I. INTRODUCTION

CMOS true random number generators (TRNGs) serve a key role as essential components in security integrated circuits ^[1-14]. As Internet of Things (IoT) devices become more popular, it is expected that the need for lightweight CMOS TRNG circuits will grow further in the future ^[15]. Additionally, high-quality random numbers (RNs) are indispensable for stochastic computing, machine learning/deep learning, and Ising machines designed for combinatorial optimization problems ^[16-18]. For applications that require high levels of security, TRNGs are favored over pseudo-random number generators (PRNGs), which generate bit sequences with fixed patterns based on a given seed. The distinguishing feature between TRNGs and PRNGs is that TRNGs generate RNs using an entropy source based on unpredictable physical noise. CMOS TRNGs typically produce random bits leveraging device-level noise such as thermal or flicker noise. TRNG types are categorized based on their use of noise amplification ^[7], metastability ^[8], and chaotic map ^[9] as entropy sources. There are also efforts to extend functionality by combining TRNG with a physically unclonable function (PUF), a main feature in hardware security ^[10]. Further advancements include attempts to embed TRNG functionality into existing memory ^[11].

One popular type is the ring oscillator (RO) based TRNG, which leverages timing jitter ^[1-6]. The throughput of RO-based TRNGs (RO-TRNGs) is relatively low, but they are known to consume lower power and occupy a small area. Hence, RO-TRNGs are repeatedly used in power-constrained IoT and portable devices. However, for an RO to function as a good entropy source, RO-TRNGs need to be tolerant to power injection noise, and the trip voltage of the inverter is required to be well-defined ^[6]. Numerous efforts have aimed to resolve issues within conventional RO-TRNGs. In ^[2], three fundamental frequencies are initiated simultaneously in the RO and then are reduced to a single signal. The time from initiation to collapse serves as the entropy source for the TRNG. A characteristic of ^[2] is that as the number of RO stages increases, the TRNG robustness is enhanced because the oscillating signal is less likely to be affected by signal-path mismatches. However, this TRNG significantly increases power and area consumption by employing an additional RO to detect the collapse point. Other collapsing RO-TRNGs have adopted methods to modify the signal path to reduce signal-path mismatches ^[3,5]. E. Kim et al. ^[4] adopted a differential structure with feedback resistance to reduce the mismatch in the RO cell and enhance immunity to power noise.

In this paper, we propose a different structure for the collapsing RO-TRNG. Previous collapsing RO-TRNGs require additional circuits to detect the collapse cycle or face the challenge of estimating the operating frequency based on measurements [2, 3, 5]. In Section II, we present the structure of the TRNG that reduces the two ROs of the ^[2] structure to a single RO and explain its block diagram and operation. Section III provides peripheral circuits for chip measurement and the corresponding results. We conclude this paper in Section IV.

II. THE PROPOSED TRNG

1. Analysis of Collapsing RO-TRNG

We illustrate an RO of the TRNG implemented with fully digital logic (Fig. 1). The RO operates initially at a 3x frequency of steady-state RO because it generates three edges row by row due to the reset pulse. The entropy source is created by accumulating jitter during the time it takes for two of the three edges to intersect and subsequently collapse, returning to the 1x frequency. The time difference T$_{D}$ between the two edges is approximated by Barkhausen’s criteria, expressed as

(1)

$ T_{D}\approx 2/3\cdot n\cdot t_{p} $

where n represents the number of RO stages; t$_{p}$ is the average propagation delay of a NAND gate. Thus, the accumulated jitter until the occurrence of two edge collapses can be expressed as

(2)

$ \sum \left(t_{1,\mathrm{J}}+t_{2,\mathrm{J}}\right)\geq T_{D}-\sum \Delta t_{s} $

where ${\Delta}$t$_{s}$ represents the skew of the two edge signals that occur as they pass through each NAND gate. t$_{1,J}$ and t$_{2,J}$ represent the jitter for the first and second edge signals, respectively, produced by each NAND gate due to physical noise ^[3]. Hence, we can modulate by controlling the n of the T$_{D}$ to extend the average collapse time, obtaining a more unpredictable source influenced by the accumulated t$_{J}$ during the increased time. The change in n causes a proportional shift in the granularity of each row of RO, resulting in a corresponding variation in ${\Delta}$t$_{s}$ ^[2]. The jitter t\-$_{J}$, which accumulated more physical noise, inherently exhibits a more complex random walk. As T$_{D}$ increases and ${\Delta}$t$_{s}$ decreases, it becomes an excellent entropy source with an inverse Gaussian distribution.

Fig. 1. The schematic of a ring-oscillator with 3-edge collapses [2], composed of 2-NAND gates.

2. Implementation of Proposed TRNG

We depict the block diagram of the proposed TRNG (Fig. 2) and explain its operation through a timing diagram (Fig. 3). In Fig. 1, the TRNG begins its operation as an entropy source initiated by a reset pulse driven by an external clock. The RO that generates 3-edges sends its three outputs to a majority voter. A typical majority voter, composed of four NAND gates, generates a signal (MV) that maintains a constant 3x frequency regardless of the signal collapse (Fig. 3). Before the collapse, both MV and RO outputs (B[0:2]) operate at the 3x frequency and in phase. However, after the collapse of the RO, although all B[0:2] outputs transition to a 1x frequency, MV continues to maintain a 3x frequency because the phase differences among the signals remain at 60$^{\circ}$. MV is divided by half frequency (1.5x) and forwarded to a frequency detector, which compares with the RO output (B^[2]). As the 3-edges collapse, the FD signal becomes 'H'. FD signal controls a switch that determines whether the RO output is transmitted to a counter, which then accumulates the number of cycles up to the collapse time. The counter outputs are sent to an XOR + shift register array synchronized with an external clock, enhancing entropy and generating a random number ^[4]. In Fig 2, TRNG can operate in an asynchronous mode concerning the clock. In asynchronous mode, the TRNG operates autonomously at its maximum or minimum speed, which facilitates the determination of an optimal clock for measurement.

Fig. 2. Block diagram of the proposed TRNG.

Fig. 3. Timing diagram of the proposed TRNG.

III. TESTING ENVIRONMENT AND RESULTS

RO-TRNGs are vulnerable to the issue of producing fixed or specific patterned values under strong power injection attacks of specific frequencies from external sources ^[6]. We established peripheral circuits to test the TRNG against power injection attacks (Fig. 4). We implemented two separate circuits for low and high- frequency injections to test a broad range of frequencies. For low-frequency injections into the TRNG, we utilized a function generator, and to measure the amount of power being injected, a unity gain buffer was set up as a monitoring circuit. When the injected frequency exceeds several hundred megahertz, accurately injecting a specific magnitude becomes difficult. Such high frequencies are internally generated by a PLL, regulated in magnitude by a high-voltage driver, and then injected into the TRNG. The unity gain buffer tracks the common voltage, and the hysteresis comparator activates when the magnitude of the attack injected into the TRNG exceeds the TH/TL thresholds and outputs a frequency that is a quarter of the injected frequency.

We fabricated a prototype chip in 65 nm technology and showed the random bit sequence measured with an oscilloscope at 1.2 V (Fig. 5). The single RO is constructed from NAND gates arranged in 3x5 stages and occupies an area of 285 ${\mu}$m$^{2}$. Including the peripheral circuits, the total area is 702 ${\mu}$m$^{2}$. The PLL and the driver for the power attack are positioned around the TRNG core in the layout.

Fig. 6 illustrates the change in the random bit sequence of the TRNG when a power attack is injected. Two-bit streams (LSB and 5th LSB) are represented using 'black/white' to indicate the '0/1' states. Fig. 6 top shows the 1 Mbits without a power attack, while the bottom displays the bit stream during the low-frequency injection of a strong power attack with 0.6 V$_{\mathrm{PP}}$. In both cases, the LSB retains good random bits. However, the upper bits exhibit a specific pattern and lose their randomness depending on the injected frequency. We utilized the NIST randomness test to precisely evaluate the randomness of each bit stream ^[19]. The results from testing 1Mbits generated 100 times are presented in Table 1. Without a power attack, two-bit streams up to the 2nd LSB passed the NIST results, but during a power attack at the oscillating frequency of RO with 0.3 V$_{\mathrm{PP}}$, only the LSB passed.

We have summarized and compared previous TRNGs and their key features with our design (Table 2). Table 2 shows that our design has a smaller area and higher throughput than previous RO-TRNG styles.

Fig. 4. Power injection attack and monitoring circuit.

Fig. 5. Layout and measured bit stream.

Fig. 6. Bit sequences under power attack: LSB vs. upper bit.

Table 1. NIST randomness test

Table 2. Comparison with previous works

IV. CONCLUSIONS

In this paper, we introduced a collapsing RO-based TRNG composed of 15 stages using 65 nm technology, and our contributions are as follows: (i) This work is implemented entirely with digital logic and senses the 3-edge collapse moment without requiring the reference RO. (ii) Entropy source composed of a single RO has improved energy and area efficiency. (iii) We proposed a configuration of peripheral circuits for testing against externally injected power attacks, confirming the robustness of the TRNG. Evaluation results from the NIST randomness test showed that the proposed TRNG exhibited sufficient randomness performance up to the 2nd LSB. This work offers high efficiency, compactness, and excellent production capabilities, making it suitable for portable applications.