Complexity Assessment of Analog and Digital Security Primitives Signals Using the Disentropy of Autocorrelation

TL;DR

The paper addresses evaluating the complexity of security-primitives outputs in the analog domain, where binary Shannon entropy is unsuitable. It introduces the disentropy of the autocorrelation function as a scalar measure, defined from autocorrelation values $r_k$ with $D_2 = \sum_k \frac{r_k^3}{r_k+1}$ and an ideal value of $D_2=0.5$ when $r_0=1$ and $r_k=0$ for $k>0$. The authors compare $D_2$ with Approximate Entropy and Fuzzy Entropy across PRNGs (including LCG variants and MT19937) and PUF-like outputs, showing $D_2$ yields clearer discrimination of well-performing versus weak generators and detects injected patterns in PUF responses; they also examine multi-level analog signals and binary conversions. The results support using the autocorrelation disentropy as a practical tool for designing and evaluating security primitives in the analog domain, with robustness to level-count and parameter-free evaluation, though sequence length and certain long-period patterns require baseline comparisons to avoid misinterpretation.

Abstract

The study of regularity in signals can be of great importance, typically in medicine to analyse electrocardiogram (ECG) or electromyography (EMG) signals, but also in climate studies, finance or security. In this work we focus on security primitives such as Physical Unclonable Functions (PUFs) or Pseudo-Random Number Generators (PRNGs). Such primitives must have a high level of complexity or entropy in their responses to guarantee enough security for their applications. There are several ways of assessing the complexity of their responses, especially in the binary domain. With the development of analog PUFs such as optical (photonic) PUFs, it would be useful to be able to assess their complexity in the analog domain when designing them, for example, before converting analog signals into binary. In this numerical study, we decided to explore the potential of the disentropy of autocorrelation as a measure of complexity for security primitives as PUFs, TRNGs or PRNGs with analog output or responses. We compare this metric to others used to assess regularities in analog signals such as Approximate Entropy (ApEn) and Fuzzy Entropy (FuzEn). We show that the disentropy of autocorrelation is able to differentiate between well-known PRNGs and non-optimised or bad PRNGs in the analog and binary domain with a better contrast than ApEn and FuzEn. Then, we show that the disentropy of autocorrelation is able to detect small patterns injected in PUFs responses.

Figures (7)

• Figure 1: Examples of normalised PRNGs output for 10000 samples (a) MT$_0$ (b) LCG Bad (c) LCG 2. Before normalisation, MT$_0$ output have been generated using the MATLAB™ rand function, LCG Bad and LCG 2 with Eq. \ref{['CongruentialRNG']} equation and parameters in Tab. \ref{['tabPRNG']}.
• Figure 2: Convergence study of ApEn and FuzEn for MT$_0$ and $m=2$.
• Figure 3: Score ratio of PRNGs obtained from (a) $\mathcal{D}=|D_2-0.5|$, (b) ApEn, and (c) FuzEn compared to MT$_0$ scores for analog signals of Table. \ref{['tabAnalogMT0']}.
• Figure 4: Evolution of LCG Bad disentropy with $N$.
• Figure 5: Score ratio of PRNGs obtained from (a) $\mathcal{D}=|D_2-0.5|$ (b) ApEn (c) FuzEn compared to MT$_0$ scores for binary signals of Table. \ref{['tabBinaireMT0']}.