CN113504894B - Random number generator, method for generating pseudo-random number and chip - Google Patents

Random number generator, method for generating pseudo-random number and chip Download PDF

Info

Publication number
CN113504894B
CN113504894B CN202111052746.3A CN202111052746A CN113504894B CN 113504894 B CN113504894 B CN 113504894B CN 202111052746 A CN202111052746 A CN 202111052746A CN 113504894 B CN113504894 B CN 113504894B
Authority
CN
China
Prior art keywords
random number
processing unit
unit core
offset
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111052746.3A
Other languages
Chinese (zh)
Other versions
CN113504894A (en
Inventor
徐葳
贾晓丰
李浥东
王雪强
李艺
刘文心
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huakong Tsingjiao Information Technology Beijing Co Ltd
Original Assignee
Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huakong Tsingjiao Information Technology Beijing Co Ltd filed Critical Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority to CN202111052746.3A priority Critical patent/CN113504894B/en
Publication of CN113504894A publication Critical patent/CN113504894A/en
Application granted granted Critical
Publication of CN113504894B publication Critical patent/CN113504894B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/582Pseudo-random number generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Abstract

The embodiment of the invention provides a random number generator, a method for generating a pseudo-random number and a chip. The random number generator includes: the offset calculation module is used for calculating the calculation parameters of each processing unit core according to the length of the pseudo random number to be generated in the task, and respectively sending the calculation parameters of each processing unit core to the corresponding processing unit core; the key expansion module is used for generating an expansion key according to the initial key and respectively sending the expansion key to each processing unit core; the processing unit core is used for generating respective ciphertext sequences through iterative computation based on an AES encryption algorithm according to the received computation parameters and the received expansion key; and the output control module is used for controlling each processing unit core to sequentially output respective ciphertext sequence, and splicing the ciphertext sequences output by each processing unit core in sequence to obtain the pseudo-random number generated by the task. The embodiment of the invention can improve the throughput rate of pseudo-random number generation.

Description

Random number generator, method for generating pseudo-random number and chip
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a random number generator, a method of generating a pseudo random number, and a chip.
Background
Pseudo-random numbers are sequences of random numbers that are uniformly distributed from 0,1 computed using a deterministic algorithm. Pseudo-random numbers are not truly random, but have statistical characteristics like uniformity, independence, etc. similar to random numbers.
Homomorphic/semi-homomorphic encryption algorithms in private computing require the use of pseudo-random numbers to mask plaintext information. A random number generator is a circuit block for generating pseudo random numbers. The conventional random number generator usually generates a pseudo-random number by a random number generation algorithm based on a polynomial function, and although the hardware implementation structure of the algorithm is simple, the pseudo-random number generated by the algorithm has the defects of low security and easy attack and cracking, and is difficult to apply in scenes such as stable private calculation, multi-party secure calculation and the like with high requirements on security.
In addition, in practical applications, there are scenarios where a large number of pseudo random numbers are required to encrypt a large amount of plaintext data. The current random number generator is difficult to meet the high-speed calculation requirement of mass data.
Disclosure of Invention
Embodiments of the present invention provide a random number generator, a method for generating a pseudo random number, and a chip, which can improve security of a pseudo random number, reduce predictability of the pseudo random number, and improve throughput rate of pseudo random number generation, thereby meeting high-speed computation requirements of mass data.
In order to solve the above problem, an embodiment of the present invention discloses a random number generator, where the random number generator includes an offset calculation module, a key expansion module, an output control module, and at least one processing unit core; wherein the content of the first and second substances,
the offset calculation module is used for calculating calculation parameters of each processing unit core according to the length of a pseudo random number to be generated in the task, wherein the calculation parameters comprise the offset length of each processing unit core and the length of a ciphertext sequence to be generated by each processing unit core, and the calculation parameters of each processing unit core are respectively sent to the corresponding processing unit cores;
the key expansion module is used for generating an expansion key according to the initial key and respectively sending the expansion key to each processing unit core;
the processing unit core is used for generating respective ciphertext sequences through iterative computation based on an AES encryption algorithm according to the received computation parameters and the received expansion key;
and the output control module is used for controlling each processing unit core to sequentially output the respective ciphertext sequence in sequence, and splicing the ciphertext sequences output by each processing unit core in sequence to obtain the pseudo-random number generated by the task.
Optionally, the offset calculation module is further configured to record an offset final value of each processing unit core in the current task, where the offset final value is obtained by adding an offset starting value and an offset length of the current task, and the offset final value is used as an offset starting value of a next task.
Optionally, the random number generator further includes an input control module, configured to receive a random number setting instruction from the host side, where the random number setting instruction carries an initial key, and send the initial key to the key expansion module;
the input control module is further configured to receive a random number generation instruction from the host side, where the random number generation instruction carries a length of a pseudo random number to be generated by the task of this time, and send the length of the pseudo random number to be generated by the task of this time to the offset calculation module.
Optionally, each processing unit core includes a key cache module and an AES encryption module, wherein,
the key cache module is used for receiving and caching the expanded key sent by the key expansion module;
and the AES encryption module is used for receiving the calculation parameters sent by the offset calculation module, acquiring an extended key from the key cache module, performing iterative calculation by using the extended key based on an AES encryption algorithm, and generating a ciphertext sequence meeting the calculation parameters.
Optionally, each processing unit core further includes an output FIFO module, configured to receive the ciphertext sequence output by the AES encryption module.
On the other hand, the embodiment of the invention discloses a method for generating a pseudo-random number, which is applied to a random number generator, and the method comprises the following steps:
calculating a calculation parameter of each processing unit core according to the length of a pseudo random number to be generated by the task, wherein the calculation parameter comprises the offset length of each processing unit core and the length of a ciphertext sequence to be generated by each processing unit core;
generating an expanded key according to the initial key, and sending the expanded key to at least one processing unit core;
checking the received calculation parameters and the received expanded key through the at least one processing unit, and parallelly generating a respective ciphertext sequence of each processing unit core through iterative computation based on an AES encryption algorithm;
and controlling each processing unit core to sequentially output respective ciphertext sequence, and sequentially splicing the ciphertext sequences output by each processing unit core to obtain the pseudo random number generated by the task.
Optionally, the method further comprises:
receiving a random number setting instruction from a host side, wherein the random number setting instruction carries an initial key;
receiving a random number generation instruction from a host side, wherein the random number generation instruction carries the length of a pseudo-random number to be generated in the task.
Optionally, the method further comprises:
and recording an offset final value of each processing unit core in the task, wherein the offset final value is obtained by adding an offset initial value and an offset length of the task, and the offset final value is used as an offset initial value of the next task.
In another aspect, an embodiment of the present invention discloses a chip, where at least one random number generator as described in one or more of the foregoing is deployed in the chip, and each random number generator is configured to independently perform a task of generating a pseudo-random number.
Optionally, a random number generator in the chip receives different initial keys and/or different lengths of pseudo random numbers to be generated.
Optionally, the chip comprises a field programmable gate array FPGA chip or an application specific integrated circuit ASIC chip.
In yet another aspect, embodiments of the invention disclose a machine-readable medium having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform a method of generating pseudo-random numbers as described in one or more of the preceding.
The embodiment of the invention has the following advantages:
the embodiment of the invention provides a random number generator based on an AES encryption algorithm, which comprises at least one processing unit core, wherein each processing unit core generates a respective ciphertext sequence based on the AES encryption algorithm, and the ciphertext sequences generated by the processing unit cores are spliced in sequence to obtain a complete pseudo-random number generated by the task. The random number generator of the embodiment of the invention generates the pseudo-random number based on the AES encryption algorithm, can improve the safety of the pseudo-random number and reduce the predictability of the pseudo-random number. In addition, the random number generator may include n processing unit cores, where n ≧ 1. The multi-core parallel generation of the ciphertext sequence can be realized through the multiple processing unit cores, the throughput rate of pseudo random number generation can be greatly improved, and the high-speed calculation requirement of mass data can be further met.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a block diagram of a random number generator according to the present invention;
FIG. 2 is a circuit diagram of a random number generator according to the present invention;
FIG. 3 is a diagram of a chip architecture for deploying a random number generator of the present invention;
FIG. 4 is a flow diagram of the steps of one embodiment of a method of generating pseudo-random numbers using the random number generator of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Method embodiment
Referring to FIG. 1, there is shown a block diagram of a random number generator of the present invention, including an offset calculation module 101, a key expansion module 102, an output control module 103, and at least one processing unit core 104; wherein the content of the first and second substances,
the offset calculation module 101 is configured to calculate a calculation parameter of each processing unit core according to a length of a pseudo random number to be generated by the task, where the calculation parameter includes an offset length of each processing unit core and a length of a ciphertext sequence to be generated by each processing unit core, and send the calculation parameter of each processing unit core to the corresponding processing unit core;
the key expansion module 102 is configured to generate an expansion key according to the initial key, and send the expansion key to each processing unit core;
the processing unit core 104 is configured to generate respective ciphertext sequences through iterative computation based on an AES encryption algorithm according to the respective received computation parameters and the extended key;
and the output control module 103 is used for controlling each processing unit core to sequentially output respective ciphertext sequence, and sequentially splicing the ciphertext sequences output by each processing unit core to obtain a pseudo-random number generated by the task.
The random number generator of embodiments of the present invention may be used to generate pseudo-random numbers. The random number generator of the embodiment of the invention can be applied to any application scene needing pseudo-random numbers, such as various application scenes of privacy calculation and privacy protection based on a cryptographic protocol. Such as privacy computing scenarios based on an oblivious transport protocol, privacy computing scenarios based on a privacy negotiation protocol, and so on.
The random number generator generates a pseudo-random number based on an AES (Advanced Encryption Standard) Encryption algorithm.
The initial key is a random number used in each round of the AES encryption algorithm process and is specified before calculation. The initial key may be a true random number. Before the AES encryption algorithm is performed, some mathematical processing needs to be performed on the input initial key, and a plurality of expanded keys are generated and then used, which is also called key expansion or key bleaching.
The random number generator comprises at least one processing unit core, each processing unit core participating in the current task generates a ciphertext sequence based on an AES encryption algorithm in a task of generating a pseudo-random number once, and the ciphertext sequences generated by the processing unit cores can be spliced to obtain the pseudo-random number generated by the current task. The random number generator of the embodiment of the invention generates the pseudo-random number based on the AES encryption algorithm, can improve the safety of the pseudo-random number and reduce the predictability of the pseudo-random number.
The embodiment of the invention does not limit the number of the processing unit cores in the random number generator. A random number generator may include n processing unit cores, where n ≧ 1. In one example, assuming that the length of a pseudo random number to be generated by the task is 4096 bytes, 8 processing unit cores are provided in the random number generator, and the minimum unit of the ciphertext sequence generated by each processing unit core is 128 bits, the length of the ciphertext sequence to be generated by each processing unit core each time is 512 bytes, and each processing unit core needs to perform iterative computation 32 times (128 bits each time).
It should be noted that the minimum unit of the ciphertext sequence generated by each processing unit core is determined according to the AES encryption algorithm protocol. The minimum unit may be any one of 128 bits, 192 bits, and 256 bits.
In an alternative embodiment of the present invention, each processing unit core may include a key cache module and an AES encryption module therein, wherein,
the key cache module is used for receiving and caching the expanded key sent by the key expansion module;
and the AES encryption module is used for receiving the calculation parameters sent by the offset calculation module, acquiring an extended key from the key cache module, performing iterative calculation by using the extended key based on an AES encryption algorithm, and generating a ciphertext sequence meeting the calculation parameters.
In the embodiment of the invention, each processing unit core may include therein an AES encryption module for implementing AES encryption algorithm calculation. A key expansion module and at least one processing unit core may be included in a random number generator. Preferably, a key expansion module and at least two processing unit cores may be included in a random number generator. Therefore, the embodiment of the invention realizes the decoupling of the key expansion module and the AES encryption module in the AES encryption algorithm circuit, so that one key expansion module corresponds to a plurality of AES encryption modules. That is, in one random number generator, an expanded key may be generated by one key expansion module, which is fed to the AES encryption module in a plurality (two or more) of processing unit cores. The multi-core parallel generation of the ciphertext sequence can be realized through the multiple processing unit cores, the throughput rate of pseudo random number generation can be greatly improved, and the high-speed calculation requirement of mass data can be further met.
The embodiment of the invention is provided with an offset calculation module to calculate the calculation parameters of each processing unit core, wherein the calculation parameters comprise the offset length of each processing unit core and the length of a ciphertext sequence to be generated by each processing unit core, and the calculation parameters of each processing unit core are respectively sent to the corresponding processing unit cores to be calculated.
Wherein the offset length of each processing unit core refers to the range of plaintext offset. The length of the pseudo-random number to be generated is converted into the range of the plaintext offset corresponding to each processing unit core. In the AES encryption algorithm based random number generator of the present invention, the plaintext offset may continue from 0,1,2,3 …. For the 128-bit AES encryption protocol, the maximum plaintext offset is 2128
The length of the ciphertext sequence to be generated by each processing unit core is determined according to the length of the pseudo random number to be generated by the task.
After the expanded key and the calculation parameters of each processing unit core are respectively sent to the corresponding processing unit core, each processing unit core can be started to execute the calculation for generating the pseudo random number. Specifically, each processing unit core generates a ciphertext sequence corresponding to the offset length through iterative computation based on the respective AES encryption module, and the length of the ciphertext sequence conforms to the length specified in the computation parameter.
In an optional embodiment of the present invention, each processing unit core further comprises an output FIFO module, configured to receive the ciphertext sequence output by the AES encryption module.
After the AES encryption module in the processing unit core calculates the ciphertext sequence of this time, it may output the ciphertext sequence to an output FIFO module inside the processing unit core. The output FIFO module of each processing unit core stores the ciphertext sequence generated by the processing unit core, after the calculation of each processing unit core is determined to be completed, the output FIFO module of each processing unit core can be controlled to sequentially output the ciphertext sequence through the output control logic, and the ciphertext sequences output by the processing unit cores are spliced in sequence, so that the pseudo-random number generated by the task can be obtained.
Furthermore, the embodiment of the invention realizes that the ciphertext sequences of each processing unit core are correctly output in sequence through the output control logic circuit so as to ensure the correctness of the spliced pseudo-random number. The output control logic circuit mainly comprises an output multiplexer and an output control state machine.
And the output multiplexer is used for selecting the output data of the processing unit cores. Since the random number generator has a plurality of processing unit cores therein and only one output port of the bus interface is provided, the output multiplexer needs to select the output data of one of the processing unit cores from the plurality of processing unit cores at a certain time.
The output control state machine is used for generating various control signals required in the output control logic circuit, such as a selection signal of an output multiplexer, and various handshake signals (such as Valid and Ready) between the random number generator and the output control logic.
For example, after a processing unit core participating in the task completes the ciphertext sequence, the processing unit core may send a completion signal. After all the processing unit cores participating in the task complete respective ciphertext sequences, the random number generator may output a trigger signal Valid. The trigger signal Valid is an and signal of a completion signal issued by each processing unit core. For example, the completion signal sent by the processing unit core 1 is valid _1, the completion signal sent by the processing unit core 2 is valid _2, and so on, the completion signal sent by the processing unit core n is valid _ n. The n completion signals of the n processing unit cores are and-operated to form a trigger signal Valid = Valid _1& Valid _2& Valid _3& … Valid _ n. The trigger signal Valid is used to notify/trigger the output control state machine, which indicates that the random number generator is in Valid state and can read data.
After the random number generator determines that the required ciphertext sequence of each processing unit core is completely generated, the random number generator can trigger the output control module to start the output control logic circuit. The output control logic circuit can generate control logic signals to control the output FIFO modules of the processing unit cores to sequentially output respective ciphertext sequences, and sequentially splice the ciphertext sequences output by the processing unit cores to form a complete pseudo-random number.
In an optional embodiment of the present invention, the random number generator further includes an input control module, configured to receive a random number setting instruction from the host side, where the random number setting instruction is used to set an initial key, the random number setting instruction carries the initial key, and the input control module sends the initial key to the key expansion module.
The random number generator of the embodiments of the present invention has the feature of software configurable parameters (software programming). For example, a random number setting instruction, which can set an initial key, may be written in a software program on the host side. The random number setting command may be transmitted to a hardware register of the random number generator through a data transmission bus such as a PCIe (Peripheral Component Interconnect Express) bus interface.
Optionally, the input control module is further configured to receive a random number generation instruction from the host side, where the random number generation instruction is used to set a length of a pseudo random number to be generated by the task of this time and trigger execution of a task for generating the pseudo random number, the random number generation instruction carries the length of the pseudo random number to be generated by the task of this time, and the input control module sends the length of the pseudo random number to be generated by the task of this time to the offset calculation module.
A random number generation instruction may be written in the software program on the host side, and the random number generation instruction may set the length of a pseudo random number to be generated for the task at this time. The random number generation instruction may be transmitted to a hardware register of the random number generator via a data transmission bus such as a PCIe bus interface.
In a specific implementation, a random number setting instruction may be sent by a software program on the host side, and after receiving the random number setting instruction, the random number generator generates, by the key expansion module, an expanded key based on an initial key carried in the random number setting instruction, and sends the expanded key to each processing unit core participating in the task. And then, sending a random number generation instruction through a software program at the host side, wherein the random number generation instruction carries the length of a pseudo random number to be generated in the task. After receiving the random number generation instruction, the random number generator calculates the offset length of each processing unit core and the length of a ciphertext sequence to be generated by each processing unit core through the offset calculation module, and sends the lengths to the corresponding processing unit cores. And finally, starting each processing unit core participating in the task by the random number generator to generate ciphertext sequences with required lengths in parallel. And after the generation of the ciphertext sequences of all the processing unit cores is finished, triggering an output control module, sequentially gating each processing unit core through an output control logic circuit, splicing the ciphertext sequences of all the processing unit cores to form a complete pseudo-random number sequence and outputting the complete pseudo-random number sequence.
In an optional embodiment of the present invention, the offset calculating module is further configured to record an offset final value of each processing unit core in the current task, where the offset final value is obtained by adding an offset starting value and an offset length of the current task, and the offset final value is used as an offset starting value of a next task.
In the embodiment of the present invention, the offset calculating module may be configured to record a starting point of the random number generator of this time and a length of the random number required by the task of this time. The offset calculation module can also record the historical plaintext value of the ciphertext sequence generated by each processing unit core and the length of the ciphertext sequence required to be generated by each processing unit core in the task.
Through the offset calculation module, the offset final value of each processing unit core in the last task can be obtained and can be used as the offset initial value of each processing unit core in the current task. For the task, the offset calculation module may record an offset final value of each processing unit core in the task, and may serve as an offset initial value of each processing unit core in the next task. In a certain task, the offset final value is obtained by adding the offset initial value and the offset length.
The offset calculation module is also used for calculating the offset length of each processing unit core according to the length of the pseudo random number to be generated in the task.
Referring to FIG. 2, a circuit diagram of a random number generator according to an embodiment of the present invention is shown. The process of generating pseudo-random numbers using the random number generator of the present invention is described below in conjunction with FIG. 2 and a specific example.
Assuming that the length of the pseudo random number to be generated by the task is 4096Byte, 8 processing unit cores are arranged in the random number generator, and the minimum unit of the ciphertext sequence generated by each processing unit core is 128bit, the length of the ciphertext sequence to be generated by each processing unit core is 512Byte each time, and each processing unit core needs to perform iterative computation 32 times (128 bit each time).
Firstly, the random number generator receives a random number setting instruction issued by the host side through the input control module, the random number setting instruction carries an initial key of the task, and the initial key is sent to the key expansion module. And the key expansion module generates an expansion key according to the received initial key and respectively sends the expansion key to the key buffer of each processing unit core for storage. For the 128-bit initial key, the key expansion module can generate 11 128-bit expansion keys, and send the 11 128-bit expansion keys into the key buffers of 8 processing unit cores for storage.
Then, the random number generator receives a random number generation instruction issued by the host side through the input control module, the random number generation instruction carries the length of the pseudo random number to be generated by the task, such as 4096Byte, and sends the length of the pseudo random number to be generated by the task to the offset calculation module. And the offset calculation module calculates the offset length of each processing unit core and the length of a ciphertext sequence to be generated by each processing unit core in the task according to the length of the pseudo random number to be generated, and respectively sends the offset length and the length to be generated by each processing unit core to the AES encryption module of the corresponding processing unit core.
When the pseudo random number of 4096Byte of the present task is generated, the offset calculation module can calculate that the range of the plaintext offset (offset length) of the processing unit core 1 is 0 to 31, the range of the plaintext offset of the processing unit core 2 is 32 to 63, the range of the plaintext offset of the processing unit core 3 is 64 to 95, and so on, and the range of the plaintext offset of the processing unit core 8 is 224 to 255. When generating the pseudo random number of 4096 bytes of the next task, each processing unit core should start calculation from the last offset end value. At this time, the offset calculation module may calculate that the plaintext offset of the processing unit core 1 ranges from 256 to (256 + 31), the plaintext offset of the processing unit core 2 ranges from (256 + 32) to (256 + 63), and so on, and the plaintext offset of the processing unit core 8 ranges from (256 + 224) to (256 + 255).
When the task is completed, the offset of the processing unit core 1 is 255 (since pseudo random numbers of 4096Byte length have been generated before, plaintext values of 0 to 255 are used). If the next task still generates a pseudo random number of 4096 bytes, the plain text offset of processing unit core 1 is in the range [256, 256+31 ]. As another example, if the next task is to generate a pseudo random number of 2048 bytes, then the range of plaintext offsets for processing unit core 1 should be [256, 256+15 ].
And then, starting each processing unit core to perform iterative computation based on the respective AES encryption module, generating a ciphertext sequence corresponding to the respective offset length, and sending the ciphertext sequence into the output FIFO module of each processing unit core for storage. These ciphertext sequences are the desired pseudo-random number sequences. Still in the above example, there are 32 offset lengths in each processing unit core, and each processing unit core produces a 512Byte (128 bit by 32) ciphertext sequence. The final pseudo-random number is generated through parallel computing of a plurality of processing unit cores, and the throughput rate of pseudo-random number generation can be greatly improved.
And finally, after the ciphertext sequences of each processing unit core participating in the task are generated, triggering an output control module, starting an output control logic circuit to generate a control logic signal, controlling the ciphertext sequences generated by each processing unit core to be output in sequence, and further splicing into a complete pseudo-random number of 4096 Byte.
To sum up, the embodiment of the present invention provides a random number generator based on an AES encryption algorithm, where the random number generator includes at least one processing unit core, each processing unit core generates its own ciphertext sequence based on the AES encryption algorithm, and the ciphertext sequences generated by the processing unit cores are sequentially spliced to obtain a complete pseudo-random number generated by the task. The random number generator of the embodiment of the invention generates the pseudo-random number based on the AES encryption algorithm, can improve the safety of the pseudo-random number and reduce the predictability of the pseudo-random number. In addition, the random number generator may include n processing unit cores, where n ≧ 1. The multi-core parallel generation of the ciphertext sequence can be realized through the multiple processing unit cores, the throughput rate of pseudo random number generation can be greatly improved, and the high-speed calculation requirement of mass data can be further met.
The random number generator of the embodiments of the present invention may be deployed in a chip. Further, at least one random number generator may be disposed in one chip. Each random number generator may be used to independently perform the task of generating pseudo-random numbers.
Referring to FIG. 3, a schematic diagram of a chip architecture for deploying the random number generator of the present invention is shown. As shown in FIG. 3, n random number generators are deployed in the chip. The chip can receive a random number setting instruction and a random number generating instruction from the host side through the PCIe bus interface.
In an alternative embodiment of the present invention, the chip includes but is not limited to an FPGA (Field Programmable Gate Array) chip or an ASIC (Application Specific Integrated Circuit) chip.
Further, the random number generator in the chip may receive different initial keys and/or different lengths of pseudo random numbers to be generated.
Different initial keys may be set and/or different pseudo-random number lengths may be set for each random number generator in the chip.
On one FPGA or ASIC chip, a plurality of random number generators of the embodiment of the invention can be deployed, each random number generator can be independently provided with different initial keys and can generate pseudo random numbers with different lengths, and therefore the throughput rate of pseudo random number generation can be further improved. In addition, because each random number generator in the chip can independently set the initial key and the pseudo-random number length, the flexibility of generating random numbers in each task can be improved.
Referring to FIG. 4, a flow diagram of the steps of an embodiment of a method of generating pseudo-random numbers using the random number generator of the present invention is shown. The method may specifically include:
step 401, calculating a calculation parameter of each processing unit core according to the length of a pseudo random number to be generated by the task, wherein the calculation parameter comprises the offset length of each processing unit core and the length of a ciphertext sequence to be generated by each processing unit core;
step 402, generating an expanded key according to an initial key, and sending the expanded key to at least one processing unit core;
step 403, checking the received calculation parameters and the received expanded key by the at least one processing unit, and generating a ciphertext sequence of each processing unit core in parallel by iterative computation based on an AES encryption algorithm;
and step 404, controlling each processing unit core to sequentially output respective ciphertext sequence, and sequentially splicing the ciphertext sequences output by each processing unit core to obtain a pseudo-random number generated by the task.
Optionally, the method may further include:
receiving a random number setting instruction from a host side, wherein the random number setting instruction carries an initial key;
receiving a random number generation instruction from a host side, wherein the random number generation instruction carries the length of a pseudo-random number to be generated in the task.
Optionally, the method may further include:
and recording an offset final value of each processing unit core in the task, wherein the offset final value is obtained by adding an offset initial value and an offset length of the task, and the offset final value is used as an offset initial value of the next task.
In a specific implementation, a random number setting instruction may be sent by a software program on the host side, and after receiving the random number setting instruction, the random number generator generates, by the key expansion module, an expanded key based on an initial key carried in the random number setting instruction, and sends the expanded key to each processing unit core participating in the task. And then, sending a random number generation instruction through a software program at the host side, wherein the random number generation instruction carries the length of a pseudo random number to be generated in the task. After receiving the random number generation instruction, the random number generator calculates the offset length of each processing unit core and the length of a ciphertext sequence to be generated by each processing unit core through the offset calculation module, and sends the lengths to the corresponding processing unit cores. And finally, starting each processing unit core participating in the task by the random number generator to generate respective ciphertext sequences with required lengths in parallel. And after the generation of the ciphertext sequences of all the processing unit cores is finished, triggering an output control module, sequentially gating each processing unit core through an output control logic circuit, splicing the ciphertext sequences of all the processing unit cores to form a complete pseudo-random number sequence and outputting the complete pseudo-random number sequence.
In summary, the embodiment of the present invention provides a random number generator capable of implementing multi-core parallel based on AES encryption algorithm, and the random number generator is used to generate pseudo random numbers, so that not only can the security of the pseudo random numbers be improved and the predictability of the pseudo random numbers be reduced, but also the throughput rate of the pseudo random number generation can be greatly improved, and further, the high-speed computation requirement of mass data can be met.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
A non-transitory computer-readable storage medium in which instructions, when executed by a processor of a device (server or terminal), enable the device to perform the method of generating pseudo random numbers shown in fig. 4.
A non-transitory computer readable storage medium in which instructions, when executed by a processor of a device (server or terminal), enable the device to perform a method of generating pseudo random numbers, the method comprising: calculating a calculation parameter of each processing unit core according to the length of a pseudo random number to be generated by the task, wherein the calculation parameter comprises the offset length of each processing unit core and the length of a ciphertext sequence to be generated by each processing unit core; generating an expanded key according to the initial key, and sending the expanded key to at least one processing unit core; checking the received calculation parameters and the received expanded key through the at least one processing unit, and parallelly generating a respective ciphertext sequence of each processing unit core through iterative computation based on an AES encryption algorithm; and controlling each processing unit core to sequentially output respective ciphertext sequence, and sequentially splicing the ciphertext sequences output by each processing unit core to obtain the pseudo random number generated by the task.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
The above detailed description of the random number generator, the method for generating pseudo random numbers, and the chip provided by the present invention, and the specific examples are applied herein to explain the principles and embodiments of the present invention, and the above descriptions of the embodiments are only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (12)

1. A random number generator, comprising an offset calculation module, a key expansion module, an output control module, and at least one processing unit core; wherein the content of the first and second substances,
the offset calculation module is used for calculating calculation parameters of each processing unit core according to the length of a pseudo random number to be generated in the task, wherein the calculation parameters comprise the offset length of each processing unit core and the length of a ciphertext sequence to be generated by each processing unit core, and the calculation parameters of each processing unit core are respectively sent to the corresponding processing unit cores; the offset length of each processing unit core refers to the range of plaintext offset, and for a 128-bit AES (advanced encryption Standard) encryption protocol, the range of the plaintext offset is 0-2128
The key expansion module is used for generating an expansion key according to the initial key and respectively sending the expansion key to each processing unit core;
the processing unit cores are used for generating respective ciphertext sequences through iterative computation based on an AES encryption algorithm according to the received computation parameters and the received expansion key, and the length of the ciphertext sequence generated by each processing unit core corresponds to the offset length in the received computation parameters;
and the output control module is used for controlling each processing unit core to sequentially output the respective ciphertext sequence in sequence, and splicing the ciphertext sequences output by each processing unit core in sequence to obtain the pseudo-random number generated by the task.
2. The random number generator of claim 1, wherein the offset calculation module is further configured to record an offset final value of each processing unit core in the task, the offset final value is obtained by adding an offset starting value and an offset length of the task, and the offset final value is used as an offset starting value of a next task.
3. The random number generator of claim 1, further comprising an input control module, configured to receive a random number setting instruction from the host side, where the random number setting instruction carries an initial key, and send the initial key to the key expansion module;
the input control module is further configured to receive a random number generation instruction from the host side, where the random number generation instruction carries a length of a pseudo random number to be generated by the task of this time, and send the length of the pseudo random number to be generated by the task of this time to the offset calculation module.
4. The random number generator of claim 1, wherein each processing unit core includes a key cache module and an AES encryption module, wherein,
the key cache module is used for receiving and caching the expanded key sent by the key expansion module;
and the AES encryption module is used for receiving the calculation parameters sent by the offset calculation module, acquiring an extended key from the key cache module, performing iterative calculation by using the extended key based on an AES encryption algorithm, and generating a ciphertext sequence meeting the calculation parameters.
5. The random number generator of claim 4, further comprising an output FIFO module in each processing unit core for receiving the ciphertext sequence output by the AES encrypt module.
6. A method of generating a pseudo-random number for use with a random number generator, the method comprising:
calculating calculation parameters of each processing unit core according to the length of the pseudo random number to be generated in the task, wherein the calculation parameters comprise the offset length of each processing unit core and the ciphertext sequence to be generated by each processing unit coreA length; the offset length of each processing unit core refers to the range of plaintext offset, and for a 128-bit AES (advanced encryption Standard) encryption protocol, the range of the plaintext offset is 0-2128
Generating an expanded key according to the initial key, and sending the expanded key to at least one processing unit core;
checking the received calculation parameters and the received expansion key through the at least one processing unit, and based on an AES encryption algorithm, generating respective ciphertext sequences of each processing unit core in parallel through iterative calculation, wherein the length of the ciphertext sequence generated by each processing unit core corresponds to the offset length in the received calculation parameters;
and controlling each processing unit core to sequentially output respective ciphertext sequence, and sequentially splicing the ciphertext sequences output by each processing unit core to obtain the pseudo random number generated by the task.
7. The method of claim 6, further comprising:
receiving a random number setting instruction from a host side, wherein the random number setting instruction carries an initial key;
receiving a random number generation instruction from a host side, wherein the random number generation instruction carries the length of a pseudo-random number to be generated in the task.
8. The method of claim 6, further comprising:
and recording an offset final value of each processing unit core in the task, wherein the offset final value is obtained by adding an offset initial value and an offset length of the task, and the offset final value is used as an offset initial value of the next task.
9. A chip, characterized in that at least one random number generator according to any of claims 1 to 5 is disposed in said chip, each random number generator being adapted to independently perform the task of generating pseudo-random numbers.
10. The chip of claim 9, wherein the random number generator in the chip receives different initial keys and/or different lengths of pseudo random numbers to be generated.
11. The chip of claim 9, wherein the chip comprises a Field Programmable Gate Array (FPGA) chip or an Application Specific Integrated Circuit (ASIC) chip.
12. A machine-readable medium having stored thereon instructions which, when executed by one or more processors of an apparatus, cause the apparatus to perform a method of generating pseudo random numbers according to any one of claims 6 to 8.
CN202111052746.3A 2021-09-09 2021-09-09 Random number generator, method for generating pseudo-random number and chip Active CN113504894B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111052746.3A CN113504894B (en) 2021-09-09 2021-09-09 Random number generator, method for generating pseudo-random number and chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111052746.3A CN113504894B (en) 2021-09-09 2021-09-09 Random number generator, method for generating pseudo-random number and chip

Publications (2)

Publication Number Publication Date
CN113504894A CN113504894A (en) 2021-10-15
CN113504894B true CN113504894B (en) 2021-12-17

Family

ID=78017039

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111052746.3A Active CN113504894B (en) 2021-09-09 2021-09-09 Random number generator, method for generating pseudo-random number and chip

Country Status (1)

Country Link
CN (1) CN113504894B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992445B (en) * 2021-12-28 2022-04-19 广东曜芯科技有限公司 Authentication apparatus and method
CN116743381B (en) * 2023-08-14 2023-10-13 深圳汉德霍尔科技有限公司 RFID read-write data security management method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1714377A (en) * 2002-10-07 2005-12-28 小林朗 Pseudo-random number generation method and pseudo-random number generator
CN101292223A (en) * 2005-10-19 2008-10-22 Nxp股份有限公司 Method of generating pseudo-random numbers
CN105721143A (en) * 2016-01-30 2016-06-29 飞天诚信科技股份有限公司 Method and device for initializing application of smart card

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001074005A1 (en) * 2000-03-29 2001-10-04 Hammersmith Wolfgang S One-time-pad encryption with central key service and keyable characters
US9450749B2 (en) * 2000-03-29 2016-09-20 Wolfgang S. Hammersmith One-time-pad encryption with central key service
US20060177065A1 (en) * 2005-02-09 2006-08-10 Wal-Mart Stores, Inc. System and methods for encrypting data utilizing one-time pad key
US8050405B2 (en) * 2005-09-30 2011-11-01 Sony Ericsson Mobile Communications Ab Shared key encryption using long keypads
US7913085B2 (en) * 2007-06-15 2011-03-22 Koolspan, Inc. System and method of per-packet keying
CN109005184A (en) * 2018-08-17 2018-12-14 上海小蚁科技有限公司 File encrypting method and device, storage medium, terminal
CN112953716A (en) * 2019-11-26 2021-06-11 北京沃东天骏信息技术有限公司 Method and device for generating and verifying exchange code
CN111142843B (en) * 2019-12-16 2021-10-29 北京电子科技学院 Chaos-based computer random number generation system and method
CN111709044B (en) * 2020-06-19 2021-06-22 山东省计算中心(国家超级计算济南中心) Hardware fingerprint information generation method and system based on state cryptographic algorithm

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1714377A (en) * 2002-10-07 2005-12-28 小林朗 Pseudo-random number generation method and pseudo-random number generator
CN101292223A (en) * 2005-10-19 2008-10-22 Nxp股份有限公司 Method of generating pseudo-random numbers
CN105721143A (en) * 2016-01-30 2016-06-29 飞天诚信科技股份有限公司 Method and device for initializing application of smart card

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MD5加随机数算法的研究与应用;曾诗亮,周琪云;《加解密技术》;20190915;全文 *
基于真随机数和伪随机数相结合的图像加密算法;郭永宁,孙树亮;《陕西师范大学学报(自然科学版)》;20200331;第48卷(第2期);全文 *

Also Published As

Publication number Publication date
CN113504894A (en) 2021-10-15

Similar Documents

Publication Publication Date Title
CN113504894B (en) Random number generator, method for generating pseudo-random number and chip
US10103888B2 (en) Method of performing keyed-hash message authentication code (HMAC) using multi-party computation without Boolean gates
US10146701B2 (en) Address-dependent key generation with a substitution-permutation network
CN110224976B (en) Encrypted communication method, device and computer readable storage medium
US11424933B2 (en) Method and apparatus for exchanging messages
CN112152786A (en) Fast XMSS signature verification and nonce sampling process without signature extension
CN109714368B (en) Message encryption and decryption method and device, electronic equipment and computer readable storage medium
WO2017006118A1 (en) Secure distributed encryption system and method
EP1289188A2 (en) Methods and apparatus for accelerating ARC4 processing
CN110213050A (en) Key generation method, device and storage medium
CN111953497B (en) Message authentication code generation device and method based on HMAC algorithm
JP2016157055A (en) Encryption system, authentication system, encryption device, decryption device, authenticator generation device, verification device, encryption method, and authentication method
CN110266478B (en) Information processing method and electronic equipment
CN112995210B (en) Data transmission method and device and electronic equipment
CN114390317B (en) Encryption method and system for streaming video
CN115795522A (en) Multi-core concurrent high-speed cryptographic engine data processing method and device
CN113452508B (en) Data encryption method, device, equipment and computer readable storage medium
Sylfania et al. Blowfish–RSA comparison analysis of the encrypt decrypt process in android-based email application
CN109040653B (en) Data encryption and decryption overhead determining method and device and electronic equipment
CN113489589A (en) Data encryption and decryption method and device and electronic equipment
US8995659B2 (en) Parameterized random data generator providing a sequence of bytes with uniform statistical distribution
KR102319459B1 (en) Method and system for communication based on hash-based message authentication code
US11683182B2 (en) Message embedment in random values
CN112671789B (en) Data transmission optimization method, device and system based on Chinese remainder theorem
CN117499040B (en) Video stream encrypting and decrypting device, method, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant