Design of True Random Numbers Generators with Ternary Physical Unclonable Functions

Article history: Received: 06 April, 2018 Accepted: 02May, 2018 Online: 07 May, 2018 Memory based ternary physical unclonable functions contain cells with fuzzy states that are exploited to create multiple sources of physical randomness, and design true random numbers generators. A XOR compiler enhances the randomness of the binary data streams generated with such components, while a modulo-3 addition enhances the randomness of the native ternary data streams, also generated with the same method. Deviations from perfect randomness of these random numbers, in terms of probability to be non-random, was reported as low as 10 in the experimental section of this paper, which is considered as extremely random based on NIST criteria.


Introduction
This paper is an extension of the work presented at the annual computing SAI conference, London, July 2017 [1]. The strengthening of cryptographic protocols with random numbers [2][3][4] is widely accepted as mandatory to secure networks of cyber physical systems (CPS). Both pseudo random numbers generators (PRNG) that use mathematical methods [5][6][7][8] and true random numbers generators (TRNG) that exploit physical elements [9][10][11] are mainstream. The randomness based on mathematical algorithms for PRNGs could be weak when crypto-analysts armed with powerful computers know the algorithms. Such algorithms can also consume too much computing power, which may be a problem for small internet of things (IoT) peripherals. The need to quantify the randomness of PRNG, and TRNG is of prime importance [12][13][14][15]. Physical Unclonable functions (PUF) can be valuable sources of natural randomness [16][17], they have been adopted for the design of true random number generators (TRNG). However, the randomness of the physical elements is not always acceptable when subjected to temperature changes, aging, electromagnetic interferences, and other parametric drifts. The PUFs can be too predictable in some circumstances, which is not necessarily conducive to the design of quality TRNGs that rely on physical randomness to generate a fresh random number at every query.
We are presenting how ternary PUFs contain fuzzy elements that are excellent sources of randomness. The method is based on the identification of the cells of memory based PUFs that are naturally unstable under repetitive queries. When tested, the fuzzy cells can switch back and forth randomly between "1" and "0", thereby generating random data streams. We are presenting three complementary elements: i) how a XOR data compiler, which process the data available from multiple ternary cells, can create an extremely high level of randomness [18][19][20][21]; ii) how a probabilistic model allows the quantification of the level of randomness of the TRNG; iii) how the method can be extended to the generation of native ternary random numbers with modulo-3 addition.
Designing a random number generator

Ternary physical unclonable functions
There is a growing interest in securing CPS's with Physically Unclonable Functions (PUFs) to strengthen security when deployed in the cryptographic processes using a powerful set of physically derived cryptographic primitives [22][23][24][25][26]. PUFs act as virtual fingerprints for the hardware during the authentication processes to effectively block cyber thefts, Trojans, and malwares [27][28][29][30][31][32][33][34]. With error correcting methods, the PUFs can also generate cryptographic keys for symmetrical encryption schemes [35][36]. The inherent randomness, unclonability, secrecy, and physical nature of most PUFs makes it extremely hard to inspect during side channel attacks, or when lost to the enemy. generated up front during the setup of protocol, called challenges, are compared over the life of the component with freshly generated patterns, called responses, during the authentication cycles. Quality PUFs need low challengeresponse-pair (CRP) error rates, the intra-PUF challengeresponse Hamming distance must be small enough to insure small level of false rejection rates (FRR). The PUF challenges should act as predictable "digital fingerprints" of the component, while the responses should be easily recognizable as a measurement of the same "digital fingerprints". Error rates in the 3-7% range are usually acceptable when combined with error correcting techniques [35][36]. PUFs exploit the device-todevice randomness that is created during the manufacturing process of micro-components; it is desirable that the average inter-PUF hamming distance between different PUFs, divided by the length of the PUFs, should be in the 50% range to insure low level of false acceptance rates (FAR). This is achievable when the level of intra-PUF randomness, also called entropy, is high enough. PUFs with longer streams of bits have therefore higher entropy, and lower FAR. 128-bit CRPs, or higher, are usually required for this purpose.
Another important figure of merit for PUFs is the number of available CRP configurations for a unit. Strong PUFs, as opposed to weak PUFs, contains large quantities of possible CRPs that are addressable. For example, a ring oscillator PUF with 128 rings is a strong PUF. The number of possible pairing of two rings is N =( 128 2 ) = 16,256. If the protocol use 128-bit long CRPs, the number of possible challenges of 2 128 , offers satisfactory entropy, and a low collision rate of the pairs. A memory PUF with random addressing capabilities is even stronger [36,[39][40]. For example, when the capacity of the memory is in the mega-byte range, millions of configurations are providing an entropy much higher than a 128-ring oscillator with "only" 16,256 possible configurations. Existing PUFs can have limitations, and lack of trustworthiness that could create a false sense of security. The signatures of PUFs are derived from intrinsic manufacturing variations, which could become predictable due fabrication excursions. Properties such as critical dimensions of printed structures, doping levels of semiconducting layers, and threshold voltages should make each device unique and identifiable from all other devices, abnormal operations during the manufacturing process could alter such randomness. When subject to changes related to temperature, voltage, EMI, aging, and other environmental factors these parameters can drift over time, the undesirable result, is weak PUFs with CRP error rates as high of 20%.
The main objective in designing ternary PUFs is to resolve some of these issues, and to reduce the CRP error rates by eliminating fuzzy CRPs during challenge generation. The figure of merit is to achieve trustworthy and robust intra-PUF CRP matching rates with low FRR during authentications, without increasing FAR during inter-PUF authentication of malicious challenges. The by-product of such design is the design of highly random TRNG with the fuzzy cells.

Memory based PUFs
The methods to design PUFs and TRNGs with SRAM memories have been published SRAM [36][37][38]. SRAM based PUFs have been successfully commercialized. When powered up, each SRAM cells naturally flip to store either a 0, or a 1. In most of the cases, arrays of SRAM cells return to a similar pattern characteristic, i.e. a similar finger print. SRAM based PUFs designed with this feature can be reliable, however heavy error correcting methods are usually needed. The SRAM based PUFs are not particularly immune to side channel attacks. Significant research efforts have been published regarding the design of PUFs with Flash RAMs [39][40], DRAMs [41][42][43][44], magnetic RAMs [45][46], and resistive RAMs [47][48][49]]. The cryptographic protocols leveraging memory PUFs are in general distinct from the ones developed with other mainstream PUFs such as ring oscillators, or gate delay arbiters. As shown in Fig.  1, the value of a parameter P is measured on each cell, and is compared with a threshold. The cells with parameter P below the threshold are "0"s, and are "1"s above the threshold. Examples of parameter P selected to design memory PUFs include: threshold voltages of Flash cells after fixed time programming; charges left on DRAM cells without refresh; high resistance value of MRAM cells after programming; and Vset of ReRAM cells. The CRP matching is done after error correction. The cellto-cell physical parameter variations due to manufacturing variations are too erratic for CRP generation. Fig.2 is a diagram showing how a drift of P toward the higher value is forcing the responses of the cells located close to the threshold to switch from 0 to 1, which increase CRP error rates. The cells located far from the transition are not impacted.

Ternary PUFs
The concept of memory based PUFs with ternary states having random number generation capabilities is described [49][50][51][52]. The measurement of P of the cells of a memory PUF allows the segmentation of the cell population into three states. The cells with P <T1 (a low threshold) carry the state "-", the cells with P >T2 (a high threshold) carry the state "+", and the remaining cells carry the ternary state "0" cells, see Fig.3. During challenge generation, the cells are sorted into ternary states. During response generation, only the cells with "-" or "+" states are queried, while the cells with "0" state are ignored, see Fig.4. The PUF CRP error rates are significantly lowered, the distance T2-T1 acts as a buffer between the states "-", and "+". When the distance T2-T1 between thresholds increases, the CRP error rate can reach extremely low values, and is less sensitive to various drifts.

Pseudo Random number generators
There are numerous excellent PRNG available to the system developers, which are highly reliable [4][5][6][7][8]. For example, a PRNG {a1, a2, …, an} can be designed with congruential generators, where a is the multiplier, c the increment, m the modulus, and Xi , b, c, m are natural numbers, typically, c and m are chosen to be relatively prime: Other example of PRNG can constructed by using iterative encryption, as shown in Fig 5, ai+1 is the cipher of Xi which is encrypted by the code E, and the key K i . Proving that a PRNG or a TRNG is "random" is a very complicated task that could take years to validate, and billions of data points. The National Institute of Standard and Technology (NIST) has developed an excellent suite of tools available on line that can test the randomness of any random numbers generators [12][13][14][15]. Examples of parameters that are tested include deviation from randomness, a frequency test (monobit test), Serial test (two-bit test), a Poker test (non-overlapping parts), run tests (gap and blocks), and autocorrelation tests [Menezes, van Oorschot, Vanstone -Handbook of Applied Cryptography].
In this paper, we are using statistical analysis to quantify randomness, and the parameter λ defined below in this section. Each bit "ai" of a data stream of n bits should have a 50% probability to be either a "1" or a "0". The average deviation from perfect randomness λ is given by: Assuming that the length of the data stream is n =128, with P( ai =0) = 0.5, the number of possible combinations, also called entropy, is 2 128 = 3.4 10 38 , which is large enough to protect cryptographic functions from existing or foreseeable computers. When the RNG is not totally random, in this case λ≠0, the entropy is lower than 2 128 , and is further reduced with larger λ. A position paper from (NIST) [12], suggested in 1999 that λ greater than 10 -3 would not be acceptable, sophisticated cryptoanalysis methods could be effective to break the PRNG. NIST in 2010 and others [33][34] revisited this. The value of λ that is acceptable to get a safe TRNG is a moving target as modern computers get increasingly powerful. To the best of our knowledge, λ<10 -5 is currently considered an excellent target, while λ<10 -10 is considered outstanding.

Use of XOR to enhance PRNGs
Exclusive OR, XOR, is a Boolean logic gate widely adopted in cryptography [18][19][20][21]. Two input bits ai and ai+1 are transformed into ci = ai ⊕ ai+1, with the following equations: XOR logic is part of most encryption algorithms such as the Data Encryption System (DES), the Advanced Encryption System (AES), and hash functions such as SHA. XOR functions are adding confusion and randomization in the encryption process while been reversible in the decryption process. As part of the encryption, the data streams generated by plain texts are often XORed with cryptographic keys, or sub-keys, then XORed again during decryption. XOR scramblers can enhance randomization in multicarrier communications [19]. XOR are also used to generate scrambling sequences to achieve data randomization in a memory circuit, as well as enhancing random number generators [20]. Some of the important reasons for the use of XOR functions in cryptography are: ➢ ci is not disclosing the value of ai and ai+1: ci =0 can be the result of the pair 00, or the pair 11; ci =1 can be the result of the pair 01, or the pair 10; ➢ XOR is a symmetrical function when applied twice: ai ⊕ ai+1⊕ ai+1 = ai (6) ➢ If two bits ai and ai+1 are random, the bit ci, defined by ci =ai ⊕ ai+1, is even more random than ai or ai+1 . These properties are exploited in the design of the XOR data compiler as presented in section 4.

Ternary PUFs as sources of randomness
The cells of a ternary PUF with "0" state, as described in section 2.3, are exploited as sources of randomness to design TRNG [1,17], as explained in Figure 6. The cells located in the center of the distribution, the "0" states, can flip back and forward when the value of their parameter P is compared to a threshold centered in the median point of the distribution. When the distance T2-T1 between the two thresholds used to select the cells with "0" states is reduced, the probability to test these cells either as below the median, or above the median at each query is closer to 50%. For example, the selection of 1,000 cells located close to the median will represents a strong pool to design TRNG. These 1,000 cells can be queried many times to generate long random numbers. Each cell acts as a single source of independant randomness subject to noise, and measurement uncertainties. Within the cells of a particular memory array, the distribution of the physical parameter , which determine if a cell is a "0" or a "1", is following a distribution with a standard variation σArray due to cell-to-cell variations created during manufacturing, and other instabilities. Repetitive measurements of parameter on the same cell follow a distribution with the standard variation σCell responding to various measurement instabilities, noise, and environmental variations. Low error rate PUFs, with predictable CRPs, should have these variations verifying: σCell ⪡ σArray When the variations within cells are much lower than the cell-to-cell variations, the "finger print" of the memory PUF is stable and predictable. On the opposite side, to design a TRNG, it is desirable to select only the cells extremely close to the transition of parameter between "0' and "1", i.e. the one with ternary state "0". If TM is the median of the distribution, the average value Tx of of each -cells should be such that: |Tx -TM | ⪡ σCell (8) This maximizes the chance of a random number to flip between "0s" and "1s". In order to enhance the level of randomness only a very small percentage of the memory arrays are selected as sources of randomness. Current secure microcontrollers have very large embedded memory density, typically in the 1 to 100 Mbits, the percentage of the array consumed for TRNG can be relatively small. In the following sections, we are developing a statistical model to study how to enhance the randomness of a data stream generated from the fuzzy cells. One of the tradeoffs to model is the compromise between tightly selecting the "0" cells around the median TM, versus improving randomness; in the case of the generation of native ternary streams, we study the use of modulo3 adders.

Modeling a ternary PUF for TRNG
As shown in Fig 7, the cells that are sorted as unstable with a "0" state can be segmented into two subgroups: ➢ The cells that have a higher probability to be tested above the median are called A-cells, see Fig 8. They have an higher average probability PA to generate a "1"in the stream of random numbers, their average deviation to randomness is λA. The A cells have an average probability P'A to generate a "0" in the stream of random number: PA= 0.5+ λA (9) P'A= 0.5-λA; 1= P'A + PA (10) ➢ The cells that have a higher probability to be tested below the median are called B-cells, see Fig 9. They have an average probability P'B to generate a "0", and an average deviation to randomness λB. The average probability PB to be generate a "1"is: The selection of the transition T M of parameter can be such that the number of A-cells equal the number of B-cells and: PA= P'B , P'A= PB , λA= λB. Figure 7: The "0" states are segmented into the A cells that more often measured above the median, and the B cells below the median. Figure. 8: A-cells with higher probability P A to generate a 1. Figure. 9: B-cells with higher probability P' B to generate a 0.

A XOR data compiler for TRNG
As presented below in the experimental section, with 2% of the cell population selected as fuzzy 0-cell, λA= λB ≈ 2 10 -2 , which is far from the level of randomness needed to generate quality TRNG, this based on NIST criteria. In this section, a XOR compiler is developed, with the objective to enhance the level of randomness of the resulting streams, see Fig.10. The XOR compiler transforms the incoming streams ai , i ∈ {1 to n}, generated by the memory PUF by out coming streams cj, j ∈ {1 to m}, m<n, of higher level of randomness. The stream of n random numbers generated from the ternary memory PUF is shown below.

Chunk of bits:
{a1j, a2j, …, aij, …, afj} (15) For example, 1,280 random bits are grouped in 128 chunks of 10 bits. With a XOR, the stream cj , with j ∈ {1 to m} and n=m.f , is generated from the stream ai , as shown in Fig 10. Out coming stream: {c1, c2, …, cj, …, cm} (16) cj=a1j⊕a2j⊕…⊕aij⊕…⊕afj (17) Such a XOR compiler can be implemented in hardware with only a few logic gates which can be inserted as part of the cryptoprocessor of the secure processor. The PRNGs presented section 3.1, are generated sequentially, the random number ai+1 of a stream of n bits is generated from the previous random numbers ai . Conversely, the TRNGs with XOR gates can be generated in parallel eq (17) in one cycle. XOR gate is also an addition modulo 2 without carry over. A quicker way to compute eq (17) is to count how many "1s" are presents in the stream {a1j, a2j , .., afj}. If the number of "1s" in the stream is odd then cj =1, when even cj=0. cj = a1j⊕ a2j⊕ …⊕ afj = (a1j+ a2j+ … + afj ) mod 2 (18)

Modeling a 2-bit XOR compiler
We analyze a 2-bit XOR compiler, the incoming data stream of 2n bits is "XORed" two bits by two bits to generate a stream of n bits, f=2. There are three possible configurations for each "XORing": both cells are A-cells, one cell is an A-cell and the second is a B-cell, and both cells are B-cells. Let us choose: PA=P'B=0.52; P'A=PB=0.48; λB=λA=2 10 -2 .

➢ Number of A-cells is even: two A-cells, or two B-cells
The probability P'C to have cj=a1j⊕a2j at "0" is occurring when the two cells (a1j, a2j) are at (00) or (11): The probability PC to have cj=a1j⊕a2j at "1" is occurring when the two cells (a1j, a2j) are at (01) or (10):

➢ Number of A-cells is odd: one A-cells, and one B-cell.
The probability PC to have cj=a1j⊕a2j at "1" is occurring when the two cells (a1j, a2j) are at (01) or (10): The probability P'C to have cj=a1j⊕a2j at "0" is occurring when the two cells (a1j, a2j) are at (00) or (11): Let us assume that the incoming stream with 2n bits is generated from a memory PUF with 50% A-cells and 50% Bcells, and with λA=2 10 -2 . The 2-bit XOR compiler can statistically generate an out coming stream of n bits having 50% C-cells, and 50% D-cells with λC=8 10 -4 , see Fig. 11. The C-cells are made of pairs of either AA cells or BB cells, while the Dcells are made of pairs of either AB cells or BA cells. In both cases, f =2 is even. The general equations developed below in section 8, eq. (29) to (39) are applicable. When the number of B-cell is even PC < P'C, and are reversed when the number of B-cell is odd PC > P'C. The deviation from randomness λC=8 10 -4 is 25 times smaller than the deviation before the 3bit-XOR compilation, λA=2 10 -2 .

Modeling a 3-bit XOR compiler
In this section we analyze a 3-bit XOR compiler, in which the incoming data stream of 3n bits is "XORed" three bits by three bits to generate a stream of n bits, f=3. We are again choosing the same example:

➢ Number of B-cells is odd: Three B-cells, B-cell & two
A-cells. The probability P'C to have cj=a1j⊕a2j⊕a3j at "0" is occurring when the three cells (a1j, a2j, a3j) are at (000), (110), (011) or (101): The probability P'C to have cj=a1j⊕a2j⊕a3j at "0" is occurring when the three cells (a1j, a2j, a3j) are at (000), (110), (011) or (101): Let us assume that the incoming stream with 3n bits is generated by a memory PUF having 50% A-cells, and 50% Bcells, and with λA=2 10 -2 . The 3-bit XOR compiler can statistically generate an out coming stream of 128 bits having 50% C-cells, and 50% D-cells with λC=3. 2  In both cases, f=3 is odd. The general equations developed in the next section, eq. (29) to (38) are applicable. When the number of B-cells is even, PC < P'C, and are reversed when the number of B-cells is odd, PC > P'C. The resulting deviation from randomness, λc=3.2 10 -5 , is 25x25=625 times smaller than the deviation before the 3-XOR compilation, λA=2 10 -2 . It is interesting to notice that a 3-bits XOR data compiler needs only 50% more starting cells than a 2-bits compiler, and has a level of non-randomness 25 times lower.

Modeling the XOR compiler in general terms
The goal is to develop a model that quantifies the effect of a XOR compiler, which enhance the level of randomization of a data stream, as a function of the size f of the chunk of incoming bits that are XORed together. The incoming stream {a1, …, ai, …an} has a deviation from randomness λA , and the out coming stream {c1, c2, …, cj, …, cm} has a deviation λC. This variation is obtained by computing PC, the probability for cj, to be a "1: The incoming random bits aij are generated from A-cells or B-cells of the ternary PUFs. As stated in section 4.1, the transition T M is selected in such a way that the probability to have an A-cell, and a B-cell is equal to 0.

All cells of chunk j are A-cells.
The probability of any of the A-cells of the stream to be a "1" is PA, and the probability to be a "0"is P'A. Both PA and P'A are following Bernoulli formula: The terms ′ − of eq. (29) and (30) correspond to a configuration where i bits are "1s", and f-i bits are "0".
The probability PC, is the sum of all terms having i odd: If f=2k is even: PC= ∑ ( 2k 2i+1 ) If f=2k+1 is odd: PC= ∑ ( 2k+1 2i+1 ) The probability P'C is the sum of all terms having i even: If f=2k is even: If f=2k+1 is odd: When f is even, PC < P'C is written as PC=0.5-λcj or P'C=0.5+λcj, with λcj the deviation from randomness of cj.
When f is odd, PC > P'C and is written as PC=0.5+λcj or P'C=0.5-λcj.

Simplification of the model
The objective of this model is to calculate the absolute deviation from perfect randomness, it is not important to know if PC> P'C, or if P'C> PC. In all cases, lλcjl is the statistical deviation from pure randomness, regardless of PC being greater or lower than P'C. Therefore, assuming that all cells are A-cells is simplifying the computation without reducing the accuracy of the model.

Variations of ReRAM memory PUFs
The experimental data presented in this paper is based on the study of resistive random-access memory (ReRAM). The cells of ReRAMs, see references [53][54][55][56][57][58][59][60], are constructed with stacks of two electrodes separated by solid electrolytes, the first one is active to REDOX cycles, and the second one is inert. As shown in Figure 13, differential voltages applied on these stacks can move positively, or negatively, elements such as positive oxygen vacancies or positive metallic cations, which result in varying the resistance of the stacks. The basic physical effect described in Fig. 13, can be achieved with several manufacturing technologies: ➢ Conductive bridge random access memories (CBRAM) that are based on the conduction of cations such as Ag+, or Cu+ through solid chalcogenide electrolytes, or porous silicon [53][54][55][56][57][58]. The active electrodes could be made of copper, or silver, while the inert electrode can be fabricated with tungsten; ➢ Memristors devices can operate as ReRAM, or act as active Boolean gates [59][60]. The conductive filaments usually contain oxygen vacancies. The solid electrolyte can be fabricated with HfO, or TaOx. After initial forming, the operations are reversible.
In this work, we had access to Cu/TaOx/Pt resistive crossbar arrays fabricated on thermally oxidized Si wafers, Reference [38]. The Cu/TaOx/Pt switches from "0" to "1" based on the formation and the rupture of filaments, made of oxygen vacancies, bridging the dielectric between both electrodes. The initial conditioning of the ReRAM cells, in which conductive filaments are formed, typically requires a positive voltage of approximately 2 to 5 Volt. After forming, the cells can respond to programming and erasing cycles. It exists a minimum negative Vreset voltage applied across the cells, in the -0.5 to -3.0 Volt range, that force the positive ions or oxygen vacancies to migrate back, breaking the conductive filament. The resulting high resistance state (HRS) is then in the 20 Mohm range. In the positive direction, a minimum Vset voltage applied across the switch, reposition the positive ions or oxygen vacancies, forming again the conductive filament. As shown in Fig. 14, when the voltage is ramping, the current remains low until Vset is reached, then the current quickly increases. This effect is reversible, and the filaments can partially be dissolved with opposite voltages.
The parameter , that is analyzed for the purpose of designing TRNGs, is the distribution of the Vset across the cells of ReRAM arrays. The entire population of all cells of the array has a Vset distribution that is well represented by a normal distribution having a standard variation σArray=0.5V and a median value of 2.1V . The repetitive measurement of the Vset of each cells is also well represented by a normal distribution having a standard distribution σCell= 0.1V.
For the purpose of random number generation, the Vset of each cell is measured; a cell is considered as a "0" state when Vset<2.1V, and a "1" state when Vset>2.1V. The cells having average Vset measurements at or close to 2.1 Volt, are good candidates for TRNG. The five populations described below are subsets of the total distribution of cells of the array: Figure In this last case, there are no ternary states, the entire memory array is used to generate random numbers.The reason we are considering this range of options is to quantify the effectiveness of the XOR data compiler to generate a random number as a function of how tight the ternary state distribution is. Case-1 is the one with the highest initial randomness, while Case-5 is the lowest one.

Effect of the XOR compiler on the TRNG
The probabilistic model presented in this section is used to analyze the five experimental cases presented above. Fig 15. and Fig. 16 summarize the impact of the XOR data compiler when f varies from 2 to 5. We are observing a lack of efficiency of the XOR compiler in case-5, the one without ternary states. The lack of initial randomness of this case is such that the XORing cannot "clean up" the stream. In other cases, the XOR data compiler when combined with the ternary 0-states is very efficient. Case-1 with the highest level of initial randomness is benefiting the most from the XOR compiler: with 5-cell XOR, λC=5. 12 10 -8 , which is a very small deviation from absolute randomness.

Minimization of the impact of parameter drifts
The randomness of the TRNG originates from the physical parameters of multiple cells that provide independent sources of physical randomness. This is a fundamental strength compared with mathematically generated pseudo RNG (PRNG) because mathematical algorithms cannot describe unclonable physical elements. The cell-to-cell randomness is due to micro-variations during manufacturing and natural noise effect during measurements. However, physical elements can vary often in a predictable way when subject to effects such as temperature change, biasing conditions, and induced attacks. For example, the value of the Vset of a resistive RAM goes down when subject to higher temperature. A hacker could submit the physical element to a hot air blower to increase temperature, reduce Vset, thereby making both A-cells and B-cells appear similar, creating a high probability to be tested as "0". Such a drift or malicious attack could results in a collapse of the level of randomness with lower entropy. The remedy of such an attack is to make the size of the population of A-cells and B-cells equivalent, by adjusting the threshold (T2) between the "0" states, and "1" states, in the median point of the 0-cell distribution, see With this method the raw data stream generated by the memory array and the 0-cell has a population with equal numbers of "0"s and "1", regardless of a potential drift in temperature caused by a natural variation, or caused by the hot air blower of the hacker. The method is applicable to compensate for any drifts, noise, or aging; the integrity of the TRNG is thereby protected.

Generalization to other TRNG designs
When the physical component generates a data stream with a deviation from absolute randomness λin, it is possible to model the size f of the chunks that are XORed together, as described in Fig.8, to meet a particular λout objective. The model can be used as a predictive tool. For example, as shown Fig.18, the number f necessary to compile a data stream of various initial randomness can be anticipated to be λC<5 10 -8 or λC< 10 -10 . This could be valuable to adjust the compilation as a function of the monitoring of the randomness of the incoming data stream. The proposed method to design TRNG is not limited to ReRAM arrays, and Vset as parameter . The method is applicable to any memory device as long as it is possible to identify a parameter that can be reliably tested to sort out the cells and identify enough unstable 0-cells. The algorithm presented Fig. 17 is generic: ➢ Flash or EEPROM memory: parameter can be the trans-conductance of the cells after fixed time programming. The threshold voltage of each cell, after fixed time injection of electrons in the floating gate, vary cell-to-cell due to variations in fabrication parameters such as tunnel oxide thickness and doping levels. Very small changes of threshold voltage can create major changes in the trans-conductance, which are desirable sources of randomness.
➢ DRAM memory: parameter could be the measurement of the residual charge left in a cell after constant discharging time. One effective method is to program all cells, and put the refresh cycle on hold. The fuzzy cells can flip above or below the threshold value of residual charge. ➢ ReRAM memory: In addition of the Vset as presented in this paper, parameter could be the Vreset (threshold voltage to erase the cells), Roff (resistivity on the high resistance state), or Ron (resistivity on the low resistivity state). Some parameters like Roff can be flaky, and jump in a non-erratic way from a set of several discrete values, which is not a desirable source of randomness for a TRNG.
➢ SRAM memory: the PUFs are based on the determinations of the cells flipping to either a 0 state, or a 1 state after power-off-power-on cycles. However, 3 to 5% of the SRAM cells are fuzzy, they can switch on either states at each cycle. The recommended methodology is to test the SRAM array, and keep track of the 0-states for TRNG. The use of the XOR compiler enhances the randomness of any data streams regardless of their origin. The XORing by chunk of f-bits is therefore applicable to a stream of ni incoming bits, as shown in Fig.19.
1) If the length of the incoming stream of ni bits is not an integer number multiple of f, the two are related by eq (44), ri is the remainder of ni congruent f.
2) Several 0's can be added to the stream of ri bits to form a chunk with a length f. The total number of chunks will be equal to mi + 1.
3) The XORing is done by chunks of f bits. 4) The resulting stream of mi + 1 has a deviation to nonrandomness that is lower than the incoming stream ni. Figure. 19: Generalization of the concept to any data streams.

Native ternary random numbers generators
In this section, we are presenting a method to directly generate native random trits from PUF memory arrays, as well as ways to enhance randomness with modulo 3 sum adders. As presented in the first section, the fuzzy cells of the PUFs are used as multiple sources of randomness, and the XOR compilers replace mod3 adders. Ternary computing uses trits, for example (0, 1, 2) or balanced (-, 0, +), instead of the bits (0, 1) used in binary computing [61][62][63][64][65][66][67]. Can ternary computing improve cybersecurity and Information Assurance [68][69][70]? Ternary computing is not a new concept, and is more complex to implement than binary computing. One suggested architecture uses heterogeneous computing elements, and combine binary units to run legacy codes, and native ternary computing units for security [71]: ➢ Better handling of the natural fuzziness, with lower reliance on error correction codes; ➢ Can take advantage of ternary hardware, and advances in microelectronics, such as the ternary PUFs described in the first section of this paper [72][73][74][75][76][77][78][79]; ➢ The cryptography based on ternary states has more entropy, and additional levels of freedom to protect both hardware, and software.
For example, let us assume that the length of a data stream is N=128. The number of possible combinations for binary streams is 2 128 = 3.4 10 38 , and becomes 3 128 = 1.2 10 61 for ternary streams, which is considerably larger. Native random numbers are valuable for cryptographic protocols based on ternary computing. One way to create ternary random numbers is to convert binary random numbers into decimal numbers, then to convert the decimal data stream back into ternary random numbers. Such a method add complexity, and can potentially expose the random numbers to hackers. A direct generation of native ternary random numbers is therefore desirable. The definition of deviation from perfect randomness for ternary TRNG, is similar to the one developed for binary data streams. As presented in the first section, each bit ai of the perfectly binary random stream {a1, …, ai, …, an} should have precisely the same probability to be either a "1" or a "0". The average deviation from randomness, λ is given by: In the case of ternary data streams of trits with "-", "0", and "+" states, the term λ is given by:

Segmentation of the fuzzy cells of the memory PUFs
The fuzzy cells , the 0-cells, can be segmented into three subgroups, see Fig. 20: ➢ The cells that have a higher probability to be tested as "-" are called A-cells. They have an average probability PA= -to be tested as "-" , PA= 0 to be tested as "0", and PA= + to be tested as "+". ➢ The cells that have a higher probability to be tested as "0" are called B-cells. They have an average probability PB= -to be tested as "-" , PB= 0 to be tested as "0", and PB= + to be tested as "+". ➢ The cells that have a higher probability to be tested as "+" are called C-cells. They have an average probability PC= -to be tested as "-" , PC= 0 to be tested as "0", and PC= + to be tested as "+". The selection of the transition of parameter between "-" and "0" , T2, and the transition of parameter between "0" and "+", can be such that the total number of A-cells selected within the 0-cells equal the number of B-cells, and the number of Ccells. The deviation from perfect randomness λ of the stream of native ternary random numbers generated from the fuzzy cells A, B, C is given by: λ= |1/9-P A= -| + |1/9-PA=0| + |1/9-PA= +| 9 + |1/9-P B= -| + |1/9-PB=0| + |1/9-PB= +| 9 + |1/9-P C= -| + |1/9-PC=0| + |1/9-PC= +| 9 (54)

Enhancement of the randomness with mod3 adders
The algorithm using a mod3 adder, see Fig.21 and 22, is similar to the one presented section A.
1) The number of cells needed to generate a stream of mi trits is ni = mi * f , they are selected as part of the fuzzy 0-cells of the ternary memory PUF; 2) Parameter is measured on all ni cells; 3) The population of ni cells is segmented into three third based on the value of . The threshold separating the bottom third and the central third is T2; the threshold separating the central third and to top third is T3; 4) With the segmentation in three done step 3, the ni cells at the bottom third are carrying "-"state, the cells in the middle are "0"s, and the cells at the top third are "+"s; 5) The stream of trits is added by chunks of f trits; Instead of a XOR compiler, the mod 3 adder of chunk of trits enhance randomness. With mod 3 sum adders, two input trits ai, and ai+1 are transformed into ci = ai ⊕ ai+1, with the following truth table: (ai =0; ai+1 = -), or (ai = -; ai+1 =0), or (ai=ai+1 =+)➔ci = -(ai =+; ai+1= -), or (ai = -; ai+1= +), or (ai=ai+1 =0)➔ci = 0 (ai=0; ai+1= +), or (ai= +; ai+1 =0), or (ai=ai+1 = -)➔ci = + 6) The resulting mi trits are more random.
Mod 3 addition increases randomness, the knowledge of ci is not disclosing the value of ai and ai+1. ci = -, 0, or + can be the result of three possible pairs {ai ai+1}, with equal probability. If two trits ai and ai+1 are somewhat random, the trit ci is even more random than either ai or ai+1. Let us assume that the stream of random trits generated by the 0-cells of the memory PUF array is {a1, a2, …, ai, …an}.  As it is shown in Fig.22, this stream is grouped in chunks of f trits {a1j, a2j, …, aij, …, ajf} with f < n. For example, 1,280 random bits a grouped in 128 chunks of 10 bits. The resulting stream of random trits obtained with mod 3 sum adders data {c1, c2, …, cj, …, cm} is defined as follow: Mod 3 sum adders can be implemented at the software level, or in hardware with only a few logic gates. These gates can be inserted in the state machine of the PUF memory to directly feed secure processors, and crypto-processors with streams of randomly generated trits.

Model with mod3 addition by chunks of two trits
In this section we are proposing a simplified model that quantifies the level of randomness of mod 3 adders when two adjacent trits are added mod3. Fig.23 shows such a scheme. We are assuming that the 0-cells are distributed into three type of cells (A, B, and C), each of them with a probability of occurrence of 1/3. Statistically the stream of trits {a1, a2, …, ai, …an} contain trits with equal probability to be "-", "0", or "+", also with a value of 1/3. However A-cells have a higher probability to have "-"s, B-cells have a higher probability to have "0"s, and C-cells have a higher probability to have "+"s. Figure 23: description of the mod 3 adder by chunk of two trits In Fig.24, we are showing an arbitrary set of probabilities verifying that the probability to have either A, B, or C cells is 1/3, and the probability to have either "-", "0", or "+" states is also 1/3. In this table: PA= -= 1/9 + Δ A- * λ ; with Δ A1 = 1.8 (55) PB= 0 = 1/9 + Δ B0 * λ ; with Δ A2 = 0.9 (56) Other tables and more complicated model can replace this arbitrary representation; however, the suggested simplified model describes quite well the experimental observations. When the cells are combined by pairs, and the trits added mod 3, 9 combinations of cells are possible with an equal probability of 1/9: AA, AB, AC, BA, BB, BC, CA, CB, CC. The average probability to have trits with "-", "0", and "+" is 1/3. Two cells AA have three possible combinations which can result in a trit at "-" : ➢ Both cells at "+", the probability is: (PA= + * PA= + ); ➢ The first cell is at "0", the second at "-" , the probability is: (PA= 0 * PA= -); ➢ The first cell is at "-", the second at "0", the probability is: (PA= - * PA= 0 ).
The resulting deviation from randomness λ'f after addition is the average deviation of these 27 configurations: For example, if the initial deviation from randomness for the incoming stream is λi = 2 10 -2 ; the resulting deviation is: λ'f = 2.27 * ( 2 * 10 -2 ) 2 = 8.7 10 -4 After addition, the 9 possible configurations shown in Fig.25 can be then combined into 3 types of cells A', B', and C. For example, the cells that are mainly "-", the A'-cells consist of the mod3 additions of CC, AB, and BA pairs. In this case, the average deviation from randomness of A'-cells when they are containing a trit "-"is:

Extension of the model with chunks of four trits
The method presented section II 2.2 can be extended to the addition mod3 of 4 sequential trits to generate trits of higher randomness. Rather than starting with the three types of cells A, B, and C having a deviation from randomness λ, the same computation is done with the cells A', B', and C' having a deviation from randomness equal to 2.27 * 2 .

Experimental analysis with mod3 adders
The analysis is based on the data presented in the first section related to the measurement of the Vset of ReRAM devices. We are again considering the same five cases to sort out the fuzzy "0-cells": This range of options allows the quantification of the effectiveness of the addition mod 3 to scramble the trits, as a function of the initial randomness coming from the ternary PUF memory. Case-1 is the one with the higher initial randomness, while Case-4 is the lowest one.
The probabilistic model developed above, is the base of the analysis of the four experimental cases. The results of the computations are shown in Fig.26 and Fig. 27.
The impact of the addition modulo 3 addition on the level of randomness on the resulting data streams of trits is increasing when the number of cells f involved in the addition increases from f = 2 to f = 8. In all cases the addition mod 3 when applied to a data stream of trits generated by a PUF is very efficient to enhance randomness. Case 1, the one with the highest level of initial randomness, benefit the most from mod 3 sum adders.
It is interesting to notice that the XOR compiler, and the mod 3 addition have similar effects in improving randomness. The model can be used as a predictive tool to anticipate the level of randomness of streams of trits. For example, as shown in Fig.27, the number cells necessary to get λ<5 10 -6 for case 1 is 4, it is 5 for case 2, it is 6 for case 3, and it is higher than 8 for case 4.

Discussion and conclusion
The use of ternary PUFs to design TRNG, combined with a XOR compiler, or a modulo 3 addition has the following benefits: ➢ The cells with fuzzy behavior of a ternary PUF, the 0cells, can provide multiple sources of independent randomness. A memory arrays in the megabyte range can have a large quantity of such cells; ➢ The randomness of the binary data streams extracted from the ternary 0-cells are enhanced by a XOR compiler. Based on a normal distribution of parameter , the proposed statistical model can quantify the deviation from pure randomness of the TRNGs. It is possible to calculate f, the length of the XOR, to reach a desired level of non-randomness λf, as a function of the level of non-randomness λi of the incoming data stream extracted from the physical element.
➢ The randomness of the ternary data streams extracted from the 0-cells can be enhanced by a modulo 3 adder. It is the possible to directly generate a stream of random trits without having to convert binary data streams into ternary data streams; ➢ It is possible to anticipate, with the suggested probabilistic model, the minimum size of chunks of data f that need to be processed to reach the level of randomness λf. This is the case for the XOR compiler, and the mod 3 adder; ➢ The proposed methodology minimizes sensitivity to parameter drifts such as temperature, aging, or biasing conditions. It is anticipated that the drifts should not materially degrade the quality of the TRNGs.
➢ The hardware implementation of both the XOR compiler, and the mod 3 adder can use known commercial CMOS circuitry.
➢ The method can reach NIST expectations in term of deviation from pure randomness of the TRNG, even if the randomness created by the PUF is weak.
The experimental section of this work, which is based on the measurements of the Vset of ReRAM cells, produced a distribution that is able to show enough randomness to generate random numbers. We noticed that the XOR data compiler is not effective when the initial data stream is not random. The model developed assumes that the initial random numbers generated from the 0-cells are symmetrically distributed between A-cells and B-cells.
Other statistical distributions beside the normal one are under consideration in our research effort. We are not anticipating that these improved statistical models will significantly change the outcome when only cells close to the median distribution are selected. This is not the case for wider distribution of the 0-cells away from the median.

Future work:
The objective of this work was to develop TRNG for cryptographic protocols that can be embedded in the Internet of Things (IoT). The implementation of affordable sources of randomness to secure IoTs can benefit from the ease of use of ternary PUFs, which are tamper resistant. TRNGs are essentials elements to encryption protocols involving PUF CRPs, and other cryptographic keys. We are studying the design of a prototype that incorporates the proposed TRNG scheme with various ReRAM arrays. The prototype is intended to automatically extract large quantities of PUF CRPs and random streams of bits, and trits. We intend to use the prototype to further validate our statistical models, and to leverage the tools developed by NIST that are available online to quantify the entropy, and the level of randomness of the TRNGs. The prototype should have the built-in flexibility to allow us to analyze multiple types of memory arrays, with different methods of fabrication.
We are interested in optimizing the randomness of the TRNG while reducing CRP error rates of the PUFs, and developing cryptographic protocols that leverage the combined capabilities. The method described in this paper can be used to the swarm dynamics generating true random noises [8], and other similar applications requiring TRNG. To accelerate the process to generate fresh random numbers on demand, the 0cells can be tested in advance [80], and the data can be stored in the memory. The read time of a ReRAM is typically 10ns/bit, so we believe that the generation of the TRNG has the potential to be done at a rate of 100Mbit/s. The method presented in this paper can also be extended to n-value logic, for example quaternary logic (4 bits), pentagonal logic (5 bits), or hexagonal logic (6bits). In such cases the 0-cells are divided in n different type of cells, and the addition of chunk of n-bits is done modulo n.