

Coordina

Partne

Partner

Even Numbers of a Telephone Directory 1960

Random Distribution of 40,000 Squares using the Odd and

François Morellet

Partner





## In-Silico generation of random bit streams



# the value of unpredictability

|      | Organization                                       | Organization                      | Massimo<br>Organization      | Cacci                         | <b>a</b><br>Contact person email                      |
|------|----------------------------------------------------|-----------------------------------|------------------------------|-------------------------------|-------------------------------------------------------|
|      | full name .<br>UNIV                                | short name /                      | l'Insubria                   | person<br>name n              | dom Power s.r.l.                                      |
| ator | Università<br>degli Studi<br>dell'Insubria         | UNINS/<br>1999855334300 C         | University<br>O.CACCIA       | Massimo<br>r Parciao r        | massimo.caccia@uninsubria.it<br>MPOWEI.EU             |
| er 2 | AGH-<br>University of<br>Science and<br>Technology | AGH/<br>999844573                 | University                   | Wojciech<br>ewicz             | kucewicz@agh.edu.pl                                   |
| er 3 | Nuclear<br>Instruments                             | NI/904737916                      | SME                          | Abba                          | abba@nuclearinstruments.eu                            |
| er 4 | Quantum<br>Financial                               | QFA/<br><b>(194273992S p</b><br>H | SME<br>rogram in<br>ong Kong | Marcello<br>Fapeicl<br>Jan. 2 | marcello.esposito@outlook.it<br>e Physics 2024<br>4th |







#### FALLING WALLS VENTURE









]









# 1. introduction: WHAT FOR?

"Differential privacy makes it possible for tech companies to collect and share aggregate information about user habits, while maintaining the privacy of individual users."

#### there is definitely a hype about Random bit streams, not only for crypto but also for gaming, virtual reality, Monte Carlo simulations, IoT, Satellite communication &control and notably Privacy Preservation Procedures

#### **a 2020 paper by the U.S. Census Bureau:**

#### **Randomness Concerns When Deploying Differential Privacy**

Simson L. Garfinkel US Census Bureau Suitland, MD simson.l.garfinkel@census.gov

Philip Leclerc US Census Bureau Suitland, MD philip.leclerc@census.gov

true data. Thus, while the data for the Decennial Census can be stored in a few tens of gigabytes, protecting its output statistics will require the DAS to use roughly 90TB of random data.

#### **a 2023 article on FORBES:**

Challenges Of Zero-Knowledge Proof Technology For Compliance



Alexander Ray Forbes Councils Member

Forbes Business Council COUNCIL POST | Membership (fee-based)

Problem 2: Vulnerability To Random Number Generator Attacks



#### 2 o f

# HOW TO GENERATE AN UNPREDICTABLE RANDOM NUMBER?

It is always nice to consider an artist's point of view:

"With Random Distribution, the purpose of my system was to cause a reaction between two colours of equal intensity. I drew horizontal and vertical lines to make 40,000 squares. Then my wife or my sons would read out the numbers from the phone book (except the first repetitive digits), and I would mark each square for an even number while leaving the odd ones blank. The crossed squares were painted blue and the blank ones red. For the 1963 Paris Biennale I made a 3-D version of it that was shown among the Groupe de Recherche d'Art Visuel installations (and re-created it again on different occasions). I wanted to create a dazzling fight between two colours that shared the same luminosity. This balance of colour intensity was hard to adjust because daylight enhances the blue and artificial light boosts the red. I wanted the visitors to have a disturbing experience when they walked into this room – to almost hurt their eyes with the pulsating, flickering balance of two colours. I like that kind of aggression."

excerpt from https://www.tate.org.uk/context-comment/articles/65-38-21-4-72





François Morellet (1926-2016) Random Distribution of 40,000 Squares using the Odd and Even Numbers of a Telephone Directory 1960 RINDOM MOMA, New York





# 2. the essence of random number generation: HOW TO GENERATE AN UNPREDICTABLE

# HOW TO GENERATE AN URANDOM NUMBER?

#### PRNG

(PseudoRandom Number Generators) are essentially a piece of software code ⇒ they deterministic and in principle

predictable

$$x_n\equiv ax_{n-1}+b\ (mod\ m)$$

an example of linear congruential generator

# J. Von Neumann: Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.

Von Neumann, John (1951). "Various techniques used in connection with random digits" (PDF). National Bureau of Standards Applied Mathematics Series. **12**: 36–38.

### TRNG

#### (True Random Number Generators) are essentially coin flipping, namely get bits out observing unpredictable natural phenomena



http://glee.wikia.com/wiki/File:281735\_1342370254-coin-flip.gif.gif



#### 2. the essence of random number generation:

# HOW TO GENERATE AN UNPREDICTABLE RANDOM NUMBER?

#### PRNG

(PseudoRandom Number Generators)

Fast, cheap & reasonably easy. However:

software Random Number Generation is PSEUDO
 code can be bugged
 and it may have a BACKDOOR

Attack Trends Editor: David Ahmad, drma@mac.cr

#### Two Years of Broken Crypto

Debian's Dress Rehearsal

2006

| HOWE PAGE | TODAT S PAPER    | VIDEO                    | WOST P                                 | OFOLAR                                         | U.S. Edition                                    |                                                            |                                                  |                                                      |                                           |                                    | Casada A                                   |                          |             |       |
|-----------|------------------|--------------------------|----------------------------------------|------------------------------------------------|-------------------------------------------------|------------------------------------------------------------|--------------------------------------------------|------------------------------------------------------|-------------------------------------------|------------------------------------|--------------------------------------------|--------------------------|-------------|-------|
| Ehe New   | York Eimes       |                          |                                        |                                                | U                                               | .S.                                                        |                                                  |                                                      |                                           |                                    | Search A                                   |                          | s.com       | Go    |
| WORLD U   | J.S. N.Y. / REGI | N BUS                    | SINESS                                 | TECHNOI                                        | LOGY SCIE                                       | ICE HEALTH                                                 | SPORTS                                           | OPINION                                              | ARTS                                      | STYLE                              | TRAVEL                                     | JOBS                     | REAL ESTATE | AUTOS |
| POLITICS  | EDUCATION        | EXAS                     |                                        |                                                |                                                 |                                                            |                                                  |                                                      |                                           |                                    |                                            |                          |             |       |
|           | Sec              | ocumen                   | <b>OCU</b><br>Its show                 | ment<br>v that the g                           | <b>IS Reve</b><br>N.S.A. has l<br>lustry to wea | al N.S.<br>een waging a<br>ken encryptic                   | <b>A. Car</b><br>war agains                      | npaig<br>t encryptio<br>ls, making o                 | n Ag<br>n using<br>lesign c               | a battery                          | of method                                  | ypti<br>ls that<br>aphic | on          |       |
|           | Sec              | ocumen<br>nclude<br>soft | OCU<br>nts shov<br>working<br>tware, a | ment<br>v that the<br>g with ind<br>and pushir | N.S.A. has l<br>lustry to wearing internation   | al N.S.A<br>een waging a<br>ken encryptic<br>nal encryptic | A. Car<br>war agains<br>n standard<br>n standard | npaig<br>t encryptio<br>ls, making c<br>s it knows i | n Ag<br>n using t<br>lesign c<br>t can br | a battery<br>hanges to<br>eak. Rel | of method<br>o cryptogra<br>ated Article » | yptions that aphic       | on<br>201   | 3     |

changes to commercial software to weaken encryption, and lobbying for encryption standards it can crack.

#### TRNG

#### (True Random Number Generators)

Extracting bits from the observation of natural phenomena is not trivial and you may suffer from

"coin bias" by the embodiment of a great principle

weakness against environmental parameters

- a significant "attack surface", conditioning the device in use
- low bit rate





2

#### Random Power principle: GO QUANTUM! t h e 3

# HOW DO WE DO IT?

Inspired by Forrest Gump, we say:

#### **RADIOACTIVE IS AS RADIOACTIVE DOES**

emission by a radioactive source is due to the quantum laws of Nature

decays of unstable nuclei are unpredictable

the sequence of detected decays can be used to generate random bits with different recipes:

- Check the parity of the number of pulses in a time window
- pre-define the time window in a way that is equally like to have or not to have a single pulse

The idea behind handy, cost effective, simple, robust, providing sequences of pulses mimicking radioactive decays.



Sequence of pulses by the decay of a radioactive source in a nuclear physics detector

# is to replace a radioactive source with something safer, more





#### > The generator, an array of Single Photon Avalanche Diodes, namely p-n junctions operated beyond the breakdown voltage:

A pioneering development by Prof. S. Cova at Politecnico di Milano

Cova, S., Ghioni, M., Lacaita, A. L., Samori, C., and Zappa, F. "Avalanche photodiodes and quenching circuits for single-photon detection", Applied Optics, 35(12), 1956–1976 (1996)



#### Simulation of an avalanche development



- Very shallow p-n junction  $\rightarrow \sim 1 \, \mu m$
- High electric field
- Mean free path

→ > 3 x 10<sup>5</sup> V/cm **→** ≈ 0.01 µm

Courtesy of Ivan Rech, Politecnico di Milano [50 µm cell size]

Multiplication by about 1 000 000



Photon induced charge carrier generation RNDOM POWER





#### The name of the game: charge carriers can be generated "spontaneously", also when no light is illuminating the sensor

#### A lesson from the past, when this was known since the early days of the Silicon technology development:

#### 1. INTRODUCTION

MOST reverse biased p-n junctions in silicon have their avalanche breakdown caused by microplasma effects. Microplasmas are small regions within the junction,<sup>1</sup> where a local disturbance of the electrical field is believed to reduce the breakdown voltage to a value below the breakdown voltage of the surrounding uniform junction.<sup>2-5</sup> As voltage is increased from low values microplasma breakdown is generally characterized by random "on-off" current fluctuations so long as currents remain below a critical value (40 to 120  $\mu$ A).<sup>6-8</sup>







from paper

PHYSICAL REVIEW

VOLUME 94, NUMBER 4

MAY 15, 1954

#### Avalanche Breakdown in Silicon

K. G. MCKAY Bell Telephone Laboratories, Murray Hill, New Jersey (Received December 23, 1953)

JOURNAL OF APPLIED PHYSICS

ROLAND H. HAITZ<sup>†</sup>

(Received 5 November 1963)

FIG. 5. Avalanche current as a function of time at low temperatures. The group character of the avalanche pulses is obvious.

The complex current fluctuations observed in connection with microplasma breakdown can be explained by a simple model containing two constants: extrapolated breakdown voltage  $V_b$  and series resistance  $R_s$ ; and two continuous probability functions: turnoff probability per unit time  $p_{10}(I)$  as a function of pulse current I and turn-on probability per unit time  $p_{01}$ . Experimental methods allowing an accurate measurement of these four quantities are described. The new concept of an extrapolated breakdown voltage  $V_b$  is discussed based on two independent measurements: one of secondary multiplication and the other of instantaneous current, both as a function of voltage. Within the experimental accuracy of 20 mV both methods extrapolated to one and the same breakdown voltage. The turnoff probability  $p_{10}(I)$  is determined by a new combination of experimental techniques to cover the current range from 5 to 70  $\mu$ A with a variation of 11 decades for  $p_{10}(I)$ . The observation of a narrow turnoff interval is explained quantitatively.

VOLUME 36, NUMBER 10 F APPLIED PHYSICS

#### Mechanisms Contributing to the Noise Pulse Rate of Avalanche Diodes<sup>\*</sup>

ROLAND H. HAITZ

Shockley Research Laboratory, Semiconductor Division of Clevite Corporation, \$ Palo Alto, California (Received 16 November 1964)

#### Model for the Electrical Behavior of a Microplasma\*

VOLUME 35, NUMBER 5

Shockley Laboratory, Clevite Corporation Semiconductor Division, Palo Alto, California

2



#### The name of the game: charge carriers can be generated "spontaneously", also when no light is illuminating the sensor, by quantum tunnelling



Fig. 8. Representation of the different sources of primary dark events and their location in the SPAD structure.

after A. Gola, C. Piemonte, NIM A926 (2019) 2-15

#### Key issues:

#### \* the Dark Count Rate is O(1 KHz)/cell, 50 µm pitch (it may be higher for SPAD arrays in CMOS technology)

- \* provided the nature of the Dark Pulses, we have a significant dependence on Temperature
- \* forget-me-not: the Over-voltage is affecting the triggering probability

#### Thermal generation of carriers by states in the bang-gap

(Shockley-Read-Hall statistics), where trapping and de-trapping is increased by the high electric field in the junction. The **Generation rate** can be written as:

$$\vec{\sigma} = \frac{n_i}{2 \cdot \cosh\left(\frac{E_0 - E_t}{kT}\right)} N_t \sigma v_{th} = \frac{n_i}{\tau_{g0}}$$

 $E_0 =$  Fermi level E<sub>t</sub> = trapping level  $n_i$  = intrinsic carrier concentration N<sub>t</sub> = trapping concentration  $\sigma$  = trapping cross section v<sub>th</sub> = thermal velocity







#### the Random Power principle: 3.

This is the essence of

# RIND0M

providing virtually endless streams of

shielded against any bias by the fundamentals of **Quantum Mechanics** 



- Italian Patent granted in Sept. 2020
- EU patent granted in 2022
- first iteration in the US and Japan
- still in the examination phase in China & South Korea (since April 2021)

A genuine Q(quantum)-True Random Number Generator, namely a Quantum Coin Flipper

RANDOM BITS -> CRYPTOGRAPHIC KEYS









#### The essence of Random Power: turning unpredictable "Dark Pulses" into bits

1. tag & time stamp the occurrences of the random pulses

#### 2. analyse the time series of the pulses:



 $\rightarrow$  Easy to see that ANY systematics in "time stamping" (e.g. dead time, granularity and phase wrt a continuous clock) implies a possible systematics in the bit generation





\*bit 1: Δt<sub>12</sub> vs Δt<sub>34</sub> \*bit 2: Δt<sub>23</sub> vs Δt<sub>45</sub> \*bit 3: Δt<sub>56</sub> vs Δt<sub>78</sub> \*bit 4: Δt<sub>67</sub> VS Δt<sub>89</sub>





#### do it?a how do we 4

#### **Phase II:**

submission Sept. 20th, 2021

notification of approval Jan. 31st, 2022

- Duration: May 2022 to August 2024
- ▶ funding: 2 MEUR
- selection & competitiveness:

#### 1211 submissions in Phase 1 → 170 approved → 87 submissions for phase II (68 R&D proposals) → 18 R&D approved





combined success rate: 18/1211 = 1.5%, so we did well!



#### it?a collaborative effort 5. d o h o w d o w e



#### **Our consortium:**





leading party











Organization short nome

Organization  $t_{\rm vn}$ <sup>1</sup>

Contact norgon

weeroc

**Contact person email** 



Μ POVER

18 man-years dedicated to the project







# 4. state-of-play: THE SINGLE GENERATOR BOARD



3.5 cm

#### Main output of the

ATTRACT Phase I project (May 2019-Oct.2020)



| Dimensions [cm <sup>2</sup> ] | 8x3.5                                                                                                                                                       |
|-------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
| No. generators                | 1 array                                                                                                                                                     |
| Raw bit stream:               | 100 kbps                                                                                                                                                    |
| NIST DRBG output              | NA                                                                                                                                                          |
| (SP800-90 A,B,C)              |                                                                                                                                                             |
| Control:                      | Xilinx Spartan 7                                                                                                                                            |
| I/O:                          | USB or bits-on-pin                                                                                                                                          |
| Power supply:                 | through the USB (5V, 0.5A)                                                                                                                                  |
| Power consumption:            | <2.5W                                                                                                                                                       |
| Encryption                    | No                                                                                                                                                          |
| of the bit stream:            |                                                                                                                                                             |
| Specific Features:            | <ul> <li>Firmware implemented Real-Time sanity<br/>checks (MONOBIT and RUNS)</li> <li>Auxiliary post-processing through a SHA256<br/>function</li> </ul>    |
|                               |                                                                                                                                                             |
| State of<br>development:      | <ul> <li>Completed</li> <li>Full qualification of 2 Tb through the NIST and<br/>TESTU01 protocols</li> <li>Single board control through a GUI or</li> </ul> |
|                               | mini-farm control implementing also the NIS<br>DRBG procedure (SP800-90 A,B,C)                                                                              |







# 4. state-of-play: THE SINGLE GENERATOR BOARD





8 cm



Upon request, bits can be routed on pins

**FTDI chip for data routing on the USB** 

FPGA embedding a proprietary TDC and implementing the bit extraction + real-time sanity checks (MONOBIT&RUNS) + conditioning function (SHA-256)

**Amplification & discrimination** 

**Single generator** (either 1x1 mm2 or 3x3 mm2 - Bit rate for the smaller area device: O(100 kbps) - operated with overvoltage stabilisation against Temperature variations





|            |                |              |               |                                                                                                                                                                                                             |                |                |              |               | fina       | lAnalysisRe          | port_PART2.t> | ĸt                              |
|------------|----------------|--------------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|----------------|--------------|---------------|------------|----------------------|---------------|---------------------------------|
| RES        | ULTS           | FOR          | THE           | UNI                                                                                                                                                                                                         | FORM           | LTY (          | DF P-        | -VALI         | JES A      | AND THE PR           | OPORTION OF   | PASSING SEQUENCES               |
| Tes        | genei<br>tFW8_ | rato<br>_4Bi | r is<br>tNoRe | <td>sers,<br/>pe_10</td> <td>/luca<br/>GB_Pa</td> <td>a/Do<br/>art2</td> <td>cumen<br/>bin:</td> <td>nts/F<br/>&gt;</td> <td>Random_Pow</td> <td>er/ProgramAn</td> <td>dTechnical/ATTRACT_Eu_Board_Fw8</td> | sers,<br>pe_10 | /luca<br>GB_Pa | a/Do<br>art2 | cumen<br>bin: | nts/F<br>> | Random_Pow           | er/ProgramAn  | dTechnical/ATTRACT_Eu_Board_Fw8 |
| C1         | C2             | С3           | C4            | C5                                                                                                                                                                                                          | C6             | С7             | С8           | С9            | C10        | P-VALUE              | PROPORTION    | STATISTICAL TEST                |
| 100<br>97  | 110<br>102     | 95<br>94     | 93<br>103     | 90                                                                                                                                                                                                          | 90<br>97       | 114<br>105     | 101<br>106   | 98<br>102     | 109<br>87  | 0.682823<br>0.941144 | 986/1000      | Frequency<br>BlockFrequency     |
| 95<br>94   | 95<br>112      | 101          | 100           | 113                                                                                                                                                                                                         | 106            | 93<br>89       | 100          | 89<br>123     | 108        | 0.842937             | 989/1000      | CumulativeSums                  |
| 100        | 93<br>01       | 91<br>96     | 112           | 93<br>121                                                                                                                                                                                                   | 112            | 99<br>85       | 110          | 101           | 89<br>116  | 0.647530             | 992/1000      | Runs                            |
| 100        | 104            | 89<br>103    | 110           | 97<br>85                                                                                                                                                                                                    | 88<br>94       | 126            | 84<br>100    | 99<br>106     | 103        | 0.148653             | 992/1000      | Rank                            |
| 104<br>111 | 98<br>98       | 91<br>112    | 89            | 104                                                                                                                                                                                                         | 90<br>95       | 110            | 100          | 115           | 95<br>98   | 0.632955             | 987/1000      | NonOverlappingTemplate          |
| 111        | 100            | 93<br>110    | 94<br>101     | 101                                                                                                                                                                                                         | 109            | 93<br>93       | 87<br>103    | 117           | 95<br>101  | 0.514124             | 986/1000      | NonOverlappingTemplate          |
| 93<br>84   | 112            | 93<br>101    | 101           | 91<br>86                                                                                                                                                                                                    | 89<br>110      | 94<br>111      | 99           | 115           | 111        | 0.498313             | 989/1000      | NonOverlappingTemplate          |
| 114        | 92             | 98           | 96<br>101     | 105                                                                                                                                                                                                         | 105            | 101            | 100          | 83<br>105     | 106        | 0.682823             | 992/1000      | NonOverlappingTemplate          |
| 90         | 93<br>109      | 97<br>98     | 107           | 99<br>116                                                                                                                                                                                                   | 89<br>104      | 100            | 116          | 105           | 101        | 0.689019             | 994/1000      | NonOverlappingTemplate          |
| 88         | 93             | 103          | 101           | 112                                                                                                                                                                                                         | 104<br>94      | 111            | 99<br>07     | 100           | 99<br>93   | 0.829047             | 988/1000      | NonOverlappingTemplate          |
| 90<br>108  | 97             | 97           | 103           | 84                                                                                                                                                                                                          | 94             | 101            | 97<br>101    | 93<br>91      | 120        | 0.388990             | 988/1000      | NonOverlappingTemplate          |

#### series of tests on non-overlapping templates

| 80                                                           | 98   | 115  | 100  | 98    | 115   | 107   | 91    | 83   | 113   | 0.106877    | 993/1000      | OverlappingTemplate     |
|--------------------------------------------------------------|------|------|------|-------|-------|-------|-------|------|-------|-------------|---------------|-------------------------|
| 86                                                           | 116  | 121  | 101  | 91    | 87    | 96    | 101   | 87   | 114   | 0.084037    | 990/1000      | Universal               |
| 97                                                           | 90   | 107  | 116  | 110   | 95    | 103   | 93    | 92   | 97    | 0.668321    | 987/1000      | ApproximateEntropy      |
| 70                                                           | 62   | 54   | 60   | 55    | 66    | 60    | 63    | 77   | 65    | 0.668486    | 626/632       | RandomExcursions        |
| 62                                                           | 69   | 58   | 70   | 58    | 61    | 56    | 71    | 63   | 64    | 0.909311    | 626/632       | RandomExcursions        |
| 60                                                           | 53   | 59   | 62   | 76    | 72    | 60    | 59    | 66   | 65    | 0.681642    | 620/632       | RandomExcursions        |
| 70                                                           | 64   | 83   | 45   | 62    | 69    | 70    | 65    | 51   | 53    | 0.040275    | 622/632       | RandomExcursions        |
| 66                                                           | 69   | 69   | 73   | 73    | 73    | 38    | 49    | 52   | 70    | 0.009611    | 627/632       | RandomExcursions        |
| 65                                                           | 52   | 67   | 82   | 68    | 54    | 51    | 63    | 72   | 58    | 0.136536    | 627/632       | RandomExcursions        |
| 61                                                           | 55   | 60   | 72   | 66    | 71    | 67    | 56    | 55   | 69    | 0.711017    | 626/632       | RandomExcursions        |
| 47                                                           | 61   | 62   | 58   | 71    | 63    | 71    | 61    | 68   | 70    | 0.553450    | 625/632       | RandomExcursions        |
| 60                                                           | 57   | 66   | 62   | 58    | 61    | 67    | 67    | 73   | 61    | 0.941564    | 624/632       | RandomExcursionsVariant |
| 60                                                           | 70   | 43   | 60   | 64    | 58    | 58    | 88    | 64   | 67    | 0.030676    | 622/632       | RandomExcursionsVariant |
| 66                                                           | 58   | 51   | 65   | 51    | 61    | 72    | 72    | 71   | 65    | 0.447593    | 624/632       | RandomExcursionsVariant |
| 63                                                           | 67   | 59   | 46   | 67    | 60    | 68    | 70    | 73   | 59    | 0.483876    | 623/632       | RandomExcursionsVariant |
| 61                                                           | 67   | 58   | 69   | 63    | 74    | 48    | 60    | 66   | 66    | 0.615645    | 624/632       | RandomExcursionsVariant |
| 75                                                           | 62   | 63   | 58   | 63    | 55    | 66    | 54    | 71   | 65    | 0.717488    | 624/632       | RandomExcursionsVariant |
| 68                                                           | 63   | 66   | 54   | 57    | 65    | 63    | 67    | 56   | 73    | 0.827336    | 620/632       | RandomExcursionsVariant |
| 75                                                           | 54   | 64   | 57   | 65    | 64    | 56    | 62    | 64   | 71    | 0.733547    | 623/632       | RandomExcursionsVariant |
| 76                                                           | 68   | 70   | 56   | 55    | 50    | 66    | 52    | 64   | 75    | 0.176734    | 624/632       | RandomExcursionsVariant |
| 89                                                           | 63   | 57   | 59   | 59    | 55    | 58    | 68    | 63   | 61    | 0.134074    | 624/632       | RandomExcursionsVariant |
| 67                                                           | 68   | 61   | 57   | 60    | 69    | 66    | 63    | 63   | 58    | 0.979797    | 624/632       | RandomExcursionsVariant |
| 65                                                           | 64   | 62   | 71   | 58    | 68    | 67    | 53    | 60   | 64    | 0.917568    | 626/632       | RandomExcursionsVariant |
| 71                                                           | 58   | 56   | 62   | 75    | 62    | 67    | 64    | 53   | 64    | 0.701268    | 626/632       | RandomExcursionsVariant |
| 64                                                           | 71   | 49   | 62   | 61    | 69    | 69    | 59    | 59   | 69    | 0.694743    | 626/632       | RandomExcursionsVariant |
| 61                                                           | 65   | 54   | 59   | 63    | 63    | 64    | 76    | 62   | 65    | 0.879806    | 626/632       | RandomExcursionsVariant |
| 58                                                           | 55   | 57   | 67   | 65    | 66    | 54    | 66    | 76   | 68    | 0.642077    | 629/632       | RandomExcursionsVariant |
| 46                                                           | 64   | 65   | 61   | 64    | 61    | 81    | 59    | 75   | 56    | 0.150772    | 624/632       | RandomExcursionsVariant |
| 50                                                           | 56   | 65   | 67   | 74    | 67    | 51    | 63    | 73   | 66    | 0.353061    | 629/632       | RandomExcursionsVariant |
| 106                                                          | 107  | 87   | 107  | 94    | 109   | 100   | 83    | 92   | 115   | 0.352107    | 989/1000      | Serial                  |
| 105                                                          | 100  | 94   | 98   | 96    | 95    | 96    | 101   | 95   | 120   | 0.790621    | 991/1000      | Serial                  |
| 105                                                          | 97   | 89   | 101  | 96    | 106   | 92    | 112   | 105  | 97    | 0.875539    | 991/1000      | LinearComplexity        |
|                                                              |      |      |      |       |       |       |       |      |       |             |               | ,                       |
|                                                              |      |      |      |       |       |       |       |      |       |             |               |                         |
|                                                              |      |      |      |       |       |       |       |      |       |             |               |                         |
| The                                                          | mini | imum | pass | s rat | te fo | or ea | ach s | stat | istic | al test wit | th the except | ion of the              |
| random excursion (variant) test is approximately = 980 for a |      |      |      |       |       |       |       |      |       |             |               |                         |
| sam                                                          | ole  | size | = 10 | 000   | oina  | rv se | eauer | ices |       |             |               |                         |
|                                                              | _    |      |      |       |       |       |       |      |       |             |               |                         |

The minimum pass rate for the random excursion (variant) test is approximately = 618 for a sample size = 632 binary sequences.

For further guidelines construct a probability table using the MAPLE program provided in the addendum section of the documentation.



bit string:

bits in a string



#### A proto-randomness farm based on 10 boards have been collecting about 1.5 Tb, qualified through the NIST and TESTU01 suites.

- Results show that the stream looks extremely "white", essentially with no failures on the raw data beside what can be statistically expected.
- A SHA256 vetted conditioning function firmware implemented
- Two tests have been implemented in firmware to guarantee realtime sanity checks:
- \* MONOBIT: essentially testing the asymmetries between 0's and 1's in a
- \* RUNS: testing the statistics of the number of sequences of identical



















Goal of the

Phase 2 project (May 2022-Fall.2023)













| Dimensions [cm <sup>2</sup> ] | 11.1x31.2x2.0                                                                                                                                                                                                                                                                                                                                                            |
|-------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| No. generators                | 64 arrays                                                                                                                                                                                                                                                                                                                                                                |
| Raw bit stream:               | 32 Mbps                                                                                                                                                                                                                                                                                                                                                                  |
| NIST DRBG output              | 1 Gbps                                                                                                                                                                                                                                                                                                                                                                   |
| (SP800-90 A,B,C)              |                                                                                                                                                                                                                                                                                                                                                                          |
| Control:                      | Xilinx KRIA K26 SOM                                                                                                                                                                                                                                                                                                                                                      |
| I/O:                          | Eth or PCI-Express                                                                                                                                                                                                                                                                                                                                                       |
| Power supply:                 | 12V, 8A                                                                                                                                                                                                                                                                                                                                                                  |
| Power consumption:            | < 100 W (dominated by the Peltier co                                                                                                                                                                                                                                                                                                                                     |
| Encryption                    | Yes (AES-256)                                                                                                                                                                                                                                                                                                                                                            |
| of the bit stream:            |                                                                                                                                                                                                                                                                                                                                                                          |
| Specific Features:            | <ul> <li>Firmware implemented Real-Time sanity<br/>checks (MONOBIT, RUNS, Adaptive proportion<br/>test, Repetition Count Test)</li> <li>Auxiliary post-processing through a SHA256<br/>function</li> <li>Interface through the Trusted Execution<br/>Environment</li> <li>Temperature control though a Peltier cooler</li> <li>FIPS-140-3 compliant by design</li> </ul> |
| State of development:         | <ul> <li>Prototype under test</li> <li>Product grade design expected by June 2024</li> </ul>                                                                                                                                                                                                                                                                             |
|                               |                                                                                                                                                                                                                                                                                                                                                                          |

v1.0 delivered in July 2023, qualified
 v2.0, product grade, expected in May 2024









ATTRACT

Goal of the

Phase 2 project (May 2022-Fall.2023)

#### S13361-2050AE-08 by HAMAMATSU 8x8 sensors on each unit

#### Electrical and optical characteristics (Typ. Ta=25 °C, Vover=3 V, unless otherwise noted)

| rmbol | Value               | Unit  |  |
|-------|---------------------|-------|--|
| λ     | 320 to 900          | nm    |  |
| λр    | 450                 | nm    |  |
| PD5   | 40                  |       |  |
| CD    | 300<br>900          | kcps  |  |
| Ct    | 140                 | pF    |  |
| М     | $1.7 \times 10^{6}$ | -     |  |
| Vbr   | 53 ± 5              | V     |  |
| Vop   | Vbr + 3             | V     |  |
|       | 0.1                 | M     |  |
| -     | 0.3                 | V     |  |
| TVop  | 54                  | mV/°C |  |

#### Expected bit rate: 0.45 \* 300 \* 64 = 9 Mbps (I believe it can be pushed to 32 Mbps)







СЗ 2



#### S13361-2050AE-08 by HAMAMATSU

#### 8x8 sensors on each unit

#### the LIROC ASIC

| Same Alk Corner                                                                                                                                                      |                                                                                                                                                                                            |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| B 0820(mag)(F., 53/PLUS*()) ● 453<br>- 107/54145(m*27.0) ● non 663<br>= 107/54145(m*1250) ● 171-17-45<br>= 1087/5444(m*145.0) ● 1.1-17-17 453<br>353<br><u>9</u> 255 | In: Counter - 00, NER-6-F 19, 391 (24)         Type of Counter - 201 (3:3-6-<br>of 12423-02)           WC Conner - 01, 7308-6; V2, 661 (48)           WC Conner - 01, 7308-6; V2, 661 (48) |
| Power                                                                                                                                                                | 210mW (TBC) – Supply voltage : 1.2 V                                                                                                                                                       |
| Consumption •                                                                                                                                                        |                                                                                                                                                                                            |
| Inputs                                                                                                                                                               | 64 analogue inputs with independent SiPM HV                                                                                                                                                |
|                                                                                                                                                                      | adjustments                                                                                                                                                                                |
| Outputs 👔                                                                                                                                                            | 64 LVDS triggers                                                                                                                                                                           |
| 5 -22<br>F -30                                                                                                                                                       |                                                                                                                                                                                            |
| Internal                                                                                                                                                             | 64 HV adjustment for SiPM (64 x 6 bit), trigger                                                                                                                                            |
| Programmable                                                                                                                                                         | threshold programming (10bits), 64 x 7 bit                                                                                                                                                 |
| Features (I2C)                                                                                                                                                       | channel-wise threshold adjustment, ASIC-wise                                                                                                                                               |
|                                                                                                                                                                      | polarity selector, preamp gain adjustment,                                                                                                                                                 |
|                                                                                                                                                                      | individual trigger masking and cell powering.                                                                                                                                              |







CB Ы

S13361-2050AE-08 by HAMAMATSU 8x8 sensors on each unit

the LIROC ASIC

#### XILINX

Zynq UltraScale+ MPSoC (XCK26)

- APU: Arm<sup>®</sup> Cortex<sup>®</sup>-A53 based application processing unit (APU) consisting of quad-core Cortex-A53 processors with an F<sub>MAX</sub> = 1333 MHz, L2 cache, SIMD, VFP4 floating point, and cryptography extensions.
- RPU: Arm Cortex-R5F based real-time processing unit (RPU) consisting of dual-core Cortex-R5F processor with floating point unit support with an  $F_{MAX}$  = 533 MHz, able to operate in stand-alone and lock-step functions.

#### **12W power consumption**









THE CUSTOM ASIC



8 mm









| Dimensions [cm <sup>2</sup> ] | 1x1                                                                                                                                                                                                                                                                                                                                           |
|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| No. generators                | 1 array                                                                                                                                                                                                                                                                                                                                       |
| Raw bit stream:               | 1 Mbps                                                                                                                                                                                                                                                                                                                                        |
| NIST DRBG output              | 32 Mbps                                                                                                                                                                                                                                                                                                                                       |
| (SP800-90 A,B,C)              |                                                                                                                                                                                                                                                                                                                                               |
| Control:                      | SPI at 24 MHz (system clock: 66                                                                                                                                                                                                                                                                                                               |
| I/O:                          | SPI at 24 MHz                                                                                                                                                                                                                                                                                                                                 |
| Power supply:                 | 5V, 1.8V                                                                                                                                                                                                                                                                                                                                      |
| Power consumption:            | 100 mW                                                                                                                                                                                                                                                                                                                                        |
| Encryption                    | Yes (AES-256)                                                                                                                                                                                                                                                                                                                                 |
| of the bit stream:            |                                                                                                                                                                                                                                                                                                                                               |
| Specific Features:            | <ul> <li>On Silicon implementation of the NIST Real-Time sanity checks (Adaptive Proportion Test and Repetition Count Test)</li> <li>On Silicon implementation of the NIST DRBG protocol</li> <li>Package: QFN100</li> <li>FIPS 140-3 compliancy by design;</li> <li>CAVP (Cryptographic Algorithm Validation Program) in progress</li> </ul> |
| State of<br>development:      | <ul> <li>Design Completed</li> <li>Production on going</li> <li>Delivery expected by April 2024</li> </ul>                                                                                                                                                                                                                                    |

**out of the foundry in April 2024** 









# THE CUSTOM ASIC: a focus on elements of interest for the PP community





Goal of the

#### **The SPAD array:**

- **\*** 32 x 32 cells, **indexed** (!), 50 µm pitch
- **\*** 400 µm<sup>2</sup> SPAD area **[O(45%) FF in Tower's structure with no DTI**]
- **\*** active quenching
- \* 2bits/cell to tag whether "screamers" and "disabled"
- \* expected Vbreakdown: O(12.5V)
- $\Rightarrow$  expected DCR density @roomT: 20 Hz/µm<sup>2</sup> (all in all 8.2 Mcps in the array;
- mind the screamers!); note that other processes have a DCR lower by a factor 15
- $\Rightarrow$  Deep trench isolation for X-talk reduction (O(1%) at +4V)

#### **\*** FBK-IP: circuit for

- $\Rightarrow$  auto-V<sub>Br</sub> detection
- High-V generation through a charge pump
- auto excess voltage stabilisation against T & process variations





PONFL

# 4. state-of-play: THE CUSTOM ASIC: a focus on elements of interest for the PP





experimental results by test structures in one of the Tower processes



Goal of the

TTRACT Phase 2 project (May 2022-Fall.2023)

#### The SPAD array:



# THE CUSTOM ASIC: a focus on elements of interest for the PP community











- width of the pulse  $PW_{MS} < \tau_d$  (nx100 ps
- quoted in the ref. paper. 3 ns in pur implementation vs  $\tau_d$  about 30 ns)

\* "Digital Silicon Photomultipliers with OR/XOR Pulse Combining Techniques', IEEE Transactions on Electron Devices, vol. 63, no. 3, pp. 1105-1110. https:// doi.org/10.1109/TED.2016.2518301, by S. Gnecchi et al., 2016

#### Data "draining": pulse combination through an on-cell monostable driven OR tree:

- OR tree fed by pulses from a monostable circuit



#### circuitry: FBK-IP (partially patented)







### THE CUSTOM ASIC: a focus on elements of interest for the PP community **\* TDC-A** [FBK IP]; the ping-pong architecture:



- A Fully Digital 8 16 SiPM Array for PET Applications With Per-Pixel TDCs and Real-Time Energy Output, L. Braga et al. IEEE JOURNAL OF SOLID-STATE CIRCUITS, VOL. 49, NO. 1, JANUARY 2014

- A High-Throughput Time-Resolved Mini-Silicon Photomultiplier With Embedded Fluorescence Lifetime Estimation in 0.13 m CMOS, D. Tyndall et al. IEEE TRANSACTIONS ON BIOMEDICAL CIRCUITS AND SYSTEMS, VOL. 6, NO. 6, DECEMBER 2012



|   | <b>2</b> | <b>3</b> | 4 |
|---|----------|----------|---|
|   |          |          |   |
|   |          |          |   |
|   |          |          |   |
| + | +        |          | — |

- 5. stops counter 2 down and re-start counter 1 up cascade of 4 counters
- the sign of each counter (15+1 bits) determines the status of one random bit
- dead time of each up-down counting 20 ns







# THE CUSTOM ASIC: a focus on elements of interest for the Pimasenic community



#### **TDC-B** [IMASENIC IP]: a fourfold cascade of high-res resettable counters



#### Time stamping by the time of the arrival to the next leading edge of the coarse clock

- **Optimisation**:
- frequency



Gated Ring Oscillators with 248 ps cycle

- efficiency, taking into account advantages & disadvantages linked to the coarse clock

- systematics, comparing "time of arrivals" originating by the same GRO







## THE CUSTOM ASIC: beside potential interest for the PP community

#### **DCR level control (joint property of Random Power and FBK)**

through bias variation and cell enabling/disabling





**\*** AES-256 encryption of the bit stream (NAGRA-KUDELSKI IP) Chip access control via a silicon encoded key (NAGRA-**KUDELSKI IP**)



# THE CUSTOM ASIC: beside potential interest for the PP community









Entropy consumer

A Deterministic Random Bit Generator (DRBG), as of the NIST recipe

**\*** Essentially, the True Random Bits generated by Random Power are used to seed a NIST approved Pseudo Random **Bit Generator** 

\* when reseeding occurs after EVERY iteration of the Deterministic machine, you obtain the highest level of security, namely **Prediction Resistance\*** 

\* QUOTING NIST: Prediction resistance means that a compromise of the DRBG internal state has no effect on the security of future DRBG outputs.





# 4. state-of-play: BEYOND A PURE TRUE RANDOM NUMBER GENERATOR (TRNG)

**NIST Special Publication 800-90B** 

| <b>Recommendation for the Entropy</b> |
|---------------------------------------|
| <b>Sources Used for Random Bit</b>    |
| Generation                            |

**Recommendation for Random Number Generation Using Deterministic Random Bit Generators** 

How to design and test entropy sources to be **Approved DRBG mechanisms** used to feed Deterministc Random Bit **Generators (DRBG)** 

\* pre-requisites for entering the programs eventually leading to the FIPS-140-3 certification \* impacting on the design of both the ASIC, the multiple generator board and its embodiment in a "system"



**NIST Special Publication 800-90A Revision 1** 

(Second Draft) NIST Special Publication 800-90C

**Recommendation for Random Bit Generator (RBG) Constructions** 

#### **Construction of RBG from A+B**







# RND0M

www.randompower.eu

**Established in June 2021** 





This project has received funding from the ATTRACT project funded by the EC under Grant Agreement 777222



#### Join us, we will be happy to walk with you!



2020 Winner - ICT

2020 Winner of 2 "special prizes"



GIVING IDEAS THE

HIGHEST VALUE

2021 PoC investment by LifTT, a VC located in Torino (ITALY)

2022 winner @the Falling Walls venture competition for curious people: here & and there

I AM A FALLING WALLS WINNER

CONTACT US at:



<u>massimo.caccia@randompower.eu</u>

marcello.esposito@randompower.eu

\$ lorenza.paolucci@randompower.eu

