FPGA implantations of TRNG architecture using ADPLL based on FIR filter as a loop filter

This article describes about the design, implementation, and analysis of a true random number generator (TRNG) employing an all-digital phase-locked loop (ADPLL) based on a finite impulse response (FIR) filter as the digital loop filter and implemented on the Artix 7(XC7A35T-CPG236-1) field programmable gate array (FPGA) board using the Xilinx Vivado v.2015.2 design suite. The coefficients of a 3rd-order broadcast low-pass digital FIR filter are computed using the Keiser window method. The MATLAB-FDA tool is used to calculate the filter coefficient. After reducing the bias in the sequence using the XOR-corrector post-processing approach, the suggested ADPLL-based TRNG designs created an unbiased stochastic random number with an overall throughput of 200 Mbps for both designs. The first proposed FIR-ADPLL-based TRNG design (FAT-1) consumes 0.072 W of power, whereas the second proposed FIR-ADPLL-based TRNG design (FAT-2) consumes 0.074 W. The resulting bitstream is verified for randomness using national institute of standards and technology (NIST) test following post-processing. Digital storage oscilloscope (DSO) is interfaced to the Artrix-7 FPGA board in order to capture the TRNG output waveforms. Both the proposed FIR-based ADPLL-TRNG designs passed the NIST SP 800-22 test, indicating that they are well-suited for a variety of industrial applications, including network security, cybersecurity, banking security, smart cards, radio-frequency identification tags, Internet of Things, and Industrial Internet of Things.


Introduction
Since the dawn of time, humans have faced the challenge of data protection. With the perception of integrated circuits, many methods have been developed to safeguard them. With the fast growth of the Internet, the need for information security in a variety of sectors is increasing, and security concerns are receiving increased attention throughout the world [1][2][3][4][5]. Generally, this request can be met by integrating multiple software and/or hardware designs able to generate random number combinations and giving the requisite public and private keys for effective data encryption [6]. Random number generators (RNGs) are critical components of every cryptographic system, as they are utilized in block ciphers, digital signatures [7], and one-time padding [8]. Random numbers may be classified into two types based on the random sequence created, namely pseudo-random numbers generators (PRNGs) and true random numbers generators (TRNGs), as seen in Fig. 1 classification. PRNGs create a sequence of outputs depending on the preceding seed of entropy using a deterministic algorithm and procedure. PRNGs are essentially created using specialized software code and executed via a subroutine [9] that creates a predictable output sequence. In general, the result is a lengthy periodic and repeating series of bitstreams with features that roughly match those of the previously produced random numbers. Because the number generated by a PRNG is predictable and likely, it is occasionally vulnerable to attack by such devices if the seed of entropy selected is incorrect, exposing the bitstream to hackers. TRNG, on the other hand, creates unexpected random numbers through the use of a physical process and an asynchronous source. Additionally, the absence of resemblance between the most recent data sequence created and the preceding one [6] makes TRNG more secure than PRNG. TRNGs based on FPGAs enable the usage of a huge matrix of configurable logic blocks (CLBs) coupled through programmable interconnects, therefore enabling the creation of a powerful platform primarily utilized for digital very large-scale integration (VLSI) implementations. TRNG proposed by author Guido Di Patrizio Stanchieri, Andrea De Marcellis, Elia Palange and Marco Faccio [6] are more secured than PRNG proposed by advanced micro devices, Inc (AMD) [9]. The noise source creates an unprocessed bitstream, which frequently requires post-processing to enhance the unpredictability characteristics of the produced random sequences. The purpose of this article is to describe the design, implementation, and analysis of a true random number generators architecture that utilized the jitters generated by an all-digital phase-locked loop (ADPLL) based on FIR filter as a digital low pass filter and the jitters generated by the proposed ring oscillators also with the metastability feature of the Flip-flops (FF) as seeds of entropy. In contrast to other methods, we demonstrate how to get a reliable TRNG architecture using just the onboard resources of the FPGA XC7A35T-CPG236-1 board.
As a result, the proposed solution greatly reduces the number of Configurable Logic Boards required, the intricacy of the architecture, and the total power consumption without compromising the generated throughput. The proposed method of generation of unbiased random data has been proven to be reliable according to standard criteria. This paper expands on a preliminary study published in [10] by including new findings, experimental results, and analytical methods to provide a more precise and comprehensive explanation of each component of the proposed TRNG architectures. As random numbers generated by RNG devices based on analog noise disturbances are unpredictable, they are vulnerable to attacks that compromise the security of user-provided information [11]. TRNGs based on FPGA digital logic architecture offer greater flexibility, higher speed, and less complexity than analog circuit-based TRNGs [12]. As a result, another ADPLL-based approach for generating highly secure random bitstreams is described. ADPLL-based TRNGs offer several benefits over phase-locked loop (PLL)-based TRNGs, including their simplicity of synthesizability and ability to be fully customized in a short amount of time [10]. Additionally, we used the FIR filter as the ADPLL loop filter to increase the overall performance of the suggested TRNG in terms of area look up table (LUT) and power. We provide a comprehensive overview of the seeds of entropy in the TRNG process, with a particular emphasis on the jitter and metastability effects created by an ADPLL, ring oscillator, and FF. Furthermore, we compare the proposed TRNG's performance to that of existing TRNGs published in the field, demonstrating that the proposed design employs the minimal resources possible, yet retaining a relatively high throughput rate in low power. Subsequently, post-processing actions are conducted on the generated random sequence to increase its statistical distribution and unpredictability characteristics at the expense of throughput. The generated random number sequences with a 200 Mbps output bit rate of both the TRNGs designs meet the requirements of the NIST (National institute of standards and technology) test, making them suitable for use in cybersecurity network systems, smart cards, and IoT applications. The following   [14] uses an emulation technique. The proposed ADPLL emulation covers a broad frequency spectrum from 120 to 300 MHz, minimizing design time and complexity. In conclusion, as the author claims, the suggested ADPLL is simply transferrable to various processes. Paper [10] proposes the design and construction of a TRNG based on ADPLL jitter along with FF metastability that achieves a whopping 680.7 Mbps throughput. However, due to the absence of post-processing, while this system generates random numbers, the sequence it generates has the potential of being biased. Koyuncu and Turan Özcerit [15] proposed that based on their chaotic architecture, a high-speed chaos-based TRNG be implemented on an FPGA. The design works at a frequency of 293 MHz and has an output bitrate of 58.76 Mbps, and it complies with both NIST 800-22 and FIPS 140-1 requirement.

Detail description about ADPLL for TRNG architecture implementation
ADPLL is a digital circuit architecture that utilizes a core digital block that can be effectively replicated on an FPGA [9]. In other words, ADPLL is a fully digital version of a phase-locked loop (PLL) [16]. It consists of three components: phase detectors (PD), loop filters (LF), and digital control oscillators (DCO) [17]. The three units are connected in a closed-loop feedback system. The basic ADPLL block design is illustrated in Fig. 2. Third-order broadcast low-pass FIR is used as a loop filter which is used to eliminate noise or undesirable frequency components. ID counters function similarly to DCOs; in that they alter the frequency in response to the output of the LF signal. Figure 3 illustrates an ADPLL's firstorder circuit diagram. FIR filter clock is equal to Mfo, which is a clock for the FIR filter clock signal. ID-clock, equal to 2Nfo, is the DCO clock signal, where M and N are the modulus controls for the FIR filter and DCO, respectively. The XOR gate's output, which is XOR-out, is fed to the input of the FIR filter, along with the clock, which outputs a carry signal (ca) [16]. We chose 50 MHz as the center frequency (fo) for FAT-1 TRNG design, For ADPLL1 M = 16 and N = 8 and for ADPLL2 M equal 8, N equal 4. The ID-clock is the DCO clock signal, which is equivalent to 2Nfo. Similarly, for FAT-2, the center frequency (fo) is 50 MHz for both ADPLL1 and ADPLL2, and the parameters for ADPLL1 are M = 16, and N = 8, while for ADPLL2 we used M = 8 and N = 4. Table 1 discusses the parameters used in designing ADPLL's of the proposed TRNGs.

Digital phase detector
The phase detector in this ADPLL design is implemented using an XOR gate [18,19]. The XOR mechanism is a basic but effective phase detection process. It performs a phase comparison between the entering original signal and the ADPLL output signal and creates an error signal proportionate to the phase difference. The input phase ν1, output phase ν2, and frequency are all interlocked using ADPLL. PD is used to reduce the gap between the two signals used in ADPLL [17].

FIR filter as a loop filter (LF) used in ADPLL's
The filter is a type of basic signal processing circuit that digitally process and generate digital information which is used in a variety of communication system and physical applications. An electronic circuit that permits or transmits the desired band of frequencies while attenuating the undesirable band. Digital filters are composed of adder, multiplier, and delay units. Additionally, a digital filter is a sort of linear time-invariant (LTI) system that acts on a discrete-time sampled signal to diminish or enhance specific characteristics of the signal [20], 21]. The difference equation for a digital low-pass filter in its general form which is used is given below in (1).
where y(n) denotes the current filter outcomes, y(n−k) denotes the present or previous filter intakes, a k denotes the feed-forward parameters related to the filter zeros, b k denotes the feedback coefficient relating to the filter pole, and N defines the orders [22,23]. Digital filters are categorized primarily into two types: (1) finite impulse response (FIR) or non-recursive filters and (2) infinite impulse response (IIR) or recursive filters. FIR are those whose output is dependent on only the current and previous inputs. They are devoid of feedback from the output. The FIR digital filter is widely used in digital signal processing systems for a variety of applications [24]. Due to the absence of feedback, FIR filters are non-recursive. Since all the pathways from the source to the destination flow forward, the FIR filter's signal flow is strictly feed-forward. The FIR difference equation, which describes the relationship between the input and output signals, is as follows in Eq. (2): Additionally, it can be expressed as where x(n) and y(n) signify the input and output signals, respectively, bi denotes the filter coefficients, and N is the filter order [21].

FIR filter design
Data flow graph for low-pass 3 rd -order broadcast FIR filter are shown in Fig. 4. For designing, we are using MATLAB-FDA as the synthesis tool to create these casual low pass filters; the design specifications are shown in Table 2. As   Table 3, the transfer function value varies according to the specification. Kaiser's magnitude and phase plots are depicted in Fig. 5a, b, respectively [25].

Kaiser window
Kaiser window creates a prominent central peak. It reduces side lobes and increases the width of the transition band as given by Eq. (4).
where Io(x) is the modified zeroth-order Bessel function and α is the adjustable parameters [26].

ADPLL's digital control oscillator (DCO)
DCO is a modified oscillator that modulates the frequency of a signal using the loop-filter output [17]. They adjust their frequency depending on the loop filter's output. The DCO circuit diagram for the ADPLL is shown in Fig. 6. In Fig. 6, the beginning value of T, a TFF input, is "0". Whether the initial value is toggled is determined by the applied Clk signal [10]. The ID Clk, which equals 2Nfo, is the clock signal in the DCO circuit, and the 4-bit carry(0) to carry (3) signal is the output of the FIR filter. Furthermore, Divide by N-counter also produces an output that is dependent on the supply original signal. DCO [16] provides IDout as the final output. Figure 7 illustrates a pulse generator circuit [10] comprised of a chain of 51 inverters that are used to generate pulse signals in our design. Figure 8 illustrates the proposed ring oscillator [10], which contains an odd number of NOR gates and is used in our novel TRNG design.

Post-processing
The primary property of a True random number generator is its non-bias random output, but this output is often skewed, implying that '0's and '1's don't emerge with the same probability. TRNGs that are cryptographically stable should be completely random. As a result, we propose that all TRNGs built using this technique include some    kind of bias reduction. Since the generated sequence is not stochastic due to bias factors, post-processing is often needed. The purpose of post-processing is to ensure that the sampler's outcome is unbiased. Post-processing function can be added to the generator's production. There are several well-documented strategies for reducing bias. The development of the post-processing algorithms, on the other hand, necessitates the deployment of extra hardware resources as well as a methodology based on techniques such as [27]: (1) Von Neumann corrector-based comparison is carried out to determine whether or not the two bits are different: If they are distinct, just one of them is used to create the final digital bitstream sequence, with the other bitstream sequence getting rejected; if they are not, both bits are used to create the output bitstream, with the other bitstream being ignored. (2) XOR corrector where two consecutive generated bits are subjected to XOR reduction operation, which reduces the output bit rate while improving the bias of uncorrelated bits. One of the famous examples is the XOR corrector technique which is used in our design as shown in Fig. 9. Additionally, the XOR corrector eliminates bias and provides tolerance for environmental changes. The disadvantage is that this feature lowers the TRNG's efficiency by a factor of m, in which 'm' is the distance between the shift registers [28].

TRNG architecture implementation using ADPLL based on FIR as loop filter
TRNG based on PLL consumes more power and occupies a larger space [29] than TRNG based on ADPLL. TRNGs may be fully synthesized and optimized in a short amount of time due to their extensive digital design based on ADPLL. Moreover, two ADPLLs provide more seeds of entropy than a single ADPLL-based design, which results in more random and stochastic noise and aids in the creation of highly secure TRNG architecture. The proposed architectures employing FIR-based ADPLLs, TRNG design are denoted as (FAT-1) as shown in Fig. 10. Here FPGA system clock which is equal to 100 MHz is transmitted to the pulse generator. Now, a 50-MHz center frequency (fo) output is generated by a pulse generator circuit, whose pulsating output oscillates between two levels of a voltage indicating true and false [10] as the input of the proposed ring oscillator. The output of the proposed ring oscillator is passed as input to ADPLL1 and    ADPLL2, resulting in IDout1 of 400 MHz for ADPLL1 and IDout2 of 400 MHz for ADPLL2. Following an XOR operation between the output of ADPLL1 and the feedback loop signal, the result is delivered to DFF1 as a data signal. Simultaneously, IDout2 which is an output of ADPLL2 is used as the clock signal of DFF1 and is also used as input of divide by two counter, whereas the DFF1 is reset using the outcome of the divide by two counter. To achieve the metastability state of FF, the feedback loop control manages the phase difference between the DFF1 clock and data signal appropriately. At the first step, the metastability criterion is satisfied by the DFF1. On the other hand, the second FF of the two-state shift register, i.e., DFF2, is utilized to prevent metastability propagation, resulting in a consistent logic level of one (1) or zero (0). However, to eliminate slight bias variations, the established raw random bit condition at the output of DFF2 random entropy can be improved further by applying an XOR-corrector post-processing resulting in an unbias output random bit. Thus, the proposed TRNG has generated a throughput of 200 Mbps. Simultaneously, Fig. 11 illustrates another proposed TRNG architecture with FIR-ADPLL's, TRNG as (FAT-2).
In comparison with FAT-1, FAT-2 utilized four DFFs and two XORs which maximized the statistical unpredictability of the proposed TRNGs output bitstream. For FAT-2 design, the center frequency of 50 MHz is fed as an input of both ADPLL1 and ADPLL2. IDout1 and IDout2 both with 400 MHz are produced by ADPLL1, whereas IDout3 with 400 MHz is produced from ADPLL3. Subsequently, after passing to the different metastable states of FF and performing XOR operations, the entropy thus produced is mixed random sequence combination product of ADPLL jitters and metastability state of FF. The raw random bit sequence generated is applied for the post-processing unit in Fig. 9 to improve the overall stochastic nature of the output random bit. An overall throughput of 200 Mbps is generated from the proposed TRNG (FAT-2) as an output random bit with reduced bias properties.

FPGA implementation of TRNG architecture based on ADPLL's
The experiment is conducted using an Artrix-7 FPGA board (XC7A35T-CPG236-1), and the output waveform is captured using a digital storage oscilloscope (DSO-X3012A). Table 4 gives the FPGA pin details for implemented TRNG based on ADPLL. Figure 12 depicts a block diagram of the pre-processing setup. Figure 13 illustrates the experiments' preparatory setup for an ADPLL-based TRNG experiment. The output is assigned to JB1:A14, which is connected to the DSO's live probe, and to JB5:GND, which is connected to the ground probe. Table 5 represents synthesis results of the implemented TRNG based on ADPLL.

Pre-processing experiment setup used in designing TRNG
The reliability of the random number generated by the proposed TRNG's design is verified using a set of statistical procedures. A digital storage oscilloscope (DSO-X3012A) was used to capture the random bitstream's generated output waveform and to analyze the jitter produced by the various entropy sources. Using (VHDL), VHSIC Hardware Description Language random bits generated by the TRNG architecture are stored in a text file.
To assure unpredictability, random numbers from the series are subjected to NIST tests using MATLAB version R2015a. A sequence with a P-value ≥ of 0.001 is deemed to pass the NIST test [30]. Table 6 for FAT-1 and Table 7 for FAT-2 exhibit the NIST test results for the TRNG's design, proving that the generated sequence is truly a random bit sequence. The proposed TRNG (FAT-1) is depicted schematically in Fig. 14, while the TRNG (FAT-2) is depicted schematically in Fig. 15. All schematic diagrams were created with Vivado v.2015.2 and simulated on an XC7A35T-CPG236-1 device (Artrix -7) FPGA board. As the number of slice LUTs utilized by proposed FAT-1 TRNG is zero, so the area (LUTs) of FAT-1 designed is n/a as shown in Table 5.
The TRNG output waveforms captured by DSO are depicted in Figs. 16 and 17.
The NIST test evaluates the resulting bitstream's randomness and statistical features, providing critical evidence for the randomness of TRNG's based on ADPLL with FIR as loop filter.

Comparison between proposed TRNG based on ADPLL with existing TRNG's
The performance of various TRNGs is compared in Table 8, as is the synthesis report's comparison of various TRNG architectures in Table 9. Our proposed design made better use of available hardware resources. Additionally, the power consumption of FAT-1 is 0.072 W and FAT-2 is 0.074 W, which is significantly less than that of other literature. Even though fewer hardware resources and lower power consumption are used, the overall throughput of the design remains unaffected, as shown in Table 9 producing 200 Mbps of both the designs even after post-processing. The author of [6] discusses a TRNG based on PLL and other FPGA primitives. The primary source of entropy is jitter from PLLs and metastability from FF's. The author claimed that the proposed design would consume less power and take up less space but achieving a throughput of 100 Mbps. However, PLL consumed more power and took up more space [29] than ADPLL, which means  that ADPLL-based designs are far superior when designing a reliable TRNG, while in [32], ring oscillators are used to generate jitters, and an auxiliary source of randomness (ASR) is used to increase the efficiency of the outcome bitstreams, which greatly aids in increasing the degree of unpredictability of TRNG, as the author claims. According to the author of [34], a chaotic ring oscillator-based TRNG can be designed to be simple, resource-efficient, and reliable while still achieving a throughput of 125 Mbps. In comparison with the proposed TRNG architecture, [37] utilizes more number of LUTs and achieves lower throughput. In [35], a prototype chip with a throughput of 10 Mbps was fabricated using a standard digital 0.018 m n-well Complementary Metal Oxide semiconductor (CMOS) process. As described in [12], based on the designed technique in 2-/spl mu/m CMOS technology that generates bit rate sequences up to 1.4 MHz. [39] used typical 0.18-/ spl mu/m n-well CMOS to fabricate a model with a clock speed of 10 MHz. A prototype has been designed and fabricated in [38] using HHNEC's 0.25 m e-flash processes with a double ring oscillator. The proposed fabricated prototype achieved 125 Mbps throughput. Our proposed TRNG architectures are written in VHDL and incorporated on the (XC7A35T-CPG236-1) FPGA board, resulting in a significant increase in overall speed compared to the existing TRNG architecture. Since our proposed design uses fewer LUTs and FF, the design complexity is reduced compared to existing TRNG architectures.

Conclusion
By utilizing all of the seed entropy generated by the ADPLL, flip-flop, and other hardware resources, a more secure and reliable TRNG is generated. Furthermore, a TRNG based on ADPLL generated a more secure random bitstream. Despite their high cost and equipment dependence, TRNGs are preferred and utilized in a wide variety of applications that demand a high level of security, such as secure communication and cryptography. We were able to reduce power consumption and use fewer hardware resources (zero LUT for FAT-1 and one LUT for FAT-2) while maximizing the performance of the FPGA board by introducing FIR-based ADPLL into the TRNG designs, as shown in Table 8. Digital storage oscilloscopes are used to capture and analyze the output waveform (DSO-X3012A). The  implementation and simulation are carried out on a Xilinx artrix-7 (XC7A35T-CPG236-1) FPGA board using Vivado v.2015.2. Following post-processing, both designs generate a throughput of 200 Mbps with a power consumption of 0.072 W for FAT-1 TRNG and 0.074 W for FAT-2 TRNG. The data bitstream generated after post-processing passed the National Institute of Standards and Technology (NIST) test which shows a high degree of randomness. With this work, the future of securing security via the usage of FIR-based ADPLL -TRNG's technologies appears to be bright, making it a more reliable and secure contender for a large range of applications like cybersecurity, banking security, Internet of Things, and Internet of Everything (IOE), etc.
Acknowledgements The author wishes to express his heartfelt appreciation to Dr. Manoj Kumar for his invaluable support and unwavering guidance throughout the writing of this paper.
Author contributions All authors contributed equally.
Funding Not applicable.

Conflict of interest
The authors have no conflicts of interest to declare. All co-authors have seen and agreed with the contents of the manuscript. We certify that the submission is original work and is not under review at any other publication.
Consent to participate Not applicable.

Consent for publication Not applicable.
Human or animal rights This article does not contain any studies with human participants or animals per-formed by any of the authors.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http:// creat iveco mmons. org/ licen ses/ by/4. 0/.