Journal of Hardware and Systems Security (2018) 2:225–239

https://doi.org/10.1007/s41635-018-0042-5

A Hardware Trojan Attack on FPGA-Based Cryptographic Key

Generation: Impact and Detection
Vidya Govindan1 · Rajat Subhra Chakraborty1 · Pranesh Santikellur1 · Aditya Kumar Chaudhary2

Received: 1 February 2018 / Accepted: 5 June 2018 / Published online: 20 June 2018
© Springer International Publishing AG, part of Springer Nature 2018

Abstract
True Random Number Generator (TRNG) circuits are important components of cryptographic systems. Lack of statistical
randomness in the generated bitstreams from a TRNG can result in compromised keys, leading to serious security breaches.
In this paper, we describe a Hardware Trojan Horse (HTH)-based attack on the TRNG of an FPGA-based cryptosystem,
that results in reduced entropy and increased predictability of the generated keys. The proposed HTH does not cause any
functional failure in the cryptosystem, and its impact is undetectable by analysis of the compromised bitstream using standard
statistical randomness testing software suites (NIST, two enhanced versions of NIST Dieharder, and LIL-tests), and by a
circuit-level HTH detection technique using Transition Effect Ring Oscillator (TERO). Finally, we show that the impact of
the HTH can be detected by applying Wavelet Transform on the compromised bitstream.

Keywords Field Programmable Gate Arrays (FPGA) · Hardware Trojan Horse (HTH) · Randomness tests · True Random
Number Generator (TRNG) · Wavelet transforms

1 Introduction implementation against side-channel attacks, and many

Random Number Generators (RNGs) constitute an integral
part of any modern cryptographic system. In all modern
cryptographic algorithms and secure communication pro-
tocols, random numbers play an important part. Random
numbers are used as cryptographic keys in both sym-
metric and asymmetric encryption, initialization vectors
for stream ciphers, padding values in asymmetric encryp-
tion, challenges in zero-knowledge proofs, countermeasure
 Vidya Govindan
vidya.govindan@iitkgp.ac.in
Rajat Subhra Chakraborty
rschakraborty@cse.iitkgp.ac.in
Pranesh Santikellur
pra.net061@gmail.com
Aditya Kumar Chaudhary
adiscb@gmail.com
1
Secured Embedded Architecture Laboratory (SEAL),
Department of Computer Science and Engineering,
Indian Institute of Technology Kharagpur, Kharagpur,
West Bengal, 721302 India
2 Centre for Artificial Intelligence and Robotics, DRDO
Complex, C. V. Raman Nagar, Bangalore, 560093 India
more [1]. The overall security of a cryptographic system is
critically dependent on the statistical quality of the gener-
ated random numbers—if the random numbers have higher
predictability, i.e., lower entropy, several powerful attacks
exist to break the security of the cryptosystem. For any
cryptosystem, it is important that the cryptographic keys
are generated inside the system, and never leave the system
in plaintext over an unencrypted communication channel.
Hence, if the cryptosystem is implemented on a single chip,
the TRNG being used as the key generator is usually also
implemented on-chip [1].
Random numbers are commonly generated via two
different schemes: Pseudo Random Number Generators
(PRNGs) and True Random Number Generators (TRNGs).
PRNGs use mathematical algorithms for random num-
ber generation and are deterministic in nature, and some-
times called Deterministic Random Number Generators
(DRNGs). Although PRNGs show good statistical proper-
ties and are usually simple to implement on logic devices,
their output sequence can be predicted exactly either by
knowledge of the algorithm behind their working or by noting
down a sequence of past outputs [2]. TRNGs on the other
hand derive their randomness from uncontrolled physi-
cal phenomena such as thermal noise, atmospheric noise,
226
flicker noise, shot noise, radioactive disturbances, clock jit-
ter, and phase noise. In addition to the noise source, a
TRNG needs a noise extraction mechanism, noise digitiza-
tion mechanism, and an optional, but highly recommended
post-processing mechanism to improve the statistical qual-
ity of the generated bitstream. This post-processing mech-
anism usually employs mechanisms easily implementable
in hardware or software, ranging from simple arithmetic
schemes such as a von Neumann Corrector [3] to eliminate
long strings of consecutive zeros and ones, to full-fledged
encryption circuits. All of these three components have a
major impact on the statistical quality of the random num-
bers produced. Most modern TRNG circuits exhibit more
or less the same high-level architecture as shown in Fig. 1,
which is recommended by the AIS-31 standard [4].
According to security evaluation process and require-
ments for cryptographic module guidelines, the quality of
the generated random bit stream must be validated by some
standard statistical tests suites, as necessitated by several
security standards, e.g., FIPS 140-2 [6] or AIS 31 [4].
Two of the most widely used industry-standard test suites
for randomness evaluation are NIST SP 800-22 [7] and
Dieharder [8]. These test suites employ series of tests based
on a hypothesis that the tested data stream is random. The
NIST test suite comprises of 15 tests each of which is
used to test different properties of the input data stream. In
each of these tests, the processed input sequence is passed
through a function to generate a “P value” which is com-
pared with a predefined significance level (α) to analyze the
randomness. The data to be tested passes the test under con-
sideration when the obtained P value is greater than or equal
to α. The Dieharder test suite comprises of 26 tests which is
an improvement over the Diehard battery tests published by
George Marsaglia on a CD-ROM of random numbers [9].
In [10], the author has proposed the Law of Iterated
Logarithm (LIL)-based testing method for evaluating
random number generators to reduce the type-II errors in
NIST SP800-22 test suite. According to the paper, for a
generator G to be considered “good” for a sufficiently large
sequence, three metrics, viz., the total variation distance
(d), Hellinger distance (H ), and the root-mean-square
Fig. 1 Generic architecture of a
True Random Number
Generator (TRNG) circuit used
as a cryptographic primitive [5],
as endorsed by the AIS 31
standard
J Hardw Syst Secur (2018) 2:225–239
deviation (RMSD) should be nearly negligible in value.
The testing methodology declares a randomness source to
have passed the test if the obtained values of these metrics
calculated on the dataset are smaller than the theoretical
expected values.The author claims that this test is difficult to
pass in general, and give examples of bitstreams generated
from several standard pseudorandom number generators
failing this test.
Hardware Trojan Horses (HTHs) have become one of
the prime focuses of research in the Hardware Security
community in the last decade [11–15]. HTHs are well-
hidden, malicious modifications to circuits which are
difficult to detect by traditional integrated circuit (IC)
testing methods. Often, they are designed to get activated
only under very rare logic conditions, and once activated, it
can either cause malfunction of the circuitry, or leakage of
secret information. Presence of a HTH might be confused
with faults which occur due to manufacturing defects. As
described in [16], a HTH consists of two main components:
trigger and payload. A trigger is the activation mechanism
for a HTH, and usually consists of signals or events that
are continuously monitored for specific logic conditions.
The payload comprises of malicious circuit to modify the
intended circuit behavior or to leak information. Once a
valid trigger condition is satisfied, the HTH payload is
activated, which in turn alters the circuit behavior. The
impact of undetected HTHs can be disastrous at a personal
or a national scale, resulting in loss of human life and/or
billions of dollars worth of revenue, company goodwill, or
national infrastructure. Typically, the impact of HTH on
cryptographic systems is in the form of attacks that help to
reveal the secret key [17].
1.1 Our Contributions
In this paper, we have demonstrated a HTH attack on an
FPGA-based cryptographic system. In particular, the HTH
reduces the entropy of the bitstream generated from the on-
chip TRNG, resulting in a successful collision attack [18] on
the generated cryptographic keys, whereby the probability
of key usage that has been used previously increases. We
J Hardw Syst Secur (2018) 2:225–239
have demonstrated that two industry-standard and widely
used randomness evaluation frameworks, namely NIST
(original and two recently proposed enhanced versions)
and Dieharder, and in addition the “difficult-to-pass” LIL-
tests, are unable to detect the decrease in entropy of
the compromised raw bitstream, which in turn implies
that the inserted HTH remains undetected. We also
demonstrate that a recently proposed FPGA-based circuit-
level HTH detection technique [19] is incapable of detecting
the proposed HTH. We have earlier proposed [20] an
HTH attack on FPGA-based TRNG that adversely affects
the entropy of the output of a TRNG, thus results in
cryptographic keys which are predictable. However, in [20],
we did not consider the presence of the post-processing
circuitry in the TRNG. Thus, the impact of the attack was
not evaluated after the raw bitstream had been processed by
the post-processing module. In contrast, in this paper, we
have considered the impact on the security of the crypto-
system after the compromised bitstream is processed by a
cryptographic post-processing module.
The proposed HTH-based attack also evades a recently
published TRNG architecture that proposes a TRNG with
self-repair capability to increase the dependability of the
complete system. Our proposed HTH eludes this protection
technique because the work in [21] employs only a subset
of the tests usually employed to test entropy of TRNGs, in
particular only a subset of the tests mentioned in [22]. Also,
their statistical testing using 213 bits for entropy tests and
20,000 bits for FIPS tests [6] is not sufficient to detect the
proposed HTH, since the HTH activation period is 218 bits,
i.e., over 200,000 bits.
Finally, we have implemented a methodology of ran-
domness evaluation to detect the proposed HTH or sim-
ilar threats using Continuous-time Wavelet Transform
(CWT) [23]. In our scheme, the raw bitstream generated
from the digital noise source is periodically sampled and
analyzed using dedicated software being executed on a com-
puter connected with the FPGA board. If the tests fail, the
software raises an alarm signal that is fed back to the cryp-
tographic hardware, where remedial options can be taken,
including temporary suspension of operations and/or inval-
idation of the keys generated from the TRNG waiting to be
used, and results of the last few cryptographic operations.
The architecture of the cryptosystem considered by us is
described in detail in Section 3. Our work thus points to the
insufficiency of the current widely used randomness eval-
uation frameworks, and the need to supplement them with
additional test methodologies.
1.2 Organization of the Paper
The rest of the paper is organized as follows. In Section 2,
we provide a brief introduction to TRNGs and statistical
227
testing, circuit-level FPGA-based HTH detection technique
and CWT. In Section 3, we describe the overall system
architecture, including details of the TRNG circuit, and
the randomness evaluation methodology. In Section 3.3,
we describe the mode of operation of the inserted HTH,
and theoretical analysis of its impact on the security of the
system. In Section 4, we describe implementation results
for the system and the HTH, impact of the HTH on the
randomness of the bitstream, and detection attempts of the
HTH-infected bitstream. We conclude in Section 5 with
future directions of research.
2 Background
2.1 True Random Number Generators and Statistical
Randomness Estimation
Considerably large amount of work has been done on
RNGs both commercially and in academics. As mentioned
in [24], the hardware RNGs (or TRNGs) can be decomposed
into four categories: (a) circuits integrated on processors
and systems-on-chip (SoCs); (b) commercial RNG used
as “add-on” peripheral devices; (c) True Random Number
Generators (TRNGs) design for FPGAs; and (d) discrete
device-based TRNGs. Various FPGA-based TRNGs have
been widely studied in the recent past [25–28]. A survey on
TRNG hardware IP cores suitable for FPGAs was published
in [29]. Many innovative ways to improve the existing
TRNGs have also been introduced, e.g. ,dependable TRNG
with self-repair capabilities [21] and side-channel attack
-resistant TRNG [30].
In general, evaluation of a generated bitstream from a
TRNG for good statistical properties, unpredictability, and
reliability is very difficult. Nevertheless, there are many
widely used techniques to evaluate the randomness of a
TRNG output. One of the most common is the NIST
statistical testing suite [7]. As discussed in [31], the current
version of NIST SP 800-22 test suite contains 15 tests
which are divided into two categories, namely the binomial-
based tests and the chi-square-based tests. All these tests
individually follow a two-level testing strategy. The testing
process involves breaking the bitstream to be tested into
N blocks, each of which contains n bits. The hypothesis
testing is carried out for each data block in all the tests
according to a predefined test metric and one “P value” is
obtained for each block. According to the obtained P values
and a significance level α, the first-level test computes a
passing ratio which should lie in the confidence interval for
it to pass. Further, once the first-level tests pass, K equal
sub-intervals in the range [0, 1] are selected and number
of P values falling under each of these sub-intervals are
counted, following which a chi-square goodness-of-fit test
228
is performed on these K numbers, producing another P
value PT and another significance level αT . The second-
level tests pass if the obtained PT ≥ αT . In the NIST
test suite, the recommended values of the above discussed
parameters are as follows: N = 1000, n = 106 , K = 10,
and αT = 0.001. Recently, it has been argued in [31] that
the second-level tests for binomial testing is incomplete,
and instead, binomial-based tests should be based on a
slightly modified metric termed the “Q-values”. Another
second-level NIST test proposed is [32].
In [33], authors have devised a method for applying the
theory of Kolmogorov complexity to randomness testing
of sequences based on the Martin-Lof Test which defines
a threshold value. This threshold is compared with the
obtained wavelet transform coefficients after application of
Discrete Wavelet Transform (DWT) on the sequence to be
tested. Then, based on the comparison results, randomness
of the sequence is determined. However, there are major
differences with the treatment of the above paper with
randomness analysis of TRNG output bitstreams. Firstly,
the approach proposed in [33] is primarily based on analysis
of the compressibility of a bit sequence, and secondly, the
authors have not presented any result after executing the
proposed test on any well-known pseudo or true random
generator output. A minor difference is that the authors
have used DWT, while we have used CWT. Hence, we
think application of this test on actual RNGs would require
some more investigation which can be a part of our future
work. There have also been other papers such as [34] which
discuss the various misinterpretations and guidelines related
to statistical tests, confidence levels, and limitations of such
tests.
Hardware/software co-design for on-the-fly evaluation
of FPGA-based TRNG was proposed in [22], where nine
tests from the NIST test suite [7] were performed in
hardware. Note that studies by researchers have revealed
that the presence of embedded (on-chip) tests to evaluate
the statistical qualities of TRNGs affect the TRNG circuit
itself [5]! Hence, design and implementation of on-chip
randomness evaluation circuitry that does not adversely
affect the TRNG itself is challenging. Nevertheless, the
quest for an efficient, high-entropy, and less susceptible
TRNG is still ongoing.
Fig. 2 TERO circuit modified from the design proposed in [19]
J Hardw Syst Secur (2018) 2:225–239
2.2 Circuit-Level Technique for HTH Detection
on FPGA
The Transition Effect Ring Oscillator (TERO) circuit was
originally introduced as a new high-entropy element for
FPGA-based TRNGs [35]. A detailed stochastic model
for entropy estimation of a TERO-based TRNG from
the physical model including the electrical noises was
presented in [36]. In our work, we have adopted the TERO
implementation proposed in [19], with slight modifications,
as shown in Fig. 2. In our implementation, we have 14
inverters and 1 NAND gate in each TERO branch, followed
by a D flip-flop. It was noted in [19] that in the presence of
one or more HTH circuits in the vicinity of the TERO, the
counter values after counting for a fixed amount time differ
from that obtained from TERO designs embedded in HTH-
free circuits. This is the basis of the application of TERO for
HTH detection.
2.3 Continuous-Time Wavelet Transform
Unlike frequency domain analysis techniques such as
Fourier Transforms, wavelet transforms have a unique
ability to localize events in both time and frequency. For
a square-integrable function (or sequence) f (t), the CWT
with respect to a mother wavelet function ψ(t) is defined as:
 ∞  
1 t −b
W (a, b) = f (t) √ ψ ∗ dt (1)
−∞ |a| a
where a, b are real parameters, and ∗ denotes complex
conjugate. The parameter a is called the scaling or
dilation parameter, while b denotes the translation of
the wavelet with respect to time. In joint time-frequency
analysis, the parameter b corresponds to time, while a1 is
related to the frequency selectivity of the mother wavelet
ψ(t). Plots of |W (a, b)|2 jointly with the variation in
the a and b parameter values are termed scalograms.
The locations of peaks in scalograms throw light on
the positions and duration of events in the original
signal [23]. Wavelet transforms have been widely employed
in engineering, for diverse application domains such as data
compression [23] and defect detection and localization in
integrated circuits [38]. A common (and one of the simplest)
J Hardw Syst Secur (2018) 2:225–239
Fig. 3 Haar mother wavelet function ψ(t) [37]
wavelet functions is the Haar Wavelet. The Haar sequence
was proposed in 1909 by Alfréd Haar. The Haar scaling
function is defined as
 of this work, and a high-performance (or even real-time)
1 if 0 ≤ t < 1
φ(t) = (2)
0 otherwise
and the Haar mother wavelet function is defined as
⎧ signal is fed back to the FPGA through UART. In the event
⎨ 1 if 0 ≤ t < 2
1
ψ(t) = −1 if 2 ≤ t < 1
1 (3)
⎩ module are invalidated.
0 otherwise
Historically, the Haar function was the original wavelet.
This wavelet is not continuous as shown in Fig. 3 and is a
special case of the Daubechies wavelet [23]. It is orthogonal
to its own translations and dilations and preserves energy
during analysis. Wavelet transforms in general are efficient
in detecting and localizing discontinuities in a signal which
generally is observed by the means of concentration of
the wavelet coefficients at the discontinuities. The HTH
proposed by us can be imagined as a discontinuity in a signal
which is constructed out of the collected TRNG output
bitstream. As we demonstrate later in Section 4, CWT
indeed has an ability to detect the type of HTH considered
by us.
3 System Architecture and HTH Design
3.1 Overall Architecture
The complete system architecture is depicted in Fig. 4.
We have used a Xilinx Zedboard for implementation
which features a Xilinx Zynq XC7Z020-1CLG484 All
Programmable SoC (AP SoC) [39]. The Zynq SoC
integrates dual or single-core ARM Cortex-A9 MPCore -
based processing system (PS), and Xilinx programmable
229
logic (PL) in a single device. The PL part of the device
consists of a Ring Oscillator (RO)-based TRNG core which
generates a random bitstream at the rate of 100 Mbits per
second. This raw bitstream is sent to the PC through the
UART core for statistical randomness testing. We have used
the board’s USB-UART interface to connect to the PC
which is connected to the PS part of the device. The UART
(RX and TX) pins of the PS is used in a simple GPIO mode
to allow the UART to be connected (passed through) to the
PL. The processor samples the RX signal and sends it to
the EMIO channel-0 which is connected to the RX input of
the UART RX/TX module. Similarly, our design samples
the TX output of the UART RX/TX module through another
EMIO channel-1, and sends it on the PS UART TX pin. The
bits received through UART is logged in the PC through the
RS232 port, using a data logger software. Test suites are run
on the data collected in the PC in this way. This randomness
testing is currently done by dedicated software on the PC
and is not real-time. It is to be noted that high-performance
implementation of randomness testing is not a contribution
implementation of randomness testing will be unable to
detect the proposed HTH, as should be clear from later parts
of the section. Based on the results of these tests, an alarm
of a test failure, the keys stored in the Key Management
The TRNG output is also fed to the TRIVIUM cipher
post-processing block (details in Section 3.2), after which
the data is parallelized in blocks to generate 128-bit keys in
the Key Management module. From the Key Management
module, the AES core receives the key when required for
encryption and decryption. The AES core contains the logic
for both encryption and decryption. In order to monitor the
die temperature and the on-chip voltage levels, XADC IP
is instantiated which raises an alarm whenever these levels
are outside the predefined threshold values. The XADC is
the basic building block that enables analog mixed signal
(AMS) functionality in Xilinx-7 series FPGAs [40]. The
ADC conversion data is stored in dedicated registers called
status registers. We utilize the temperature status register
values for activating our HTH. These registers are accessible
through a 16-bit synchronous read-and-write port called
the Dynamic Reconfiguration Port (DRP). In addition, the
XADC optionally can also be made to read input value from
a threshold register, and the user can initialize value in this
threshold register using DRP.
The TERO core is also implemented in the PL part of
the device to study the effect of HTH on the TERO output.
We placed five TERO circuits across the FPGA fabric (four
in four quadrants and one at the center), and observed the
effect of the proposed HTH by connecting the TERO output
to a 16-bit counter implemented using a DSP48 hard macro
230
Fig. 4 System architecture
slice available on the Zynq SoC of the Xilinx Zedboard.
The counter values were obtained using Xilinx Vivado’s
Integrated Logic Analyser (ILA) IP, which was triggerd
after every 217 clock cycles of the 100 MHz system clock.
We later show that this technique is unable to detect the
proposed HTH.
3.2 Design and Implementation of FPGA -Based
TRNG
We adopted the TRNG circuit described in [26] with slight
enhancement, a schematic for which is shown in Fig. 5.
It consists of a chain of 117 Ring Oscillators (ROs), each
RO consisting of four inverters connected in a ring and one
NAND gate for enabling the circuit. The output of each
ring oscillator is sampled by a clock signal of frequency
100 MHz, using an edge-triggered D flip-flop. The outputs
of these D flip-flops are XOR-ed, and this XOR-ed output
is further sampled using the same 100 MHz clock signal.
The operation of this circuit is based on clock jitter, which
can be defined as the unpredictable short-term deviation
of the oscillatory signals generated from the ROs, from
their theoretical positions [5]. The combination of the
jitter contributed by the ROs with respect to the sampling
J Hardw Syst Secur (2018) 2:225–239
clock results in randomness of the bitstream generated.
Note that the oscillation frequencies of each individual
RO is also slightly different from the theoretical value of
f = 2nτ 1
, where n is the number of stages, and τ is
the average propagation delay of each inverter of the RO.
Because of process variation effects, in general, no two ring
oscillators have identical oscillation frequencies. Also, there
is a possibility of the oscillators getting “locked” in phase,
and active “frequency injection attack” through the power
source [41]. Since we have carefully chosen the number
of RO chains in the design according to suggestions in
[25], and we are using an industry-verified FPGA board,
the possibility of ROs locking and power supply attack is
extremely low.
Finally, the generated bitstream is post-processed using
a hardware implementation of the TRIVIUM synchronous
stream cipher [42]. TRIVIUM was chosen because of
its relative lightweight, simplicity of implementation, and
resistance to cryptanalysis attacks. TRIVIUM uses an 80-
bit secret key and an Initialization Vector (IV) to define
the initial state of the cipher. With the secret key and the
IV, the TRIVIUM cipher performs 1152 clock cycles of
“mixing” to impose randomness on the output, and then
starts generating the cipher text at the rate of 1 bit per clock
J Hardw Syst Secur (2018) 2:225–239 231

Fig. 5 The TRNG circuit used in our implementation for session key generation. The design is adapted from [26], with addition of the
cryptographic post-processing circuit

cycle. Our cipher hardware design is flexible and can be
configured to give 1/8/64 bit output rate per clock cycle. The
cipher was reseeded and re-keyed every time a valid output
is generated in order to ensure that the cipher produces an
uncorrelated and almost random output. These output bits
were input to a serial-to-parallel converter which created
session keys of the required length from the TRIVIUM
output bitstream. The TRIVIUM cipher and the serial-to-
parallel converter both use the same 100 MHz system clock.
The keys are stored in a BRAM module inside the FPGA,

Fig. 6 The structure of the implanted HTH (in red), and its impact (when activated) on the infected bitstream
232
with one valid/invalid bit per key to show whether the key is
valid or not. The hardware overhead for the complete TRNG
has been reported in Section 4.
3.3 Inserted HTH: Mode of Operation and Impact
Figure 6 shows the structure of the implanted HTH, and its
impact on the infected bitstream when the HTH is activated.
The HTH is triggered following the Reconfigurable Lookup
Table (RLUT) model described in [43], whereby the TRNG
module, procured as a 3rd party hardware intellectual
property (3PIP) module, contains the HTH. The HTH
is triggered using a signal which is generated by the
temperature sensing circuit on board. In our case, we utilize
the value written into the temperature status register by
the XADC module, whenever the die temperature rises
above a specified threshold, in our case that is 42 ◦ C. This
temperature threshold to trigger the HTH was set by writing
12 hA01 (= 42) in the XADC control register. In our
design, we have used the 9-th bit of the temperature status
register as a trigger signal for our HTH. Our trigger logic
thus incurs no hardware overhead.
Once activated, the HTH affects the raw bitstream
generated by the TRNG by injecting a 96-bit length
fixed pattern as shown in Fig. 6 at the beginning of 100
consecutive 218 = 262144 bit-sized bitstream chunks. After
this, the HTH goes back to its inactive state, until again
woken up by the temperature rise of the on-chip sensor.
The HTH payload design consists of a simple state machine
and a CFGLUT module used as a RLUT [43], which can
be reconfigured on the fly to change the HTH infection bit
pattern. Also, note that currently the RLUT functionality is
implemented in a stand-alone fashion—its integration into
one of the LUTs used in the TRIVIUM cipher design will
further reduce the HTH hardware footprint.
3.4 Impact of the Inserted HTH: Collision in Key
Values
Consider a “random mapping” f : A → B . Let the
number of elements in the set B be M, i.e., |B | = M.
Let S ⊆ A be a set composed of a random selection of
elements of A. Then, the famous Birthday Paradox implies
that Prob.[f (x) = f (y)] √≈ 0.5 for two arbitrary elements
x, y ∈ S if |S | ≈ 1.17 M [18]. This result is termed a
“paradox” (i.e., counter-intuitive) because the cardinality
√ of
the random subset chosen from the domain can be O( M)
(instead of O(M)), and still a “collision” in values under
the mapping for two arbitrary elements of the subset can be
expected with a probability about 0.5. The HTH described
above decreases the entropy of the bitstream input to
TRIVIUM, which in turn increases the collision probability
in the generated session key values output by the TRIVIUM
J Hardw Syst Secur (2018) 2:225–239
stream cipher. In absence of the HTH, the cardinality of
the set of session keys to be randomly chosen to ensure
at least two identical session keys follows the Birthday
Paradox quite consistently for different session key lengths,
assuming the Boolean mapping induced by TRIVIUM to
be a random mapping. However, in the presence of the
active
√ HTH, for a set of session keys of approximate size
1.17 M, the keys collide with 100% probability. Repetition
of session keys is a serious security threat in practical
cryptosystems, including facilitating replay attacks [44]. We
present details of the key collision results in Section 4. As
mentioned at the beginning of this section, it should be
clear now that the mode-of-operation of the proposed HTH
ensures that it would be able to evade detection, even if
we had a high-performance (even real-time) randomness
evaluation as part of our system.
4 Experimental Results
We now present the hardware resource utilization figures
for the complete system, along with overhead caused by
the inserted HTH. We have also provided our observations
on the TERO-based HTH detection technique, and the
standard statistical testing suite results in the presence and
absence of the inserted HTH. Finally, a signal analysis-
based technique based on CWT is provided as a means
to detect the proposed HTH. All circuit designs were
performed using the Xilinx Vivado (v. 2016.3) design suite.
All logic synthesis, technology mapping, and placement and
routing were performed using the default settings in Vivado.
CWT analysis was carried out using the in-built routines
included in the Wavelet Transform Toolbox for Matlab (v.
R2015a). All experiments were performed on a 64-bit Linux
work station with 3.30 GHz Processor and 8 GB of RAM.
4.1 Hardware Resource Utilization and Power
Dissipation
Table 1 shows the resources utilized by the whole design
with and without HTH. It was observed that the HTH incurs
0.94, 11.70, and 20.00% overhead for the number of LUTs,
flip-flops (FFs), and LUTRAM elements respectively. The
relatively large LUTRAM overhead, calculated with the
HTH-free design as baseline (which uses 5 LUTRAMs),
can be attributed to the use of one additional CFGLUT
to introduce the periodic HTH pattern as discussed in
Section 3.3 (resulting in 6 LUTRAMs in the HTH-infected
design). The increase in LUTRAM count can be completely
nullified by replacing one of the static LUTRAMs used in
the TRIVIUM cipher by a configurable CFGLUT, and then
having additional control logic to reuse it during runtime to
introduce the HTH.
J Hardw Syst Secur (2018) 2:225–239 233

Table 1 Hardware resource utilization Table 3 Session key collision results (50 runs for each key size)

Resource Without With HTH HTH insertion Key size Session Runs with Runs with
element HTH overhead (%) (k) key count collision collision
√
(bits) M = 2k , S = 1.17 2k  (HTH inactive) (HTH active)
LUT 4741 4786 0.94
LUTRAM 5 6 20.00 4 5 25 50
FF 2307 2577 11.70 8 19 24 50
BRAM 4.5 4.5 0 16 300 24 50
DSP 1 1 0 32 76678 27 50
BUFG 4 4 0 64 5.025 × 109 26 50
MMCM 1 1 0

small observed deviation and the inherent unreliability of

The total on-chip power of the design as reported the TERO circuit itself, we conclude that the TERO-based
by Vivado’s integrated power analysis tool is shown in technique is ineffective in detecting the proposed HTH.
Table 2. It is clear that the power dissipation overhead
due to HTH insertion is almost negligible. This makes it 4.4 Statistical Testing Results
almost infeasible to apply techniques that depend on power
dissipation measurements to infer the presence of HTH, in The statistical tests for randomness evaluation were
case of the proposed HTH. performed on 1 billion bits generated from each of the HTH-
free and HTH-infected TRNGs (before post-processing).
4.2 Session Key Collision Results We have presented in this section the statistical analysis
results for NIST and Dieharder test suites. Finally, we have
We considered different session key lengths, for both applied CWT-based analysis on the HTH-free and HTH-
Trojan-infected and -uninfected keys. Table 3 shows the infected bitstreams. The time required to carry out the
number of session keys chosen as suggested by the Birthday NIST and Dieharder tests was about 16 h on the previously
Paradox, and the observed number of runs in which mentioned workstation for a data size of 10 billion bits. For
collisions occurred. Fifty runs were carried out for each the CWT analysis to evaluate one block of length 3000, it
session key size, from 4-bit keys to 64-bit keys. The results took approximately 10 min to generate the plots with the
clearly demonstrate the impact of the activated HTH, and its coefficients.
serious security implications. Three different versions of testing using the NIST test
suite were carried out, all for the level of significance
4.3 TERO-Based HTH Detection set at α = 0.01. Table 4 shows the NIST test [7]
results, wherein the minimum pass rate for each statistical
As mentioned in Section 3.1 we placed five instances of test with the exception of the random excursion (variant)
TERO circuit in different quadrants of the FPGA fabric test is approximately 980 for a sample size of 1000
and observed the change in output counter values. An binary sequences, each consisting of 1 million bits. The
average difference of less than 0.1% was noticed over minimum pass rate for the Random Excursion (variant)
100 measurements in counter output values for the TERO test is approximately 614 for a sample size of 628 binary
placed nearest to the inserted HTH location, compared to the sequences. This is because for the random excursion tests
corresponding TERO in the FPGA without HTH. The other P values are calculated only if the input binary sequence
TERO values showed no deviation. However, we observed meets a particular criterion as mentioned in [7]. Therefore,
that the TERO count values for even the circuit without for these tests, the total binary sequences considered are less
the HTH were not constant over time. Hence, given the than 1000, unlike other tests. Table 4 also lists the P value
for the different second-level NIST tests as proposed in [32],
Table 2 Power consumption which when ≥ 0.01 implies the particular test passed [7].
Table 5 provides the test results for the Q value-based
Power Without HTH With HTH HTH insertion
binomial tests of the NIST test suite, as proposed in [31].
(watt) (watt) overhead (%) Similar results were obtained for the Dieharder tests (see
Dynamic 1.760 1.762 0.11 Table 6), where all tests passed for both the HTH-infected
Device static 0.160 0.160 0.00 as well as HTH-free bit patterns, except the Marsaglia
Total 1.920 1.922 0.10
and Tsang GCD Test, which failed for both the HTH-free
and HTH-infected circuit. However, this test passed with
234 J Hardw Syst Secur (2018) 2:225–239

Table 4 First- and second-level

NIST test suite resultsa Statistical test Bitstream (HTH inactive) Bitstream (HTH Infected)

1st level 2nd level 1st level 2nd level

Pass rate P value Pass rate P value

Frequency 993/1000 0.867692 994/1000 0.277082

Block frequency 990/1000 0.811080 982/1000 0.334538
Cumulative sums 992/1000 0.940080 995/1000 0.689019
Cumulative sums 994/1000 0.755819 992/1000 0.201189
Runs 991/1000 0.614226 992/1000 0.101917
Longest run 991/1000 0.118120 983/1000 0.975644
Rank 987/1000 0.104371 988/1000 0.200115
FFT 988/1000 0.064418 980/1000 0.025023
Non-overlapping template 983/1000 0.028817 984/1000 0.022149
Overlapping template 984/1000 0.812905 986/1000 0.693142
Universal 986/1000 0.262249 990/1000 0.805569
Approximate entropy 986/1000 0.522100 992/1000 0.102526
Random excursions 619/628 0.167034 594/605 0.062493
Random excursions variant 617/628 0.007820 594/605 0.082597
Serial 985/1000 0.167184 988/1000 0.595549

a For tests with more than one subtest, pass proportion shown are the smaller values

larger bitstream data files (e.g., 10 billion bits). Thus, we are depicted in the Table 7. From the table, it is clear that
conclude that both the NIST and Dieharder test suites prove since the observed values are less than the expected values
ineffective in detecting the inserted HTH. We also applied for both the HTH-free and HTH-infected bitstreams, the
the statistical tests proposed in [45] after implementing them LIL tests passed for both, and thus were unable to detect the
in software (unlike the hardware implementation of [45]), presence of the proposed HTH.
and found that all the tests comfortably passed for both Additionally, we repeated all the tests, with active and
the HTH-free and HTH-infected bitstreams of 1 billion bits inactive HTH on a data set of size of 10 billion bits, wherein
each. This again demonstrates the evasive nature of the we have obtained same results. We have also tested data
proposed HTH. files of size 10 billion and 1 billion from the TRIVIUM
We carried out the LIL tests proposed in [10] for a cipher output (after post-processing), which passed all the
sample size of 10 billion bits each generated by the HTH- tests successfully (which is expected as post-processing is
free and HTH-infected TRNGs, using the software kindly supposed to increase entropy).
shared with us by the author. The obtained and theoretically Finally, we consider the result of applying CWT on the
expected statistical distance metrics as reported by the tests golden and infected TRNG bitstreams. Figure 7 shows the
difference in the CWT coefficients calculated for: (a) a
reference “Golden” bitstream (which had passed NIST and
Table 5 Q value-based NIST statistical test results‡ Dieharder tests and for which the HTH was inactive), and
(b) an HTH-infected bitstream. The 1 billion bit dataset
Statistical Bitstream Bitstream
were first analyzed for varying lengths with the Wavelet
test (HTH inactive) (HTH infected)
toolbox and empirically we came to the conclusion that
Q value Q value
dividing the sequence into chunks of length 3000 gave
Frequency 0.969588 0.552383 the best results for detecting the proposed HTH. For the
Runs 0.310049 0.270265 data that was collected during experimentation, for all the
FFT 0.036833 0.102526 portions of the bitstream affected by the inserted HTH, the
Universal 0.270265 0.691081 proposed analysis method detected the HTH with 100%
Random excursions variant 0.042988 0.026203 pass rate. We have used the Haar Wavelet, with a scale
setting of the “power of 2” mode with power = 7, for
‡
For tests with more than one subtest, Q values shown are the smaller evaluating the input data using CWT. The blue box in
values Fig. 7b clearly shows a deviation from the golden bitstream
J Hardw Syst Secur (2018) 2:225–239 235

Table 6 Dieharder test results

Statistical test Bitstream (HTH inactive) Bitstream (HTH infected)

P value P value

Diehard Birthdays Test 0.52017885 0.94047042

Diehard OPERM5 Test 0.91139756 0.00031978
Diehard 32 × 32 Binary Rank Test 0.60825999 0.77973743
Diehard 6 × 8 Binary Rank Test 0.56224308 0.38559539
Diehard Bitstream Test 0.45018776 0.95823048
Diehard OPSO 0.66623360 0.89529106
Diehard OQSO Test 0.93220474 0.34797128
Diehard DNA Test 0.44008319 0.08326412
Diehard Count the 1s (stream) Test 0.90497912 0.46085164
Diehard Count the 1s Test (byte) 0.34022498 0.97919475
Diehard Parking Lot Test 0.95063855 0.10932071
Diehard Minimum Distance (2d circle) Test 0.41730255 0.03411971
Diehard 3d Sphere (minimum distance) Test 0.49013019 0.06259836
Diehard Squeeze Test 0.06132605 0.08176140
Diehard Sums Test 0.21864531 0.10598363
Diehard Runs Test 0.15116770 0.00605953
Diehard Craps Test 0.04951539 0.00001241
Marsaglia and Tsang GCD Test 0.00000047 0.00000001
STS Monobit Test 0.76518635 0.88224534
STS Runs Test 0.59096337 0.85284228
STS Serial Test (generalized) 0.06403045 0.11497045
RGB Bit Distribution Test 0.03480518 0.00410276
RGB Generalized Minimum Distance Test 0.40774975 0.08776353
RGB Permutations Test 0.13777670 0.35678627
RGB Lagged Sum Test 0.00415203 0.00450869
RGB Kolmogorov-Smirnov Test 0.59770839 0.61492999

(without HTH) which corresponds to the inserted HTH 4.5 Discussions

pattern. Figure 8 also shows zoomed version of the portion
of the plot in the blue box of Fig. 7, which exposes the
inserted HTH pattern in the analyzed input signal, as well
as in the CWT coefficient plots. We thus conclude that
CWT is an effective technique to detect the type of HTH
deployed in this paper. However, note that for the CWT
analysis to evaluate one block of length 3000, in total, it took
approximately 10 min (∼600 s) for data acquisition and data
analysis, to generate the plots with the wavelet coefficients,
thereby detecting the anomaly. Hence, the proposed scheme
is not real-time.
It is slightly difficult to comment on exactly how to
synthesize a bitstream (or to modify a given random
bitstream generated from a TRNG) that is guaranteed to
pass NIST and Dieharder tests, but would be detectable by
CWT. For us, the main insight behind application of CWT
to detect the type of infection induced by the proposed HTH
is the well-known and unique ability of CWT to resolve
events simultaneously in time and frequency domains.
Because of this ability, CWT is presumably able to detect
and localize (relatively) short-duration but extremely large

Table 7 Statistical distances

reported by the LIL tests [10] Statistical distances HTH inactive HTH infected
(10 billion bits)
Expected value Observed value Expected value Observed value

Total variation distance (d) 0.07927 0.05836 0.06944 0.05538

Hellinger distance (H ) 0.07021 0.05646 0.06192 0.05891
Root-mean-square-distance (RMSD) 0.00523 0.00356 0.00457 0.00353
236 J Hardw Syst Secur (2018) 2:225–239

a
Analyzed Signal (length = 3000)
1

0.5

0
500 1000 1500 2000 2500 3000
Time(ns)
CWT Ca,b Coefficients (Coloration mode)
128
120

64
100

32
80

16
60

8
40

4
20

Time(ns) Scale of colors from MIN to MAX

CWT Coefficients Line ( Ca,b for scale a = 16)

2

-2
500 1000 1500 2000 2500 3000
Time(ns)

b
Analyzed Signal (length = 3000)
1

0.5

0
500 1000 1500 2000 2500 3000
Time(ns)
CWT Ca,b Coefficients (Coloration mode)
128
120

64
100

32
80

16
60

8
40

4
20

Time(ns) Scale of colors from MIN to MAX

CWT Coefficients Line ( Ca,b for scale a = 16)

2

-2
500 1000 1500 2000 2500 3000
Time(ns)

Fig. 7 Plot of Haar Wavelet-based Continuous-time Wavelet Transform (CWT) coefficients for Golden and HTH-infected bitstream (before
post-processing)
J Hardw Syst Secur (2018) 2:225–239 237

Analyzed Signal (length = 3000)

1

0.5

0
80 100 120 140 160 180 200 220 240
Time (ns)
CWT Ca,b Coefficients (Coloration mode)

120
64

100

32
80

16 60

40
8

20

Time (ns) Scale of colors from MIN to MAX

CWT Coefficients Line (Ca,b for scale a = 16)

2

-2
80 100 120 140 160 180 200 220 240

Time (ns)
Fig. 8 Zoomed in plot of Haar Wavelet-based Continuous-time Wavelet Transform (CWT) coefficients for HTH-infected bitstream (before
post-processing)

time-period periodicities, embedded in random signals (i.e.,
uninfected bits generated from the TRNG). The fact that
such periodicities passed the Fast Fourier Transform (FFT)
test included in the NIST test suite is proof of the inability of
other competing signal processing techniques in detecting
the impact of the proposed HTH. Even if FFT would have
been able to detect the presence of an embedded periodic
signal, it does not have the ability to localize occurrence of
such periodicities.
Further, one may argue that given that any random-
ness testing tool is effective only until the next non-
distinguishing attack is reported, is it worth enough to
explore different randomness testing strategies at all? We
have followed the principles laid out in [1], which says
that contemporary TRNG designs should have a three-fold
security evaluation criteria which consists of: (a) a proof
of robustness; (b) embedded tests of randomness, and (c) a
stochastic model of randomness. Our approach to a HTH
design that impacts the randomness of a common TRNG
also naturally extends to development of stronger random-
ness evaluation techniques compared to the state-of-the-art.
The art of secure TRNG design, much like secure block
cipher or stream cipher design, is a cat-and-mouse game
between the designers and the adversaries, and there is cur-
rently no clear winner. To the best of our knowledge, there
is no known TRNG that has been established to be abso-
lutely robust, and no current randomness testing method
can claim itself to be sacrosanct. It is very much feasible
that the enhanced randomness testing methodology pro-
posed in this paper is defeated by some other attack on
the TRNG in near future. In other words, the demonstrated
effectiveness of CWT in this work, while encouraging,
should not be interpreted as a “cure-all” solution for all
types of inserted HTHs. We want to emphasize that the
experimental results demonstrate the effectiveness of CWT
in detecting the impact of only the HTH proposed in this
paper—establishment of wider effectiveness of CWT for
randomness testing and HTH detection requires extensive
additional experimentation and analysis.
Regarding the failure of the Marsaglia and Tsang GCD
test for 1 billion-sized dataset, but its success for the 10
billion-sized dataset, we would like to point out that in
order to run all the Dieharder tests and to get a dependable
result (pass or fail), it is recommended that the input file
238
size should consist of minimum 12 megabytes (about 100
million) random bits as mentioned in [46]. We carried out
our own testing with the in-built pseudorandom number
generators present in the Dieharder suite, and found out that
all the tests start passing only after a random bit data of
size 1 billion (1000 million) bits. Hence, we carried out our
testing on 1 billion and 10 billion bit-sized datasets. Please
note that we do not claim that 1 billion bits are enough
to declare a stream random, and the choice of the dataset
sizes is based only on our observations with the experiments
that we have carried out with the available test suites and
resources. Also, in the paper [46], the originators of the
Marsaglia and Tsang GCD test mention that it is one of
the most difficult to pass randomness tests in the Dieharder
suite, and is thus expected to fail sometimes. This failure
does not necessarily mean that the source of randomness is
of inferior quality.
5 Conclusions
In this paper, we have demonstrated a potent attack on
an FPGA-based cryptographic system, through a HTH
that affects the entropy of the keystream generated
from a TRNG. We demonstrated that the compromised
bitstream can lead to collision of generated session keys
with much higher probability, which is a grave security
concern. Through experimental results, we have shown that
the impact of this HTH on the compromised bitstream
is undetectable by several standard randomness testing
schemes. We also discussed the ineffectiveness of a TERO
-based HTH detection technique on the proposed HTH. We
then demonstrated that Wavelet Transform-based analysis
can detect the anomaly in the compromised bitstream.
Our future work will be directed towards designing and
implementing a complete FPGA-based VLSI architecture to
perform real-time on-chip randomness evaluation, including
Wavelet Transform, while minimizing impact on the TRNG.
References
1. Fischer V (2012) A closer look at security in random number
generators design. In: Schindler W, Huss SA (eds) Proceedings
of the third international workshop on constructive side-channel
analysis and secure design (COSADE 2012). Springer, Berlin,
pp 167–182
2. Massey J (1969) Shift-register synthesis and BCH decoding. IEEE
Trans Inf Theory 15(1):122–127
3. Von Neumann J (1951) Various techniques used in connection
with random digits. Natl Bur Stand Appl Math Ser 12:36–38
4. Killmann W, Schindler W (2011) A proposal for: functionality
classes for random number generators. Bundesamt für Sicherheit in
der Informationstechnik (BSI) publication. Accessed: May 2017
J Hardw Syst Secur (2018) 2:225–239
5. Fischer V (2014) Random number generators for cryptography
design and evaluation. Summer School on Design and Security
of Cryptographic Algorithms and Devices, Šibenik, Croatia, June
2014. Accessed: May 2017
6. National Institute of Standards and Technology (2002) FIPS PUB
140-2. Security requirements for cryptographic modules. Federal
Information Processing Standards (FIPS) publication. Accessed:
May 2017
7. Rukhin A et al (2010) A statistical test suite for random and
pseudorandom number generators for cryptographic applications.
Accessed: May 2017
8. Brown RG, Eddelbuettel D, Bauer D (2017) Dieharder: a random
number test suite (v 3.31.1). Accessed: December 2017
9. Marsaglia G (1995) Diehard battery of tests of randomness.
Accessed: December 2017
10. Wang Y (2014) On the design of LIL tests for (pseudo) random
generators and some experimental results. IACR Cryptology
ePrint Archive. 2014:31
11. Kumagai J (2000) Chip detectives [reverse engineering]. IEEE
Spectrum 37(11):43–48
12. DARPA (2007) TRUST in integrated circuits (TIC). [Online].
Available: http://www.darpa.mil/MTO/solicitations/baa07-24
13. Adee S (2008) The hunt for the kill switch. IEEE Spectrum
45(5):34–39
14. Bhunia S, Hsiao MS, Banga M, Narasimhan S (2014) Hardware
Trojan attacks: threat analysis and countermeasures. Proc IEEE
102(8):1229–1247
15. Tehranipoor M, Koushanfar F (2010) A survey of hardware trojan
taxonomy and detection. IEEE Des Test Comput 27(1):10–25
16. Xiao K, Forte D, Jin Y, Karri R, Bhunia S, Tehranipoor M (2016)
Hardware trojans: lessons learned after one decade of research.
ACM Trans Des Autom Electron Syst 22(1):6:1–6:23
17. Ali SS, Chakraborty RS, Mukhopadhyay D, Bhunia S (2011)
Multi-level attacks: an emerging security concern for crypto-
graphic hardware. In: Proceedings of design, automation & test in
Europe conference & exhibition (DATE 2011), pp 1–4
18. Stinson D (2006) Cryptography: theory and practice, 3rd edn.
CRC Press/Chapman and Hall, Boca Raton
19. Kitsos P, Stefanidis K, Voyiatzis AG (2016) Tero-based detection
of hardware trojans on fpga implementation of the AES algorithm.
In: 2016 Euromicro conference on digital system design (DSD),
pp 678–681
20. Johnson AP, Patranabis S, Chakraborty RS, Mukhopadhyay D
(2016) Remote dynamic clock reconfiguration based attacks on
internet of things applications. In: Euromicro conference on digital
system design (DSD 2016), pp 431–438
21. Martin H, Di Natale G, Entrena L (2017) Towards a dependable
true random number generator with self-repair capabilities. IEEE
Trans Circ Syst Regul Pap PP(99):1–10
22. Yang B, Rožić V, Mentens N, Dehaene W, Verbauwhede I (2015)
Embedded HW/SW platform for on-the-fly testing of true random
number generators. In: Proceedings of design, automation & test
in europe conference & exhibition (DATE 2015), pp 345–350
23. Rao RM, Bopardikar AS (1998) Wavelet transforms: introduction
to theory and applications. Prentice Hall/Chapman and Hall,
Englewood Cliffs
24. Lampert B, Wahby RS, Leonard S, Levis P (2016) Robust,
low-cost, auditable random number generation for embedded
system security. In: Proceedings of the 14th ACM conference on
embedded network sensor systems CD-ROM, SenSys ’16. ACM,
New York, pp 16–27
25. Sunar B, Martin WJ, Stinson DR (2007) A provably secure true
random number generator with built-in tolerance to active attacks.
IEEE Trans Comput 56(1):109–119
J Hardw Syst Secur (2018) 2:225–239
26. Wold K, Tan CH (2008) Analysis and enhancement of random
number generator in FPGA based on oscillator rings. In:
Proceedings of the international conference on reconfigurable
computing and FPGAs (ReConFig 2008), pp 385–390
27. Lao Y, Tang Q, Kim CH, Parhi KK (2016) Beat frequency
detector–based high-speed true random number generators:
statistical modeling and analysis. J Emerg Technol Comput Syst
13(1):9:1–9:25
28. Haddad P, Fischer V, Bernard F, Nicolai J (2015) A physical
approach for stochastic modeling of tero-based trng. In: Workshop
on cryptographic hardware and embedded systems, CHES 2015,
St-Malo, France
29. Petura O, Mureddu U, Bochard N, Fischer V, Bossuet L
(2016) A survey of ais-20/31 compliant trng cores suitable for
FPGA devices. In: 2016 26th international conference on field
programmable logic and applications (FPL), pp 1–10
30. Chari SN, Diluoffo VV, Karger PA, Palmer ER, Rabin T, Rao
JR, Rohotgi P, Scherzer H, Steiner M, Toll DC (2010) Designing
a side channel resistant random number generator. In: Smart
card research and advanced application: 9th IFIP WG 8.8/11.2
international conference, CARDIS 2010, Passau, Germany, April
14–16, 2010. Proceedings. Springer, Berlin, pp 49–64
31. Zhu S, Ma Y, Lin J, Zhuang J, Jing J (2016) More powerful
and reliable second-level statistical randomness tests for NIST SP
800-22. In: Proceedings of advances in cryptology—ASIACRYPT
2017. Springer, pp 307–329
32. Pareschi F, Rovatti R, Setti G (2007) Second-level NIST
randomness tests for improving test reliability. In: Proceedings
of IEEE international symposium on circuits and systems 2017,
pp 1437–1440
33. Yutao F, Guiping S (2014) A new testing method of randomness for
true random sequences. In: 2014 IEEE 5th international con-
ference on software engineering and service science, pp 537–
540
34. Greenland S, Senn SJ, Rothman KJ, Carlin JB, Poole C,
Goodman SN, Altman DG (2016) Statistical tests, p values,
confidence intervals, and power: a guide to misinterpretations. Eur
J Epidemiol 337–350
239
35. Varchola M, Drutarovsky M (2010) New high entropy element
for fpga based true random number generators. In: Mangard
S, Standaert F-X (eds) Cryptographic hardware and embedded
systems, CHES 2010. Berlin, Heidelberg, pp 351–365
36. Haddad P, Fischer V, Bernard F, Nicolai J (2015) A physical
approach for stochastic modeling of TERO-based TRNG. In:
Workshop on cryptographic hardware and embedded systems,
CHES 2015
37. (2018) Haar Wavelet. Wikipedia article on Haar Wavelet. https://
en.wikipedia.org/wiki/Haar wavelet. Accessed: May 2017
38. Bhunia S, Roy K, Segura J (2002) A novel wavelet transform
based transient current analysis for fault detection and local-
ization. In: Proceedings of the IEEE/ACM design automation
conference (DAC’02), pp 361–366
39. Zynq Evaluation and Development Hardware User’s Guide (2017)
Xilinx online documentation. Accessed: January 2018
40. Xilinx Zynq-2000 XADC UserGuide(UG480) (2017) Xilinx
online documentation. Accessed: December 2017
41. Theodore MA, Moore SW (2009) The frequency injection attack
on ring-oscillator-based true random number generators. In:
Proceedings of the 11th international workshop on cryptographic
hardware and embedded systems, CHES’09, pp 317–331
42. De Cannière C, Preneel B TRIVIUM Specifications, 2005.
eSTREAM submitted papers. Accessed: May 2017
43. Roy DB, Bhasin S, Guilley S, Danger J-L, Mukhopadhyay D,
Ngo XT, Najm Z (2015) Reconfigurable lut: a double edged
sword for security-critical applications. In: Proceedings of the
5th international conference on security, privacy, and applied
cryptography engineering, vol 9354, SPACE 2015, pp 248–268
44. Malladi S, Alves-Foss J, Heckendorn RB (2002) On preventing
replay attacks on security protocols. DARPA technical report by
University of Idaho Moscow. Accessed: May 2017
45. Yang B, Rožić V, Mentens N, Dehaene W, Verbauwhede I (2016)
TOTAL: TRNG on-the-fly testing for attack detection using
Lightweight hardware. In: Proceedings of the design, automation
test in Europe conference exhibition, DATE’16, pp 127–132
46. Marsaglia G, Tsang WW (2002) Some difficult-to-pass tests of
randomness. J Stat Softw 7(3):1–9