Towards robust true random number generation: addressing vulnerabilities in dual entropy source design

Recently, Chen et al. introduced a dynamic dual entropy source-assisted True Random Number Generator (TRNG) implemented on a Field Programmable Gate Array (FPGA). They asserted that their design achieved superior true randomness and higher throughput. This paper comprehensively analyses Chen et al.‘s TRNG [1], identifying potential vulnerabilities. Chen et al. employed a Multiplexer Ring Oscillator (MRO) as the entropy source for generating true random numbers. This MRO leverages dual entropy sources—metastability and clock jitter—to create true randomness. By exploiting the weaknesses inherent in the MRO, we critically examine the results and validation of Chen et al.‘s TRNG. Despite the TRNG’s minimal hardware footprint on the AMD-Xilinx Artix-7 FPGA—utilizing only 10 number of LUTs, 2 number of DFFs, and 1 unit of MUX—and its impressive bit generation rate of 300 Mbps, it fails to produce adequate randomness. This inadequacy is evident when evaluated against standard metrics such as Shannon Entropy, Autocorrelation, and NIST SP 800 − 22. To address these deficiencies, we propose enhancing Chen et al.‘s TRNG, aimed at improving randomness without altering the entropy source, through lightweight post-processing. This approach yielded an 85.71% improvement in randomness after four rounds of post-processing. However, this enhancement significantly reduces throughput by a factor of ½. In conclusion, while the TRNG by Chen et al. demonstrates promising features, it necessitates a robust entropy source with a multi-ring structure rather than the dual-ring MRO for optimal performance.