JPS61193183A - Random number generation circuit - Google Patents

Abstract

(57) [Summary] This bulletin contains application data before electronic filing, so abstract data is not recorded.

Description

DETAILED DESCRIPTION OF THE INVENTION [Field of Application of the Invention] The present invention relates to a random number generation circuit, and particularly to a pseudorandom number generation circuit used in cryptographic machines, Monte Carlo simulators, and the like.

[Background of the invention]

Pseudo-random numbers are used in cryptographic machines, and binary M-sequence random numbers have conventionally been used as random numbers. This is a Galois field 0F(2n) as described in U.S. Patent No. 3,816,764 and U.S. Pat. No. 3,911,216.
It is made on top. Therefore, to generate long-period random numbers.

It was necessary to obtain an extended Galois field of higher order 2.

[Purpose of the invention]

An object of the present invention is to generate long-period pseudorandom numbers using relatively low-order multi-value irreducible polynomials, implement them in a binary arithmetic circuit, and use them as random numbers in cryptographic devices and Monte Carlo simulations. The purpose of this invention is to provide a random number generation circuit.

[Structure of the invention]

In order to achieve the above object, the random number generation circuit of the present invention has M
In order to generate r = 2 r-1 Galois field GF (Mrn) upstream random numbers, Mr bit adders are used, the carry output of the most significant bit is connected to the carry input of the least significant bit, and an AND circuit is used. An Mr value addition circuit which sets the result output bit to 0'' when all outputs of the M
Its output is connected to the addition output of the r value addition circuit, and r×r
It is characterized by being composed of an Mr value multiplier circuit using an X-Novi multiplier and multiple stages of shift registers, each stage having r number of stages.

[Embodiments of the invention]

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

FIG. 2 is an explanatory diagram of a 2-bit adder used in the present invention.

In general, a Galois field is a Galois field with a prime number p as a prime field, and a Galois field G
It can be extended to F(pn). On the other hand, arithmetic circuits used in electronic computers and the like perform binary arithmetic operations. Therefore, the prime number p
We propose to perform the calculations based on binary calculations. First, for the prime number p, choose the Mersenne number of P=2"-1... (1). This number is easy to convert from a binary number. Also, basically, it is a binary number. Arithmetic operations can be used.

For example, in the three-value operation M2=22-1=3, 2
Arithmetic operations are performed using binary arithmetic units of i (1
1) I thought about making effective use of 2 (= (3) 3=O).

An example of three values will be explained below.

1 in FIG. 2 is a 1-bit adder. That is, j
, k are 1 bit input each, and μ is a carry bit input from the lower order.The results of these binary calculations are a 1 carry output bit C and an output bit e.

FIG. 3 is a block diagram of a three-value addition circuit that combines the adder and logic circuit of FIG. 2, and FIG. 4 is a diagram showing the calculation results of FIG. 3.

In FIG. 3, 1 is a 2-bit adder, 2 is an exclusive OR circuit (mod 2 arithmetic circuit) or a NAND circuit, and 3 is an AND circuit. Also, let the horizontal side of Fig. 4 be ai1ate, the vertical side be bl, and the intersection of a and b inside (7) be e2e□.

In other words, (Caxeax) is (10) and (b8°bs)
If we assume (10), then from Figure 3.

c2=1 is output by a 2 + b 2, and by inputting this to μm, el:=1 is output.

As a result, (eaet)=(01).

Note that at this time, since (dt-dt) is (01), the output of the exclusive OR circuit 2 is l, and the AND circuit 3
The output of is Cax-ex)=(01), and in another example, (az+ai)=(01)=(b2.
b) = (10), the output of adder 1 is (d2.c
tt) = (it), the output of the exclusive OR circuit 2 is 0, and therefore the output of the AND circuit 3 is (eg
o at)=(00).

In addition, here, (00)=O, (OX)=1°(10)
=2. Then, FIG. 4 is a ternary calculation table.

This three-value calculation circuit is used to configure a three-value maximum period pseudo-random number generation circuit.

The ternary maximum period pseudorandom number is a primitive irreducible polynomial f of first degree n
n(x)=a nxn+a n-□x"-"+...
・Fist a 1x 10a O... (2) (ai is 0,1
．． 2).

Its period Pn is P=3n-1.

When n=3, f 3 (x)=x"+2x+1...
... (3) The period P3 is P, = 33-1 = 26 Therefore, f is expressed in ternary notation, and the above formula (3) is expressed as (10% formula % With the initial value as (001)a, (010 )s (1000)s= (012)3 (mod (10
(1200)3= (212)3 (mod f3)
(2120)3:: (111)3 (nod fa
)(1110)3=(122)3(1220)3=(202)3(nod
f3) (2020) , = (011)3 (n
od f3) Similarly, (1100)3= (112)3 (1120)s= (102) 3 (1020)3= (002)s (200)z (2000)3= (021)3 (2100)a” (121)s (1210)3= (222)3 (2220) 3= (211)z (2110)3= (101)s (1010)3= (022)s (2200) 3= (221)3 (2210) 3" (201)3 (2010)s" (001)3 This is one cycle.

FIG. 5 is a block diagram of a ternary random number generation circuit showing one embodiment of the present invention, which uses a shift register and a ternary adder circuit.

In FIG. 5, S, 1. S□2*S21+522tS
31+S3g is shift register 4. Ao.

A1 is the ternary adder A in FIG. This circuit is driven by a shift clock.

First, all shift registers from 81□ to S3□ are set to 'O'.
is reset to P 2 +P1=(0
1) is input, 811=1 is input to the first clock.
is set. The state of this shift register is (00
,00,Of).

That is, (S3□S 31 + S 22 * S
1□511).

At the next shift clock, if (P2Pl) = (00), the state of the shift register (state of S2) is (0
0,01,00).

At the next shift clock, (PgPx) = (00)
The S3 state is (01,00,00).

At the fourth shift clock, (Q*Q1)=(01) and input b of Ao! =1. Input b1=1 of A work is generated, and the S4 state becomes (00,01°10).

The state of the next SIs is (01,10,00)
The state of Sl is (10,01,10).

At the 7th shift clock, (QgQ□) = (10) occurs, and the A labor force is (a2at) = (10) - (bgb
x) = (10), the output is (eze 1) = (0
1), Ao large input, (bzbx) = (01), output is
(egex) = (01), and the state of S7 is (
OX, OX, 01).

At the 8th shift clock, (QgQx) = (.

1), A, input (agat) = (01) - (b2bL
) = (01), output (east) = (10) - Ao
Large input agaz) = (00) - (bzbz) = (1
0), and the output (e * e t) = (10).

At the 9th shift clock, (Q2Q□)=(01), A
, input (82at) = (10) - (bzb t) =
(01), output (e 2 et) = (00) −
A, input (a2at) = (00), (b2bx) =
(10), the state of S'' is (10,00,10).

At the 10th shift clock, (Q2Q1)=(10)=
Ax input (ax a t) = (10) - (bz
bx) = (1o), output (e2et) = (01),
Ao large input bzbx) = (ox).

The state of S10 is (00,01,01).

Moreover, the state of S11 is (01,01,00),
Hereafter, in the same way, S" 2= (01,01,10) Sl 3= (01,00,10) S14= (00,00,10) S15= (00,10,00) SIB= (10 ,00,00) SI B= (00,10,01) S'''= (10,01,00) SI B= (01,10,01) S 2 '= (1,0,10,10)S ”= (10
,01,01) 522= (01,00,0f) S23= (00,10,10) S2'= (10,10,00) S2S= (10,10,01) 82B= (10,00,01 ) S27 = (00,00,01) and returns to the S'(7) state. That is, in FIG. 5, f 3 (x)=x3+2x+1 is satisfied. Generally, for the ternary nth order.

fn=(x)=xn+an-4xn-1+...+c
For an irreducible polynomial of 1 x+a O, a set of two shift registers is
Prepare a set and install a ternary adder a at the position al=O.

The wiring connects the final shift register output Q2. I will connect Q1.

When a1=1, Q2→b2 terminal eQl→b2 terminal, a
When 1=2, connect Q2→b2 terminal p to Q1+b1 terminal.

Random numbers can be generated either by using the output Q 2 Q t as a ternary random number sequence or by using the contents of each set of registers as random numbers.

In this way, in this embodiment, since ternary random numbers can be easily generated, random numbers on 0F(3n) can be used as random numbers on GF(2n), and the range of application of random numbers to simulation cryptography is therefore expanded. be done.

That is, the random number period C2 on GF (2n) is C2=2
For n-1, the random number period C3 on GF (3n) is C,=
3n-1, and a low-order, long-period 03 is obtained.

Next, other embodiments will be described.

In this case as well, in order to perform binary operations on the prime number p, we focus on the efficient Mensenne number M1=2r-1 and propose an arithmetic circuit using an extended field of Mensenne numbers.

For example, in a seven-value operation where M3=23-1=7, three 2
A 7-value number, which is calculated using a value calculation circuit, is a binary number 3
It can be expressed by bits.

(1)? = (001)2 (2)? = (010),z (3)? = (011)z (4)? = (100)2 (5) ? = (101) t (6) ? = (110)2 Here, (a) 7 indicates a 7-value, and (XX-2 indicates a binary number).

An example of seven values will be described below as an embodiment of the present invention.

FIGS. 6(a) and 6(b) are block diagrams of a 1+1 bit adder 11 and a 3×3 bit multiplier 12, respectively. a
, b is an input, U is a carry input, C is a carry output, and e is an addition output. Also, a2yal+ ao+ bl, b
l, I) O is multiplication input, C2+C11CO is carry output, C2, e.

eo is the multiplication result output.

FIG. 7 is a diagram showing a seven-value addition circuit 15 using the 1+1 bit adder 11.

The inputs a2+ C1+ aQ and bl, bl, bO are
Each is a 7-value number expressed in binary. Also, 13 is NAN
The DAND circuit is an AND circuit.

The operation of the seven-value addition circuit 15 in FIG. 7 is shown in FIG. 9(a).

For example, in the case of (6) 7 + (5) 7, a , ) + b
(,=1 and +c o=Q, e (,=1゜al+bl
=1 and -01=Oe e t=1ya 2+b 2=
(10) With 2, c , = l = ut3 ° C2 = o, a o + b o + u 6 = (10) 29 Q o = 1
=u 1*6o=Q.

a 1+ b 1+ u 1= (10) te
01= 1 = u 21e□=0゜a 2+b 2+u 2= (11) 2t C2=
'=uOpe2=1.

So, C2+ Bit eo temporarily becomes (001)2, but becomes (100)2 in the fixed state. At this point, output the clock signal c'Q and calculate the calculation result d2sdi+d o
We get (100)2.

FIG. 8 is a block diagram of a seven-value multiplier circuit showing an embodiment of the present invention, and FIG. 9(b) is an explanatory diagram showing the calculation result of FIG. 8.

For example, in the case of (6)7X (5)t, C of multiplier 12
21Qly QO output and e2p131* eo ratio output.

(110) gX (101) z=(0111
10) Since 2, c,=Q, c1=l,
co=l.

(011)! fB 2 = 1 g 13 1” 1 @ e o
=Oe(110)g,' Therefore, according to FIG. 9(a), g2*gi+go is obtained with (011)*+ (110)2= (010) 2 being the steady state.

Namely.

5×6=2 (mod 7) (5).

By using these 7-value calculation circuits 15 and 16, a 7-value longest period pseudo random number generation circuit can be constructed. The 7-value longest period pseudorandom number is a primitive irreducible polynomial f of first degree n, (x)=
a nxn+an-x x”-”+・・・・・・+a 1
It is determined by x+a.

Its period Pn is P,=7''-1.

When n=1, f x (X)=x+2, etc. are primitive irreducible polynomials, and the period is P1=7-1=6.

When n=2, F2(x)=x”+x+3, etc., and the period is
P2=72-1=48.

If n = 3, f 3 (x) = x 3 + 3 x
+2 etc., and the period is P3=73-1=342.

F3 is expressed in hexadecimal and expressed as (1032).

Initial value (001)? As.

(001)? (010)? (100)? (1000)? = (045)? (nod (103
That is, (1000)-(1032)= (0-3=
7-3=4. (mod7) -2=7-2=5, (mod7)
Therefore, (0-3-2)=(045).

(450)? (4500)? = (526)y mod (10
32) That is.

(4500)? =4X (1032)? = (55-1
)? = (526)? 12 = 5 (mod 7), 8 = 1 (mod 7) Do the same thing below.

(5260)? = (254)? (2540)y=(553)? (5530)? = (524)? (5240)? = (234)? (2340)? = (353)y (3530)? = (511) t (5110) Fu = (104) Fu (1040)
? = (015)t (150)? FIG. 1 is a block diagram of a seven-value longest period pseudo-random number generation circuit showing an embodiment of the present invention.

3 3-stage shift registers from Ftz to F33 17.18
are using. This is the above-mentioned F3 7-value longest period pseudo random number generation circuit. Incidentally, among the shift registers 17 and 1B, the output of the final stage shift register 18 uses inverse logic logic. F3(x) = x 3+ 3 x +
2, MPl and MP of the multiplication circuit 16 are (3)
? = (2) q is the output f of the shift register 18, , f
1. Set to multiply f0. This circuit is driven by a shift clock.

First, in −a2e ale aQ, (0,0,1)2=
(1)? After entering only once, (0,0゜0)2
= (0)? (In addition, shift register 17.18
(all are reset to 110''), (1)7 is set by the output a at the first clock, and the state of the shift register 17.18 at this time is indicated as (001), ie.

F 33 = F 32 = F 3t = OF 23
” F 2□=F21=O F 1s = F l 2= Oe F□1=1
At the next second clock, F21 is set to "1" and Fll is reset to "0". This (010)
Shown as 7.

Similarly, (100) at the third clock? bawl.

At $-4 clock, h2. hl, ho-fold signal.

hz=1. ht=1. ho=O−(110)2”(6)
7 is output.

What is the output of MPo (6)? X (2)7= (5)sMP
The output of l is (6) f x (3)? = (4) 4F13~F
Since 1□ is (O)7, F13=1. F1□=O,
F11=1 F23=1. F2□=O, F2t=0 are set,
The state becomes (045).

At the next fifth clock, since h2 to h are 0'', the state is (450)?.

The sixth clock has h2=O, h1=1. h o = 1
, (oli)z= (3)? is output, MPO=
(3)7X (2)? = (6) 7MP 1 =
(3)? X (3)? = (2)? F
1=(0)? (F□3=O-F□2=O9F 1
t = o) Because there is te, (526)? (7) Becomes a state.

At the seventh clock, h=2. (h2=Q.

h1=1−ho=o) is output.

MPo” (2)?X (2)?= (4)tMP1=
(2)? X (3)? = (6)? Fl=(6)? Therefore, setting to F2 is (6)? +(6
)? = (5) becomes (254)? The state will be as follows.

Thereafter, the process proceeds in a similar manner, and the state (001) returns at the 343rd clock.

Generally, for a prime number Mr = 2r-1, r pieces of 1+1 bit adders are used, the carry output of the most significant bit is connected to the carry input of the least significant bit, and the resultant bits are all "1".
”, that is, all “1” An
d circuit installed.

When the output is 1”, set the result output bit to II OII
shall be. This is called an Mr value addition circuit.

Next, an I'×r bit multiplier is used, and its output is connected to the addition input of the Mr value addition circuit in the same way as in FIG.

This is called an Mr value multiplication circuit.

To obtain the longest period pseudorandom number in Mr value.

A primitive irreducible polynomial fM''n on GF(Mr) is given.

fMrn=anxn+an-1xn-1+・・・・+
alx+a(.

As is clear from FIG. 1, the random number generation circuit is provided with r shift registers in each stage, and an Mr value addition circuit and an Mr value multiplication circuit are provided corresponding to the constant 81. At this time, the multiplier setting of the Mr value multiplication circuit is the value of al. For the zero-order random number, n stages of the above circuit are provided. The shift output of the final stage is connected as an inverse logic value to the multiplicand input of each stage Mr value multiplier circuit.

Note that the N a n d circuit 13 and the And circuit 1 in FIG.
Since 4 is a multiplier of 7 in the 1 multiplier circuit 16 and becomes "0'' (see FIG. 9(b)), it is not particularly necessary.

In this embodiment, the maximum period pseudo-random number can use the positive logic value of the final stage shift register as the Mr value sequence. Further, the positive logic value from each stage can be used as the value of OF(Mrn).

〔Effect of the invention〕

As described above, according to the present invention, multivalued random numbers can be easily generated, so that the range of application of random numbers to simulation cryptography is expanded.

[Brief explanation of drawings]

Fig. 1 is a block diagram of a 7-value longest pseudorandom number generation circuit showing one embodiment of the present invention, Fig. 2 is a block diagram of a 2-bit adder, and Fig. 3 is a block diagram of a 2-bit adder.
The figure is a block diagram of a ternary addition circuit using the 2-bit adder and logic circuit in Figure 2, and Figure 4 is a diagram showing the addition result in Figure 3.
Figure 5 is a block diagram of a ternary random number generation circuit using a shift register and a ternary adder circuit, and Figure 6 is a 1+1 bit adder and a ternary random number generation circuit.
7 is a block diagram of a 3-bit multiplier, FIG. 7 is a block diagram of a 7-value addition circuit used in the present invention, and FIG.
FIG. 9, a block diagram of the value multiplication circuit, is a diagram showing the calculation results of the addition circuit and multiplication circuit of FIGS. 7 and 8. 11: 1+1 bit adder, 12: 3x3 bit multiplier, 13: Nand circuit, 14: A n d circuit, 1
5-near value addition circuit, 16:7-value multiplication circuit, 17.18:
Shift register, 1: 2-bit adder, 2: exclusive OR circuit (mod 2 arithmetic circuit) or N an d circuit, 3: And circuit, 4: shift register. Job Q (woman @zlfJ f, y solar radiation 2 diagram
Figure 7 8j/■

Claims (1)

[Claims] 1. Mr = 2^r-1 In order to generate random numbers on the Galois field GF (Mr^n), Mr bit adders are used, and the carry output of the most significant bit is An Mr value addition circuit which is connected to the carry input of the lower bits and sets the result output bit to "0" when all the outputs of the AND circuit are "1", and the addition input of the Mr value addition circuit. Mr value multiplier circuit with output connected and using r×r bit multiplier, and each stage r
A random number generation circuit comprising a plurality of stages of shift registers. 2. When generating random numbers on the Galois field 3^n (GF(3^n)), a ternary addition circuit using two bit adders and a two-column shift register are provided. A random number generation circuit according to claim 1.