Fabio Pareschi

Implementation and Testing of High-Speed CMOS True Random Number Generators Based on Chaotic Systems

We present the design and the validation by means of suitably improved randomness tests of two different implementations of high-performance true-random number generators which use a discrete-time chaotic circuit as their entropy source. The proposed system has been developed from a standard pipeline Analog-to-Digital converter (ADC) design, modified to operate as a set of piecewise-linear chaotic maps. The evolution of each map is observed and quantized to obtain a random bit stream. With this approach it is possible to obtain, on current CMOS technology, a data rate in the order of tens of megabit per second. Furthermore, we can also prove that the design is tamper resistant in the sense that a power analysis cannot leak information regarding the generated bits. This makes the proposed circuit perfectly suitable for embedding in cryptographic systems like smarts cards, even more so if one consider that it could be easily obtained by reconfiguring an existing pipeline ADC. The two prototypes have been designed in a 0.35-μm and 0.18-μm CMOS technology, and have a throughput of, respectively, 40 Mbit/s and 100 Mbit/s. A comparison between measured results and other high-end commercial solutions shows a comparable quality with a operating speed that is one order of magnitude faster.

Low-Complexity Multiclass Encryption by Compressed Sensing

The idea that compressed sensing may be used to encrypt information from unauthorized receivers has already been envisioned but never explored in depth since its security may seem compromised by the linearity of its encoding process. In this paper, we apply this simple encoding to define a general private-key encryption scheme in which a transmitter distributes the same encoded measurements to receivers of different classes, which are provided partially corrupted encoding matrices and are thus allowed to decode the acquired signal at provably different levels of recovery quality. The security properties of this scheme are thoroughly analyzed: first, the properties of our multiclass encryption are theoretically investigated by deriving performance bounds on the recovery quality attained by lower-class receivers with respect to high-class ones. Then, we perform a statistical analysis of the measurements to show that, although not perfectly secure, compressed sensing grants some level of security that comes at almost-zero cost and thus may benefit resource-limited applications. In addition to this, we report some exemplary applications of multiclass encryption by compressed sensing of speech signals, electrocardiographic tracks and images, in which quality degradation is quantified as the impossibility of some feature extraction algorithms to obtain sensitive information from suitably degraded signal recoveries.

A Fast Chaos-based True Random Number Generator for Cryptographic Applications

We present the design and the validation by means of state-of-the-art randomness tests of a high-quality true random number generator which internally exploits a pipeline analog-to-digital converter modified to operate as a set of interleaved chaotic maps. Developing the circuit design relying on pipeline A/D technology, which is ubiquity used in all mixed signal systems, allow us to design a fast and very reliable TRNG. A prototype has been implemented in AMS 0.35 mum 2P3M technology and has a nominal throughput of 40 Mbits per second. The active area occupied by the chip is about 0.52 mm2 and the power consumption is less than 30 mW

A Pragmatic Look at Some Compressive Sensing Architectures With Saturation and Quantization

The paper aims to highlight relative strengths and weaknesses of some of the recently proposed architectures for hardware implementation of analog-to-information converters based on Compressive Sensing. To do so, the most common architectures are analyzed when saturation of some building blocks is taken into account, and when measurements are subject to quantization to produce a digital stream. Furthermore, the signal reconstruction is performed by established and novel algorithms (one based on linear programming and the other based on iterative guessing of the support of the target signal), as well as their specialization to the particular architecture producing the measurements. Performance is assessed both as the probability of correct support reconstruction and as the final reconstruction error. Our results help highlighting pros and cons of various architectures and giving quantitative answers to some typical design-oriented questions. Among these, we show: 1) that the (Random Modulation Pre-Integration) RMPI architecture and its recently proposed adjustments are probably the most versatile approach though not always the most economic to implement; 2) that when 1-bit quantization is sought, dynamically mixing quantization and integration in a randomized ΔΣ architecture help bringing the performance much closer to that of multi-bit approaches; 3) for each architecture, the trade-off between number of measurements and number of bits per measurements (given a fixed bit-budget); and 4) pros and cons of the use of Gaussian versus binary random variables for signal acquisition.

On Statistical Tests for Randomness Included in the NIST SP800-22 Test Suite and Based on the Binomial Distribution

In this paper we review some statistical tests included in the NIST SP 800-22 suite, which is a collection of tests for the evaluation of both true-random (physical) and pseudorandom (algorithmic) number generators for cryptographic applications. The output of these tests is the so-called p-value which is a random variable whose distribution converges to the uniform distribution in the interval [0,1] when testing an increasing number of samples from an ideal generator. Here, we compute the exact non-asymptotic distribution of p-values produced by few of the tests in the suite, and propose some computation-friendly approximations. This allows us to explain why intensive testing produces false-positives with a probability much higher than the expected one when considering asymptotic distribution instead of the true one. We also propose a new approximation for the Spectral Test reference distribution, which is more coherent with experimental results.

A 3-GHz Serial ATA Spread-Spectrum Clock Generator Employing a Chaotic PAM Modulation

In this paper, we propose a prototype of a spread-spectrum clock generator which is the first known specifically meant generator for 3-GHz Serial Advanced Technology Attachment II (SATA-II) applications. A further innovative aspect of our prototype is that it takes advantage of a chaotic pulse-amplitude modulation as driving signal, instead of a triangular signal as in all spread-spectrum generators proposed so far in the literature for SATA-II. In this way, we are able to obtain the optimal theoretical electromagnetic-interference reduction by avoiding the periodicity of the modulated clock and completely flattening the peaks in the power spectral density. We also show that, despite the fact that such an unconventional aperiodic modulating signal is used, the clock can be recovered by exploiting a standard clock and data recovery circuit at the receiver side of the SATA-II bus. The circuit prototype has been implemented in 0.13-μm CMOS technology and achieves a peak reduction greater than 14 dB measured at RBW = 100 kHz, which is better than any other prototypes presented in the literature. The estimated random jitter is 5.4 psrms, while the chip active area is 0.27 0.78 × mm2 and the power consumption is as low as 14.7 mW.

On Known-Plaintext Attacks to a Compressed Sensing-Based Encryption: A Quantitative Analysis

Despite its intrinsic linearity, compressed sensing may be exploited to at least partially encrypt acquired signals from unintentional receivers: in the companion paper we have shown that the simplicity of its encoding allows the definition of a general, lightweight scheme in which transmitters distribute the same information to receivers of different classes enabled to recover it with different quality levels. In this investigation we quantify the robustness of such a scheme with respect to known-plaintext attacks. The odds of such an attack are shown by theoretical means, proving that the number of candidate encoding matrices matching a typical plaintext-ciphertext pair is astronomically large, thus making the search for the true encoding infeasible. These attacks are also simulated by applying compressed sensing to a variety of signals (speech, images and electrocardiographic traces) showing how this difficulty in extracting information on the true encoding matrix from a plaintext-ciphertext pair is reflected on the quality of the signals recovered by the attacker. The results clarify that, although not perfectly secure, CS grants a noteworthy level of security that may come at almost-zero cost and especially benefit resource-limited applications.Despite the linearity of its encoding, compressed sensing (CS) may be used to provide a limited form of data protection when random encoding matrices are used to produce sets of low-dimensional measurements (ciphertexts). In this paper, we quantify by theoretical means the resistance of the least complex form of this kind of encoding against known-plaintext attacks. For both standard CS with antipodal random matrices and recent multiclass encryption schemes based on it, we show how the number of candidate encoding matrices that match a typical plaintext-ciphertext pair is so large that the search for the true encoding matrix inconclusive. Such results on the practical ineffectiveness of known-plaintext attacks underlie the fact that even closely related signal recovery under encoding matrix uncertainty is doomed to fail. Practical attacks are then exemplified by applying CS with antipodal random matrices as a multiclass encryption scheme to signals such as images and electrocardiographic tracks, showing that the extracted information on the true encoding matrix from a plaintext-ciphertext pair leads to no significant signal recovery quality increase. This theoretical and empirical evidence clarifies that, although not perfectly secure, both standard CS and multiclass encryption schemes feature a noteworthy level of security against known-plaintext attacks, therefore increasing its appeal as a negligible-cost encryption method for resource-limited sensing applications.

Hardware-Algorithms Co-Design and Implementation of an Analog-to-Information Converter for Biosignals Based on Compressed Sensing

We report the design and implementation of an Analog-to-Information Converter (AIC) based on Compressed Sensing (CS). The system is realized in a CMOS 180 nm technology and targets the acquisition of bio-signals with Nyquist frequency up to 100 kHz. To maximize performance and reduce hardware complexity, we co-design hardware together with acquisition and reconstruction algorithms. The resulting AIC outperforms previously proposed solutions mainly thanks to two key features. First, we adopt a novel method to deal with saturations in the computation of CS measurements. This allows no loss in performance even when 60% of measurements saturate. Second, the system is able to adapt itself to the energy distribution of the input by exploiting the so-called rakeness to maximize the amount of information contained in the measurements.

Complex Oscillation-Based Test and Its Application to Analog Filters

Testing is a critical factor for modern large-scale mixed-mode circuits. Strategies for mitigating test cost and duration include moving significant parts of the test hardware on-chip. This paper presents a novel low-overhead approach for design for test and built-in self-test of analog and mixed-mode blocks, derived from the oscillation-based test framework. The latter is enhanced by the use of complex oscillation regimes, improving fault coverage and enabling forms of parametric or specification-based testing. This technique, initially proposed targeting large subsystems such as A/D converters, is here illustrated at a much finer granularity, considering its application to analog-filter stages, and also proving its suitability to backfit existing designs. The simple case of a switched-capacitor second-order bandpass stage is used for illustration discussing how deviations from nominal gain, central frequency, and quality factor can be detected from measurements not requiring A/D stages. A sample design is validated by simulations run at the layout level, including Monte Carlo analysis and simulations based on random fault injections.

Second-level NIST Randomness Tests for Improving Test Reliability

Testing random number generators (RNGs) is as important as designing them. The paper considers the NIST test suite SP 800-22 and shows that, as suggested by NIST itself, to reveal non-perfect generators a more in-depth analysis should be performed using the outcomes of the suite over many generated sequences. Testing these second-level statistics is not trivial and, relying on a proper model that takes into account the errors due to the approximations in the first level tests, a tuning of the parameters in the simplest cases was propose. The validity of this consideration is widely supported by experimental results on several RNG currently employed by major IT players, as well as a chaos-based RNG designed by authors.