Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Optimizing Linear Correctors: A Tight Output Min-Entropy Bound and Selection Technique

Miloš Grujić, Ingrid Verbauwhede

TL;DR

A tight bound on the output min-entropy of the algorithmic post-processing module based on linear codes, known as linear correctors is derived, based on the codes’ weight distributions, and it is proved that it holds even for the real-world noise sources that produce independent but not identically distributed bits.

Abstract

Post-processing of the raw bits produced by a true random number generator (TRNG) is always necessary when the entropy per bit is insufficient for security applications. In this paper, we derive a tight bound on the output min-entropy of the algorithmic post-processing module based on linear codes, known as linear correctors. Our bound is based on the codes' weight distributions, and we prove that it holds even for the real-world noise sources that produce independent but not identically distributed bits. Additionally, we present a method for identifying the optimal linear corrector for a given input min-entropy rate that maximizes the throughput of the post-processed bits while simultaneously achieving the needed security level. Our findings show that for an output min-entropy rate of $0.999$, the extraction efficiency of the linear correctors with the new bound can be up to $130.56\%$ higher when compared to the old bound, with an average improvement of $41.2\%$ over the entire input min-entropy range. On the other hand, the required min-entropy of the raw bits for the individual correctors can be reduced by up to $61.62\%$.

Optimizing Linear Correctors: A Tight Output Min-Entropy Bound and Selection Technique

TL;DR

A tight bound on the output min-entropy of the algorithmic post-processing module based on linear codes, known as linear correctors is derived, based on the codes’ weight distributions, and it is proved that it holds even for the real-world noise sources that produce independent but not identically distributed bits.

Abstract

Post-processing of the raw bits produced by a true random number generator (TRNG) is always necessary when the entropy per bit is insufficient for security applications. In this paper, we derive a tight bound on the output min-entropy of the algorithmic post-processing module based on linear codes, known as linear correctors. Our bound is based on the codes' weight distributions, and we prove that it holds even for the real-world noise sources that produce independent but not identically distributed bits. Additionally, we present a method for identifying the optimal linear corrector for a given input min-entropy rate that maximizes the throughput of the post-processed bits while simultaneously achieving the needed security level. Our findings show that for an output min-entropy rate of , the extraction efficiency of the linear correctors with the new bound can be up to higher when compared to the old bound, with an average improvement of over the entire input min-entropy range. On the other hand, the required min-entropy of the raw bits for the individual correctors can be reduced by up to .
Paper Structure (13 sections, 4 theorems, 51 equations, 4 figures, 4 tables)

This paper contains 13 sections, 4 theorems, 51 equations, 4 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Our Contributions
  3. Preliminaries
  4. Notations and Definitions
  5. Coding Theory
  6. Previous Work
  7. Improving the Min-entropy Bound
  8. Selection of the Linear Correctors
  9. Optimal Extracting Linear Correctors
  10. Construction of Corrector Sets
  11. Practical Corrector Selection and Efficiency Comparisons
  12. Implementation Cost Criterion
  13. Conclusion

Key Result

Lemma 1

Let $C_0$ be a binary linear $\left[n, k\right]$-code, and let $\boldsymbol{e}$, HW$\left(\boldsymbol{e}\right) = l$, be a coset leader in some coset of $C_0$. Then the code $C^{\prime}_0$, obtained by deleting $l$ coordinates in which $\boldsymbol{e}$ is 1, is a binary linear $\left[n-l, k\right]$-

Figures (4)

  • Figure 1: Relation between input and output min-entropy rate according to both old and new bounds for Reed-Muller $\left[512, 130, 64\right]$ and $\left[256, 93, 32\right]$ code-based correctors. The output min-entropy rate is computed as $\mathrm{H}^{out,\, 1}_\infty = \mathrm{max} \left( \mathrm{H}^{out,\, tot}_\infty - k + 1,\, 0 \right)$, where $\mathrm{H}^{out,\, tot}_\infty = f\left(\mathrm{H}^{in}_{\infty}\right)$ is determined for both the old and the new bound. All min-entropy values are rounded to three decimals.
  • Figure 2: Performances of linear correctors from OBC and NBC for $\mathrm{H}^{out,\, 1}_\infty \geq 0.999$ and extraction efficiency according to the old and the new bound.
  • Figure 3: Performances of optimal linear correctors from OBCCYC and NBCCYC for $\mathrm{H}^{out,\, 1}_\infty \geq 0.999$ and extraction efficiency according to the old and the new bound.
  • Figure 4: Optimal area-efficient cyclic code-based correctors.

Theorems & Definitions (7)

  • Lemma 1: adapted from Sullivan1967
  • Theorem 1
  • proof
  • Lemma 2
  • proof
  • Theorem 2
  • proof