On the Security of Oscillator-Based Random Number Generators

Physical random number generators (a.k.a. TRNGs) appear to be critical components of many cryptographic systems. Yet, such building blocks are still too seldom provided with a formal assessment of security, in comparison to what is achieved for conventional cryptography. In this work, we present a c...

Full description

Saved in:
Bibliographic Details
Published inJournal of cryptology Vol. 24; no. 2; pp. 398 - 425
Main Authors Baudet, Mathieu, Lubicz, David, Micolod, Julien, Tassiaux, André
Format Journal Article
LanguageEnglish
Published New York Springer-Verlag 01.04.2011
Springer Nature B.V
Springer Verlag
Subjects
Coding and Information Theory
Combinatorics
Communications Engineering
Computational Mathematics and Numerical Analysis
Computer Science
Critical components
Cryptography
Cryptography and Security
Evaluation
Generators
Networks
Order parameters
Physical properties
Probability Theory and Stochastic Processes
Random numbers
Security
Statistical tests
Ring oscillators
Jitter model
Entropy
Statistical tests
Hardware random number generators
Online AccessGet full text
ISSN0933-2790
1432-1378
1432-1378
DOI10.1007/s00145-010-9089-3

Cover

More Information
Summary:Physical random number generators (a.k.a. TRNGs) appear to be critical components of many cryptographic systems. Yet, such building blocks are still too seldom provided with a formal assessment of security, in comparison to what is achieved for conventional cryptography. In this work, we present a comprehensive statistical study of TRNGs based on the sampling of an oscillator subject to phase noise (a.k.a. phase jitters). This classical layout, typically instantiated with a ring oscillator, provides a simple and attractive way to implement a TRNG on a chip. Our mathematical study allows one to evaluate and control the main security parameters of such a random source, including its entropy rate and the biases of certain bit patterns, provided that a small number of physical parameters of the oscillator are known. In order to evaluate these parameters in a secure way, we also provide an experimental method for filtering out the global perturbations affecting a chip and possibly visible to an attacker. Finally, from our mathematical model, we deduce specific statistical tests applicable to the bitstream of a TRNG. In particular, in the case of an insecure configuration, we show how to recover the parameters of the underlying oscillator.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0933-2790
1432-1378
1432-1378
DOI:10.1007/s00145-010-9089-3