Exact Bias of Linear TRNG Correctors -- Spectral Approach
Maciej Skorski, Francisco-Javier Soto, Onur Günlü
TL;DR
This work provides exact total-variation security bounds for linear TRNG correctors by exploiting a Fourier-spectral view of Y = G X over binary codes. It derives exact output distributions and tight l-infinity, l-2, and nearly tight l-1 bounds expressed via the weight enumerator W_G, enabling precise security assessments for bias-prone hardware sources. The bounds are demonstrated both analytically and numerically across thousands of codes, revealing fundamental trade-offs between compression rate and cryptographic security, and showing that achieving high security can require substantial rate sacrifice for biased inputs. The results unify prior norm-based analyses, improve over them by orders of magnitude, and provide practical tools (including a vectorized, stable evaluation method) for evaluating TRNG post-processing in hardware implementations.
Abstract
Using Fourier analysis, this paper establishes exact security bounds for linear extractors in True Random Number Generators (TRNGs). We provide the first near-optimal total variation security characterization by interpolating between optimal $\ell_{\infty}$ and $\ell_2$ norm results, expressed through code weight enumerators and input bias parameters. Our bounds improve security assessments by an order of magnitude over previous approximations. By scanning ~20,000 codes, we reveal fundamental trade-offs between compression efficiency and cryptographic security. For instance, we show that achieving 80 bits of security can require sacrificing more than 50\% of the code rate when correcting 10\% input bias. Our bounds enhance security evaluation of TRNG post-processing schemes and quantify the inherent cost of randomness extraction in hardware implementations.