This paper introduces an inverter-based true random number generator (I-TRNG). It uses a single CMOS inverter to amplify thermal noise multiple times. An adaptive calibration mechanism based on clock tuning provides robust operation across a wide range of supply voltage 0.5∼1.1V and temperature -40∼140°C. An 8-bit Von-Neumann post-processing circuit (VN8W) is implemented for maximum raw entropy extraction. In a 130nm CMOS technology, the I-TRNG entropy source only occupies 635μm2 and consumes 0.016pJ/raw-bit at 0.6V. The I-TRNG occupies 13406μm2, including the entropy source, adaptive calibration circuit, and post-processing circuit. The minimum energy consumption of the I-TRNG is 1.38pJ/bit at 0.5V, while passing all NIST 800-22 and 800-90B tests. Moreover, an equivalent 15-year life at 0.7V, 25°C is confirmed by an accelerated NBTI aging test.

This paper presents a design and an implementation of an on-line quality control method for a TRNG (True Random Number Generator) on an FPGA. It is based on a TRNG with RS latches and a temporal XOR corrector, which can make a trade-off between throughput and randomness quality by changing the number of accumulations by XOR. The goal of our method is to increase the throughput within the range of keeping the quality of output random numbers. In order to detect a sign of the loss of quality from the TRNG in parallel with random number generation, our method distinguishes random bitstrings to be tested from those to be output. The test bitstring is generated with the fewer number of accumulations than that of the output bitstring. The number of accumulations will be increased if the test bitstring fails in the randomness test. We designed and evaluated a prototype of on-line quality control system, using a Zynq-7000 FPGA SoC. The results indicate that the TRNG with the proposed method achieved 1.91-2.63 Mbits/s of throughput with 16 latches, following the change of the quality of output random numbers. The total number of logic elements in the prototype system with 16 latches was comparable to an existing system with 256 latches, without quality control capabilities.

This paper concentrates on a class of pseudorandom sequences generated by combining q-ary m-sequences and quadratic characters over a finite field of odd order, called binary generalized NTU sequences. It is shown that the relationship among the sub-sequences of binary generalized NTU sequences can be formulated as combinatorial structures called Hadamard designs. As a consequence, the combinatorial structures generalize the group structure discovered by Kodera et al. (IEICE Trans. Fundamentals, vol.E102-A, no.12, pp.1659-1667, 2019) and lead to a finite-geometric explanation for the investigated group structure.

We experimentally evaluated random number sequences generated by a superconducting hardware random number generator composed of a Josephson-junction oscillator, a rapid-single-flux-quantum (RSFQ) toggle flip-flop (TFF), and an RSFQ AND gate. Test circuits were fabricated using a 10 kA/cm2 Nb/AlOx/Nb integration process. Measurements were conducted in a liquid helium bath. The random numbers were generated for a trigger frequency of 500 kHz under the oscillating Josephson-junction at 29 GHz. 26 random number sequences of 20 kb length were evaluated for bias voltages between 2.0 and 2.7 mV. The NIST FIPS PUBS 140-2 tests were used for the evaluation. 100% pass rates were confirmed at the bias voltages of 2.5 and 2.6 mV. We found that the Monobit test limited the pass rates. As numerical simulations suggested, a detailed evaluation for the probability of obtaining “1” demonstrated the monotonical dependence on the bias voltage.

In this paper, the random numbers generated by a true random number generator, using the oscillator sampling method, are formulated using a renewal process, and this formulation is used to demonstrate the uniformity of the random numbers and the independence between different bits. Using our results, a lower bound for the speed of random number generation could easily be identified, according to the required statistical quality.

In this paper, we describe a post-processing technique having high extraction efficiency (ExE) for de-biasing and de-correlating a random bitstream generated by true random number generators (TRNGs). This research is based on the N-bit von Neumann (VN_N) post-processing method. It improves the ExE of the original von Neumann method close to the Shannon entropy bound by a large N value. However, as the N value increases, the mapping table complexity increases exponentially (2N), which makes VN_N unsuitable for low-power TRNGs. To overcome this problem, at the algorithm level, we propose a waiting strategy to achieve high ExE with a small N value. At the architectural level, a Hamming weight mapping-based hierarchical structure is used to reconstruct the large mapping table using smaller tables. The hierarchical structure also decreases the correlation factor in the raw bitstream. To develop a technique with high ExE and low cost, we designed and fabricated an 8-bit von Neumann with waiting strategy (VN_8W) in a 130-nm CMOS. The maximum ExE of VN_8W is 62.21%, which is 2.49 times larger than the ExE of the original von Neumann. NIST SP 800-22 randomness test results proved the de-biasing and de-correlation abilities of VN_8W. As compared with the state-of-the-art optimized 7-element iterated von Neumann, VN_8W achieved more than 20% energy reduction with higher ExE. At 0.45V and 1MHz, VN_8W achieved the minimum energy of 0.18pJ/bit, which was suitable for sub-pJ low energy TRNGs.

To increase the number of wireless devices such as mobile or IoT terminals, cryptosystems are essential for secure communications. In this regard, random number generation is crucial because the appropriate function of cryptosystems relies on it to work properly. This paper proposes a true random number generator (TRNG) method capable of working in wireless communication systems. By embedding a TRNG in such systems, no additional analog circuits are required and working conditions can be limited as long as wireless communication systems are functioning properly, making TRNG method cost-effective. We also present some theoretical background and considerations. We next conduct experimental verification, which strongly supports the viability of the proposed method.

RFID enable applications are ubiquitous in our society, especially become more and more important as IoT management rises. Meanwhile, the concern of security and privacy of RFID is also increasing. The pseudorandom number generator is one of the core primitives to implement RFID security. Therefore, it is necessary to design and implement a secure and robust pseudo-random number generator (PRNG) for current RFID tag. In this paper, we study the security of light-weight PRNGs for EPC Gen2 RFID tag which is an EPC Global standard. For this reason, we have analyzed and improved the existing research at IEEE TrustCom 2017 and proposed a model using external random numbers. However, because the previous model uses external random numbers, the speed has a problem depending on the generation speed of external random numbers. In order to solve this problem, we developed a pseudorandom number generator that does not use external random numbers. This model consists of LFSR, NLFSR and SLFSR. Safety is achieved by using nonlinear processing such as multiplication and logical multiplication on the Galois field. The cycle achieves a cycle longer than the key length by effectively combining a plurality of LFSR and the like. We show that our proposal PRNG has good randomness and passed the NIST randomness test. We also shows that it is resistant to identification attacks and GD attacks.

An algebraic group is an essential mathematical structure for current communication systems and information security technologies. Further, as a widely used technology underlying such systems, pseudorandom number generators have become an indispensable part of their construction. This paper focuses on a theoretical analysis for a series of pseudorandom sequences generated by a trace function and the Legendre symbol over an odd characteristic field. As a consequence, the authors give a theoretical proof that ensures a set of subsequences forms a group with a specific binary operation.

We propose a novel decoding algorithm called “sampling decoding”, which is constructed using a Markov Chain Monte Carlo (MCMC) method and implements Maximum a Posteriori Probability decoding in an approximate manner. It is also shown that sampling decoding can be easily extended to universal coding or to be applicable for Markov sources. In simulation experiments comparing the proposed algorithm with the sum-product decoding algorithm, sampling decoding is shown to perform better as sample size increases, although decoding time becomes proportionally longer. The mixing time, which measures how large a sample size is needed for the MCMC process to converge to the limiting distribution, is evaluated for a simple coding matrix construction.

This paper presents an analysis of random number generators based on continuous-time chaotic oscillators. Two different methods for random number generation have been studied: 1) Regular sampling of a chaotic waveform, and 2) Chaotic sampling of a regular waveform. Kernel density estimation is used to analytically describe the distribution of chaotic state variables and the probability density function corresponding to the output bit stream. Random bit sequences are generated using analytical equations and results from numerical simulations. Applying the concepts of autocorrelation and approximate entropy, randomness quality of the generated bit sequences are assessed to analyze relationships between the frequencies of the regular and chaotic waveforms used in both random number generation methods. It is demonstrated that in both methods, there exists certain ratios between the frequencies of regular and chaotic signal at which the randomness of the output bit stream changes abruptly. Furthermore, both random number generation methods have been compared against their immunity to interference from external signals. Analysis shows that chaotic sampling of regular waveform method provides more robustness against interference compared to regular sampling of chaotic waveform method.

Pseudorandom number generators are required to generate pseudorandom numbers which have good statistical properties as well as unpredictability in cryptography. An m-sequence is a linear feedback shift register sequence with maximal period over a finite field. M-sequences have good statistical properties, however we must nonlinearize m-sequences for cryptographic purposes. A geometric sequence is a sequence given by applying a nonlinear feedforward function to an m-sequence. Nogami, Tada and Uehara proposed a geometric sequence whose nonlinear feedforward function is given by the Legendre symbol, and showed the period, periodic autocorrelation and linear complexity of the sequence. Furthermore, Nogami et al. proposed a generalization of the sequence, and showed the period and periodic autocorrelation. In this paper, we first investigate linear complexity of the geometric sequences. In the case that the Chan-Games formula which describes linear complexity of geometric sequences does not hold, we show the new formula by considering the sequence of complement numbers, Hasse derivative and cyclotomic classes. Under some conditions, we can ensure that the geometric sequences have a large linear complexity from the results on linear complexity of Sidel'nikov sequences. The geometric sequences have a long period and large linear complexity under some conditions, however they do not have the balance property. In order to construct sequences that have the balance property, we propose interleaved sequences of the geometric sequence and its complement. Furthermore, we show the periodic autocorrelation and linear complexity of the proposed sequences. The proposed sequences have the balance property, and have a large linear complexity if the geometric sequences have a large one.

A pseudorandom number generator is widely used in cryptography. A cryptographic pseudorandom number generator is required to generate pseudorandom numbers which have good statistical properties as well as unpredictability. An m-sequence is a linear feedback shift register sequence with maximal period over a finite field. M-sequences have good statistical properties, however we must nonlinearize m-sequences for cryptographic purposes. A geometric sequence is a binary sequence given by applying a nonlinear feedforward function to an m-sequence. Nogami, Tada and Uehara proposed a geometric sequence whose nonlinear feedforward function is given by the Legendre symbol. They showed the geometric sequences have good properties for the period, periodic autocorrelation and linear complexity. However, the geometric sequences do not have the balance property. In this paper, we introduce geometric sequences of two types and show some properties of interleaved sequences of the geometric sequences of two types. These interleaved sequences have the balance property and double the period of the geometric sequences by the interleaved structure. Moreover, we show correlation properties and linear complexity of the interleaved sequences. A key of our observation is that the second type geometric sequence is the complement of the left shift of the first type geometric sequence by half-period positions.

Pseudorandom number generators have been widely used in Monte Carlo methods, communication systems, cryptography and so on. For cryptographic applications, pseudorandom number generators are required to generate sequences which have good statistical properties, long period and unpredictability. A Dickson generator is a nonlinear congruential generator whose recurrence function is the Dickson polynomial. Aly and Winterhof obtained a lower bound on the linear complexity profile of a Dickson generator. Moreover Vasiga and Shallit studied the state diagram given by the Dickson polynomial of degree two. However, they do not specify sets of initial values which generate a long period sequence. In this paper, we show conditions for parameters and initial values to generate long period sequences, and asymptotic properties for periods by numerical experiments. We specify sets of initial values which generate a long period sequence. For suitable parameters, every element of this set occurs exactly once as a component of generating sequence in one period. In order to obtain sets of initial values, we consider a logistic generator proposed by Miyazaki, Araki, Uehara and Nogami, which is obtained from a Dickson generator of degree two with a linear transformation. Moreover, we remark on the linear complexity profile of the logistic generator. The sets of initial values are described by values of the Legendre symbol. The main idea is to introduce a structure of a hyperbola to the sets of initial values. Our results ensure that generating sequences of Dickson generator of degree two have long period. As a consequence, the Dickson generator of degree two has some good properties for cryptographic applications.

This paper presents a mathematical model for the oscillator-based true random number generator (TRNG) to study the influence of some key parameters to the randomness of the output sequence. The output of the model is so close to the output of the real design of the TRNG that the model can generate the random bits instead of the analog simulation for research. It will cost less time than the analog simulation and be more convenient for the researchers to change some key parameters in the design. The authors give a method to improve the existing design of the oscillator-based TRNG to deal with the possible bias of the key parameters. The design is fabricated with a 55-nm CMOS process.

IDMs are getting more effective and secure with biometric recognition and more privacy-preserving with advanced cryptosystems. In order to meet privacy and security needs of an IDM, the cryptographic background should rely on reliable random number generation. In this study, a Biometric Random Number Generator (BRNG) is proposed which plays a crucial role in a typical cryptosystem. The proposed novel approach extracts the high-frequency information in biometric signal which is associated with uncertainty existing in nature of biometrics. This bio-uncertainty, utilized as an entropy source, may be caused by sensory noise, environmental changes, position of the biometric trait, accessories worn, etc. The filtered nondeterministic information is then utilized by a postprocessing technique to obtain a random number set fulfilling the NIST 800-22 statistical randomness criteria. The proposed technique presents random number sequences without need of an additional hardware.

In this paper, we propose a true random number generator (TRNG) exploiting jitter and the chaotic behavior in cross ring oscillators (CROs). We make a further study of the feedback ring architecture and cross-connect the XOR gates and inverters to form an oscillator. The CRO utilizes totally digital logic circuits, and gains a high and robust entropy rate, as the jitter in the CRO can accumulate locally between adjacent stages. Two specific working modes of CRO in which the CRO can work in a consistent state and a free-running state respectively are introduced and analyzed both theoretically and experimentally. Finally, different stage lengths of cross ring true random number generators (CRTRNGs) are tested in different Field Programmable Gate Arrays (FPGAs) and test results are analyzed and compared. Especially, random data achieved from a design of 63-stage CRTRNG in Altera Cyclone IV passes both the NIST and Diehard test suites at a rate as high as 240Mbit/s.

This paper deals with the security of chaos-based “true” random number generators (RNG)s. An attack method is proposed to analyze the security weaknesses of chaos-based RNGs and its convergence is proved using a master slave synchronization scheme. Attack on a RNG based on a double-scroll attractor is also presented as an example. All secret parameters of the RNG are revealed where the only information available is the structure of the RNG and a scalar time series observed from the double-scroll attractor. Simulation and numerical results of the proposed attack method are given such that the RNG doesn't fulfill NIST-800-22 statistical test suite, not only the next bit but also the same output bit stream of the RNG can be reproduced.

This paper presents an oscillator-based true random number generator (TRNG) that dynamically unbiases 0/1 probability. The proposed TRNG automatically adjusts the duty cycle of a fast oscillator to 50%, and generates unbiased random numbers tolerating process variation and dynamic temperature fluctuation. A prototype chip of the proposed TRNG was fabricated with a 65nm CMOS process. Measurement results show that the developed duty cycle monitor obtained the probability of ‘1’ 4,100 times faster than the conventional output bit observation, or estimated the probability with 70 times higher accuracy. The proposed TRNG adjusted the probability of ‘1’ to within 50±0.07% in five chips in the temperature range of 0°C to 75°C. Consequently, the proposed TRNG passed the NIST and DIEHARD tests at 7.5Mbps with 6,670µm2 area.

In this paper we propose a unified coprocessor architecture that, by using a Glitch PUF and a block cipher, efficiently unifies necessary functions for secure key storage and challenge-response authentication. Based on the fact that a Glitch PUF uses a random logic for the purpose of generating glitches, the proposed architecture is designed around a block cipher circuit such that its round functions can be shared with a Glitch PUF as a random logic. As a concrete example, a circuit structure using a Glitch PUF and an AES circuit is presented, and evaluation results for its implementation on FPGA are provided. In addition, a physical random number generator using the same circuit is proposed. Evaluation results by the two major test suites for randomness, NIST SP 800-22 and Diehard, are provided, proving that the physical random number generator passes the test suites.