WO2019113844A1 - Method for generating random number, chip, and electronic device - Google Patents

Method for generating random number, chip, and electronic device Download PDF

Info

Publication number
WO2019113844A1
WO2019113844A1 PCT/CN2017/115956 CN2017115956W WO2019113844A1 WO 2019113844 A1 WO2019113844 A1 WO 2019113844A1 CN 2017115956 W CN2017115956 W CN 2017115956W WO 2019113844 A1 WO2019113844 A1 WO 2019113844A1
Authority
WO
WIPO (PCT)
Prior art keywords
random number
chip
seed
kth
generating
Prior art date
Application number
PCT/CN2017/115956
Other languages
French (fr)
Chinese (zh)
Inventor
严可
Original Assignee
深圳市汇顶科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市汇顶科技股份有限公司 filed Critical 深圳市汇顶科技股份有限公司
Priority to PCT/CN2017/115956 priority Critical patent/WO2019113844A1/en
Priority to CN201780002236.0A priority patent/CN110249299A/en
Publication of WO2019113844A1 publication Critical patent/WO2019113844A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators

Definitions

  • the present invention relates to the field of information technology, and more particularly to a method, a chip and an electronic device for generating a random number by a chip.
  • Random numbers have a wide range of applications in radar systems, secure communication systems, and simulations.
  • Random numbers are an important part of the cryptosystem and are the cornerstone of many applications such as private key generation, signature, key negotiation, and challenge authentication.
  • Microsoft's research on cryptosystems such as Bitcoin, Secure Shell (SSH), Transport Layer Security (TLS) and Australian electronic ID cards
  • random number generation is a weak link in the above applications. Breaking the random number means breaking the entire cryptosystem. Therefore, the quality of random number generation directly determines the security of the cryptosystem.
  • Embedded security encryption chips are limited by size, power consumption and computing resources, and cannot implement complex physical or chemical entropy sources.
  • the signal noise of integrated circuits is used to generate physical random numbers, such as direct amplifiers, oscillatory samples, and discrete chaotic systems.
  • the security of the physical random number generated by the above method is affected by the working state of the component, the circuit and the environment, and the security of the generated physical random number is difficult to meet the requirements of the cryptographic system application.
  • the present application provides a method, a chip and an electronic device for generating a random number, which can improve the random number quality of the chip.
  • a method of generating a random number comprising:
  • the entropy source including physical random numbers and chip information
  • a random number is generated based on the random number seed and the encryption algorithm of the chip.
  • the technical solution of the embodiment of the present invention uses a physical random number as an entropy source, generates a random number seed by using chip information, and generates a random number based on a chip encryption algorithm, which can improve the random number quality of the chip without adding an additional circuit. Thereby, the efficiency of generating a random number can be improved.
  • generating a random number includes:
  • a random number is generated based on the random number seed, the historical random number information, and the encryption algorithm.
  • the encryption algorithm is a secure hash algorithm SHA or an advanced encryption standard AES.
  • the encryption algorithm value r k when the kth generation random number is generated according to the following equation is obtained,
  • SHA256() represents the SHA function
  • represents splicing
  • r k-1 represents the encryption algorithm value when the k-1th generation random number is generated
  • seed k represents the random number seed when the kth generation random number is generated
  • the kth random number is generated according to r k .
  • the encryption algorithm value r k when the kth generation random number is generated according to the following equation is obtained,
  • AES key () represents the AES function
  • represents splicing
  • r k-1 represents the encryption algorithm value when the k-1th generation random number is generated
  • seed k represents the random number seed when the kth generation random number is generated
  • the kth random number is generated according to r k .
  • the kth random number s k is generated according to the following equation,
  • the information of the chip includes at least one of an identifier ID, a name, and a description.
  • the random number seed seed k when the kth generation of the random number is generated according to the following equation is generated,
  • b i represents the i-th block divided by a predetermined number of bytes
  • N represents the total number of blocks
  • represents splicing
  • ID represents splicing
  • ID represents the ID, name and description of the chip.
  • p k represents the physical random number when the random number is generated for the kth time.
  • a chip comprising:
  • An entropy source acquiring unit configured to acquire an entropy source, where the entropy source includes physical random numbers and chip information;
  • a random number seed generating unit configured to generate a random number seed according to the entropy source
  • a processing unit configured to generate a random number according to an encryption algorithm of the random number seed and the chip.
  • the technical solution of the embodiment of the present invention uses a physical random number as an entropy source, generates a random number seed by using chip information, and generates a random number based on a chip encryption algorithm, which can improve the random number quality of the chip without adding an additional circuit. Thereby, the efficiency of generating a random number can be improved.
  • the processing unit is specifically configured to generate a random number according to the random number seed, the historical random number information, and the encryption algorithm.
  • the encryption algorithm is a secure hash algorithm SHA or an advanced encryption standard AES.
  • the processing unit is specifically configured to: obtain an encryption algorithm value r k when the kth generation random number is generated according to the following equation,
  • SHA256() represents the SHA function
  • represents splicing
  • r k-1 represents the encryption algorithm value when the k-1th generation of the random number is generated
  • seed k represents the random number seed when the kth generation of the random number is generated
  • the kth random number is generated based on the r k .
  • the processing unit is specifically configured to: obtain an encryption algorithm value r k when the kth generation random number is generated according to the following equation,
  • AES key () represents an AES function
  • represents splicing
  • r k-1 represents an encryption algorithm value when k-1th generation of a random number
  • seed k represents a random number seed when a k-th generation of a random number is generated; The kth random number is generated according to r k .
  • the processing unit is specifically configured to: generate a kth random number s k according to the following equation,
  • the information of the chip includes at least one of an identifier ID, a name, and a description.
  • the random number seed generating unit is specifically configured to: generate a random number seed seed k when generating the random number for the kth time according to the following equation,
  • b i represents the i-th block divided by a predetermined number of bytes
  • N represents the total number of blocks
  • represents splicing
  • ID, Name ID and Description ID respectively represent the ID, name and description of the chip.
  • the exclusive OR is expressed, and p k represents the physical random number when the random number is generated for the kth time.
  • a chip including a memory and a processor, is provided that can perform the method of the first aspect described above or any possible implementation thereof.
  • an electronic device comprising the chip in the second aspect or any possible implementation thereof, or the chip of the third aspect.
  • a computer storage medium having stored therein program code, the program code being operative to indicate a method of performing the first aspect described above or any possible implementation thereof.
  • a computer program product comprising instructions, when executed on a computer, causes the computer to perform the method of the first aspect described above or any of its possible implementations.
  • FIG. 1 is a schematic diagram of an application scenario of a technical solution according to an embodiment of the present invention.
  • FIG. 2 is a schematic flow chart of a method for generating a random number according to an embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of a method for generating a random number according to still another embodiment of the present invention.
  • FIG. 4 is a schematic structural view of a chip according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural view of a chip according to still another embodiment of the present invention.
  • the quality of the random number generation directly determines the security of the cryptosystem. Subsequent processing of physical random numbers is an important means to guarantee the quality of random numbers. Algorithm selection needs to have the characteristics of forward unpredictability, backward unpredictability, independent and identical distribution.
  • the embedded security encryption chip usually has encryption, hash and other arithmetic modules with the above characteristics.
  • the physical random number is used as the entropy source, supplemented by the information of the embedded security encryption chip (such as ID, device name, etc.), based on the basic computing functions provided by the existing module of the embedded security encryption chip.
  • the existing modules are used to generate random numbers.
  • the generated random numbers have the characteristics of forward unpredictability, backward unpredictability, independent and identical distribution, which can improve the random number quality of the embedded security encryption chip.
  • the technical solution of the embodiment of the present invention does not need to add additional circuits, so that fast, efficient, low-cost, high-quality random number generation can be realized.
  • FIG. 1 is a schematic diagram of an application scenario of a technical solution according to an embodiment of the present invention.
  • the electronic device 100 in FIG. 1 may be an electronic device that uses an embedded secure encryption chip.
  • the electronic device 100 may include other modules or units in addition to the embedded security encryption chip 120, which is not specifically limited in the present invention.
  • the embedded secure encryption chip 120 can process the input data 110 to obtain output data 130.
  • the embedded secure encryption chip 120 can encrypt the input data 110 through its internal cryptographic module.
  • the embedded security encryption chip 120 may also apply the technical solution of the embodiment of the present invention to generate a random number.
  • FIG. 2 shows a schematic flow diagram of a method 200 of generating a random number in accordance with an embodiment of the present invention.
  • the method can be performed by the electronic device 100 or the embedded secure encryption chip 120 of FIG.
  • An entropy source is obtained in S210, in which a physical random number is utilized, supplemented by information of the chip.
  • the physical random number (circuit noise collected by the physical device) is implemented by using an oscillation sampling method.
  • the jitter of a typical clock is about one thousandth of a clock cycle, so a low-frequency clock is used to sample an independent clock source with a frequency of more than 1000 times to generate a physical random number.
  • a low frequency 32K clock may be used to sample the high frequency 48M clock in S210, and there is a probability of sampling to a high level or a low level of the high frequency clock to generate 1 bit. 1 or 0 of (bit), by splicing, the generated physical random number is 32 bits.
  • the generation of the random number is 32 bits as an example and is not limited.
  • each time a random number is generated the physical random number is updated. Therefore, as the number of random number generation increases, the randomness of the physical random number input in the system entropy source is stronger.
  • the information of the chip may include at least one of an ID, a name, and a description of the chip, which is not limited by the embodiment of the present invention.
  • the random number seed is a random number with the random number (seed) as the initial condition with the random number as the object, by using a true random number (seed) as the initial condition, and then using a certain algorithm to generate the random number.
  • General computer random numbers are pseudo-random numbers. Real random numbers are generated by physical processes rather than computer programs to generate random numbers, for example, based on microscopic phenomena that generate low-level, statistically random "noise" signals, such as thermodynamic noise. , photoelectric effect and quantum phenomenon. These physical processes are theoretically completely unpredictable and have been confirmed by experiments. Random hardware
  • the number generator is usually composed of a transducer, an amplifier, and an analog to digital converter.
  • the transducer is used to convert some effects of the physical process into electrical signals
  • the amplifier and its circuitry are used to amplify the amplitude of the random disturbance to the macro level
  • the analog to digital converter is used to convert the output into a digital, usually Binary zero and one.
  • information of the chip is first spliced and segmented by a predetermined number of bytes.
  • the information of the chip includes related information such as the ID, name and description of the chip.
  • a block of 4 bytes is taken as an example:
  • the random number seed seed k when generating the random number for the kth time is:
  • b i denotes the i-th block divided by 4 bytes
  • N denotes the total number of blocks
  • denotes splicing
  • p k represents the physical random number when the random number is generated for the kth time.
  • the final output random number seed is a random number seed after the physical random number and the chip information are spliced.
  • the 4 byte block mentioned in this embodiment is only a specific embodiment, specifically, the block is divided according to a preset byte, and the preset byte is not specifically limited in the present invention.
  • the finally output random number seed is an exclusive OR of the information of the chip spliced by the preset byte and the physical random number when the kth generation of the random number is generated, and each time the random number is generated, The physical random number will be updated, so as the number of generations increases, the randomness of the system gradually increases.
  • the existing encryption algorithm of the chip is used to generate a random number, that is, an existing module in the multiplexing chip, so that no additional circuit is needed to implement other algorithms.
  • a random number may be generated according to the random number seed, the historical random number information, and the chip encryption algorithm.
  • the historical random number information is information when a random number was previously generated.
  • the historical random number information can be saved for subsequent generation of random numbers, thereby increasing the entropy of the newly generated random numbers.
  • One embodiment of the present invention may utilize one of the encryption algorithms.
  • the following is a Secure Hash Algorithm (SHA) and high
  • SHA Secure Hash Algorithm
  • AES Advanced Encryption Standard
  • the encryption algorithm value r k when the k-th generation random number is generated can be obtained according to the following equation.
  • SHA256() represents the SHA function
  • represents the splicing
  • r k-1 represents the encryption algorithm value when the k-1th generation of the random number is generated
  • seed k represents the random number seed when the k-th generation of the random number is generated.
  • r k-1 can be saved in the chip.
  • SHA256() is only one of the SHA functions, and is merely by way of example and not limitation in the embodiments of the present invention.
  • the output of the function SHA2-256 is 256 bits, that is, 8 blocks, each block is 4 bytes, so that the i-th block is r k,i , then
  • r k (r k,1 ,r k,2 ,r k,3 ,r k,4 ,r k,5 ,r k,6 ,r k,7 ,r k,8 ) (4)
  • the kth random number s k can be generated according to the following equation:
  • the technical solution of the embodiment of the present invention can significantly improve the quality of random number generation. Moreover, the technical solution of the embodiment of the present invention does not need to add a new hardware circuit, and generates a random number by using a module that is provided by the security encryption chip, which has high efficiency.
  • the encryption algorithm value r k at the kth generation of the random number can be obtained according to the following equation,
  • AES key () indicates the AES function
  • indicates splicing
  • r k-1 indicates the encryption algorithm value when the k-1th generation random number is generated
  • seed k indicates the random number seed when the k-th generation random number is generated.
  • each newly generated entropy source (newly acquired physical random number) is generated by each random number generation, and the information of the previous entropy source is saved by using the encryption module, so that the generated random number has backward unpredictability.
  • the physical random number is not directly output, and the attacker cannot design the attack algorithm by collecting physical random numbers.
  • the characteristics of the cryptographic module in the embodiment of the present invention ensure that even if the input physical random number does not have the independent and identical distribution property, the generated random number has the independent and identical distribution property. Therefore, the random number generated by the technical solution of the embodiment of the present invention has higher quality.
  • the basic algorithm based on the existing modules in the chip is used to multiplex the corresponding algorithm, and the random number is generated according to the random number seed and the corresponding algorithm, which can achieve fast, effective, and low cost. , the generation of high quality random numbers.
  • the technical solution of the embodiment of the present invention uses the physical random number as the entropy source, supplements the information of the chip to generate a random number seed, and generates a random number based on the chip encryption algorithm, thereby improving the chip.
  • the quality of the random number and the need to add additional circuitry can increase the efficiency of generating random numbers.
  • FIG. 3 is a schematic flowchart of a method 300 for generating a random number by a chip according to still another embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of a method 300 for generating a random number by a chip according to still another embodiment of the present invention.
  • 310, 320 is a source of entropy for obtaining input.
  • S210 the related description of S210 in the foregoing embodiment.
  • the previous random number information can be used to generate a random number subsequently.
  • FIG. 4 is a schematic structural view of a chip 400 according to an embodiment of the present invention. As shown in FIG. 4, the chip 400 includes:
  • An entropy source acquiring unit 410 configured to acquire an entropy source; the entropy source includes information of a physical random number and a chip;
  • a random number seed generating unit 420 configured to generate a random number seed according to the entropy source
  • the processing unit 430 is configured to generate a random number according to an encryption algorithm of the random number seed and the chip.
  • a random number is generated by using a physical random number as an entropy source, supplemented by chip information (such as ID, device name, etc.), and a chip-based encryption algorithm. That is to say, the processing unit 430 multiplexes the existing modules in the chip, and utilizes the existing algorithm to realize fast, efficient, low-cost, high-quality random number generation without adding additional circuits.
  • the chip of the embodiment of the present invention uses the physical random number as the entropy source, supplements the chip information to generate a random number seed, and generates a random number based on the chip encryption algorithm, which can improve the random number quality of the chip without adding an additional circuit. , thereby improving the efficiency of generating random numbers.
  • the entropy source obtaining unit 410 is specifically configured to:
  • the entropy source including physical random numbers and chip information
  • the information of the chip includes at least one of an identification ID, a name, and a description.
  • the random number seed generating unit 420 is specifically configured to:
  • b i represents the i-th block divided by a predetermined number of bytes
  • N represents the total number of blocks
  • represents splicing
  • ID represents splicing
  • ID represents the ID, name and description of the chip.
  • p k represents the physical random number when the random number is generated for the kth time.
  • the processing unit 430 is specifically configured to:
  • a random number is generated according to the random number seed, the historical random number information, and the chip encryption algorithm.
  • the processing unit 430 may multiplex modules in the chip, and may determine an encryption algorithm according to the corresponding module.
  • the random hash function SHA may be used to process the random number seed and generate a random number of the encryption chip
  • the random number seed can be processed by the advanced encryption standard AES and a random number of the encryption chip is generated.
  • Processing unit 430 multiplexes existing modules in the chip without adding additional circuitry.
  • the hash module and the encryption module (AES module) in the embodiment of the present invention are not specifically limited.
  • the processing unit 430 may reuse other modules and utilize the algorithm provided by the module.
  • the processing unit 430 can multiplex the hash module.
  • the processing unit 430 is specifically configured to:
  • SHA256() represents the SHA function
  • represents splicing
  • r k-1 represents the encryption algorithm value when the k-1th generation random number is generated
  • seed k represents the random number seed when the kth generation random number is generated
  • the processing unit 430 can reuse the AES module.
  • the processing unit 430 is specifically configured to:
  • AES key () represents the AES function
  • represents splicing
  • r k-1 represents the encryption algorithm value when the k-1th generation random number is generated
  • seed k represents the random number seed when the kth generation random number is generated
  • FIG. 5 shows a schematic structural view of a chip 500 according to still another embodiment of the present invention.
  • the chip 500 can include a processor 510 and a memory 520.
  • the memory 520 is for storing computer executable instructions.
  • the processor 510 is configured to access the memory 520 and execute the computer executable instructions to perform the operations in the methods of the various embodiments of the present invention described above.
  • An embodiment of the present invention further provides an electronic device, which may include the chip of the various embodiments of the present invention described above.
  • the embedded security encryption chip in the embodiment of the present invention is only an example, and may also be other chips.
  • the encryption module may also be other operation modules, as long as the operation module has forward unpredictability and backward direction. Unpredictability, independent and identical distribution.
  • the size of the sequence numbers of the processes does not imply a sequence of executions, and the order of execution of the processes should be determined by its function and internal logic, and should not be construed as an embodiment of the present invention.
  • the implementation process constitutes any limitation.
  • the term "and/or” is merely an association describing the associated object, indicating that there may be three relationships.
  • a and/or B may indicate that A exists separately, and A and B exist simultaneously, and B cases exist alone.
  • the character "/" in this article generally indicates that the contextual object is an "or" relationship.
  • the disclosed systems, devices, and methods may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, or an electrical, mechanical or other form of connection.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the embodiments of the present invention.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the technical solution of the present invention contributes in essence or to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium.
  • a number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

A method for generating a random number, a chip, and an electronic device. The method comprises: obtaining an entropy source, the entropy source comprising a physical random number and information of a chip (S210); generating a random number seed according to the entropy source (S220); and generating a random number according to the random number seed and an encryption algorithm of the chip (S230). The method can improve the quality of a random number generated by a chip.

Description

生成随机数的方法、芯片和电子设备Method, chip and electronic device for generating random numbers 技术领域Technical field
本发明涉及信息技术领域,并且更具体地,涉及一种芯片生成随机数的方法、芯片和电子设备。The present invention relates to the field of information technology, and more particularly to a method, a chip and an electronic device for generating a random number by a chip.
背景技术Background technique
随机数在雷达系统、保密通信系统、仿真模拟等领域有着广泛的应用。Random numbers have a wide range of applications in radar systems, secure communication systems, and simulations.
随机数是密码系统的重要组成部分,是私钥生成、签名、密钥协商、挑战认证等诸多应用的基石。在微软对比特币、安全外壳协议(Secure Shell,SSH)、安全传输层协议(Transport Layer Security,TLS)及澳大利亚电子身份证等密码系统的研究中表明,随机数生成是上述应用的薄弱环节,攻破随机数就意味着攻破了整个密码系统。因此,随机数生成的质量直接决定了密码系统的安全性。Random numbers are an important part of the cryptosystem and are the cornerstone of many applications such as private key generation, signature, key negotiation, and challenge authentication. In Microsoft's research on cryptosystems such as Bitcoin, Secure Shell (SSH), Transport Layer Security (TLS) and Australian electronic ID cards, random number generation is a weak link in the above applications. Breaking the random number means breaking the entire cryptosystem. Therefore, the quality of random number generation directly determines the security of the cryptosystem.
嵌入式安全加密芯片受到体积、功耗及运算资源的限制,无法实现复杂的物理或化学熵源,通常使用集成电路的信号噪声产生物理随机数,如直接放大器、振荡采样及离散混沌系统等。上述方法产生的物理随机数安全性受到元器件、电路工作状态及所处环境影响,生成的物理随机数的安全性难以满足密码系统应用的要求。Embedded security encryption chips are limited by size, power consumption and computing resources, and cannot implement complex physical or chemical entropy sources. Usually, the signal noise of integrated circuits is used to generate physical random numbers, such as direct amplifiers, oscillatory samples, and discrete chaotic systems. The security of the physical random number generated by the above method is affected by the working state of the component, the circuit and the environment, and the security of the generated physical random number is difficult to meet the requirements of the cryptographic system application.
发明内容Summary of the invention
本申请提供了一种生成随机数的方法、芯片和电子设备,能够提高芯片的随机数质量。The present application provides a method, a chip and an electronic device for generating a random number, which can improve the random number quality of the chip.
第一方面,提供了一种生成随机数的方法,包括:In a first aspect, a method of generating a random number is provided, comprising:
获取熵源,该熵源包括物理随机数和芯片的信息;Obtaining an entropy source, the entropy source including physical random numbers and chip information;
根据该熵源生成随机数种子;Generating a random number seed according to the entropy source;
根据该随机数种子和该芯片的加密算法,生成随机数。A random number is generated based on the random number seed and the encryption algorithm of the chip.
本发明实施例的技术方案,利用物理随机数作为熵源,辅以芯片的信息生成随机数种子,并基于芯片的加密算法生成随机数,能够提高芯片的随机数质量,而且无需增加额外电路,从而能够提高生成随机数的效率。The technical solution of the embodiment of the present invention uses a physical random number as an entropy source, generates a random number seed by using chip information, and generates a random number based on a chip encryption algorithm, which can improve the random number quality of the chip without adding an additional circuit. Thereby, the efficiency of generating a random number can be improved.
在一些可能的实现方式中,生成随机数包括: In some possible implementations, generating a random number includes:
根据随机数种子,历史随机数信息和加密算法,生成随机数。A random number is generated based on the random number seed, the historical random number information, and the encryption algorithm.
在一些可能的实现方式中,加密算法为安全散列算法SHA或高级加密标准AES。In some possible implementations, the encryption algorithm is a secure hash algorithm SHA or an advanced encryption standard AES.
在一些可能的实现方式中,根据以下等式得到第k次生成随机数时的加密算法值rkIn some possible implementation manners, the encryption algorithm value r k when the kth generation random number is generated according to the following equation is obtained,
rk=SHA256(rk-1||seedk)r k =SHA256(r k-1 ||seed k )
其中,SHA256()表示SHA函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;Wherein, SHA256() represents the SHA function, || represents splicing, r k-1 represents the encryption algorithm value when the k-1th generation random number is generated, and seed k represents the random number seed when the kth generation random number is generated;
根据rk生成第k次随机数。The kth random number is generated according to r k .
在一些可能的实现方式中,根据以下等式得到第k次生成随机数时的加密算法值rkIn some possible implementation manners, the encryption algorithm value r k when the kth generation random number is generated according to the following equation is obtained,
Figure PCTCN2017115956-appb-000001
Figure PCTCN2017115956-appb-000001
其中,AESkey()表示AES函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;Among them, AES key () represents the AES function, || represents splicing, r k-1 represents the encryption algorithm value when the k-1th generation random number is generated, and seed k represents the random number seed when the kth generation random number is generated;
根据rk生成第k次随机数。The kth random number is generated according to r k .
在一些可能的实现方式中,根据以下等式生成第k次随机数skIn some possible implementations, the kth random number s k is generated according to the following equation,
Figure PCTCN2017115956-appb-000002
Figure PCTCN2017115956-appb-000002
其中,rk,i表示rk的第i个分块,
Figure PCTCN2017115956-appb-000003
表示异或。Where r k,i represents the ith block of r k ,
Figure PCTCN2017115956-appb-000003
Indicates XOR.
在一些可能的实现方式中,芯片的信息包括标识ID、名称、描述中的至少一项。In some possible implementations, the information of the chip includes at least one of an identifier ID, a name, and a description.
在一些可能的实现方式中,根据以下等式生成第k次生成随机数时的随机数种子seedkIn some possible implementations, the random number seed seed k when the kth generation of the random number is generated according to the following equation is generated,
Figure PCTCN2017115956-appb-000004
Figure PCTCN2017115956-appb-000004
其中,bi表示按预定字节数分块的第i个分块,N表示分块总数,||表示拼接,ID、NameID和DescriptionID分别表示该芯片的ID、名称和描述,
Figure PCTCN2017115956-appb-000005
表示异或,pk表示第k次生成随机数时的物理随机数。Wherein b i represents the i-th block divided by a predetermined number of bytes, N represents the total number of blocks, || represents splicing, and ID, Name ID and Description ID respectively represent the ID, name and description of the chip.
Figure PCTCN2017115956-appb-000005
Indicates XOR, and p k represents the physical random number when the random number is generated for the kth time.
第二方面,提供了一种芯片,包括:In a second aspect, a chip is provided, comprising:
熵源获取单元,用于获取熵源,熵源包括物理随机数和芯片的信息;An entropy source acquiring unit, configured to acquire an entropy source, where the entropy source includes physical random numbers and chip information;
随机数种子生成单元,用于根据熵源生成随机数种子;a random number seed generating unit, configured to generate a random number seed according to the entropy source;
处理单元,用于根据随机数种子和芯片的加密算法,生成随机数。 And a processing unit, configured to generate a random number according to an encryption algorithm of the random number seed and the chip.
本发明实施例的技术方案,利用物理随机数作为熵源,辅以芯片的信息生成随机数种子,并基于芯片的加密算法生成随机数,能够提高芯片的随机数质量,而且无需增加额外电路,从而能够提高生成随机数的效率。The technical solution of the embodiment of the present invention uses a physical random number as an entropy source, generates a random number seed by using chip information, and generates a random number based on a chip encryption algorithm, which can improve the random number quality of the chip without adding an additional circuit. Thereby, the efficiency of generating a random number can be improved.
在一些可能的实现方式中,该处理单元具体用于:根据随机数种子,历史随机数信息和加密算法,生成随机数。In some possible implementations, the processing unit is specifically configured to generate a random number according to the random number seed, the historical random number information, and the encryption algorithm.
在一些可能的实现方式中,加密算法为安全散列算法SHA或高级加密标准AES。In some possible implementations, the encryption algorithm is a secure hash algorithm SHA or an advanced encryption standard AES.
在一些可能的实现方式中,处理单元具体用于:根据以下等式得到第k次生成随机数时的加密算法值rkIn some possible implementations, the processing unit is specifically configured to: obtain an encryption algorithm value r k when the kth generation random number is generated according to the following equation,
rk=SHA256(rk-1||seedk)r k =SHA256(r k-1 ||seed k )
其中,SHA256()表示SHA函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;以及Wherein, SHA256() represents the SHA function, || represents splicing, r k-1 represents the encryption algorithm value when the k-1th generation of the random number is generated, and seed k represents the random number seed when the kth generation of the random number is generated;
根据该rk生成第k次随机数。The kth random number is generated based on the r k .
在一些可能的实现方式中,处理单元具体用于:根据以下等式得到第k次生成随机数时的加密算法值rkIn some possible implementations, the processing unit is specifically configured to: obtain an encryption algorithm value r k when the kth generation random number is generated according to the following equation,
Figure PCTCN2017115956-appb-000006
Figure PCTCN2017115956-appb-000006
其中,AESkey()表示AES函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;以及根据rk生成第k次随机数。Wherein, AES key () represents an AES function, || represents splicing, r k-1 represents an encryption algorithm value when k-1th generation of a random number, and seed k represents a random number seed when a k-th generation of a random number is generated; The kth random number is generated according to r k .
在一些可能的实现方式中,处理单元具体用于:根据以下等式生成第k次随机数skIn some possible implementations, the processing unit is specifically configured to: generate a kth random number s k according to the following equation,
Figure PCTCN2017115956-appb-000007
Figure PCTCN2017115956-appb-000007
其中,rk,i表示rk的第i个分块,
Figure PCTCN2017115956-appb-000008
表示异或。Where r k,i represents the ith block of r k ,
Figure PCTCN2017115956-appb-000008
Indicates XOR.
在一些可能的实现方式中,该芯片的信息包括标识ID、名称、描述中的至少一项。In some possible implementations, the information of the chip includes at least one of an identifier ID, a name, and a description.
在一些可能的实现方式中,随机数种子生成单元具体用于:根据以下等式生成第k次生成随机数时的随机数种子seedkIn some possible implementations, the random number seed generating unit is specifically configured to: generate a random number seed seed k when generating the random number for the kth time according to the following equation,
Figure PCTCN2017115956-appb-000009
Figure PCTCN2017115956-appb-000009
其中,bi表示按预定字节数分块的第i个分块,N表示分块总数,||表示拼接,ID、NameID和DescriptionID分别表示该芯片的ID、名称和描述,
Figure PCTCN2017115956-appb-000010
表 示异或,pk表示第k次生成随机数时的物理随机数。Wherein b i represents the i-th block divided by a predetermined number of bytes, N represents the total number of blocks, || represents splicing, and ID, Name ID and Description ID respectively represent the ID, name and description of the chip.
Figure PCTCN2017115956-appb-000010
The exclusive OR is expressed, and p k represents the physical random number when the random number is generated for the kth time.
第三方面,提供了一种芯片,包括存储器和处理器,可以执行上述第一方面或其任意可能的实现方式中的方法。In a third aspect, a chip, including a memory and a processor, is provided that can perform the method of the first aspect described above or any possible implementation thereof.
第四方面,提供了一种电子设备,包括上述第二方面或其任意可能的实现方式中的芯片,或者第三方面的芯片。In a fourth aspect, an electronic device is provided, comprising the chip in the second aspect or any possible implementation thereof, or the chip of the third aspect.
第五方面,提供了一种计算机存储介质,该计算机存储介质中存储有程序代码,该程序代码可以用于指示执行上述第一方面或其任意可能的实现方式中的方法。In a fifth aspect, a computer storage medium is provided having stored therein program code, the program code being operative to indicate a method of performing the first aspect described above or any possible implementation thereof.
第六方面,提供了一种包含指令的计算机程序产品,其在计算机上运行时,使得计算机执行上述第一方面或其任意可能的实现方式中的方法。In a sixth aspect, a computer program product comprising instructions, when executed on a computer, causes the computer to perform the method of the first aspect described above or any of its possible implementations.
附图说明DRAWINGS
图1是本发明实施例的技术方案的应用场景的示意图。FIG. 1 is a schematic diagram of an application scenario of a technical solution according to an embodiment of the present invention.
图2是本发明一实施例的生成随机数的方法的示意性流程图。2 is a schematic flow chart of a method for generating a random number according to an embodiment of the present invention.
图3是本发明又一实施例的生成随机数的方法的示意性流程图。FIG. 3 is a schematic flowchart of a method for generating a random number according to still another embodiment of the present invention.
图4是本发明一实施例的芯片的结构示意图。4 is a schematic structural view of a chip according to an embodiment of the present invention.
图5是本发明又一实施例的芯片的结构示意图。FIG. 5 is a schematic structural view of a chip according to still another embodiment of the present invention.
具体实施方式Detailed ways
下面将结合附图,对本发明实施例中的技术方案进行描述。The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings.
随机数生成的质量直接决定了密码系统的安全性。对物理随机数的后续处理是保障随机数质量的重要手段,算法选择需要具有前向不可预测性、后向不可预测性、独立同分布性等特点。嵌入式安全加密芯片通常具备的加密、哈希等运算模块具备上述特点。The quality of the random number generation directly determines the security of the cryptosystem. Subsequent processing of physical random numbers is an important means to guarantee the quality of random numbers. Algorithm selection needs to have the characteristics of forward unpredictability, backward unpredictability, independent and identical distribution. The embedded security encryption chip usually has encryption, hash and other arithmetic modules with the above characteristics.
在本发明实施例中,利用物理随机数作为熵源,辅以嵌入式安全加密芯片的信息(如ID、设备名等),基于嵌入式安全加密芯片已有的模块提供的基本运算功能,复用已有的模块生成随机数,生成的随机数具有前向不可预测性、后向不可预测性、独立同分布性等特点,从而能够提高嵌入式安全加密芯片的随机数质量。而且,本发明实施例的技术方案无需增加额外电路,从而可以实现快速、有效、低成本、高质量的随机数生成。In the embodiment of the present invention, the physical random number is used as the entropy source, supplemented by the information of the embedded security encryption chip (such as ID, device name, etc.), based on the basic computing functions provided by the existing module of the embedded security encryption chip. The existing modules are used to generate random numbers. The generated random numbers have the characteristics of forward unpredictability, backward unpredictability, independent and identical distribution, which can improve the random number quality of the embedded security encryption chip. Moreover, the technical solution of the embodiment of the present invention does not need to add additional circuits, so that fast, efficient, low-cost, high-quality random number generation can be realized.
应理解,本说明书以嵌入式安全加密芯片为例描述了各实施例,但本发 明对此并不限定,也就是说,嵌入式安全加密芯片也可以变换为其他芯片。It should be understood that the present specification describes various embodiments by using an embedded secure encryption chip as an example, but the present invention This is not limited to this, that is, the embedded security encryption chip can also be converted to other chips.
图1是本发明实施例的技术方案的应用场景的示意图。图1中的电子设备100可以是各种应用嵌入式安全加密芯片的电子设备。FIG. 1 is a schematic diagram of an application scenario of a technical solution according to an embodiment of the present invention. The electronic device 100 in FIG. 1 may be an electronic device that uses an embedded secure encryption chip.
应理解,虽然图1中未示出,该电子设备100中除了包括嵌入式安全加密芯片120外,还可以包含其它模块或单元,本发明对此并未特别限定。It should be understood that, although not shown in FIG. 1, the electronic device 100 may include other modules or units in addition to the embedded security encryption chip 120, which is not specifically limited in the present invention.
如图1所示,嵌入式安全加密芯片120可以对输入数据110进行处理,得到输出数据130。在一些实施例中,嵌入式安全加密芯片120可以通过其内部的加密模块对输入数据110进行加密。在一些实施例中,嵌入式安全加密芯片120还可以应用本发明实施例的技术方案生成随机数。As shown in FIG. 1, the embedded secure encryption chip 120 can process the input data 110 to obtain output data 130. In some embodiments, the embedded secure encryption chip 120 can encrypt the input data 110 through its internal cryptographic module. In some embodiments, the embedded security encryption chip 120 may also apply the technical solution of the embodiment of the present invention to generate a random number.
图2示出了根据本发明实施例的生成随机数的方法200的示意性流程图。该方法可以由图1中的电子设备100或嵌入式安全加密芯片120执行。2 shows a schematic flow diagram of a method 200 of generating a random number in accordance with an embodiment of the present invention. The method can be performed by the electronic device 100 or the embedded secure encryption chip 120 of FIG.
S210,获取熵源,熵源包括物理随机数与芯片的信息。S210. Acquire an entropy source, where the entropy source includes information of a physical random number and a chip.
在S210中获取熵源,其中利用物理随机数,辅以芯片的信息。An entropy source is obtained in S210, in which a physical random number is utilized, supplemented by information of the chip.
具体地,对于物理随机数(物理设备采集的电路噪声)采用振荡采样的方法实现。一般时钟的抖动大概在千分之一的时钟周期,所以用低频的时钟,采样高频1000倍以上的独立时钟源以生成物理随机数。本发明的实施例中,可选地,在S210中可采用低频32K时钟采样高频48M时钟,由于存在抖动,因此有概率采样到高频时钟的高电平或低电平,以生成1比特(bit)的1或0,通过拼接,生成的物理随机数为32bit。在本发明实施例中以生成随机数为32bit作为示例而非限定。在本发明实施例中,每次生成随机数时,将更新物理随机数,因此,随着随机数生成次数的增加,系统熵源中输入的物理随机数的随机性越强。Specifically, the physical random number (circuit noise collected by the physical device) is implemented by using an oscillation sampling method. The jitter of a typical clock is about one thousandth of a clock cycle, so a low-frequency clock is used to sample an independent clock source with a frequency of more than 1000 times to generate a physical random number. In the embodiment of the present invention, optionally, a low frequency 32K clock may be used to sample the high frequency 48M clock in S210, and there is a probability of sampling to a high level or a low level of the high frequency clock to generate 1 bit. 1 or 0 of (bit), by splicing, the generated physical random number is 32 bits. In the embodiment of the present invention, the generation of the random number is 32 bits as an example and is not limited. In the embodiment of the present invention, each time a random number is generated, the physical random number is updated. Therefore, as the number of random number generation increases, the randomness of the physical random number input in the system entropy source is stronger.
该芯片的信息可以包括芯片的ID、名称和描述中的至少一项,本发明实施例对此并不限定。The information of the chip may include at least one of an ID, a name, and a description of the chip, which is not limited by the embodiment of the present invention.
S220,根据熵源生成随机数种子。S220. Generate a random number seed according to the entropy source.
随机数种子是一种以随机数作为对象的以真随机数(种子)为初始条件的随机数,通过以一个真随机数(种子)作为初始条件,然后用一定的算法产生的随机数。一般计算机的随机数都是伪随机数,真随机数是通过物理过程而不是计算机程序来生成随机数,例如基于一些能生成低等级、统计学随机的“噪声”信号的微观现象,如热力学噪声、光电效应和量子现象。这些物理过程在理论上是完全不可预测的,并且已经得到了实验的证实。硬件随机 数生成器通常由换能器、放大器和模拟数字转换器组成。其中换能器用来将物理过程中的某些效果转换为电信号,放大器及其电路用来将随机扰动的振幅放大到宏观级别,而模拟数字转换器则用来将输出变成数字,通常是二进制的零和一。通过重复采样这些随机的信号,一系列的随机数得以生成。在随机种子或者随机函数被窃取时,其生成的随机数序列也可能会被预测,从而失效。因此,随机数种子的产生对随机数的产生有至关重要的影响。The random number seed is a random number with the random number (seed) as the initial condition with the random number as the object, by using a true random number (seed) as the initial condition, and then using a certain algorithm to generate the random number. General computer random numbers are pseudo-random numbers. Real random numbers are generated by physical processes rather than computer programs to generate random numbers, for example, based on microscopic phenomena that generate low-level, statistically random "noise" signals, such as thermodynamic noise. , photoelectric effect and quantum phenomenon. These physical processes are theoretically completely unpredictable and have been confirmed by experiments. Random hardware The number generator is usually composed of a transducer, an amplifier, and an analog to digital converter. The transducer is used to convert some effects of the physical process into electrical signals, the amplifier and its circuitry are used to amplify the amplitude of the random disturbance to the macro level, and the analog to digital converter is used to convert the output into a digital, usually Binary zero and one. By repeatedly sampling these random signals, a series of random numbers are generated. When a random seed or random function is stolen, the sequence of random numbers it generates may also be predicted and invalidated. Therefore, the generation of random number seeds has a crucial impact on the generation of random numbers.
具体地,在S220中,在本发明的一个实施例中,首先将芯片的信息进行拼接,并按预定字节数进行分块。该芯片的信息包括芯片的ID、名称和描述等相关信息。在本发明的一个实施例中以按4字节(byte)分块为例:Specifically, in S220, in one embodiment of the present invention, information of the chip is first spliced and segmented by a predetermined number of bytes. The information of the chip includes related information such as the ID, name and description of the chip. In one embodiment of the invention, a block of 4 bytes is taken as an example:
(b1,b2,…,bN)=ID||NameID||DescriptionID     (1)(b 1 ,b 2 ,...,b N )=ID||Name ID ||Description ID (1)
第k次生成随机数时的随机数种子seedk为:The random number seed seed k when generating the random number for the kth time is:
Figure PCTCN2017115956-appb-000011
Figure PCTCN2017115956-appb-000011
其中,bi表示按4字节数分块的第i个分块,N表示分块总数,||表示拼接,ID、NameID和DescriptionID分别表示该芯片的ID、名称和描述,
Figure PCTCN2017115956-appb-000012
表示异或,pk表示第k次生成随机数时的物理随机数。Where b i denotes the i-th block divided by 4 bytes, N denotes the total number of blocks, || denotes splicing, ID, Name ID and Description ID respectively represent the ID, name and description of the chip,
Figure PCTCN2017115956-appb-000012
Indicates XOR, and p k represents the physical random number when the random number is generated for the kth time.
因此,最终输出的随机数种子为物理随机数与芯片的信息拼接后的随机数种子。Therefore, the final output random number seed is a random number seed after the physical random number and the chip information are spliced.
应理解,在本实施例中提到的按4byte分块仅为一个具体实施例,具体地按预设字节进行分块,预设字节在本发明中不作具体限定。It should be understood that the 4 byte block mentioned in this embodiment is only a specific embodiment, specifically, the block is divided according to a preset byte, and the preset byte is not specifically limited in the present invention.
在本发明的实施例中,最终输出的随机数种子为按预设字节分块拼接的芯片的信息与第k次生成随机数时的物理随机数的异或,每次生成随机数时,将更新物理随机数,因此随着生成次数的增加,系统的随机性逐渐增强。In the embodiment of the present invention, the finally output random number seed is an exclusive OR of the information of the chip spliced by the preset byte and the physical random number when the kth generation of the random number is generated, and each time the random number is generated, The physical random number will be updated, so as the number of generations increases, the randomness of the system gradually increases.
S230,根据随机数种子和芯片的加密算法,生成随机数。S230. Generate a random number according to an encryption algorithm of the random number seed and the chip.
在本发明实施例中,利用芯片已有的加密算法生成随机数,即复用芯片中已有的模块,这样不需要添加额外电路去实现其它算法。In the embodiment of the present invention, the existing encryption algorithm of the chip is used to generate a random number, that is, an existing module in the multiplexing chip, so that no additional circuit is needed to implement other algorithms.
可选地,在S230中,可以根据随机数种子,历史随机数信息和芯片的加密算法,生成随机数。Optionally, in S230, a random number may be generated according to the random number seed, the historical random number information, and the chip encryption algorithm.
历史随机数信息为之前生成随机数时的信息。可以保存历史随机数信息,用于后续生成随机数,从而增加新生成随机数的熵。The historical random number information is information when a random number was previously generated. The historical random number information can be saved for subsequent generation of random numbers, thereby increasing the entropy of the newly generated random numbers.
芯片已有的加密算法可以有一种或多种,本发明实施例可以利用其中的一种加密算法。以下以安全散列算法(Secure Hash Algorithm,SHA)和高 级加密标准(Advanced Encryption Standard,AES)两种加密算法为例进行说明,但本发明实施例对此并不限定。There may be one or more encryption algorithms in the chip. One embodiment of the present invention may utilize one of the encryption algorithms. The following is a Secure Hash Algorithm (SHA) and high The two encryption algorithms of the Advanced Encryption Standard (AES) are described as an example, but the embodiment of the present invention is not limited thereto.
当芯片中具有散列模块时,即可以实现SHA算法时,可以根据以下等式得到第k次生成随机数时的加密算法值rkWhen the hash module is implemented in the chip, when the SHA algorithm can be implemented, the encryption algorithm value r k when the k-th generation random number is generated can be obtained according to the following equation.
rk=SHA256(rk-1||seedk)       (3)r k =SHA256(r k-1 ||seedk) (3)
其中,SHA256()表示SHA函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子。Among them, SHA256() represents the SHA function, || represents the splicing, r k-1 represents the encryption algorithm value when the k-1th generation of the random number is generated, and seed k represents the random number seed when the k-th generation of the random number is generated.
由式(3)可见,在计算第k次生成随机数时的加密算法值rk时,用到了第k-1次生成随机数时的加密算法值rk-1,以此类推,以前生成的所有随机数均会影响当前的加密算法值的计算。因此,随着生成次数的增加,输出的随机数随机性越强。It can be seen from equation (3) that when calculating the encryption algorithm value r k when the k-th generation of the random number is generated, the encryption algorithm value r k-1 when the k-1th generation of the random number is generated is used, and so on, previously generated. All random numbers affect the calculation of the current encryption algorithm value. Therefore, as the number of generations increases, the randomness of the output random number is stronger.
可选地,rk-1可以保存在芯片中。此外,SHA256()仅为SHA函数的一种,在本发明的实施例中仅作为举例而并非限定。Alternatively, r k-1 can be saved in the chip. Further, SHA256() is only one of the SHA functions, and is merely by way of example and not limitation in the embodiments of the present invention.
函数SHA2-256的输出为256bit,即8个分块,每个分块4字节,令第i个分块为rk,i,则有The output of the function SHA2-256 is 256 bits, that is, 8 blocks, each block is 4 bytes, so that the i-th block is r k,i , then
rk=(rk,1,rk,2,rk,3,rk,4,rk,5,rk,6,rk,7,rk,8)       (4)r k =(r k,1 ,r k,2 ,r k,3 ,r k,4 ,r k,5 ,r k,6 ,r k,7 ,r k,8 ) (4)
第k次随机数sk可以根据以下等式生成:The kth random number s k can be generated according to the following equation:
Figure PCTCN2017115956-appb-000013
Figure PCTCN2017115956-appb-000013
其中,rk,i表示rk的第i个分块,
Figure PCTCN2017115956-appb-000014
表示异或。Where r k,i represents the ith block of r k ,
Figure PCTCN2017115956-appb-000014
Indicates XOR.
利用NIST800-22随机数测试工具,对随机数质量进行测试,测试结果如表1所示。(注:所有测试项通过才算通过)The random number quality was tested using the NIST800-22 random number test tool. The test results are shown in Table 1. (Note: All test items pass before they pass)
表1Table 1
Figure PCTCN2017115956-appb-000015
Figure PCTCN2017115956-appb-000015
Figure PCTCN2017115956-appb-000016
Figure PCTCN2017115956-appb-000016
从表1可以看出本发明实施例的技术方案可显著提高随机数生成质量。而且,本发明实施例的技术方案无需新增硬件电路,利用安全加密芯片自带的模块生成随机数,具有较高的效率。It can be seen from Table 1 that the technical solution of the embodiment of the present invention can significantly improve the quality of random number generation. Moreover, the technical solution of the embodiment of the present invention does not need to add a new hardware circuit, and generates a random number by using a module that is provided by the security encryption chip, which has high efficiency.
若芯片中没有散列模块,可采用其他模块,例如,AES模块。在这种情况下,可以根据以下等式得到第k次生成随机数时的加密算法值rkIf there are no hash modules in the chip, other modules can be used, such as the AES module. In this case, the encryption algorithm value r k at the kth generation of the random number can be obtained according to the following equation,
Figure PCTCN2017115956-appb-000017
Figure PCTCN2017115956-appb-000017
其中,AESkey()表示AES函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子。Among them, AES key () indicates the AES function, || indicates splicing, r k-1 indicates the encryption algorithm value when the k-1th generation random number is generated, and seed k indicates the random number seed when the k-th generation random number is generated.
然后,可以再根据上述式(4)和(5)得到第k次随机数skThen, the kth random number s k can be obtained again according to the above equations (4) and (5).
在本发明实施例中每次随机数生成均有新引入的熵源(新采集的物理随机数),并利用加密模块保存了以前熵源的信息,使得生成随机数具备后向不可预测性。本发明实施例中不直接输出物理随机数,攻击者无法通过采集物理随机数的方式设计攻击算法。本发明实施例中加密模块的特性保证即使输入的物理随机数不具备独立同分布性质,生成随机数也具备独立同分布性质。因此,本发明实施例的技术方案生成的随机数具有较高的质量。In the embodiment of the present invention, each newly generated entropy source (newly acquired physical random number) is generated by each random number generation, and the information of the previous entropy source is saved by using the encryption module, so that the generated random number has backward unpredictability. In the embodiment of the present invention, the physical random number is not directly output, and the attacker cannot design the attack algorithm by collecting physical random numbers. The characteristics of the cryptographic module in the embodiment of the present invention ensure that even if the input physical random number does not have the independent and identical distribution property, the generated random number has the independent and identical distribution property. Therefore, the random number generated by the technical solution of the embodiment of the present invention has higher quality.
另外,在本发明实施例中不需要增加额外的复杂电路,基于芯片中已有模块具有的基本算法复用相应算法,根据随机数种子和相应算法生成随机数,可实现快速、有效、低成本、高质量的随机数的生成。In addition, in the embodiment of the present invention, no additional complicated circuit is needed, and the basic algorithm based on the existing modules in the chip is used to multiplex the corresponding algorithm, and the random number is generated according to the random number seed and the corresponding algorithm, which can achieve fast, effective, and low cost. , the generation of high quality random numbers.
因此,本发明实施例的技术方案,利用物理随机数作为熵源,辅以芯片的信息生成随机数种子,并基于芯片的加密算法生成随机数,能够提高芯片 的随机数质量,而且无需增加额外电路,从而能够提高生成随机数的效率。Therefore, the technical solution of the embodiment of the present invention uses the physical random number as the entropy source, supplements the information of the chip to generate a random number seed, and generates a random number based on the chip encryption algorithm, thereby improving the chip. The quality of the random number and the need to add additional circuitry can increase the efficiency of generating random numbers.
图3是本发明又一实施例的芯片生成随机数的方法300的示意性流程图。该实施例的一些具体描述可以参考前述实施例,为了简洁,以下不再赘述。FIG. 3 is a schematic flowchart of a method 300 for generating a random number by a chip according to still another embodiment of the present invention. For a detailed description of the embodiments, reference may be made to the foregoing embodiments, and for brevity, the details are not described below.
310,输入芯片的相关信息。310, input information about the chip.
320,输入物理随机数。320, input a physical random number.
310、320为获取输入的熵源,具体描述可以参考前述实施例中S210的相关描述。310, 320 is a source of entropy for obtaining input. For specific description, reference may be made to the related description of S210 in the foregoing embodiment.
330,根据输入的熵源,生成随机数种子340。具体描述可以参考前述实施例中S220的相关描述。330. Generate a random number seed 340 according to the input entropy source. For a detailed description, reference may be made to the related description of S220 in the foregoing embodiment.
350,根据随机数种子和芯片的加密算法,生成随机数。具体描述可以参考前述实施例中S230的相关描述。350: Generate a random number according to an encryption algorithm of the random number seed and the chip. For a detailed description, reference may be made to the related description of S230 in the foregoing embodiment.
360,输出350中生成的随机数。前次的随机数信息可以用于后续生成随机数。360, the random number generated in the output 350. The previous random number information can be used to generate a random number subsequently.
上文中详细描述了本发明实施例的芯片生成随机数的方法,下面将描述本发明实施例的芯片和电子设备。应理解,本发明实施例的芯片和电子设备可以执行前述本发明实施例的各种方法,即以下各种产品的具体工作过程,可以参考前述方法实施例中的对应过程。The method of generating a random number by the chip of the embodiment of the present invention is described in detail above, and the chip and the electronic device of the embodiment of the present invention will be described below. It should be understood that the chip and the electronic device of the embodiments of the present invention may perform the foregoing various methods of the embodiments of the present invention, that is, the specific working processes of the following various products, and may refer to the corresponding processes in the foregoing method embodiments.
图4是本发明一实施例的芯片400的结构示意图。如图4所示,该芯片400包括:FIG. 4 is a schematic structural view of a chip 400 according to an embodiment of the present invention. As shown in FIG. 4, the chip 400 includes:
熵源获取单元410,用于获取熵源;熵源包括物理随机数和芯片的信息;An entropy source acquiring unit 410, configured to acquire an entropy source; the entropy source includes information of a physical random number and a chip;
随机数种子生成单元420,用于根据熵源生成随机数种子;a random number seed generating unit 420, configured to generate a random number seed according to the entropy source;
处理单元430,用于根据随机数种子和芯片的加密算法,生成随机数。The processing unit 430 is configured to generate a random number according to an encryption algorithm of the random number seed and the chip.
在本发明实施例中,通过利用物理随机数作为熵源,辅以芯片的信息(如ID、设备名等),基于芯片的加密算法生成随机数。也就是说,处理单元430复用芯片中已有的模块,利用已有的算法,无需增加额外电路,可实现快速、有效、低成本、高质量的随机数生成。In the embodiment of the present invention, a random number is generated by using a physical random number as an entropy source, supplemented by chip information (such as ID, device name, etc.), and a chip-based encryption algorithm. That is to say, the processing unit 430 multiplexes the existing modules in the chip, and utilizes the existing algorithm to realize fast, efficient, low-cost, high-quality random number generation without adding additional circuits.
因此,本发明实施例的芯片,利用物理随机数作为熵源,辅以芯片的信息生成随机数种子,并基于芯片的加密算法生成随机数,能够提高芯片的随机数质量,而且无需增加额外电路,从而能够提高生成随机数的效率。Therefore, the chip of the embodiment of the present invention uses the physical random number as the entropy source, supplements the chip information to generate a random number seed, and generates a random number based on the chip encryption algorithm, which can improve the random number quality of the chip without adding an additional circuit. , thereby improving the efficiency of generating random numbers.
在本发明一个实施例中,可选地,熵源获取单元410具体用于: In an embodiment of the present invention, the entropy source obtaining unit 410 is specifically configured to:
获取熵源,熵源包括物理随机数和芯片的信息;Obtaining an entropy source, the entropy source including physical random numbers and chip information;
该芯片的信息包括标识ID、名称、描述中的至少一项。The information of the chip includes at least one of an identification ID, a name, and a description.
在本发明一个实施例中,可选地,随机数种子生成单元420,具体用于:In an embodiment of the present invention, optionally, the random number seed generating unit 420 is specifically configured to:
根据以下等式生成第k次生成随机数时的随机数种子seedkGenerating a random number seed seed k when generating the random number for the kth time according to the following equation,
Figure PCTCN2017115956-appb-000018
Figure PCTCN2017115956-appb-000018
其中,bi表示按预定字节数分块的第i个分块,N表示分块总数,||表示拼接,ID、NameID和DescriptionID分别表示该芯片的ID、名称和描述,
Figure PCTCN2017115956-appb-000019
表示异或,pk表示第k次生成随机数时的物理随机数。Wherein b i represents the i-th block divided by a predetermined number of bytes, N represents the total number of blocks, || represents splicing, and ID, Name ID and Description ID respectively represent the ID, name and description of the chip.
Figure PCTCN2017115956-appb-000019
Indicates XOR, and p k represents the physical random number when the random number is generated for the kth time.
在本发明的一个实施例中,可选地,处理单元430具体用于:In an embodiment of the present invention, the processing unit 430 is specifically configured to:
根据随机数种子,历史随机数信息和芯片的加密算法,生成随机数。A random number is generated according to the random number seed, the historical random number information, and the chip encryption algorithm.
在本发明的一个实施例中,可选地,处理单元430可以复用芯片中的模块,可以根据相应模块确定加密算法。In an embodiment of the present invention, optionally, the processing unit 430 may multiplex modules in the chip, and may determine an encryption algorithm according to the corresponding module.
例如,在芯片包括散列模块时,可以采用安全散列函数SHA对随机数种子进行处理并生成该加密芯片的随机数;或者,For example, when the chip includes a hash module, the random hash function SHA may be used to process the random number seed and generate a random number of the encryption chip; or
在芯片不具有散列模块时,可以采用高级加密标准AES对随机数种子进行处理并生成该加密芯片的随机数。When the chip does not have a hash module, the random number seed can be processed by the advanced encryption standard AES and a random number of the encryption chip is generated.
处理单元430复用芯片中已有的模块,无需增加额外电路。 Processing unit 430 multiplexes existing modules in the chip without adding additional circuitry.
应理解,本发明实施例中的散列模块与加密模块(AES模块)为举例并非作具体限定,当芯片中存在其它模块时,处理单元430可以复用其它模块,利用其提供的算法。It should be understood that the hash module and the encryption module (AES module) in the embodiment of the present invention are not specifically limited. When other modules exist in the chip, the processing unit 430 may reuse other modules and utilize the algorithm provided by the module.
可选地,若芯片具有散列模块,处理单元430可以复用该散列模块。在这种情况下,该处理单元430具体用于:Alternatively, if the chip has a hash module, the processing unit 430 can multiplex the hash module. In this case, the processing unit 430 is specifically configured to:
根据以下等式得到第k次生成随机数时的加密算法值rkObtaining the encryption algorithm value r k when the kth generation of the random number is obtained according to the following equation,
rk=SHA256(rk-1||seedk)r k =SHA256(r k-1 ||seed k )
其中,SHA256()表示SHA函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;Wherein, SHA256() represents the SHA function, || represents splicing, r k-1 represents the encryption algorithm value when the k-1th generation random number is generated, and seed k represents the random number seed when the kth generation random number is generated;
根据以下等式生成第k次随机数skGenerating the kth random number s k according to the following equation,
Figure PCTCN2017115956-appb-000020
Figure PCTCN2017115956-appb-000020
其中,rk,i表示rk的第i个分块,
Figure PCTCN2017115956-appb-000021
表示异或。Where r k,i represents the ith block of r k ,
Figure PCTCN2017115956-appb-000021
Indicates XOR.
可选地,若芯片中没有散列模块,处理单元430可以复用AES模块。在这种情况下,该处理单元430具体用于: Alternatively, if there is no hash module in the chip, the processing unit 430 can reuse the AES module. In this case, the processing unit 430 is specifically configured to:
根据以下等式得到第k次生成随机数时的加密算法值rkObtaining the encryption algorithm value r k when the kth generation of the random number is obtained according to the following equation,
Figure PCTCN2017115956-appb-000022
Figure PCTCN2017115956-appb-000022
其中,AESkey()表示AES函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;Among them, AES key () represents the AES function, || represents splicing, r k-1 represents the encryption algorithm value when the k-1th generation random number is generated, and seed k represents the random number seed when the kth generation random number is generated;
根据以下等式生成第k次随机数skGenerating the kth random number s k according to the following equation,
Figure PCTCN2017115956-appb-000023
Figure PCTCN2017115956-appb-000023
其中,rk,i表示rk的第i个分块,
Figure PCTCN2017115956-appb-000024
表示异或。Where r k,i represents the ith block of r k ,
Figure PCTCN2017115956-appb-000024
Indicates XOR.
图5示出了本发明的又一实施例的芯片500的结构示意图。FIG. 5 shows a schematic structural view of a chip 500 according to still another embodiment of the present invention.
如图5所示,该芯片500可以包括处理器510和存储器520。该存储器520用于存储计算机可执行指令。该处理器510用于访问该存储器520,并执行该计算机可执行指令,以进行上述本发明各种实施例的方法中的操作。As shown in FIG. 5, the chip 500 can include a processor 510 and a memory 520. The memory 520 is for storing computer executable instructions. The processor 510 is configured to access the memory 520 and execute the computer executable instructions to perform the operations in the methods of the various embodiments of the present invention described above.
本发明实施例还提供了一种电子设备,该电子设备可以包括上述本发明各种实施例的芯片。An embodiment of the present invention further provides an electronic device, which may include the chip of the various embodiments of the present invention described above.
应理解,本发明实施例中的嵌入式安全加密芯片只是一种示例,其也可以为其他的芯片,加密模块也可以为其他的运算模块,只要该运算模块具有前向不可预测性、后向不可预测性、独立同分布性等特点。It should be understood that the embedded security encryption chip in the embodiment of the present invention is only an example, and may also be other chips. The encryption module may also be other operation modules, as long as the operation module has forward unpredictability and backward direction. Unpredictability, independent and identical distribution.
应理解,本发明实施例中的具体的例子只是为了帮助本领域技术人员更好地理解本发明实施例,而非限制本发明实施例的范围。It is to be understood that the specific embodiments of the present invention are not intended to limit the scope of the embodiments of the invention.
还应理解,本发明实施例中的公式只是一种示例,而非限制本发明实施例的范围,各公式可以进行变形,这些变形也应属于本发明保护的范围。It should be understood that the formulas in the embodiments of the present invention are only examples, and are not intended to limit the scope of the embodiments of the present invention, and the formulas may be modified, and such modifications are also within the scope of the present invention.
还应理解,在本发明的各种实施例中,各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。It should also be understood that, in various embodiments of the present invention, the size of the sequence numbers of the processes does not imply a sequence of executions, and the order of execution of the processes should be determined by its function and internal logic, and should not be construed as an embodiment of the present invention. The implementation process constitutes any limitation.
还应理解,在本发明实施例中,术语“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系。例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。It should also be understood that in the embodiments of the present invention, the term "and/or" is merely an association describing the associated object, indicating that there may be three relationships. For example, A and/or B may indicate that A exists separately, and A and B exist simultaneously, and B cases exist alone. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执 行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both, for clarity of hardware and software. Interchangeability, the composition and steps of the various examples have been generally described in terms of function in the above description. Whether these functions are implemented in hardware or software Line, depending on the specific application and design constraints of the technical solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口、装置或单元的间接耦合或通信连接,也可以是电的,机械的或其它的形式连接。In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, or an electrical, mechanical or other form of connection.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本发明实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the embodiments of the present invention.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以是两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分,或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention contributes in essence or to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium. A number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限 于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。 The above description is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited. In this regard, any equivalent modifications or alterations are obvious to those skilled in the art within the scope of the present invention, and such modifications and alterations are intended to be included within the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims (18)

  1. 一种生成随机数的方法,其特征在于,所述方法包括:A method for generating a random number, the method comprising:
    获取熵源,所述熵源包括物理随机数和芯片的信息;Obtaining an entropy source, the entropy source including physical random number and chip information;
    根据所述熵源生成随机数种子;Generating a random number seed according to the entropy source;
    根据所述随机数种子和所述芯片的加密算法,生成随机数。A random number is generated according to the random number seed and the encryption algorithm of the chip.
  2. 根据权利要求1所述的方法,其特征在于,所述生成随机数包括:The method of claim 1 wherein said generating a random number comprises:
    根据所述随机数种子,历史随机数信息和所述加密算法,生成随机数。And generating a random number according to the random number seed, the historical random number information, and the encryption algorithm.
  3. 根据权利要求1或2所述的方法,其特征在于,所述加密算法为安全散列算法SHA或高级加密标准AES。The method according to claim 1 or 2, wherein the encryption algorithm is a secure hash algorithm SHA or an advanced encryption standard AES.
  4. 根据权利要求1至3中任一项所述方法,其特征在于,所述生成随机数,包括:The method according to any one of claims 1 to 3, wherein said generating a random number comprises:
    根据以下等式得到第k次生成随机数时的加密算法值rkObtaining the encryption algorithm value r k when the kth generation of the random number is obtained according to the following equation,
    rk=SHA256(rk-1||seedk)r k =SHA256(r k-1 ||seed k )
    其中,SHA256( )表示SHA函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;Wherein, SHA256( ) represents a SHA function, || represents a splicing, r k-1 represents an encryption algorithm value when a k-1th generation random number is generated, and seed k represents a random number seed when the kth generation of a random number is generated;
    根据所述rk生成第k次随机数。A kth random number is generated based on the r k .
  5. 根据权利要求1至3中任一项所述方法,其特征在于,所述生成随机数,包括:The method according to any one of claims 1 to 3, wherein said generating a random number comprises:
    根据以下等式得到第k次生成随机数时的加密算法值rkObtaining the encryption algorithm value r k when the kth generation of the random number is obtained according to the following equation,
    Figure PCTCN2017115956-appb-100001
    Figure PCTCN2017115956-appb-100001
    其中,AESkey( )表示AES函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;Wherein, AES key ( ) represents an AES function, || represents splicing, r k-1 represents an encryption algorithm value when k-1th generation of a random number, and seed k represents a random number seed when a k-th generation of a random number is generated;
    根据所述rk生成第k次随机数。A kth random number is generated based on the r k .
  6. 根据权利要求4或5所述的方法,其特征在于,所述根据所述rk生成第k次随机数,包括:The method according to claim 4 or 5, wherein the generating the kth random number according to the r k comprises:
    根据以下等式生成第k次随机数skGenerating the kth random number s k according to the following equation,
    Figure PCTCN2017115956-appb-100002
    Figure PCTCN2017115956-appb-100002
    其中,rk,i表示rk的第i个分块,
    Figure PCTCN2017115956-appb-100003
    表示异或。    Where r k,i represents the ith block of r k ,
    Figure PCTCN2017115956-appb-100003
    Indicates XOR.
  7. 根据权利要求1至6中任一项所述的方法,其特征在于,所述芯片的信息包括标识ID、名称、描述中的至少一项。The method according to any one of claims 1 to 6, wherein the information of the chip comprises at least one of an identification ID, a name, and a description.
  8. 根据权利要求1至7中任一项所述的方法,其特征在于,所述根据 所述熵源生成随机数种子,包括:The method according to any one of claims 1 to 7, wherein the basis The entropy source generates a random number seed, including:
    根据以下等式生成第k次生成随机数时的随机数种子seedkGenerating a random number seed seed k when generating the random number for the kth time according to the following equation,
    (b1,b2,…,bN)=ID||NameID||DescriptionID (b 1 ,b 2 ,...,b N )=ID||Name ID ||Description ID
    Figure PCTCN2017115956-appb-100004
    Figure PCTCN2017115956-appb-100004
    其中,bi表示按预定字节数分块的第i个分块,N表示分块总数,||表示拼接,ID、NameID和DescriptionID分别表示所述芯片的ID、名称和描述,
    Figure PCTCN2017115956-appb-100005
    表示异或,pk表示第k次生成随机数时的物理随机数。    Wherein b i represents the i-th block divided by a predetermined number of bytes, N represents the total number of blocks, || represents splicing, and ID, Name ID and Description ID respectively represent the ID, name and description of the chip.
    Figure PCTCN2017115956-appb-100005
    Indicates XOR, and p k represents the physical random number when the random number is generated for the kth time.
  9. 一种芯片,其特征在于,包括:A chip characterized by comprising:
    熵源获取单元,用于获取熵源,所述熵源包括物理随机数和所述芯片的信息;An entropy source acquiring unit, configured to acquire an entropy source, where the entropy source includes a physical random number and information of the chip;
    随机数种子生成单元,用于根据所述熵源生成随机数种子;a random number seed generating unit, configured to generate a random number seed according to the entropy source;
    处理单元,用于根据所述随机数种子和所述芯片的加密算法,生成随机数。And a processing unit, configured to generate a random number according to the encryption algorithm of the random number seed and the chip.
  10. 根据权利要求9所述的芯片,其特征在于,所述处理单元具体用于:The chip according to claim 9, wherein the processing unit is specifically configured to:
    根据所述随机数种子,历史随机数信息和所述加密算法,生成随机数。And generating a random number according to the random number seed, the historical random number information, and the encryption algorithm.
  11. 根据权利要求9或10所述的芯片,其特征在于,所述加密算法为安全散列算法SHA或高级加密标准AES。The chip according to claim 9 or 10, wherein the encryption algorithm is a secure hash algorithm SHA or an advanced encryption standard AES.
  12. 根据权利要求9至11中任一项所述的芯片,其特征在于,所述处理单元具体用于:The chip according to any one of claims 9 to 11, wherein the processing unit is specifically configured to:
    根据以下等式得到第k次生成随机数时的加密算法值rkObtaining the encryption algorithm value r k when the kth generation of the random number is obtained according to the following equation,
    rk=SHA256(rk-1||seedk)r k =SHA256(r k-1 ||seed k )
    其中,SHA256( )表示SHA函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;以及根据所述rk生成第k次随机数。Wherein, SHA256( ) represents the SHA function, || represents splicing, r k-1 represents the encryption algorithm value when the k-1th generation of the random number is generated, and seed k represents the random number seed when the kth generation of the random number is generated; The r k generates a kth random number.
  13. 根据权利要求9至11中任一项所述的芯片,其特征在于,所述处理单元具体用于:The chip according to any one of claims 9 to 11, wherein the processing unit is specifically configured to:
    根据以下等式得到第k次生成随机数时的加密算法值rkObtaining the encryption algorithm value r k when the kth generation of the random number is obtained according to the following equation,
    Figure PCTCN2017115956-appb-100006
    Figure PCTCN2017115956-appb-100006
    其中,AESkey( )表示AES函数,||表示拼接,rk-1表示第k-1次生成随机数时的加密算法值,seedk表示第k次生成随机数时的随机数种子;以及根据所述rk生成第k次随机数。 Wherein, AES key ( ) denotes an AES function, || denotes splicing, r k-1 denotes an encryption algorithm value when k-1th generates a random number, and seed k denotes a random number seed when kth generates a random number; A kth random number is generated based on the r k .
  14. 根据权利要求12或13所述的芯片,其特征在于,所述处理单元具体用于:The chip according to claim 12 or 13, wherein the processing unit is specifically configured to:
    根据以下等式生成第k次随机数skGenerating the kth random number s k according to the following equation,
    Figure PCTCN2017115956-appb-100007
    Figure PCTCN2017115956-appb-100007
    其中,rk,i表示rk的第i个分块,
    Figure PCTCN2017115956-appb-100008
    表示异或。    Where r k,i represents the ith block of r k ,
    Figure PCTCN2017115956-appb-100008
    Indicates XOR.
  15. 根据权利要求9至14中任一项所述的芯片,其特征在于,所述芯片的信息包括标识ID、名称、描述中的至少一项。The chip according to any one of claims 9 to 14, wherein the information of the chip comprises at least one of an identification ID, a name, and a description.
  16. 根据权利要求9至15中任一项所述的芯片,其特征在于,所述随机数种子生成单元具体用于:The chip according to any one of claims 9 to 15, wherein the random number seed generating unit is specifically configured to:
    根据以下等式生成第k次生成随机数时的随机数种子seedkGenerating a random number seed seed k when generating the random number for the kth time according to the following equation,
    (b1,b2,…,bN)=ID||NameID||DescriptionID (b 1 ,b 2 ,...,b N )=ID||Name ID ||Description ID
    Figure PCTCN2017115956-appb-100009
    Figure PCTCN2017115956-appb-100009
    其中,bi表示按预定字节数分块的第i个分块,N表示分块总数,||表示拼接,ID、NameID和DescriptionID分别表示所述芯片的ID、名称和描述,
    Figure PCTCN2017115956-appb-100010
    表示异或,pk表示第k次生成随机数时的物理随机数。    Wherein b i represents the i-th block divided by a predetermined number of bytes, N represents the total number of blocks, || represents splicing, and ID, Name ID and Description ID respectively represent the ID, name and description of the chip.
    Figure PCTCN2017115956-appb-100010
    Indicates XOR, and p k represents the physical random number when the random number is generated for the kth time.
  17. 一种芯片,其特征在于,包括:A chip characterized by comprising:
    存储器,用于存储程序;Memory for storing programs;
    处理器,用于执行所述存储器中存储的程序,当所述程序被执行时,所述处理器用于执行如权利要求1-8中任一项所述方法。A processor for executing a program stored in the memory, the processor for performing the method of any one of claims 1-8 when the program is executed.
  18. 一种电子设备,其特征在于,包括:根据权利要求9-17中任一项所述的芯片。 An electronic device, comprising: the chip according to any one of claims 9-17.
PCT/CN2017/115956 2017-12-13 2017-12-13 Method for generating random number, chip, and electronic device WO2019113844A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/115956 WO2019113844A1 (en) 2017-12-13 2017-12-13 Method for generating random number, chip, and electronic device
CN201780002236.0A CN110249299A (en) 2017-12-13 2017-12-13 Generate method, chip and the electronic equipment of random number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/115956 WO2019113844A1 (en) 2017-12-13 2017-12-13 Method for generating random number, chip, and electronic device

Publications (1)

Publication Number Publication Date
WO2019113844A1 true WO2019113844A1 (en) 2019-06-20

Family

ID=66819814

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/115956 WO2019113844A1 (en) 2017-12-13 2017-12-13 Method for generating random number, chip, and electronic device

Country Status (2)

Country Link
CN (1) CN110249299A (en)
WO (1) WO2019113844A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI806804B (en) * 2021-12-23 2023-06-21 國立陽明交通大學 Device with multiple hardware signatures from a single puf circuit source and related methods, systems and applications

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112115508A (en) * 2020-09-07 2020-12-22 翰顺联电子科技(南京)有限公司 Random number generation method and device applied to block chain and random number generator
CN113411268B (en) * 2021-05-24 2022-08-12 深圳市元征未来汽车技术有限公司 Data transmission method, data transmission device and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020124033A1 (en) * 2001-03-01 2002-09-05 Takahashi Richard J. Pipelined digital randomizer based on permutation and substitution using data sampling with variable frequency and non-coherent clock sources
CN103782304A (en) * 2011-07-27 2014-05-07 塞尔蒂卡姆公司 Method for provisioning cryptographic keys during manufacturing
CN104660398A (en) * 2015-01-28 2015-05-27 北京深思数盾科技有限公司 Generation method of encryption keys
US20150160925A1 (en) * 2013-12-06 2015-06-11 Sonic Ip, Inc. Methods, Systems, and Media for Generating Random Numbers
CN105027073A (en) * 2013-03-12 2015-11-04 高通股份有限公司 Interrupt driven hardware random number generator
CN105912301A (en) * 2015-02-24 2016-08-31 英飞凌科技股份有限公司 Random number generator

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4868407B2 (en) * 2007-03-30 2012-02-01 東芝情報システム株式会社 Random number generation system, random number generation method, and computer system
CN102279908B (en) * 2010-06-08 2014-03-12 安凯(广州)微电子技术有限公司 Method and system for protecting digital contents
US8682948B2 (en) * 2011-01-06 2014-03-25 Microsoft Corporation Scalable random number generation
CN103366103B (en) * 2013-06-13 2016-02-10 广东岭南通股份有限公司 The application program encryption protecting method of card reader
CN104461452A (en) * 2013-09-17 2015-03-25 航天信息股份有限公司 Method and device for generating true random numbers in system on chip
CN104579630A (en) * 2013-10-25 2015-04-29 上海华力创通半导体有限公司 System random number generation method
US9329836B2 (en) * 2014-04-17 2016-05-03 International Business Machines Corporation Extracting entropy from the vibration of multiple machines
JP6348019B2 (en) * 2014-08-28 2018-06-27 ルネサスエレクトロニクス株式会社 COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AUTOMOBILE, AND COMMUNICATION METHOD
CN104317551A (en) * 2014-10-17 2015-01-28 北京德加才科技有限公司 Ultrahigh-safety true random number generation method and ultrahigh-safety true random number generation system
CN104615407B (en) * 2015-01-19 2017-10-10 中国科学院信息工程研究所 A kind of method and apparatus that full entropy random number is produced based on flash memory
KR101837589B1 (en) * 2016-02-05 2018-03-12 국민대학교산학협력단 Computer-executable random-number generation method and random-number generation apparatus performing the same
CN106980488A (en) * 2017-03-14 2017-07-25 腾讯科技(深圳)有限公司 Random digit generation method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020124033A1 (en) * 2001-03-01 2002-09-05 Takahashi Richard J. Pipelined digital randomizer based on permutation and substitution using data sampling with variable frequency and non-coherent clock sources
CN103782304A (en) * 2011-07-27 2014-05-07 塞尔蒂卡姆公司 Method for provisioning cryptographic keys during manufacturing
CN105027073A (en) * 2013-03-12 2015-11-04 高通股份有限公司 Interrupt driven hardware random number generator
US20150160925A1 (en) * 2013-12-06 2015-06-11 Sonic Ip, Inc. Methods, Systems, and Media for Generating Random Numbers
CN104660398A (en) * 2015-01-28 2015-05-27 北京深思数盾科技有限公司 Generation method of encryption keys
CN105912301A (en) * 2015-02-24 2016-08-31 英飞凌科技股份有限公司 Random number generator

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI806804B (en) * 2021-12-23 2023-06-21 國立陽明交通大學 Device with multiple hardware signatures from a single puf circuit source and related methods, systems and applications

Also Published As

Publication number Publication date
CN110249299A (en) 2019-09-17

Similar Documents

Publication Publication Date Title
Ping et al. Image encryption based on non-affine and balanced cellular automata
CN107078904B (en) Hybrid cryptographic key derivation
CN108604987B (en) Converting Boolean mask values to arithmetic mask values for cryptographic operations
Mishra et al. High throughput and low area architectures of secure IoT algorithm for medical image encryption
WO2015108052A1 (en) Retrievable cryptograph processing system and retrievable cryptograph processing method
US8681976B2 (en) System and method for device dependent and rate limited key generation
CN107004084B (en) Multiplicative mask for cryptographic operations
US11438137B2 (en) Encryption device, decryption device, encryption method, decryption method, and computer readable medium
Koppu et al. A fast enhanced secure image chaotic cryptosystem based on hybrid chaotic magic transform
WO2019113844A1 (en) Method for generating random number, chip, and electronic device
Garipcan et al. A TRNG using chaotic entropy pool as a post-processing technique: analysis, design and FPGA implementation
GB2540220A (en) Distributed encryption system and method
CN109683851A (en) The generation method of random number, generating random number device, computer storage medium
US11101981B2 (en) Generating a pseudorandom number based on a portion of shares used in a cryptographic operation
US8824677B1 (en) Provably secure and efficient pseudorandom number generation
CN114785524A (en) Electronic seal generation method, device, equipment and medium
Haroun et al. Real-time image encryption using a low-complexity discrete 3D dual chaotic cipher
de Loaysa Babiano et al. Evaluation of live forensic techniques, towards Salsa20-Based cryptographic ransomware mitigation
Duluta et al. Secure communication method based on encryption and steganography
Babu et al. Higher dimensional chaos for Audio encryption
CN111066076A (en) Registration terminal, search server, search system, registration program, and search program
CN111191253A (en) Data encryption combination method
CN114205104A (en) Protection of authentication tag computation against power and electromagnetic side channel attacks
Gao et al. New image encryption algorithm based on hyperchaotic 3D-IHAL and a hybrid cryptosystem
Liu et al. A parallel encryption algorithm for dual-core processor based on chaotic map

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17935025

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17935025

Country of ref document: EP

Kind code of ref document: A1