CN106375082A - Pseudo random number generation method - Google Patents

Pseudo random number generation method Download PDF

Info

Publication number
CN106375082A
CN106375082A CN201610850720.6A CN201610850720A CN106375082A CN 106375082 A CN106375082 A CN 106375082A CN 201610850720 A CN201610850720 A CN 201610850720A CN 106375082 A CN106375082 A CN 106375082A
Authority
CN
China
Prior art keywords
bit
detection
random number
sequence
length
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610850720.6A
Other languages
Chinese (zh)
Other versions
CN106375082B (en
Inventor
胡红钢
杨小龙
张平
胡先君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology of China USTC
Original Assignee
University of Science and Technology of China USTC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology of China USTC filed Critical University of Science and Technology of China USTC
Priority to CN201610850720.6A priority Critical patent/CN106375082B/en
Publication of CN106375082A publication Critical patent/CN106375082A/en
Application granted granted Critical
Publication of CN106375082B publication Critical patent/CN106375082B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Complex Calculations (AREA)

Abstract

The invention discloses a pseudo random number generation method. The pseudo random number generation method comprises the following steps: inputting a block cipher algorithm key K with a length of n bits and an initial vector IV0 with a length of N bits; using an vector IVi as the input of an AXU-Hash function, and processing the vector IVi to obtain an output Si; encrypting the obtained Si by using a block cipher with a key K, and carrying out xor on the obtained result and the Si to output a pseudo random number sequence Ri, wherein i represents moment, and i is 1, 2, 3... M. By adoption of the method, based on the characteristics of the hash function and the block cipher, the randomness and the high security of the generated sequence are guaranteed, and the generated sequence can pass all of the 15 pieces of sequence randomness detection provided by the American National Institute of standards and technology.

Description

A kind of pseudo random number production method
Technical field
The present invention relates to technical field of cryptology, more particularly, to a kind of pseudo random number production method.
Background technology
At present, in stream cipher system, encryption is to obtain ciphertext using the means with the direct XOR of key stream in plain text, deciphering It is that ciphertext is obtained in plain text with same key stream XOR.In order to system safety it would be desirable to key stream have well with Machine property.But costly as key stream cost using true random number, so typically good with randomness in actual use Replacing true random number, pseudo random number is to be produced by pseudorandom number generator to pseudo random number, and it has good randomness with full The demand of sufficient cryptographic system.
In prior art, the pseudorandom number generator as standard has two classes, ansi x9.17 pseudorandom number generator And fips 186 prng (prng).Ansi x9.17 prng is the standard that bank uses now, for producing data encryption Key required for standard (des) algorithm and initial vector, and fips 186 prng is used to produce data signature algorithm (dsa) random number required for, but the production method of current pseudo-random number lacks efficiency, have impact on use demand.
Content of the invention
It is an object of the invention to provide a kind of pseudo random number production method, the method can while ensureing safety, Compare current standard generation method and have and higher realize efficiency.
A kind of pseudo random number production method, methods described includes:
Input length is the block cipher key k of the n-bit and initial vector iv of n-bit0
By vectorial iviAs the input of axu-hash function, obtain after process exporting si
By obtained siIt is encrypted with the block cipher that key is k, and by obtained result and described siDifferent Or rear output obtains pseudo-random number sequence ri;Wherein i is the moment, and i=1,2,3 ... m.
Length n of described block cipher key k is determined by block encryption algorithm, according to different algorithms using different Key length.
Described initial vector iv0Length n determined by axu-hash function, specially n-bit or 2n bit.
When n-bit is mapped as n-bit by the axu-hash function using, described initial vector iv0Length n be n ratio Special;
And in i=1, iv1=iv0, in other moment, ivi=ivi-1+1.
When 2n bit map is n-bit by the axu-hash function using, described initial vector iv0Length n be 2n Bit;
And in i=1, iv1=iv0, in other moment, ivi=(si-1,ri-1).
Obtained pseudo-random number sequence riTotal length be mn bit.
As seen from the above technical solution provided by the invention, the spy based on hash function and block cipher for the said method It is ensured that the randomness of formation sequence and high security, formation sequence can pass through American National Standard technical research institute to point (nist) the whole 15 sequence randomness detections providing.
Brief description
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below will be to required use in embodiment description Accompanying drawing be briefly described it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings Accompanying drawing.
Fig. 1 is provided pseudo random number production method schematic flow sheet by the embodiment of the present invention;
The schematic diagram that a kind of pseudo random number that Fig. 2 is enumerated by the embodiment of the present invention produces;
The schematic diagram that another kind of pseudo random number that Fig. 3 is enumerated by the embodiment of the present invention produces.
Specific embodiment
With reference to the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Ground description is it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.Based on this Inventive embodiment, the every other enforcement that those of ordinary skill in the art are obtained under the premise of not making creative work Example, broadly falls into protection scope of the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail, is illustrated in figure 1 the present invention and implements The there is provided pseudo random number production method schematic flow sheet of example is it is characterised in that methods described includes:
Step 11: input length is the block cipher key k of the n-bit and initial vector iv of n-bit0
In this step, length n of described block cipher key k is determined by block encryption algorithm, according to different Algorithm adopts different key lengths.
For example be in the present embodiment can be using the now aes-128 as standard, it would however also be possible to employ other versions of aes or Other block ciphers;According to other versions, then need using different key lengths.
Above-mentioned initial vector iv0Length n determined by axu-hash function, specially n-bit or 2n bit.
Specifically, when n-bit is mapped as n-bit by the axu-hash function using, described initial vector iv0Length Degree n is n-bit;When 2n bit map is n-bit by the axu-hash function using, described initial vector iv0Length n be 2n bit.
Step 12: by vectorial iviAs the input of axu-hash function, obtain after process exporting si
In this step, the axu-hash function being used should have good property, for example:
1) if n-bit is mapped as n-bit by the axu-hash using, can be selected for function h1={ ha{ x }=a, function is One from { 0,1 } n to { 0- axuhash collection of functions;
2) if 2n bit map is n-bit by the axu-hash using, can be selected for function h2={ ha(x1, x2)=a x1 +a2, function is one from { 0,1, }2n{ to { 0 (2-(n-1), 2-(n- axu hash collection of functions.
Step 13: by obtained siBe encrypted with the block cipher that key is k, and by obtained result with Described siAfter XOR, output obtains pseudo-random number sequence ri.
Above-mentioned involved i is the moment, and i=1,2,3 ... m.
In implementing, according to initial vector iv0The difference of length, the processing scheme being adopted is also different, specifically comes Say:
It is illustrated in figure 2 a kind of schematic diagram of pseudo random number generation that the embodiment of the present invention is enumerated, in this case, institute Using initial vector iv0Length n be n-bit, that is, select h1={ ha(x)=a as axu-hash function, and in i=1 When, iv1=iv0, in other moment, ivi=ivi-1+ 1, the program is designated as htr scheme.In conjunction with Fig. 2, concrete processing procedure is:
1) input length is the block cipher key k of the n-bit and initial vector iv of n-bit0
2) in moment i=1,2 ... m, iv is obtained according to the recurrence relation of ivi(in i=1, iv1=iv0, when other Carve, ivi=ivi-1+1);
3) calculate st=ha(st)=a, wherein a are the random number again chosen in each computing;
4) calculate rt=ek(st).
It is illustrated in figure 3 the schematic diagram of another kind of pseudo random number generation that the embodiment of the present invention is enumerated, in this case, The initial vector iv being adopted0Length n be 2n bit, that is, select h2={ ha(x1, x2)=a x1+a2As axu-hash letter Number, and in i=1, iv1=iv0, in other moment, ivi=(si-1,ri-1), the program is designated as hbc scheme.In conjunction with Fig. 3, have Body processing procedure is:
1) input length is the block cipher key k of the n-bit and initial vector iv of 2n bit0, remember iv0=(s0, r0);
2) in moment i=1,2 ... m, obtain ivi=(si-1,ri-1);
3) calculate st=ha(st-1, rt-1)=a st-1+a2., wherein a is again choose in each computing random Number;
4) calculate rt=ek(st).
Pseudo-random number sequence r obtained by above two schemeiTotal length be mn bit.
Safety and randomness to the pseudo-random number sequence obtained by above two scheme detect below, first with For htr scheme, the definition according to pseudo-random generator is it is only necessary to judge following 2 conditions:
1) htr has spreading coefficient l;
2) sequence r that htr generatesiIt is pseudo-random sequence.
For condition 1, htr has spreading coefficient { 0,1, }2n→ 0,1, m, meet condition 1.For condition 2 it is assumed that htr gives birth to Become sequence be not pseudo-random sequence, that is, sequence with can distinguish in polynomial time, be wherein generally evenly distributed in 0, Independent random variable on 1 is all.According to the definition of undistinguishable, for the algorithm d of each probabilistic polynomial time, each is just Multinomial, and sufficiently large n, Wo Menyou:
|pr[d({rmn, 1n)=1]-pr [d ({ umn, 1n)=1] | > 1/p (n)
It is the formation sequence of htr, that is, againSo having
|pr[d({htr(u2n), 1n)=1]-pr [d ({ umn, 1n)=1] | > 1/p (n)
(hybrid) technology is proved according to apagogic principle and mixing, we will be concluded that block cipher e is not pseudo- Random function or pseudo-random permutation, i.e. e (u2n) and unCan distinguish in polynomial time, detailed process is as follows:
1) for 0≤k≤m, we define a mixed function
h n k = u k n · pref ( m - k ) n ( h t r ( u 2 n ) ) ,
Wherein uknIt is distributed across { 0,1 }knOn independent random variable.And we can obtain:
h n 0 = h t r ( u 2 n ) = r m n , h n m = u m n
2) 2 facts:With ukn·e(u2n)·pref(m-k-1)n(htr (u_2n)) is same to be distributed,With ukn·un· pref(m-k-1)n(htr (u_2n)) is with distribution.
3) according to this 2 facts, in the case of average, we obtain
| pr [ d ( { h t r ( u 2 n ) } , 1 n ) = 1 ] - pr [ d ( { u m n } , 1 n ) = 1 ] | = | σ k = 0 m - 1 pr [ d ( h n k ) = 1 ] - pr [ d ( h n k + 1 ) = 1 ] | ≤ m | pr [ d ( { e ( u 2 n ) } , 1 n ) = 1 ] - pr [ d ( { u n } , 1 n ) = 1 ] |
Therefore, Wo Menyou
|pr[d({e(u2n), 1n)=1]-pr [d ({ un, 1n)=1] | >=1/ (m p (n))
This is pseudo-random function or pseudo-random permutation contradiction with block cipher e, so the htr scheme described in present example It is that pseudo random number generates scheme.
Htr solution security circle solution procedure is as follows:
The block cipher of hypothesis bottom is pseudo-random function or pseudo-random permutation, and Security Target is exactly the output that scheme obtains It is secret or pseudorandom, be undistinguishable with truly random being uniformly distributed.Assume that opponent a can do selection and attack in plain text Hit, then the advantage of opponent a attack option htr can portray for:
adv h t r p r g ( a ) = pr [ k ← k e y : a h t r = 1 ] - pr [ a $ = 1 ]
Wherein $: { 0,1 }2n→ { 0,1, m is a random function.
adv h t r p r g ( a ) = pr [ k ← k e y | a h t r = 1 ] - pr [ a $ = 1 ] = pr [ k ← k e y | a h t r = 1 ] - pr [ r ← r a n d o m ( 2 n , n ) : a r = 1 ] + pr [ r ← r a n d o m ( 2 n , n ) : a r = 1 ] - pr [ a $ = 1 ] = adv e p r f ( a ) = adv h t r [ r ] p r g ( a )
Because bottom block cipher e is pseudo-random function or pseudo-random permutation, only need to calculateUpper Dividing value.
First bottom block cipher e is substituted for random function r:{ 0,1 }2n→{0.Following proof part is all based on Game-playing technology.
Lemma: if game g and h is identical until bad games, a is an opponent, then opponent attacks game The advantage of g and h is:
Adv (a)=pr [ag=1]-pr [ah=1]≤pr [agSets bad]=pr [ahsets bad]
According to identical-until-bad lemma, Wo Menyou:
adv h t r [ r ] p r g ( a ) = pr [ r ← r a n d o m ( 2 n , n ) : a r = 1 ] - pr [ a $ = 1 ] ≤ p r [ a $ s e t s b a d ]
Need now to calculateThat is input in the domain of definition calculate r is needed to produce collision coll The probability of (domain (r)), obtains following result by the property of general Hash:
pr [ a $ s e t s b a d ] = pr [ c o l l ( d o m a i n ( r ) ) ] = m 2 &element; / 2 n
When ∈=2-nWhen, the advantage of opponent a attack option htr is
adv h t r p r g ( a ) ≤ adv b p r f - c p a ( a ) + m 2 &element; / 2 n = adv b p r f ( a ) + m 2 / 2 2 n
When m takes 1024, block cipher length n is 128 bits, and the safety of htr scheme reduces 2logm-1=19 ratio Spy, is 109 bits.
Proving by the same methods obtains: htr scheme is also safe under chosen ciphertext attacks.When m takes 1024, block cipher length n For 128 bits, the safety of htr scheme reduces 2logm=20 bit, is 108 bits.
Pseudo-random sequence r more above-mentioned htr scheme being produced belowiCarry out randomness detection, packet adopted here Password is aes-128, and the form of axu-hash function is h1={ ha(x)=a x }, specifically:
The sequence randomness examination criteria being provided according to American National Standard technical research institute and detection external member are right here The sequence that htr scheme produces has carried out the randomness detection of whole 15, comprising: single-bit frequency detects (frequency Test), frequency detection (frequency test within a block) in block, distance of swimming sum detection (run test), in block The longest 1 Runs-test (test for the longest run of ones in a block), the detection of binary matrix order (binary matrix rank test), discrete Fourier transform detect (discrete fourier transform Test), non-overlapped module matching detection (non-overlapping template matching test), overlay module coupling Detection (overlapping template matching test), maurer general statistical detection (maurer ' s " universal statistical " test), linear complexity detection (linear complexity test), overlapping sub- sequence Row detection (serial test), approximate entropy detection (approximate entropy test), cumulative and detection (cumulative sum test), free Runs-test (random excursions test), free variable detection (random excursions variant test).
Introduce every kind of test purpose, the selection of test parameter and obtained test result in turn below.
For each class detection method, single test list entries length is 1024000 bits, tests 1000 times (at random Runs-test and free variable are detected as 625 times), the sequence number by this kind of detection for the statistics.
For each detection method, pass through if there are no less than 980 detections in 1000 tests, just say that this sequence is led to Cross the detection of this randomness.If total number measured is 625, needs to pass through no less than 611 tests, could illustrate that sequence is passed through This test.
1. single-bit frequency detection
A kind of statistic mixed-state project, whether the number for detecting in sequence to be checked 0 and 1 is close.
Test result: 991/1000, by this detection.
2. frequency detection in piece
A kind of statistic mixed-state project, whether the number for detecting in the m seat sequence (referred to as " block ") of sequence to be checked 1 connects Nearly m/2.
Parameter selects: piecemeal length m=128
Test result: 994/1000, by this detection.
3. distance of swimming sum detection
A kind of statistic mixed-state project, whether the sum for detecting the distance of swimming in sequence to be checked obeys randomness requires.
Test result: 993/1000, by this detection.
4. the longest 1 Runs-test in piece
A kind of statistic mixed-state project, for detecting the distribution of maximum " 1 " distance of swimming in each grade long sub-sequence of sequence to be checked Whether obey randomness requirement.
Test parameter: sub-sequence length m=10000
Test result: 995/1000, by this detection.
5. binary matrix order detection
A kind of statistic mixed-state project, for detecting the linear independent between the subsequence of given length in sequence to be checked.
Test result: 992/1000, by this detection.
6. discrete Fourier transform detection
A kind of statistic mixed-state project, for detecting that sequence to be checked carries out obtaining abnormal peak value number after Fourier transform Whether exceed permissible value.
Test result: 989/1000, by this detection.
7. non-overlapped module matching detection
A kind of statistic mixed-state project, for detecting that the number of times a certain given m bit long target strings b in sequence to be checked is No obedience randomness requires.In detection process, when not finding target strings, window moves one afterwards every time and continues search for;When matching During target strings, count and window moves directly to target strings next bit and continues search for.
Test parameter: sub-sequence length m=128000, piecemeal length m=9
Test result: test selects 148 kinds of b values altogether, minima is 984/1000, by this detection.
8. overlay module matching detection
A kind of statistic mixed-state project, for detecting that the number of times a certain given m bit long target strings b in sequence to be checked is No obedience randomness requires.In detection process, when not finding target strings, window moves one afterwards every time and continues search for;When matching During target strings, count and window only moves one afterwards and continues search for.
Test parameter: sub-sequence length m=1032, piecemeal length m=9
Test result: 992/1000, by this detection.
9.maurer general statistical detects
A kind of statistic mixed-state project, for detecting that can sequence to be checked be compressed (lossless compress).
Test result: 990/1000, by this detection.
10. linear complexity detection
A kind of statistic mixed-state project, whether the distribution for detecting the linear complexity of sequence to be checked is random.
Test parameter: piecemeal length m=500
Test result: 992/1000, by this detection.
11. overlapping subsequence detections
A kind of statistic mixed-state project, for detect m position in sequence to be checked can each of overlapping subsequence pattern number Whether close.
Test parameter: piecemeal length m=16
Test result: 987/1000, by this detection.
12. approximate entropy detections
A kind of statistic mixed-state project, by compare m position can the frequency of overlapping subsequence mode and m+1 position can overlapping subsequence The frequency of pattern is detecting its randomness.
Test parameter: piecemeal length m=10
Test result: 985/1000, by this detection.
13. cumulative and detections
A kind of statistic mixed-state project, peak excursion in each subsequence of sequence to be checked should be had by it with random sequences Whether some peak excursions compare, excessive or too small with the peak excursion that judges sequence to be checked.
Test result: 988/1000 (positive), 988/1000 (reverse), by this detection.
14. free Runs-tests
Test result: 8 kinds of states correspond to 8 groups of test results
Minima is 617/625, by this detection.
15. free variable detections
Test result: 18 kinds of states correspond to 18 groups of test results
State x Test result
-9 622/625
-8 621/625
-7 622/625
-6 623/625
-5 622/625
-4 620/625
-3 620/625
-2 619/625
-1 619/625
1 621/625
2 618/625
3 619/625
4 618/625
5 620/625
6 618/625
7 621/625
8 621/625
9 620/625
Minima is 618/625, by this detection.
Above-mentioned 15 kinds of test result summary sheets are following (the selection minima of multigroup test result):
From the above results: the pseudo-random sequence that htr scheme produces has passed through the randomness detection of whole 15, has Random nature well.
The pseudo-randomness of the produced sequence of another kind of scheme (hbc) and safety analysiss process and above-mentioned htr scheme Safety analysiss process is consistent, is not repeated herein.
Again, being detected, packet adopted here is close to the randomness of the pseudo-random sequence that this hbc scheme produces below Code is aes-128, and the form of axu-hash function is h2={ ha(x1, x2)=a x1+a2, specifically:
The sequence randomness examination criteria being provided according to American National Standard technical research institute and detection external member, to hbc The pseudo-random sequence that scheme produces has carried out the randomness detection of whole 15, comprising: frequency inspection in the detection of single-bit frequency, block Survey, distance of swimming sum detection, the longest 1 Runs-test, the detection of binary matrix order, discrete Fourier transform detection, non-overlapped mould in block Block- matching detection, overlap template matching detect, maurer general statistical detects, linear complexity detects, overlapping subsequence detects, Approximate entropy detection, cumulative and detection, the detection of free Runs-test, free variable.
In test, selected parameter is identical with parameter selected by test in embodiment 1, and test result is as follows.
For each class detection method, single test list entries length is 1024000 bits, tests 1000 times (at random Runs-test and free variable are detected as 620 times), the sequence number by this kind of detection for the statistics.
For each detection method, pass through if there are no less than 980 detections in 1000 tests, just say that this sequence is led to Cross the detection of this randomness.If total number measured is 620, needs to pass through no less than 606 tests, could illustrate that sequence is passed through This test.
1. single-bit frequency detection
Test result: 990/1000, by this detection.
2. frequency detection in piece
Test result: 995/1000, by this detection.
3. distance of swimming sum detection
Test result: 991/1000, by this detection.
4. the longest 1 Runs-test in piece
Test result: 991/1000, by this detection.
5. binary matrix order detection
Test result: 991/1000, by this detection.
6. discrete Fourier transform detection
Test result: 986/1000, by this detection.
7. non-overlapped module matching detection
Test result: test selects 148 kinds of b values altogether, minima is 984/1000, by this detection
8. overlay module matching detection
Test result: 992/1000, by this detection.
9.maurer general statistical detects
Test result: 983/1000, by this detection.
10. linear complexity detection
Test result: 990/1000, by this detection.
11. overlapping subsequence detections
Test result: 982/1000, by this detection.
12. approximate entropy detections
Test result: 995/1000, by this detection.
13. cumulative and detections
Test result: 991/1000 (positive), 991/1000 (reverse), by this detection.
14. free Runs-tests
Test result: 8 kinds of states correspond to 8 groups of test results
State x Test result
-4 611/620
-3 613/620
-2 615/620
-1 611/620
1 617/620
2 614/620
3 615/620
4 608/620
Minima is 608/620, by this detection.
15. free variable detections
Test result: 18 kinds of states correspond to 18 groups of test results
State x Test result
-9 616/620
-8 613/620
-7 612/620
-6 617/620
-5 618/620
-4 614/620
-3 611/620
-2 616/620
-1 616/620
1 615/620
2 613/620
3 617/620
4 614/620
5 613/620
6 614/620
7 615/620
8 615/620
9 616/620
Minima is 611/620, by this detection.
Above-mentioned 15 kinds of test result summary sheets are as follows to (the selection minima of multigroup test result):
Sequence number Test item Test result Whether pass through
1 Single-bit frequency detects 990/1000 Pass through
2 Frequency detection in block 995/1000 Pass through
3 Distance of swimming sum detection 991/1000 Pass through
4 The longest 1 Runs-test in block 991/1000 Pass through
5 Binary matrix order detects 991/1000 Pass through
6 Discrete Fourier transform detects 986/1000 Pass through
7 Non-overlapped module matching detection 982/1000 Pass through
8 Overlay module matching detection 992/1000 Pass through
9 Maurer general statistical detects 983/1000 Pass through
10 Linear complexity detects 990/1000 Pass through
11 Overlapping subsequence detection 982/1000 Pass through
12 Approximate entropy detects 995/1000 Pass through
13 Add up and detect 991/1000 Pass through
14 Random Runs-test 608/620 Pass through
15 Free variable detects 611/620 Pass through
From the above results: the pseudo-random sequence that hbc scheme produces has passed through the randomness detection of whole 15, has Random nature well.
In sum, the feature based on hash function and block cipher for the embodiment of the present invention it is ensured that formation sequence with Machine and high security, whole 15 sequences that formation sequence can be provided by American National Standard technical research institute are random Property detection;On the other hand, based on the method, each moment only needs to call a block cipher, the ansi of comparison with standard X9.17prng each moment calls block cipher twice to have and higher realizes efficiency.
It should be noted that those skilled in the art can be understood that above-described embodiment can be real by software Now it is also possible to the mode by software plus necessary general hardware platform to be realized.Based on such understanding, above-described embodiment Technical scheme can be embodied in the form of software product, and this software product can be stored in a non-volatile memory medium In (can be cd-rom, u disk, portable hard drive etc.), including some instructions with so that a computer equipment (can be personal Computer, server, network equipment etc.) execution each embodiment of the present invention described in step.
The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto, Any those familiar with the art in the technical scope of present disclosure, the change or replacement that can readily occur in, All should be included within the scope of the present invention.Therefore, protection scope of the present invention should be with the protection model of claims Enclose and be defined.

Claims (6)

1. a kind of pseudo random number production method is it is characterised in that methods described includes:
Input length is the block cipher key k of the n-bit and initial vector iv of n-bit0
By vectorial iviAs the input of axu-hash function, obtain after process exporting si
By obtained siIt is encrypted with the block cipher that key is k, and by obtained result and described siAfter XOR Output obtains pseudo-random number sequence ri;Wherein i is the moment, and i=1,2,3 ... m.
2. according to claim 1 pseudo random number production method it is characterised in that
Length n of described block cipher key k is determined by block encryption algorithm, is adopted different close according to different algorithms Key length.
3. according to claim 1 pseudo random number production method it is characterised in that
Described initial vector iv0Length n determined by axu-hash function, specially n-bit or 2n bit.
4. according to claim 3 pseudo random number production method it is characterised in that methods described also includes:
When n-bit is mapped as n-bit by the axu-hash function using, described initial vector iv0Length n be n-bit;
And in i=1, iv1=iv0, in other moment, ivi=ivi-1+1.
5. according to claim 3 pseudo random number production method it is characterised in that methods described also includes:
When 2n bit map is n-bit by the axu-hash function using, described initial vector iv0Length n be 2n bit;
And in i=1, iv1=iv0, in other moment, ivi=(si-1,ri-1).
6. according to one of them described pseudo random number production method of claim 1-5 it is characterised in that
Obtained pseudo-random number sequence riTotal length be mn bit.
CN201610850720.6A 2016-09-26 2016-09-26 A kind of pseudo random number production method Active CN106375082B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610850720.6A CN106375082B (en) 2016-09-26 2016-09-26 A kind of pseudo random number production method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610850720.6A CN106375082B (en) 2016-09-26 2016-09-26 A kind of pseudo random number production method

Publications (2)

Publication Number Publication Date
CN106375082A true CN106375082A (en) 2017-02-01
CN106375082B CN106375082B (en) 2019-10-22

Family

ID=57898616

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610850720.6A Active CN106375082B (en) 2016-09-26 2016-09-26 A kind of pseudo random number production method

Country Status (1)

Country Link
CN (1) CN106375082B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110929252A (en) * 2019-11-22 2020-03-27 福建金密网络安全测评技术有限公司 Algorithm and random number detection system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102802042A (en) * 2012-08-17 2012-11-28 无锡睿驰美迪科技有限公司 3G Modem card multi-track coding transport system and method based on ARMl1 core microprocessor
CN105376055A (en) * 2015-12-09 2016-03-02 捷德(中国)信息科技有限公司 Method for generating pseudo random number and pseudo random number generator

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102802042A (en) * 2012-08-17 2012-11-28 无锡睿驰美迪科技有限公司 3G Modem card multi-track coding transport system and method based on ARMl1 core microprocessor
CN105376055A (en) * 2015-12-09 2016-03-02 捷德(中国)信息科技有限公司 Method for generating pseudo random number and pseudo random number generator

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110929252A (en) * 2019-11-22 2020-03-27 福建金密网络安全测评技术有限公司 Algorithm and random number detection system
CN110929252B (en) * 2019-11-22 2021-10-26 福建金密网络安全测评技术有限公司 Algorithm and random number detection system

Also Published As

Publication number Publication date
CN106375082B (en) 2019-10-22

Similar Documents

Publication Publication Date Title
Erkan et al. 2D eπ-map for image encryption
CN110401627B (en) Differential fault attack resistance security evaluation method and system suitable for block cipher algorithm infection protection
CN106778304A (en) A kind of quick New chaotic image encryption method with related scramble mechanism in plain text
CN103457719A (en) Side channel energy analysis method for SM3 cryptographic algorithm HMAC mode
Hua et al. Image encryption using 2D Logistic-Sine chaotic map
CN109756322A (en) Digital image encryption method based on DES structure and DNA encoding
Zhao et al. Construction of a nondegenerate 2D chaotic map with application to irreversible parallel key expansion algorithm
Liu et al. Chaos-based color image encryption using one-time keys and Choquet fuzzy integral
Duan et al. Differential power analysis attack and efficient countermeasures on PRESENT
CN104301095A (en) DES round operation method and circuit
CN114374775A (en) Image encryption method based on Julia set and DNA coding
Xu et al. A Strong Key Expansion Algorithm Based on Nondegenerate 2D Chaotic Map Over GF (2 n)
CN106375082A (en) Pseudo random number generation method
CN104618098A (en) Cryptographic construction method and system for set member relation determination
Lustro et al. Performance analysis of enhanced SPECK algorithm
Chen et al. Region of interest encryption based on novel 2D hyperchaotic signal and bagua coding algorithm
Mohammed et al. Secure image encryption scheme using chaotic maps and rc4 algorithm
He et al. Cryptanalysis and improvement of a block cipher based on multiple chaotic systems
Raza et al. PRaCto: Pseudo Random bit generator for Cryptographic application
Abad et al. Enhanced key generation algorithm of hashing message authentication code
Wang et al. Single-Trace Side-Channel Attacks on CRYSTALS-Dilithium: Myth or Reality?
Abumuala et al. A new method for generating cryptographically strong sequences of pseudo random bits for stream cipher
Tong et al. A novel image encryption scheme based on feedback and 3D Baker
CN111884799B (en) CRPs library construction method and system based on RO-PUF
Indumathi et al. Construction of Key-dependent S-box for Secure Cloud Storage.

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant