On-line Anomaly Detection and Qualification of Random Bit Streams

TL;DR

This paper tackles the challenge of online randomness quality assessment for true random/quantum random bit streams by implementing a low-latency anomaly-detection pipeline that combines Monobit and RUNS tests with NIST DRBG-based Repetition Count Test (RCT) and Adaptive Proportion Test (APT). The approach is FPGA-implemented to run in parallel with bit generation, producing instantaneous bias alerts and a lower-bound entropy estimate. Experimental validation on a silicon-based QRNG demonstrates consistent detection power, with Monobit/RUNS identifying short-term biases and RCT/APT providing entropy quantification (min-entropy near 3.99–4 for 4-bit symbols). This work delivers a practical, online framework for maintaining high-quality randomness in security-critical deployments, enabling rapid responses to potential entropy-source degradations. The methodology supports on-line monitoring without compromising throughput, addressing real-world needs highlighted by NIST guidelines for health tests in TRNG/QRNG systems. The online entropy estimation, backed by retrospective ISN analysis, offers a robust foundation for validating randomness quality in large-scale, distributed security applications.

Abstract

Generating random bit streams is required in various applications, most notably cyber-security. Ensuring high-quality and robust randomness is crucial to mitigate risks associated with predictability and system compromise. True random numbers provide the highest unpredictability levels. However, potential biases in the processes exploited for the random number generation must be carefully monitored. This paper reports the implementation and characterization of an on-line procedure for the detection of anomalies in a true random bit stream. It is based on the NIST Adaptive Proportion and Repetition Count tests, complemented by statistical analysis relying on the Monobit and RUNS. The procedure is firmware implemented and performed simultaneously with the bit stream generation, and providing as well an estimate of the entropy of the source. The experimental validation of the approach is performed upon the bit streams generated by a quantum, silicon-based entropy source.

Figures (12)

• Figure 1: The RUNS test counts the number of sequences of consecutive identical bits in a bit-stream. In this figure, a sequence of $n=16$ bits containing a total of 7 runs is shown.
• Figure 2: Sensitivity scan of the Monobit test across different confidence levels for a sequence of length $n=32$ with a number $j$ of biased bits ranging from 1 to 10.
• Figure 3: Exemplary distributions of the normalized $\overline{S_n}$ value for an unbiased (in blue) and biased (in red) bit stream. Two metrics were considered to distinguish the two: a shift in the mean value of the distribution and the number of events in the tails over a fixed threshold, here illustrated by the dashed line.
• Figure 4: Comparison between the sensitivity of the estimators in the detection of a bias for the Monobit Test: the shift of the mean value of $\overline{S_n}$ (in blue) is evaluated against the variation in the number of anomalies expected (in orange), calculated as the integral of the distribution of events in the tails of the distribution over the $3\sigma$ limit, when a number of bits is forced to 1. The comparison is performed with the bias being introduced in every sequence (A), once every 10 sequences (B), and once every 100 sequences (C). The value of the pull function with respect to the unbiased sequence for the two estimators consistently identifies the shift on the mean value of $S_n$ as the most sensitive.
• Figure 5: Trace plot of the computed $\overline{S_n}$ during on-line production over a number of series of $N = 2^{17}$ sequences of $n = 32$ unbiased bits for a total of 1Gb.