Enhancing Quality and Security of the PLL-TRNG

⭐ Authors

Maciej Skórski, Quentin Dallison, Nathalie Bochard, Florent Bernard, Viktor Fisher

📝 About

This repository contains supplementary material (data and code) to reproduce the evaluation of a true random number generator presented in 📖 "Enhancing Quality and Security of the PLL-TRNG" at TCHES 2023.

Figure: PLL-TRNG Architecture

🖥 Code execution

The code is available in form of Python and R notebooks under the src directory. The notebooks run interactively under the customized Docker Image of Jupyter. For convenience, the image provides the user with both software and data.

Run Online with Docker

For a single-click online access use the Binder link at the top.

Run Locally with Docker

On a machine with Docker (local computer, virtual machine on cloud) run this image

docker run -it --rm -p 8888:8888 ghcr.io/maciejskorski/enhanced-pll-trng:latest

and follow instructions to access the repository via Jupyter.

See a snapshot

The Jupyter server will be available through a web browser, under http://127.0.0.1:8888/lab?token=...

{ width=100% }

📁 Data

All necessary data can be found under the data directory. The zipped data are available to download from releases.

Read more about data structure

Data used in experiments are stored under the data directory. Sub-directories at the first level group experiments according to the environmental conditions (regular conditions, corner values and a temperature attack scenario).

• The file in data/CornerAnalysis regroups all results accross all cards, configurations and external conditions;
• The temperature attack was executed on a single Spartan device, and its results are in data/TemperatureAttack;
• Further sub-directories in data/Regular group acquired data according to the FPGA card family (CV - Cyclone®V, S6 - Spartan™6, SF - SmartFusion2®), in which we find all configurations as described in the paper (A, B, or C with one or two PLL outputs as indicated by the suffix, e.g. A_1 vs A_2). Note that two Spartan devices were tested, both placed on the cards version 11, cards #2 and #8 marked S6v11_2 and S6v11_8. For each experiment, the data file contains the bitstream available at the sampler output, i.e. the D flip-flop output marked dff_out in Figure 3. The binary files end in _dff.bin and the associated metadata files have extension .log.

├───📁 CornerAnalysis/
│   └───📄 corner_values.xlsx
├───📁 TemperatureAttack/
│   └───📄 S6_C_freezing attack_km476_kd495_dff.bin
├───📁 Regular/
│   ├───📁 CVv12_4/
│   │   ├───📁 A_1/
│   │   │   └───...
│   │   ├───📁 A_2/
│   │   │   └───...
│   │   ├───📁 B_1/
│   │   │   └───...
│   │   ├───📁 B_2/
│   │   │   └───...
│   │   ├───📁 C_1/
│   │   │   └───...
│   │   └───📁 C_2/
│   │       └───...
│   ├───📁 S6v11_2/
│   │   ├───📁 A_1/
│   │   │   └───...
│   │   ├───📁 A_2/
│   │   │   └───...
│   │   ├───📁 B_1/
│   │   │   └───...
│   │   ├───📁 B_2/
│   │   │   └───...
│   │   ├───📁 C_1/
│   │   │   └───...
│   │   └───📁 C_2/
│   │       └───...
│   ├───📁 S6v11_8/
│   │   ├───📁 A_1/
│   │   │   └───...
│   │   ├───📁 A_2/
│   │   │   └───...
│   │   ├───📁 B_1/
│   │   │   └───...
│   │   ├───📁 B_2/
│   │   │   └───...
│   │   ├───📁 C_1/
│   │   │   └───...
│   │   ├───📁 C_2/
│   │   │   └───...
│   │   └───📄 .DS_Store
│   └───📁 SF2v11_11/
│       ├───📁 A_1/
│       │   └───...
│       ├───📁 A_2/
│       │   └───...
│       ├───📁 B_1/
│       │   └───...
│       ├───📁 B_2/
│       │   └───...
│       ├───📁 C_1/
│       │   └───...
│       └───📁 C_2/
│           └───...
└───📄 data.zip

📊 Scripts Overview

The code can be found under the src directory, as Python scripts and Python or R notebooks.

⚙ Generating configurations

find_PLL-TRNG_configs.py is the Python script that generates the list of all possible configurations, along with the list of time distances between contributing bits. The main code block contains the constraints of the state-space to explore. First developed by Brice Colombier, the authors modified this script to compute the time distances between contributing bits.

🏁 Data Basics

The notebook raw_data_processing.ipynb shows how to process and visualize data samples. It reproduces Figures 10 and 11 from the paper.

💻 Theoretical Model Properties

The R notebook stochastic_model.ipynb explains in detail how to use the theoretical model. It reproduces Figures 4, 5, 6 and 7 from the paper.

🔬 Statistical Analysis under Regular Conditions

The notebook model_analysis.ipynb runs the statistical analysis of the acquired data to validate empirically all of the model assumptions. It reproduces Table 4, Figure 12 and Figure 13 from the paper.

🌡️🔌 Analysis under Corner Values

The notebook corner_values.ipynb analyzes the data aquired under corner values of temperature and voltage.

❄️ Temperature Attack

A temperature attack was executed during acquisition and the results are shown in the animation below. As the TRNG was online, we blew cold air (around -40°C) directly on the chip to influence the jitter and the performance of the TRNG. Plotted are consecutive values of the empirical variance of the counter estimated on 4096 counter values (left) and the reconstructed period of the sampled PLL (right). During the first 80 to 90 estimations of the counter variance, we see that it remains constant to 0.92-0.98. However, with a sudden drop in temperature, the samples seem to shift along the reconstructed period. We also observe a sharp increase in the estimated variance on the left panel to about 1.15. In addition to the lower bound for counter variance that we defined in the paper, the experiment suggests that an embedded test dedicated to detecting a sudden change in counter variance could address third-party attacks. For more details, see the notebook temperature_attack.ipynb.

Links

• For random number generator standards, see AIS-31 (New Draft)
• For more about stochastic models for PLL-based designs, see "Modern Random Number Generator Design - Case Study on a Secured PLL-based TRNG"

Award

This work received the "Best Artefact Award" at TCHES'23.