KR20080019631A - Method, system and device for generating a pseudorandom data sequence - Google Patents

Abstract

The invention concerns a device and a method for generating a pseudorandom data sequence (1) from an initial dataflow (3) characterized in that it includes the following steps: defining a set of code words forming a complete prefix code (5); defining a set of output words (7); defining a desynchronizing function (f) associating with any code word of said complete prefix code (5) an output word of said set of output words (7); breaking down the initial data flow (3) into a coded sequence of words (11) in conformity with said complete prefix code (5); associating the words of said coded sequence of words (11) with the corresponding output words in conformity with said desynchronizing function (f) to form said pseudorandom data sequence (1). ® KIPO & WIPO 2008

Description

Method, system and device for generating a pseudorandom data sequence

The present invention relates to the field of encryption / decryption, and more particularly, to a system and method for generating a pseudorandom data sequence.

The present invention is very usefully applied to generating a series of bits for symmetric encryption, which is an encryption process when the same secret key is used for encryption / decryption. The present invention relates to a first method of adding a message to a pseudorandom data sequence having the same length, bit by bit, and a second method having the same encryption and decryption operations. Symmetric encryption is commonly used for all forms of communication, such as mobile communications (GSM, UMTS, etc.), the Internet (SSL, etc.), microchip cards (bank cards), and the like.

The most basic symmetric encryption technique is known as flow encryption, which adds a plain text message one bit to a series of random values of equal length. This technique introduces the inherent and difficult problem of generating a long pseudorandom series.

The most common flow encryption method utilizes a pseudo-random series that occurs regardless of the message to be encrypted, using a linear feedback shift register to efficiently use the hardware.

The main drawback of linear feedback shift registers is that they are linear. In fact, knowing the number of output bits and associated feedback polynomials of a register of the same length as the register, one can determine the output bits of the register and all subsequent states.

Thus, to break the linearity of a linear feedback shift register, it is a standard procedure to combine possible outputs from multiple registers with possible internal states of the register, for example using a nonlinear Boolean function.

In figure 5 a generator 121 of the type known as the shrinking generator described in EP application EP 0 619 659 is shown. The generator 121 includes a first register 123a which is a linear feedback shift register, a second register 123b, and an output selecting means 125 of the generator 121.

When the two registers 123a and 123b are shifted at the same time and the output of the first register 123a is "1", the output of the generator 121 is the same as the output of the second register 123b. Otherwise, no bit is output.

The shrink generator allows the combination of conventional bit series pairs as well as the output of two linear feedback shift registers. The shrink generator is a type of stream encryption system in which one linear feedback shift register controls another linear feedback shift register. The concept is to break the linearity of the registers by varying the number of shifts between the various registers used and the number of shifts between two consecutive bits.

A variant of the shrink generator, known as a self-shrink generator, is based on the same principle but uses only one register. The output bits of the register are read two by one and the first bit controls the output of the second bit such that if the first bit is "1" the output of the system is the second bit, otherwise any bit Will not be output.

Using only linear feedback registers has many disadvantages. The main disadvantage is the vulnerability due to the linearity of the device. There are also disadvantages when registers are combined by Boolean functions. At the hardware level, the drawbacks are due to the complexity for implementing the function. In addition, the function is fixed and vulnerable to external attacks.

In addition, if the feedback of the shift register used in the pseudorandom series generator is regularly or easily predicted, the generator is vulnerable to algebraic attack.

In addition, the statistics reveal a certain vulnerability of the shrinkage generator. In particular, the number of shifts performed by the two registers between the two output bits in the shrink generator varies but has the same value for the two registers.

The present invention provides a method for generating a pseudorandom data sequence from an initial data flow.

Defining a set of code words forming a complete prefix code;

Defining an output word set;

Defining an asynchronous function that combines an output word from the set of output words with a code word of the complete prefix code;

Decomposing the initial data flow into a series of words coded according to the complete prefix code; And

Combining the coded series of words with a corresponding output word according to the asynchronous function to form a pseudorandom data sequence;

It provides a method comprising a.

Thus, full prefix codes allow the initial data flow to be decomposed in a special way and can also be easily executed by a finite automatic machine. In addition, the method is simple to implement, generating a pseudorandom data sequence using an initial data flow asynchronous function. In fact, the use of full prefix codes and "asynchronous components" prevents algebraic attacks or substantially neutralizes algebraic attacks with the guaranteed minimum number of bits. In contrast, even if the shrink generator is used as an asynchronous component in the pseudorandom series generator, the minimum guaranteed ratio is substantially zero.

Preferably, the asynchronous function is a parameterized function according to a predetermined parameter, and the parameter value can be changed during generation of the pseudorandom data sequence.

The fact that asynchronous with changeable initialization parameters increases the complexity of the relationship between the initial data flow and the pseudorandom data sequence makes the pseudorandom data sequence more difficult to predict.

In accordance with a feature of the invention, the output word set includes a complement output word for every output word.

For example, for a given output word length, this allows the number of "0" and "1" to be balanced in the output word set.

The code words of the full prefix code preferably have a length limited to the upper limit h. Thus, when one output word x has the same length as another output word y, the number of preceding terms by the asynchronous function of output word x is equal to the number of preceding terms by the asynchronous function of output word y.

This ensures that the pseudorandom data sequence has good statistical characteristics while ensuring a minimum ratio that does not depend on the initial data flow. In particular, this prevents the hamming weights of the generated pseudorandom data sequences from providing information about the initial data flow. In other words, bits with a value of "0" and bits with a value of "1" in the output sequence include the same amount of information for the initial data sequence.

Preferably, the code words of the full prefix code have a length limited to the lower limit m, and for the length k less than or equal to the upper length ℓ with the upper length as ℓ, the complete prefix code reads 2 ^m-1 words of length k. It is desirable to include.

It also further improves the statistical feature by optimizing the probability distribution of the pseudorandom data sequence.

The first embodiment of the method

A complete prefix code is defined by the following set of code words;

C ₁ = {01 ⁿ O; 0≤n≤h-2} ∪ {10 ⁿ 1; 0≤n≤h-2} ∪ {01 ^h-1 } ∪ {10 ^h-1 }, where h≥2

* Output word set is binary set E ₁ Defined by a word of {0, 1};

The predetermined parameter u of the parameterized asynchronous function is a vector u = (u ₀ , ..., u _{h -1} ) with components belonging to the set {0,1};

* The parameterized asynchronous function f _u is

F _u (01 ⁿ 0) = u _n (0 ≦ n ≦ h-2);

1 (0≤n≤h-2);F _u (10 ⁿ 1) = u _n

1 (0 ≦ n ≦ h-2);

^{_{· F u (01 h-1}} ) = u h -1;

1F _u (10 ^h-1 ) = u _{h -1}

One

It is characterized by.

This embodiment is implemented at a relatively low cost and can also be used to provide hardware based encryption. In addition, the ratio between the number of output bits (i.e., the number of bits of the pseudorandom data sequence) and the number of input bits (number of bits of the initial data flow) is much greater than 1/3, and also guaranteed for an input of length h The minimum number of output bits is one.

Another embodiment of the method is

A full prefix code is a set of code words consisting of two bytes

C ₂ = {w ₁ w ₂ ; w _i ∈ {0,1} ⁸ , i = 1,2};

Output word set is set E ₂ Defined by the word = {0,1} ⁸ ∪ {ε};

₉)이고, 처음 8개의 성분 v₀,...,v₈ 의 값들이 불변이고 최종 성분

₉의 값은 가변적이며;The predetermined parameter v of the parameterized asynchronous function is a vector v = (v ₀ , ..., v ₈ , with components belonging to the set {0,1}

₉ ), the values of the first eight components v ₀ , ..., v ₈ are immutable and the final component

The value of ₉ is variable;

* Parameterized asynchronous function f _v : C ₂ → {ε} ∪ {0,1} ⁸ combines with w ₁ w ₂ words of the form:

* Combine with word w ₁ if one of the following conditions is met:

w₂)≤ 8 및 v_{wt ( w1}

_{w2 )} = b;4 <wt (w ₁

w ₂ ) ≤ 8 and v _{wt ( w1}

_{w2 )} = b;

Where wt is the Hamming weight and b is the preset element of {0,1}

w₂) < 4 및 v_{wt ( w1}

_{w2 )}≠b;0 ≦ wt (w ₁

w ₂ ) <4 and v _{wt ( w1}

_{w2 )} ≠ b;

w₂) = 4,

₉= 1, 4 < wt(w₁

w₂

e)≤8, 및 v₄ = b;Wt (w ₁

w ₂ ) = 4,

₉ = 1, 4 <wt (w ₁

w ₂

e) ≤ 8, and v ₄ = b;

(Where e is an odd hamming weight word of {0,1} ⁸ )

w₂) = 4,

₉=1, 0 ≤ wt(w₁

w₂

e)< 4 및 v₄ ≠ b;Wt (w ₁

w ₂ ) = 4,

₉ = 1, 0 ≤ wt (w ₁

w ₂

e) <4 and v ₄ ≠ b;

* Combines with word w ₂ if one of the following conditions is met:

w₂)≤ 8 및 v_{wt ( w1}

_{w2 )} ≠ b;4 <wt (w ₁

w ₂ ) ≤ 8 and v _{wt ( w1}

_{w2 )} ≠ b;

w₂)< 4 및 v_{wt ( w1}

_{w2 )} = b;0 ≦ wt (w ₁

w ₂ ) <4 and v _{wt ( w1}

_{w2 )} = b;

w₂) = 4,

₉= 1, 4 < wt(w₁

w₂

e)≤ 8 및 v₄≠b;Wt (w ₁

w ₂ ) = 4,

₉ = 1, 4 <wt (w ₁

w ₂

e) ≤ 8 and v ₄ ≠ b;

w₂) = 4,

₉= 1, 0 ≤ wt(w₁

w₂

e)< 4 및 v₄ = b;Wt (w ₁

w ₂ ) = 4,

₉ = 1, 0 ≤ wt (w ₁

w ₂

e) <4 and v ₄ = b;

w₂)= 4이고

₉= 0 인 경우 빈 워드 ε와 결합하는 것을 특징으로 한다.* wt (w ₁

w ₂ ) = 4

_{When 9} = 0, it is characterized by combining with the empty word ε.

Preferably, the method of execution may be used for software type encryption. In addition, the ratio between the number of output bits and the number of input bits is much greater than 1/3, and the guaranteed minimum number of output bits for an input of h length bits is one.

The present invention also provides a generator for generating a pseudorandom data sequence from an initial data flow, comprising: a memory storing a code word set and an output word set forming a complete prefix code; And a processing unit that reads an initial data flow, decomposes it into a series of words coded according to the prefix code word, and combines the series of words with corresponding output words according to an asynchronous function to generate a pseudorandom data sequence. It provides a generator that includes.

Thus, the generator generates a pseudorandom data sequence with a minimum ratio that does not depend on the initial data flow. In addition, the generator is not only efficient and relatively inexpensive, but also easy to implement.

The generator further comprises parameter setting means for causing the asynchronous function to depend on a predetermined parameter and to change the value of the predetermined parameter during generation of a pseudorandom data sequence.

Thus, since the initialization parameter value or its change point is unknown, it becomes more difficult to predict the pseudorandom data sequence.

The present invention also provides an encryption / decryption apparatus comprising an exclusive-OR logic gate and a generator having the above characteristics.

The apparatus provides a concise method of combining each bit of the pseudorandom data sequence with a corresponding bit of the data sequence of the message to be encrypted by modulo 2 addition to form an encrypted data sequence with high linear complexity. do.

The invention also provides a security system comprising at least two objects interconnected via a communication network, each object having an encryption / decryption device having the above characteristics.

Thus, the security system actually has a complex mechanism but a simple structure to implement.

1 is a schematic diagram illustrating a method for generating a pseudorandom data sequence in accordance with the present invention.

2A and 2B show examples of a finite automatic machine for decomposing an initial data flow into a coded series of words according to the present invention.

3A and 3B illustrate examples of a pseudorandom data sequence generator in accordance with the present invention.

4 illustrates a security system with the generator shown in FIG. 3A or 3B.

5 is a view showing a conventional generator.

Other features and advantages of the present invention will become more apparent from the following detailed description with reference to the accompanying drawings. The following embodiments are examples of the technical idea of the present invention, and the present invention is not limited thereto.

1 shows a schematic example of a method for generating a pseudorandom data sequence 1 from an initial data flow 3 according to the invention.

The term "word" (or "pattern") hereinafter refers to any finite series of characters from any alphabet (e.g., the alphabet of a binary set consisting of only zeros and ones). Each word will have a given length. For example, 0, 11, 000, 1010, 00111 are words having lengths 1, 2, 3, 4, and 5, respectively. Also, the word " empty " epsilon is a word having a length of zero (i.e., a word containing no characters).

The initial data flow 3 corresponds to a high "linear complexity" data sequence. For example, the initial data flow 3 can be generated by an initial generating means 23 (Fig. 3A) having a maximum periodic linear feedback shift register.

In fact, any period series can be generated by multiple linear feedback shift registers. One of the registers is shorter than all the other registers. The length of the shortest register is called the "linear complexity" of the flow. If the linear complexity of the initial data sequence is L, the Berlekamp-Massey algorithm reconstructs the initial state of the register (and virtually all sequences) from a sub-series of the initial data sequence having a length of 2L. Can be used.

Thus, in order to generate a safe pseudorandom data sequence, it is recommended that the initial data flow 3 has a large linear complexity. In fact, if the linear complexity L of the initial data flow is less than 160, the currently best known algorithm can reconstruct the initial data flow 3 in less than 2 ⁸⁰ operations. Thus, it is advantageous to have an initial data flow 3 with a linear complexity L of 160 or greater.

According to the invention, the code word set 5a is defined to form a "complete prefix code" 5.

In general, the term “code” refers to any word set on a particular alphabet. So the features of the code are considered in relation to the corresponding alphabet.

Suppose A is an arbitrary alphabet. Suppose a word consists of letters from A, and C designates a code on A. then:

1) The word x is called the "prefix" of the word w when y is present such that w = xy. The notation means that x is linked to y. If there is no word of code that is a prefix of another word of the code in code C, then C is called a “prefix code”;

2) If word w is a combination of words of C, that is to say that w = w ₁ w ₂ ... w _n can be written for the words w ₁ , w ₂ , ..., w _n in C; The word w is called coded by C; Also, if word w 'is present so that ww' is coded by C in any word w, C is called "complete". Code word u belonging to word w ', C, where code word u belonging to word w' and C is present for any word w such that u is prefixed to word ww ', that is, ww' equals uu ' If, and word u 'are present, code C can be seen as complete.

If C is a prefix code and is also complete code, then C is referred to as a complete prefix code.

Also, a set 7 of output words 7a designated by E are defined such that E is included in the combination of {0, 1} ^k and {ε}. The asynchronous function f is defined to combine the output word 7a from the output word set 7 with the code word 5a of the complete prefix code 5.

로 표시된 보수 출력 워드(7a)를 포함하는 출력 워드 세트(7)를 선택하는 것이 유리하다.For example, output word set 7 may be set E = {ε, 0, 1}, or E = {0, 1}, or E = {ε} and {0, 1} ^8k , where k≥ 1, ie multiples of bits). In particular, for output words of a given length, for output word 7a denoted by s, in order to balance the number of "0" and "1" in the output word set,

It is advantageous to select an output word set 7 comprising a complementary output word 7a, denoted by.

In addition, the asynchronous function f is a basic operation that can be implemented at a relatively low cost, for example, bit by bit modulo 2 addition.

Thus, the method of the present invention takes the output word set E and the asynchronous function f as inputs of the complete prefix code 5 C.

The method according to the invention also comprises a decomposition operation 10 for decomposing the initial data flow 3 into a series of words 11 coded according to the complete prefix code 5. By using the full prefix code 5 the initial data flow 3 is decomposed in a special way.

The full prefix code 5 can preferably be recognized by a finite automatic machine and determines whether or not the word w is present in the full prefix code 5 when the word w is given.

In fact, FIGS. 2A and 2B show examples of finite automatic machines 13a and 13b for decomposing the initial data flow 3 into a coded series of words 11. The finite automatic machine includes a path 17 or a set of nodes or states 15 connected by arrows, so that every word of the complete prefix code 5 is the path 17 between the initial state I and the final state F. Can be defined by Thus, the path 17 corresponding to the bit value is taken when reading the bit, and when the final state F is reached, reading the word of the complete prefix code 5 is immediately terminated and the initial state I Return to) to read the next word.

The example of FIG. 2A is to recognize the code words of the full prefix code 5 defined by C = {10 ^* 1, 01 ^* 0} (where 10 ^* 1 specifies a word set of the form 10 ^k 1, 01 ^* 0 specifies a word set of the form 01 ^k 0, where k is an integer). Note that 10 ⁰ 1 corresponds to word 11 and 01 ⁰ 0 corresponds to word 00. Thus, the finite automatic machine 13a converts the initial data flow 3 into a coded series of words 11 comprising words of the formats 10 ... 01, 01 ... 10, 11, and 00. Decompose

And, the example of FIG. 2B is a length limited by the upper limit h of the full prefix code 5 defined by the code C = {10 ^{h + 1} , 01 ^{h + 1} , 10 ^k 1, 01 ^k 0, k≤h}. Recognize a code word with

In addition, the method according to the invention combines a series of words 11 coded to form a pseudorandom data sequence 1 with a corresponding output word 7a according to an asynchronous function f 20. ).

Thus, the application of the mechanism of the present invention relates to the decomposition of a series of inputs, i.e. the initial data flow 3, into a series of words 11 of full prefix code 5 on the course. Each time a word of the complete prefix code 5 is recognized, the image of the word by the asynchronous function f produces an output word. This mechanism is repeated until the last bit of the initial data flow 3 input is reached or a stop condition defined by the user is satisfied.

In the context of encryption application, it should be noted that some or all of the data of the mechanism (complete prefix code, asynchronous function) may preferably leave secret data of the encryption system.

The asynchronous function f is preferably a parameterized function according to a predetermined parameter of a value that can be changed during generation of the pseudorandom data sequence 1. This parameterized function combines the elements from the set E of the output word with the binary vector v of length m, i.e., the element v of {0, 1} ^m and the word x of the full prefix code (5) C. , x | f _v (x).

The method of the invention takes as input the initial data flow 3 and the binary vector v. The selection of the vector v can be performed by applying a (nonlinear) operation to the initialization vector. Of course, the vector v may have a predetermined value (eg, v is an invalid vector). The vector v can preferably be changed during the processing so that it can follow the occurrence of the pseudorandom data sequence 1.

Thus, the parameter improves the complexity of the relationship between the initial data flow 3 and the pseudorandom data sequence 1, making the pseudorandom data sequence 1 more difficult to predict.

In addition, in order to ensure a minimum ratio that does not depend on the initial data flow 3, the code words of the full prefix code 5 preferably have a length limited by an upper limit h. Thus, if one output word s ₁ has the same length as another output word s ₂ , the number of preceding terms by the asynchronous function f of the output word s ₁ is determined by the asynchronous function f of the other output word s ₂ . It is equal to the number of the preceding paragraph.

In other words, the complete prefix code 5 has the following advantageous features:

All words of the complete prefix code 5 C have a length less than or equal to an integer h;

* For any pair (s ₁ , s ₂ ) from the set E＼ {ε}, the number of elements with the length of integer k in sets f _v ^-1 {s ₁ } and f _v ^-1 {s ₂ } is Mutually identical.

This also ensures that the hamming weight of the generated pseudorandom data sequence 1 (ie, the number of bits of the value "1") does not provide information to the initial data flow 3. In other words, the bits with the value "0" and the bits with the value "1" in the pseudorandom data sequence 1 contain the same amount of information on the initial data flow 3.

The words of the complete prefix code 5 preferably have a length limited by the lower limit m. When the larger length of the word of the full prefix code is L and k is less than or equal to L, it is preferable that the complete prefix code include 2 ^m-1 words of length k. In other words, a combining function f _v is the code C＼ {f _v for the following feature, i. ^-1 (ε)} contains exactly 2 ^m-1 words of length k.

Thus, the average ratio with a uniform distribution of the initial data flow 3 is about 1 / (m + 1). In particular, for a given bit of the pseudorandom data sequence, whatever the given bit (0 or 1), the probability that the code word is of length k is inversely proportional to k. The selection of the probability distribution is the optimal condition for the statistical feature that the pseudorandom data sequence 1 must satisfy.

In a first embodiment of the invention, the set C ₁ = {01 ⁿ O; 0 ≦ ⁿ ≦ h-2} ∪ {10 ⁿ 1; 0 ≦ ⁿ ≦ ^h- 2} ∪ {01 ^h-1 } ∪ {10 ^h-1 } (where ∪ represents the union operator, and h is a fixed integer (h≥2)), and the full prefix code defined by the binary set E ₁ = {0, 1} Consider the output word set defined by

Further, the vector u = (u ₀ , ..., u _{h -1} ) is defined such that the component belongs to the set {0,1}. The parameterized function f _u is defined as follows.

f _u (01 ⁿ 0) = u _n (0≤n≤h-2);

1 (0≤n≤h-2)(

는 모듈로 2 덧셈);f _u (10 ⁿ 1) = u _n

1 (0≤n≤h-2) (

Add modulo 2);

f _u (01 ^h-1 ) = u _{h -1} ;

1* f _u (10 ^h-1 ) = u _{h -1}

One

bⁿ

의 워드에 대한) 값 n 또는 (형태

b^{h -1}의 워드에 대한) 고정된 값 h-1를 알고 있는 코드 C₁의 워드 x에 대하여 계산된다.In this embodiment, the initial data flow 3 is read bit by bit, and the value f _u (x) is the first bit of the word x and (form

b ⁿ

Value n or (for word of form)

is calculated for word x of code C ₁ , which knows a fixed value h−1 (for words of b ^{h −1} ).

ⁿb) = b

u_n(0≤n≤h-2)로, 그리고, f'_u(b,h-1) = f_u(b

^h-1) = b

u_{h -1}로 둔다.

또한, 플래그(flag)는 값 0으로 초기화되며, 또한 코드 C₁의 워드가 인식된 후에만 값 1을 갖는다. 상기 플래그의 값은 각 워드 인식 후에 리셋된다. 각 워드 인식에 대하여, 상기 현재 워드의 제1 비트는 변수 c에 일시적으로 저장되며, 또한 상기 워드의 길이는 변수 "길이"에 업데이트된다. 상기 출력 비트 값은 변수 s에 저장된다.In order to explain the mechanism of the first embodiment, f ' _u (b, n) = f _u (b

ⁿ b) = b

u _n (0≤n≤h-2), and f ' _u (b, h-1) = f _u (b

^h-1 ) = b

Let u _{h -1} .

In addition, the flag is initialized to the value 0, and also has the value 1 only after the word of the code C ₁ is recognized. The value of the flag is reset after each word recognition. For each word recognition, the first bit of the current word is temporarily stored in variable c, and the length of the word is updated to variable "length". The output bit value is stored in variable s.

Thus, the first embodiment repeats the following mechanism:

* Flag ← 0; Length ← 0

* Read the next bit b of the sequence of initial data flows (3) S

* c ← b

Repeat the steps below while the * flag is 0 and the length <h-1:

Read next bit b of S

If b = c flag ← 1, otherwise length = length + 1

u_길이를 출력 // c

u_길이 = f'_u(c,길이).* c

output u _length // c

u _length = f ' _u (c, length).

This embodiment is relatively inexpensive to implement and can be used to implement encryption with electronic circuitry of hardware. Further, the average ratio, i.e., the ratio between the number of output bits (number of bits of the pseudorandom data sequence) and the number of input bits (number of bits of the initial data flow) is much greater than 1/3. In addition, the guaranteed minimum number of output bits on the input of length h is one.

In the second embodiment of the present invention, the complete prefix code 5 is two bytes in the following format C ₂ = {w ₁ w ₂ ; w _i ∈ {0,1} ⁸ , i = 1,2} It is defined by the configured code word set C ₂ , and the output word set is defined by the words from the set E ₂ = {0,1} ⁸ μs {ε}.

₉의 값이 변수인 벡터 v=(v₀,...,v₈,

₉)가 규정된다.In addition, the component belongs to the set {0,1} and the values of the first eight components v ₀ , ..., v ₈ are immutable and the final component

_A vector whose value of ₉ is a variable v = (v ₀ , ..., v ₈ ,

₉ ) is specified.

In addition, the parameterized function f _v : C ₂ → {ε} ∪ {0,1} ⁸ combines with any word of w ₁ w ₂ of the form:

* Combine with word w ₁ if one of the following conditions is met:

w₂)≤ 8 및 v_{wt ( w1}

_{w2 )} = b;4 <wt (w ₁

w ₂ ) ≤ 8 and v _{wt ( w1}

_{w2 )} = b;

Where wt is the Hamming weight and b is the preset element of {0,1}

w₂) < 4 및 v_{wt ( w1}

_{w2 )}≠b;0 ≦ wt (w ₁

w ₂ ) <4 and v _{wt ( w1}

_{w2 )} ≠ b;

w₂) = 4,

₉= 1, 4 < wt(w₁

w₂

e)≤8, 및 v₄ = b;Wt (w ₁

w ₂ ) = 4,

₉ = 1, 4 <wt (w ₁

w ₂

e) ≤ 8, and v ₄ = b;

(Where e is an odd hamming weight word of {0,1} ⁸ )

w₂) = 4,

₉= 1, 0 ≤ wt(w₁

w₂

e)< 4 및 v₄ ≠ b;Wt (w ₁

w ₂ ) = 4,

₉ = 1, 0 ≤ wt (w ₁

w ₂

e) <4 and v ₄ ≠ b;

* Combines with word w ₂ if one of the following conditions is met:

w₂)≤ 8 및 v_{wt ( w1}

_{w2 )} ≠ b;4 <wt (w ₁

w ₂ ) ≤ 8 and v _{wt ( w1}

_{w2 )} ≠ b;

w₂) < 4 및 v_{wt ( w1}

_{w2 )} = b;0 ≦ wt (w ₁

w ₂ ) <4 and v _{wt ( w1}

_{w2 )} = b;

w₂) = 4,

₉= 1, 4 < wt(w₁

w₂

e)≤ 8 및 v₄≠b;Wt (w ₁

w ₂ ) = 4,

₉ = 1, 4 <wt (w ₁

w ₂

e) ≤ 8 and v ₄ ≠ b;

w₂) = 4,

₉= 1, 0 ≤ wt(w₁

w₂

e) < 4 및 v₄ = b;Wt (w ₁

w ₂ ) = 4,

₉ = 1, 0 ≤ wt (w ₁

w ₂

e) <4 and v ₄ = b;

w₂)= 4이고

₉= 0 인 경우 빈 워드 ε와 결합된다.* wt (w ₁

w ₂ ) = 4

_{If 9} = 0 then it is combined with the empty word ε.

To explain the mechanism of the second embodiment, h≥1 is set, the flag is initialized to the value 0, and has a value 1 only after the word of the code C ₂ is recognized. For each word recognition, the last byte read is temporarily stored in variable c, and the length of the word is updated to variable "length". The output bit value is stored in the variable s. Two bytes w ₁ And connection of w ₂ is represented by w ₁ │w _2.

Thus, the second embodiment repeats the following mechanism:

* Flag ← 0; Length ← 0

₉← 0*

₉ ← 0

Read next bit oct of S

* c ← oct

* Repeat steps below while flag is 0

Read next bit oct of S

S ← f _v (c│oct)

If s ≠ ε flag ← 1, otherwise:

C ← oct

Length = length + 1

₉← 1If length = h-3

₉ ← 1

* output s

The second embodiment can be preferably used for software type encryption. Also, the average ratio, that is, the ratio between the number of output bits and the number of input bits, is much larger than 1/3. Also, the guaranteed minimum number of output bits on the input of h length bits is one.

3A shows an example of a generator 21 for generating a pseudorandom data sequence 1 according to the invention.

The generator 21 comprises initial generating means 23 having at least one maximum periodic linear feedback shift register for generating the initial data flow 3. All words or patterns of length k (where T = 2 ^k −1) appear at least once in a series of maximum periods T. The linear feedback shift register is a table (register) of finite length bits provided to have a linear combination represented by a polynomial called a feedback polynomial. In each shift, the bit with the highest index is removed, all other bits are shifted by one index, and the bit with the lowest index has the value of the linear combination before the shift.

The feedback polynomial may be, for example, a primitive polynomial corresponding to a linear feedback shift register that produces a maximum period series or a polynomial of the form Q = (x ² + 1) P, where P is the primitive polynomial.

The generator 21 also includes a memory 25 and a processing unit 27. The memory 25 stores a set of code words and an output word set 7 forming a complete prefix code 5.

The processing unit 27 reads the initial data flow 3, decomposes the read initial data flow into a series of words 11 coded according to the complete prefix code 5, and also the coded series of words 11. ) Is combined with the corresponding output word according to the asynchronous function f to generate a pseudorandom data sequence. The asynchronous function f combines the output words from the output word set 7 with any code word of the complete prefix code 5.

The processing unit 27 may simultaneously perform the disassembly operation 10 and the coupling operation 20. Thus, the processing unit 27 reads the initial data flow 3 bit by bit, and each time the word of the complete prefix code 5 is found, the processing unit 27 causes the asynchronous function 9 to be executed. The video of the word is calculated by.

Thus, the generator is simply configured and includes disassembly means (memory 25 and processing unit 27) and asynchronous means (memory 25 and processing unit 27). The decomposing means decomposes the input initial data flow 3 in a special way, and the asynchronous means generates a pseudorandom data sequence having a minimum ratio which does not depend on the initial data flow 3.

3B shows another example of a generator 21 for generating a pseudorandom data sequence 1 according to the present invention. The generator of FIG. 3B differs from the generator of FIG. 3A in that it further comprises parameter setting means 29. The parameter setting means 29 makes an asynchronous function f depending on the preset parameter and changes the parameter value during generation of the pseudorandom data sequence 1.

4 shows a security system 30 having at least two objects interconnected via an internet, GSM, UMTS, WiFi, ultra-wideband communication network 35.

4 shows a first object 33a connected to a second object 33b via the communication network 35.

The first object 33a includes a first terminal 37a, a first encryption / decryption apparatus 39a, and a first modem 41a. The second object 33b includes a second terminal 37b, a second encryption / decryption apparatus 39b, and a second modem 41b. The first modem 41a and the second modem 41b are devices capable of interfacing with the communication network 35.

The first and second encryption / decryption apparatuses 39a and 39b each include a generator 21 and an exclusive OR logic gate 43 for generating a pseudorandom data sequence 1.

The first and second encryption / decryption apparatuses 39a and 39b encrypt or decrypt a message bit by bit.

In the above embodiment, the first encryption / decryption apparatus 39a performs an encryption operation. Thus, the pseudorandom data sequence 1 is coupled with each bit to the corresponding position of the message 45 explicitly sent by the first terminal 37a, via an exclusive OR logic gate 43. This generates encrypted text 47 that the first modem 41a will send to the second object 33b. Thus, the encryption operation obtains the encrypted text 47 by adding the pseudorandom data sequence 1 bit by bit to the text of the message 45.

The second encryption / decryption apparatus 39b performs a decryption operation by adding a pseudorandom data sequence 1 bit by bit to the encrypted text 47 sent from the first object 33a so that the message ( Get the text of 45) clearly. Thus, the encryption and decryption operations are the same.

The method, system and apparatus for generating pseudorandom data sequences according to the present invention can be applied to the field of encryption / decryption.

Claims (11)

In a method for generating a pseudorandom data sequence (1) from an initial data flow (3), Defining a set of code words forming a complete prefix code 5; Defining an output word set 7; Defining an asynchronous function (f) for combining the output words from the set of output words (7) with the code words of the complete prefix code (5); Decomposing the initial data flow (3) into a series of words (11) coded according to the complete prefix code (5); And Combining the coded series of words (11) with a corresponding output word according to the asynchronous function (f) to form a pseudorandom data sequence (1); Pseudo random data sequence generation method comprising a. 2. The pseudorandom data sequence generation of claim 1, wherein the asynchronous function (f) is a parameterized function that depends on a predetermined parameter having a value that can change during generation of the pseudorandom data sequence (1). Way. Method according to claim 1, characterized in that said output word set (7) comprises a complementary output word for each output word. The method according to any one of claims 1 to 3, The code words of the full prefix code 5 have a length limited by the upper limit h, Pseudorandom data characterized in that when one output word x has the same length as another output word y, the number of preceding terms by the asynchronous function of output word x is equal to the number of preceding terms by the asynchronous function of output word y. How sequence occurs. The method of claim 4, wherein The code words of the full prefix code 5 have a length limited to the lower limit m, When the upper length of the code word of the full prefix code 5 is l and the length of the lower length l or less is k, the complete prefix code includes 2 ^m-1 words of length k. How to generate pseudorandom data sequence. The method according to claim 4 or 5, The complete prefix code 5 is defined by the following set of code words; C ₁ = {01 ⁿ O; 0≤n≤h-2} ∪ {10 ⁿ 1; 0≤n≤h-2} ∪ {01 ^h-1 } ∪ {10 ^h-1 }, where h≥2 * The output word set (7) is the binary set E ₁ Defined by a word of {0, 1}; The predetermined parameter u of the parameterized asynchronous function f is a vector u = (u ₀ , ..., u _{h -1} ) with components belonging to the set {0,1}; The parameterized asynchronous function f _u is F _u (01 ⁿ 0) = u _n (0 ≦ n ≦ h-2); F _u (10 ⁿ 1) = u _n

1 (0 ≦ n ≦ h-2); ^{_{· F u (01 h-1}} ) = u h -1; F _u (10 ^h-1 ) = u _{h -1}

Defined as 1; Method of generating a pseudorandom data sequence, characterized in that. The method of claim 4, wherein * The complete prefix code (5) is a two-byte codeword set C ₂ = {w ₁ w ₂ ; w _i ∈ {0,1} ⁸ , i = 1,2}; The output word set (7) is set E ₂ Defined by the word = {0,1} ⁸ ∪ {ε}; * The predetermined parameter v of the parameterized asynchronous function f is a vector v = (v ₀ , ..., v ₈ , with components belonging to the set {0,1}

₉ ), where the values of the first eight components v ₀ , ..., v ₈ are immutable and the final component

The value of ₉ is variable; * Parameterized asynchronous function f _v : C ₂ → {ε} ∪ {0,1} ⁸ combines with any word of w ₁ w ₂ of the form: * Combine with word w ₁ if one of the following conditions is met: 4 <wt (w ₁

w ₂ ) ≤ 8 and v _{wt ( w1}

_{w2 )} = b; Where wt is the Hamming weight and b is the preset element of {0,1} 0 ≦ wt (w ₁

w ₂ ) <4 and v _{wt ( w1}

_{w2 )} ≠ b; Wt (w ₁

w ₂ ) = 4,

₉ = 1, 4 <wt (w ₁

w ₂

e) ≤ 8, and v ₄ = b; (Where e is an odd hamming weight word of {0,1} ⁸ ) Wt (w ₁

w ₂ ) = 4,

₉ = 1, 0 ≤ wt (w ₁

w ₂

e) <4 and v ₄ ≠ b; * Combines with word w ₂ if one of the following conditions is met: 4 <wt (w ₁

w ₂ ) ≤ 8 and v _{wt ( w1}

_{w2 )} ≠ b; 0 ≦ wt (w ₁

w ₂ ) <4 and v _{wt ( w1}

_{w2 )} = b; Wt (w ₁

w ₂ ) = 4,

₉ = 1, 4 <wt (w ₁

w ₂

e) ≤ 8 and v ₄ ≠ b; Wt (w ₁

w ₂ ) = 4,

₉ = 1, 0 ≤ wt (w ₁

w ₂

e) <4 and v ₄ = b; * wt (w ₁

w ₂ ) = 4

_{If 9} = 0, the method of generating a pseudorandom data sequence, characterized in that it is combined with the empty word ε. In a generator for generating a pseudorandom data sequence (1) from an initial data flow (3), A memory for storing a set of code words and an output word set 7 forming a complete prefix code 5; And Read an initial data flow 3 and decompose it into a series of words 11 coded according to the complete prefix code 5 and corresponding output of the coded series of words 11 according to an asynchronous function f. A processing unit 27, in combination with a word, for generating a pseudorandom data sequence 1; Generator comprising a. 9. The apparatus of claim 8, further comprising parameter setting means (29) for causing said asynchronous function to depend on a predetermined parameter and for changing the value of said predetermined parameter during generation of pseudorandom data sequence (1). Generator. An encryption / decryption apparatus comprising an exclusive-OR logic gate 43, An encryption / decryption device, further comprising a generator (21) according to claim 9 or 10. In a security system comprising at least two objects interconnected via a communication network (35), A security system, characterized in that each of said at least two objects comprises an encryption / decryption device (39a, 39b) according to claim 10.

Images