A Comparison of Post-Processing Techniques for Biased Random Number Generators

Kwok, Siew-Hwee; Ee, Yen-Ling; Chew, Guanhan; Zheng, Kanghong; Khoo, Khoongming; Tan, Chik-How

doi:10.1007/978-3-642-21040-2_12

Cited by 42 publications

(39 citation statements)

References 5 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Well-known post-processing techniques are the von Neumann corrector [64] and cryptographic hash functions such as SHA-1 [38] or MD5 [120]. These postprocessing steps work well, but generally result in decreased throughput (e.g., up to 80% [81]).…”

Section: True Random Number Generatorsmentioning

confidence: 99%

D-RaNGe: Using Commodity DRAM Devices to Generate True Random Numbers with Low Latency and High Throughput

Kim

Patel

Hassan

et al. 2019

2019 IEEE International Symposium on High Performance Computer Architecture (HPCA)

105

View full text Add to dashboard Cite

We propose a new DRAM-based true random number generator (TRNG) that leverages DRAM cells as an entropy source.The key idea is to intentionally violate the DRAM access timing parameters and use the resulting errors as the source of randomness. Our technique speci cally decreases the DRAM row activation latency (timing parameter t RCD ) below manufacturerrecommended speci cations, to induce read errors, or activation failures, that exhibit true random behavior. We then aggregate the resulting data from multiple cells to obtain a TRNG capable of providing a high throughput of random numbers at low latency.To demonstrate that our TRNG design is viable using commodity DRAM chips, we rigorously characterize the behavior of activation failures in 282 state-of-the-art LPDDR4 devices from three major DRAM manufacturers. We verify our observations using four additional DDR3 DRAM devices from the same manufacturers. Our results show that many cells in each device produce random data that remains robust over both time and temperature variation. We use our observations to develop D-RaNGe, a methodology for extracting true random numbers from commodity DRAM devices with high throughput and low latency by deliberately violating the read access timing parameters. We evaluate the quality of our TRNG using the commonly-used NIST statistical test suite for randomness and nd that D-RaNGe: 1) successfully passes each test, and 2) generates true random numbers with over two orders of magnitude higher throughput than the previous highest-throughput DRAM-based TRNG.

show abstract

Section: True Random Number Generatorsmentioning

confidence: 99%

D-RaNGe: Using Commodity DRAM Devices to Generate True Random Numbers with Low Latency and High Throughput

Kim

Patel

Hassan

et al. 2019

2019 IEEE International Symposium on High Performance Computer Architecture (HPCA)

105

View full text Add to dashboard Cite

show abstract

“…As an outcome of these investigations, we recommend to apply a more secure post-processing technique like BCH-codes [26] as for example applied in [6]. BCH-codes are a well-known alternative with low-area requirements and an acceptable penalty in the throughput.…”

Section: G Discussion About the Obtained Resultsmentioning

confidence: 99%

“…The code had a compression factor of 16 and could be implemented using 256 registers and a few XORs. The main advantage of using BCH-codes, acording to [26], is that this kind of post-processing is more reliable than XOR filters or Von Neumann correctors against an adversary bias.…”

Section: G Discussion About the Obtained Resultsmentioning

confidence: 99%

Fault Attacks on STRNGs: Impact of Glitches, Temperature, and Underpowering on Randomness

Martín

Korak

Millán

et al. 2015

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

True random number generators (TRNGs) are the basic building blocks of cryptographic implementations. They are used to generate random numbers required for security protocols, to generate ephemeral keys, and are often used in hiding or masking countermeasures to thwart implementation attacks. The protection of TRNGs is an important issue to guarantee the security of cryptographic systems but less attention has been made in the past to evaluate the susceptibility of these building blocks against passive and active attacks. In this paper, we present active fault attacks on a recently proposed specific TRNG architecture presented by Cherkaoui et al. at CHES 2013. We successfully injected power and clock glitches in an FPGA implementation and elaborated the design in respect of thermo and underpowering attacks. Furthermore, we propose a method on how to reduce the susceptibility of these attacks to increase the resistance against fault attacks. To the best of our knowledge, this is the first work that evaluates practical clockglitch-based fault attacks on self-timed ring-based TRNGs.

show abstract

“…There are well-known post-processing components such as von Neumann corrector [7], XOR corrector [8], NIST's conditioning component [4], and correctors using linear code and nonlinear code (code corrector). Until now most researches related to the post-processing components have been conducted on the subject of reducing the bias of output bits [6,[9][10][11][12]. The outputs of von Neumann corrector [7] are perfectly unbiased if the input bits are independent.…”

Section: Introductionmentioning

confidence: 99%

A Lightweight BCH Code Corrector of TRNG with Measurable Dependence

Park

Yeom

Kang

2019

Security and Communication Networks

View full text Add to dashboard Cite

We propose a new lightweight BCH code corrector of the random number generator such that the bitwise dependence of the output value is controllable. The proposed corrector is applicable to a lightweight environment and the degree of dependence among the output bits of the corrector is adjustable depending on the bias of the input bits. Hitherto, most correctors using a linear code are studied on the direction of reducing the bias among the output bits, where the biased input bits are independent. On the other hand, the output bits of a linear code corrector are inherently not independent even though the input bits are independent. However, there are no results dealing with the independence of the output bits. The well-known von Neumann corrector has an inefficient compression rate and the length of output bits is nondeterministic. Since the heavy cryptographic algorithms are used in the NIST’s conditioning component to reduce the bias of input bits, it is not appropriate in a lightweight environment. Thus we have concentrated on the linear code corrector and obtained the lightweight BCH code corrector with measurable dependence among the output bits as well as the bias. Moreover, we provide some simulations to examine our results.

show abstract

A Comparison of Post-Processing Techniques for Biased Random Number Generators

Cited by 42 publications

References 5 publications

D-RaNGe: Using Commodity DRAM Devices to Generate True Random Numbers with Low Latency and High Throughput

D-RaNGe: Using Commodity DRAM Devices to Generate True Random Numbers with Low Latency and High Throughput

Fault Attacks on STRNGs: Impact of Glitches, Temperature, and Underpowering on Randomness

A Lightweight BCH Code Corrector of TRNG with Measurable Dependence

Contact Info

Product

Resources

About