Author's personal copy
Analog Integr Circ Sig Process
(a)
(b)
Fig. 8 A comparative plot presenting the T-Entropies of bitstreams generated by single and dual entropy core TRNG models. a T-entropy of the
bitstream generated by single entropy core TRNG. b T-entropy of the bitstream generated by dual entropy core TRNG
Fig. 9 Vertical projections of T-entropy for a single and b dual entropy core TRNG model generated bitstreams
range of parameter values. Vertical projections of Fig. 8a, b
are plotted in Fig. 9 to provide a better comparative perspective on parameter sensitivity. Dual entropy core
architecture is more immune to control parameter variations than what the single entropy core counterpart is
capable of, as presented by Fig. 9a, b respectively.
In analog design, sensitive parameters such as Th of the
single entropy core TRNG architecture cannot be controlled precisely as a result of matching and parameter
variations associated with the implementation technology
[36]. Variations in control parameters can easily alter the
statistical properties [37]. Critical dependence of entropy
on Th renders single entropy core architecture practically
inefficient. Our proposed architecture is recognized by its
maximum achievable entropy level in the excess of 0.9 for
a wide range of chaos control parameter values, which
outperforms its highly parameter sensitive counterpart. The
123
dual entropy core TRNG architecture is remarkably less
sensitive to deviations in the chaos control parameters,
which translates into an advantage in hardware implementations. In addition, it should be noted that absence of
the threshold generator and all the design complexity
associated with it reduces design overhead only at a small
expense of hardware redundancy.
4 Circuit design and implementation
Field programmable analog array is a flexible reconfigurable platform for fast prototyping of analog circuits [38].
We have used an off-the-shelf available switched capacitor
technology based FPAA chip (AN231E04) in the implementation of the proposed TRNG architecture, since it
allows realization of discrete time systems [39]. According
Author's personal copy
Analog Integr Circ Sig Process
(a)
(b)
Fig. 10 FPAA implementation of the dual Bernoulli map based
TRNG
to the model presented in Fig. 4, each entropy core requires
a non-linear function block and a sample-hold block that
can be built using the resources already available in the
computational analog blocks (CABs) of the FPAA chip as
shown in Fig. 10.
The non-linear function block is designed around an
analog adder and comparator circuit to implement the
Bernoulli maps given in (1) and the bit extractor function,
described by (6), is implemented with the help of an
additional comparator as presented in Fig. 10. The FPAA
chip is powered by on-board linear 3.3 V DC supply and
driven by a 16 MHz master clock, which is used to synthesize the internal clock signals required by CAB components. In the proof of concept design, the clock speed
requirements of sample-hold blocks put a fundamental
limit on the maximum achievable throughput. However,
higher throughputs can be easily obtained in ASIC implementations. The measurement setup shown in Fig. 11a is
built using an Anadigm AN231E04 development board and
a Xilinx Spartan XC3S1600E development board for
evaluating the randomness performance of the proof of
concept dual entropy core TRNG circuit as shown in Fig.
11(b).
Chaotic signals generated by each entropy core and
generated random bits are measured as shown in Fig. 12.
The design flexibility provided by the reconfigurability of
FPAA comes with the price of reduced bandwidth. The
proof of concept circuit generates random bits in excess
of 2 MHz as a result of the clock speed limitations
Fig. 11 Proof of concept implementation of the proposed architecture. a Measurement setup for the proposed TRNG architecture.
b Implementation of the measurement setup
imposed by the implementation technology of the FPAA
chip. We believe that an ASIC implementation of the
proposed architecture would have a much higher
throughput potential. FPGA development board shown in
Fig. 11b is utilized to acquire and transfer the bitstream
generated by the dual entropy core TRNG implemented
on the FPAA development board. For this purpose, we
synthesized a custom 32 bit single core Microblaze microcontroller operating at 50 MHz with DDR Memory
and UART interfaces using Xilinx embedded development kit. A data acquisition module with programmable
sampling clock has been integrated as a custom peripheral
within the processor. A 32 bit shift register driven by the
programmable clock converts serially acquired random
bits into 32 bit parallel data which is then read by the
software and transferred to external DDR SDRAM for
temporary storage. After the end of data acquisition session, random number data stored in the external DDR
SDRAM is transferred to computer using the ubiquitous
RS232 interface. A custom software on the computer side
saves the incoming data in binary format to a file for
statistical analyses.
123
Author's personal copy
Analog Integr Circ Sig Process
Table 3 NIST STS v2.0 test results
Test
Fig. 12 Operation of the proposed dual entropy core architecture
TRNG implemented on FPAA
5 Statistical test results
The bitstream acquired by the FPGA is written to the
external DDR memory until 400 Mbits of data has been
captured. The random numbers stored in the DDR memory
are transferred to the computer using the UART interface
upon data acquisition. An effective throughput of 1.5 Mbps
is achieved at the output of the data acquisition peripheral
using programmable sampling clock. Although no set of
statistical tests can absolutely qualify a TRNG, they are
useful in determining the statistical performance for the
cryptographic applications. NIST statistical test suite v2.0
is used for the statistical evaluation of the acquired bitstream. Each p value in Table 3 corresponding to a particular test describes the probability of the bitstream
generated by an ideal TRNG [33]. The NIST statistical test
suite divides the raw bitstream into 1 Mbit blocks and
applies the tests. Proportion column in Table 3 shows the
ratio of 1 Mbit sequences passing the particular NIST test.
The acquired bitstream successfully passes all NIST statistical tests as confirmed by the results presented in Table
3.
6 Conclusion
In this study, we proposed a dual entropy core discrete time
chaos based TRNG architecture that can overcome the
intrinsic limited entropy problem of conventional single
entropy core architectures by using hardware redundancy.
Although there is no constraint on the type of the chaotic
map, we have chosen the Bernoulli map for both its simplicity and uniform underlying distribution. Unfortunately,
simplicity comes with a cost: the Bernoulli map has limited
123
p value
Proportion
Frequency
0.904708
0.9975
Block frequency
0.783973
0.9900
Cumulative sums
0.549331
0.9850
Runs
0.605916
0.9800
Longest-run
0.432672
0.9950
Rank
0.783973
0.9900
FFT
0.366918
0.9900
Universal
0.319084
0.9800
Apen
0.585209
0.9975
Serial
0.968128
0.9925
Linear-complexity
0.978072
0.9875
entropy due to its single Lyapunov exponent. While any
circuit implementable chaotic map can be used in the
proposed architecture, use of the same map for both
entropy cores facilitates hardware design. We developed a
mathematical model of the proposed architecture and
analytically calculated the underlying probability density
function which has inherently zero mean and symmetric
characteristic that allows equiprobable random bit generation. Using numerical simulations and a practical information metric, we show that the dual entropy core TRNG
architecture performs better in terms of randomness when
compared to its single entropy core counterpart. In addition, we observed that dual entropy core TRNG architecture is less sensitive to parameter variations for a wide
range of chaos control parameter values. The proof of
concept, dual entropy core TRNG architecture is designed
and implemented on a switched capacitor technology based
FPAA integrated circuit. Acquired bitstream successfully
passed all NIST 800.22 statistical tests. In conclusion, the
proposed dual entropy core TRNG architecture can be used
to improve the randomness performance of single entropy
core discrete time chaos based TRNGs. Dual entropy core
TRNG architecture can be used with any circuit implementable chaotic map. Different chaotic maps can also be
used for each entropy core. We believe that proposed
CMOS friendly architecture has a much higher throughput
potential when it is implemented in ASIC technology.
References
1. Jun, B., & Kocher, P. (1999). The intel random number generator. Cryptography Research, Inc. white paper prepared for Intel
Corp., April.
2. Bock, H., Bucci, M., & Luzzi, R. (2004). An offset-compensated
oscillator-based random bit source for security applications. In
Author's personal copy
Analog Integr Circ Sig Process
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
Cryptographic Hardware and Embedded Systems—CHES 2004
(vol. 3156, pp. 27–83). Berlin: Springer.
Maddocks, R. S., et al. (1972). A compact and accurate generator
for truly random binary digits. Journal of Physics E: Scientific
Instruments, 5(6), 542–544.
Petrie, C., & Connelly, J. (1996). Modeling and simulation of
oscillator-based random number generators, vol. 4. In IEEE
International Symposium on Circuits and Systems, 1996 (ISCAS
’96), ’Connecting the World’ (pp. 324–327), May 1996.
Holman, W., Connelly, J., & Dowlatabadi, A. (1997). An integrated analog/digital random noise source. IEEE Transactions on
Circuits and Systems I: Fundamental Theory and Applications.,
44(6), 521–528.
Petrie, C., & Connelly, J. (2000). A noise-based IC random
number generator for applications in cryptography. IEEE
Transactions on Circuits and Systems I: Fundamental Theory and
Applications, 47(5), 615–621.
Wang, Y. H., Zhang, H. G., Shen, Z. D., & Li, K. S. (2005).
Thermal noise random number generator based on SHA-2 (512),
vol. 7. In Proceedings of 2005 International Conference on
Machine Learning and Cybernetics, 2005 (pp. 3970–3974).
Tsoi, K., Leung, K., & Leong, P. (2003). Compact fpga-based
true and pseudo random number generators. In 11th Annual IEEE
Symposium on Field-Programmable Custom Computing
Machines, 2003. FCCM, 2003 (pp. 51–61).
Bucci, M., Germani, L., Luzzi, R., Trifiletti, A., & Varanonuovo,
M. (2003). A high-speed oscillator-based truly random number
source for cryptographic applications on a smart card IC. IEEE
Transactions onComputers, 52(4), 403–409.
Stefanou, N., & Sonkusale, S. (2004). High speed array of
oscillator-based truly binary random number generators, vol. 1. In
Proceedings of the 2004 International Symposium on Circuits
and Systems, 2004. ISCAS’04 (pp. I-505–I-505-8), May 2004.
Sunar, B., Martin, W. J., & Stinson, D. R. (2007). A provably
secure true random number generator with built-in tolerance to
active attacks. IEEE Transactions onComputers, 56(1),
109–119.
Wold, K., & Tan, C. H. (2009). Analysis and enhancement of
random number generator in FPGA based on oscillator rings.
International Journal of Reconfigurable Computing, 2009, 1–8.
Yoo, S. K., Karakoyunlu, D., Birand, B., & Sunar, B. (2010).
Improving the robustness of ring oscillator TRNGs. ACM
Transactions on Reconfigurable Technology and Systems, 3(2),
1–30.
Jessa, M., & Jaworski, M. (2011). Enhancing the randomness of a
combined true random number generator based on the ring
oscillator sampling method. In Proceedings of the 2011 International Conference on Reconfigurable Computing and FPGAs,
RECONFIG ’11 (pp. 274–279). Washington, DC, USA: IEEE
Computer Society.
Cicek, I., & Dundar, G. (2011). A hardware efficient chaotic ring
oscillator based true random number generator. In 18th IEEE
International Conference on Electronics, Circuits and Systems,
ICECS (pp. 430–433), 11–14 December 2011.
Murphy, J. P. (2012). Field-programmable true random number
generator. Electronics Letters, 48(10), 565–566.
Mesgarzadeh, B., & Alvandpour, A. (2005). A study of injection
locking in ring oscillators, vol. 6. In IEEE International Symposium on Circuits and Systems, ISCAS 2005 (pp. 5465–5468),
23–26 May 2005.
Markettos, A. T., & Moore, S. W. (2009). The frequency injection attack on ring-oscillator-based true random number generators. In C. Clavier & K. Gaj (Eds.), CHES 2009. LNCS (vol. 5747,
pp. 317–331). Heidelberg: Springer.
Cicek, I., & Dundar, G. (2013). A chaos based integrated jitter
booster for true random number generators. In 21th IEEE
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
European Conference on Circuit Theory and Design, ECCTD
2013 (pp. 08–12), September 2013.
Eckmann, J. P., & Ruelle, D. (1985). Ergodic theory of chaos and
strange attractors. Reviews of Modern Physics, 57(3, part 1),
617–656.
Yalcin, M. E., Suykens, J. A. K., & Vandewalle, J. (2004).
True random bit generation from a double-scroll attractor.
IEEE Transactions on Circuits and Systems I, 51(7),
1395–1404.
Tavas, V., et al. (2009). Integrated cross-coupled chaos oscillator
applied to random number generation. IET Circuits Devices
Systems, 3(1), 1–11.
Degaldo-Restituto, M., Medeiro, F., & Rodriguez-Vazquez, A.
(1993). Nonlinear switched-current CMOS IC for random signal
generation. Electronics Letters, 29(25), 2190–2191.
Stojanovski, T., Pihl, J., & Kocarev, L. (2001). Chaos-based
random number generators. Part II: practical realization. IEEE
Transactions on Circuits and Systems I: Fundamental Theory and
Applications, 48(3), 382–385.
Delgado-Restituto, M., Rodriguez-Vazquez, A. (2002). Integrated
chaos generators, vol. 90, no. 5. In Proceedings of the IEEE (pp.
747–767), May 2002.
Wang, C., et al. (2005). Switched-current 3-bit CMOS 4.0-MHz
wideband random signal generator. IEEE Journal of Solid-State
Circuits, 40(6), 1360–1365.
Pareschi, F., Setti, G., & Rovatti, R. (2006). A fast chaos-based
true random number generator for cryptographic applications. In
Proceedings of IEEE 32nd European Solid-State Circuits Conference, ESSCIRC 2006 (pp. 130–133), September 2006.
Katz, O., Ramon, D. A., & Wagner, I. A. (2008). A robust random number generator based on a differential current-mode
chaos. IEEE Transactions on Very Large Scale Integration
(VLSI) Systems, 16(12), 1677–1686.
Cicek, I., Pusane, A. E., & Dundar, G. (2013). Random number
generation using field programmable analog array implementation of logistic map. In 21th Signal Processing and Communications Applications Conference, SIU 2013 (pp. 1–4), 24–26
April 2013.
Pesin, Y. B. (1977). Characteristic Lyapunov exponents and
smooth ergodic theory. Russian Mathematical Surveys, 32(4),
55–114.
Lasota, A., & Mackey, M. C. (1994). Chaos, fractals and noise:
Stochastic aspects of dynamics (2nd ed.). Heidelberg: Springer.
Cicek, I., Pusane, A. E., & Dundar, G. (2013). A novel dual
entropy core true random number generator. In 8th International
Conference on Electrical and Electronics Engineering, ELECO
2013 (pp. 1–4), 28–30 November 2013.
Rukhin, A. et al., (2001). A statistical test suite for random
and pseudo random number generators for cryptographic
applications, NIST 800–22. http://csrc.nist.gov/rng/SP800-22b,
May 2001
Titchener, M. R. (1998). Deterministic computation of complexity, information and entropy. In Proceedings of IEEE International Symposium on Information Theory (p. 326).
Steuer, R., Ebeling, W. B., & Titchener, M. R. (2001). Partition
based entropies of dynamic and stochastic maps. Stochastics and
Dynamics, 1(1), 45–61.
Cicek, I., Pusane, A. E., & Dundar, G. (2014). A novel design
method for discrete time chaos based true random number generators. Integration, the VLSI Journal,47(1), 38–47.
Addabbo, T., et al. (2009). Invariant measures of tunable chaotic
sources: Robustness analysis and efficient estimation. IEEE
Transactions on Circuits and Systems I: Fundamental Theory and
Applications, 56(4), 806–819.
Cicek, I., Pusane, A. E., & Dundar, G. (2013). Field programmable analog array implementation of logistic map. In 21th
123
Author's personal copy
Analog Integr Circ Sig Process
Signal Processing and Communications Applications Conference, SIU 2013 (pp. 1–4), 24–26 April 2013.
39. Anadigm. The AN231E04 dpASP dynamically reconfigurable
analog signal processor, AN231E04 Datasheet, Rev. 1.1.
Ihsan Cicek received the B.Sc.
degree in electronics and telecommunication
engineering
from Istanbul Technical University, Istanbul, Turkey, in
2002, and the M.Sc. degree in
microelectronics
engineering
from Sabanci University, Istanbul, Turkey, in 2004. He
received Istanbul Technical
University high honor and
Northern Electric Telecommunication company scholarships
during his undergraduate study
and a full scholarship from
Sabanci University during graduate study. He is the recipient of 2002
Siemens excellence in engineering prize. He joined Tubitak National
Institute of Electronics and Cryptology in 2005, where he has been
working as a senior researcher. His research interests include analog
integrated circuit design, chaotic systems, and embedded system
design.
Ali Emre Pusane received the
B.Sc. and M.Sc. degrees in
electronics and communications
engineering
from
Istanbul
Technical University, Istanbul,
Turkey, in 1999 and 2002,
respectively, and the M.Sc.
degree in electrical engineering,
the M.Sc. degree in applied
mathematics, and the Ph.D.
degree in electrical engineering
from the University of Notre
Dame, Notre Dame, IN, in
2004, 2006, and 2008, respectively. He was a Visiting
Assistant Professor at the Department of Electrical Engineering,
123
University of Notre Dame, during 2008–2009, after which he joined
the Department of Electrical and Electronics Engineering, Bogazici
University, Istanbul, Turkey, as an Assistant Professor. His research is
in coding theory.
Gunhan Dundar was born in
Istanbul, Turkey, in 1969. He
received the B.S. and M.S.
degrees in electrical engineering
from
Bogazici
University,
Istanbul, Turkey, in 1989 and
1991, respectively, and the
Ph.D. degree in electrical engineering from Rensselaer Polytechnic Institute, Troy, NY, in
1993. Since 1994, he has lectured at Bogazici University,
teaching courses on electronics,
electronics
laboratory,
IC
design, electronic design automation, and semiconductor devices. From August 1994 to November
1995, he was with the Turkish Navy and taught courses on electronics, electronics laboratory, and signals and systems at the Turkish
Naval Academy, Istanbul. Since 1995, he has been with Bogazici
University, where he is currently a Professor. He was the Chairman of
the Department of Electrical and Electronics Engineering, between
2006 and 2009. Between 2002 and 2003, he was with the École
Polytechnique Fédérale de Lausanne, Lausanne, Switzerland, and
between 2009 and 2010 he was with the Technical University of
Munich, on sabbatical leave. His research interests include analog
integrated-circuit design, computer-aided design for analog circuits,
and soft-computing circuits. Prof. Dündar has received numerous
awards in research and teaching. Among these are the 2009 TÜBITAK encouragement award and the best paper award in ASAP 2008.
He has authored or co-authored more than 100 publications in
international journals and conferences.