CN115632782A - Random number generation method, system and equipment based on SM4 counter mode - Google Patents

Random number generation method, system and equipment based on SM4 counter mode Download PDF

Info

Publication number
CN115632782A
CN115632782A CN202211653313.8A CN202211653313A CN115632782A CN 115632782 A CN115632782 A CN 115632782A CN 202211653313 A CN202211653313 A CN 202211653313A CN 115632782 A CN115632782 A CN 115632782A
Authority
CN
China
Prior art keywords
random number
seed material
bit
key
output
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211653313.8A
Other languages
Chinese (zh)
Other versions
CN115632782B (en
Inventor
代政一
赵光耀
冯国柱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Cryptographic Engineering Research Center Co ltd
Original Assignee
Hunan Cryptographic Engineering Research Center Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Cryptographic Engineering Research Center Co ltd filed Critical Hunan Cryptographic Engineering Research Center Co ltd
Priority to CN202211653313.8A priority Critical patent/CN115632782B/en
Publication of CN115632782A publication Critical patent/CN115632782A/en
Application granted granted Critical
Publication of CN115632782B publication Critical patent/CN115632782B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/582Pseudo-random number generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the disclosure provides a random number generation method, a system and equipment based on an SM4 counter mode, which belong to the technical field of data processing, and specifically comprise the following steps: step 1, initializing a random number generator; step 2, obtaining initial seed materials from an entropy source; step 3, deriving the initial seed material based on SM4 to obtain a derived seed material; step 4, updating the state of the random number generator by utilizing the derivative seed material; and 5, outputting the random number. Through the scheme disclosed by the invention, the safety of the bottom layer of the cryptographic algorithm is improved.

Description

Random number generation method, system and equipment based on SM4 counter mode
Technical Field
The embodiment of the disclosure relates to the technical field of data processing, in particular to a random number generation method, a random number generation system and random number generation equipment based on an SM4 counter mode.
Background
Recently, new infrastructures such as 6G, mobile internet, big data and cloud computing are rapidly developed, and more application scenarios require cryptographic algorithms to guarantee confidentiality, integrity and authentification of transmitted data. The pseudo-random number generator is used as a bottom-layer component for guaranteeing the safety of the cryptographic algorithm, and the unpredictability of the output of the cryptographic algorithm is guaranteed. Random numbers play an increasingly important role in many interactive negotiation scenarios, such as key generation, key exchange protocols, zero knowledge proof, block chaining, secure multi-party computation, and the like.
The true random number generator takes a random entropy source as input and the output bit sequence is random like a random coin throw. In order to ensure that pseudo random numbers are indistinguishable from true random numbers, an important feature of pseudorandom number generators is randomness and unpredictability. Randomness means that bits of a random number are independent from each other, and each bit is subject to uniform distribution; unpredictability means that a preceding segment and a succeeding segment cannot be deduced from a known sequence segment. A pseudo-random number generator typically takes a random value as a seed and produces a sequence of bits using a deterministic algorithm that can replace a true random entropy source to perform the function of generating random numbers if the output sequence is indistinguishable from the true random sequence. The seed is important for a pseudorandom number generator, and once the attacker acquires the seed, it gets the information of all subsequent random numbers.
Therefore, a random number generation method based on the SM4 counter mode with high safety is needed.
Disclosure of Invention
In view of this, embodiments of the present disclosure provide a random number generation method, system and device based on an SM4 counter mode, so as to at least partially solve the problem of poor security in the prior art.
In a first aspect, an embodiment of the present disclosure provides a random number generation method based on an SM4 counter mode, including:
step 1, initializing a random number generator, wherein the random number generator comprises a bit string V, a bit string Key and a reseeding counter;
step 2, obtaining initial seed materials from an entropy source;
step 3, deriving the initial seed material based on SM4 to obtain a derived seed material;
step 4, updating the state of the random number generator by utilizing the derivative seed material;
step 5, outputting a random number;
the step 5 specifically comprises:
step 5.1, judging whether the reseeding counter exceeds the reseeding interval or not, if so, executing reseeding operation, otherwise, executing step 5.2;
step 5.2, setting the target seed material as a 0-bit string with 256 bits;
step 5.3, under the action of the current internal state Key value, encrypting the V +1 of the current internal state in the SM4 ECB mode to obtain a 128-bit output result output;
step 5.4, taking the previous requested _ number _ of _ bits of output as the output random number;
and 5.5, updating the states of the target seed material and the current internal state Key and V to obtain a new internal state Key and a new internal state V of the random number generator, and recording the number of times of outputting the random number according to the value of the reseeding counter plus 1.
According to a specific implementation manner of the embodiment of the present disclosure, the step 2 specifically includes:
and (3) performing iteration by using an entropy source round function, converting the pseudo-random number with a preset length, generating a plurality of new random numbers with the same length, and taking all the new random numbers as the initial seed material.
According to a specific implementation manner of the embodiment of the present disclosure, the step 3 specifically includes:
step 3.1, filling the initial seed material S, wherein S = byte number | | | of the initial seed material, byte number of the derivative seed material, byte number | | |0x80, where both byte number of the initial seed material and byte number of the derivative seed material are 32 bit numbers, symbol | | | represents connection of a bit string, and when the bit length of S after filling is not a multiple of 128, continuing to fill 0x00 until the bit length of S after filling is a multiple of 128;
step 3.2, selecting a key used in the SM4 CBC mode and a 0-bit string with 96 bits and connecting the initial vector IV with the initial seed material S, where the initial vector IV and the initial seed material S are 0x00000000, and connecting the initial vector IV and the initial seed material S, that is, IVs = IV | | S;
step 3.3, encrypting the IVS in the CBC mode of SM4 by using the secret key, and taking the output 128-bit MAC value as the secret key K in the ECB mode of SM 4;
step 3.4, select the initial vector IV as 0x00000001 to connect to 96 bit 0 bit string, and also connect IV to S, that is: IVSS = IV | | | S;
step 3.5, encrypting the IVSS in the CBC mode of the SM4 by using the secret key, and taking the output 128-bit MAC value as the encrypted data X in the ECB mode of the SM 4;
step 3.6, under the action of the secret key K, encrypting X in the ECB mode of SM4, and outputting a 128-bit value
Figure 819790DEST_PATH_IMAGE002
And then encrypted
Figure 205772DEST_PATH_IMAGE002
Outputting a 128-bit value
Figure 205083DEST_PATH_IMAGE004
Figure 69134DEST_PATH_IMAGE006
I.e. 256 bits of derivative seed material.
According to a specific implementation manner of the embodiment of the present disclosure, the step 4 specifically includes:
step 4.1, under the action of the current state Key value, the encryption V +1 in the ECB mode of the SM4 obtains a 128-bit output result output1;
step 4.2, under the action of the current state Key value, encrypting V +2 in the SM4 ECB mode to obtain a 128-bit output result output2;
step 4.3, connecting output1 and output2, and then carrying out exclusive or operation on the obtained product and 256-bit derivative seed materials;
and 4.4, taking the first 128 bits of the obtained result as an updated value of Key and the last 128 bits of the result as an updated value of V.
In a second aspect, an embodiment of the present disclosure provides a random number generation system based on an SM4 counter mode, including:
the initialization module is used for initializing a random number generator, wherein the random number generator comprises a bit string V, a bit string Key and a reseed counter;
an acquisition module to acquire initial seed material from an entropy source;
a derivation module, configured to derive the initial seed material based on SM4 to obtain a derived seed material;
an update module to update a state of the random number generator with the derivative seed material;
the output module is used for outputting the random number;
the output module specifically comprises:
step 5.1, judging whether the reseeding counter exceeds the reseeding interval or not, if so, executing reseeding operation, otherwise, executing step 5.2;
step 5.2, setting the target seed material as a 0-bit string with 256 bits;
step 5.3, under the action of the current internal state Key value, encrypting the V +1 of the current internal state in the SM4 ECB mode to obtain a 128-bit output result output;
step 5.4, taking the previous requested _ number _ of _ bits of output as the output random number;
and 5.5, updating the states of the target seed material and the current internal states Key and V to obtain a new internal state Key and a new internal state V of the random number generator, and recording the number of times of outputting the random number according to the value of the reseeding counter plus 1.
In a third aspect, an embodiment of the present disclosure further provides an electronic device, where the electronic device includes:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the random number generation method based on the SM4 counter mode in the first aspect or any implementation manner of the first aspect.
The random number generation scheme based on the SM4 counter mode in the embodiments of the present disclosure includes: step 1, initializing a random number generator, wherein the random number generator comprises a bit string V, a bit string Key and a reseeding counter; step 2, obtaining initial seed materials from an entropy source; step 3, deriving the initial seed material based on SM4 to obtain a derived seed material; step 4, updating the state of the random number generator by utilizing the derivative seed material; step 5, outputting a random number; the step 5 specifically includes: step 5.1, judging whether the reseeding counter exceeds the reseeding interval or not, if so, executing reseeding operation, otherwise, executing step 5.2; step 5.2, setting the target seed material as a 0-bit string with 256 bits; step 5.3, under the action of the Key value of the current internal state, encrypting V +1 of the current internal state in the ECB mode of the SM4 to obtain 128-bit output result output; step 5.4, taking the previous requested _ number _ of _ bits of output as an output random number; and 5.5, updating the states of the target seed material and the current internal state Key and V to obtain a new internal state Key and a new internal state V of the random number generator, and recording the number of times of outputting the random number according to the value of the reseeding counter plus 1.
The beneficial effects of the embodiment of the disclosure are: according to the scheme disclosed by the invention, five steps of initializing the random number generator, acquiring entropy source seeds, deriving the seeds based on the SM4, updating the state of the random number generator and outputting the random number are carried out based on the SM4 counter mode, so that the security of the bottom layer of the cryptographic algorithm is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present disclosure, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a random number generation method based on an SM4 counter mode according to an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart of an entropy source round function provided by an embodiment of the present disclosure;
FIG. 3 is a schematic diagram illustrating an operation flow of an F function in an entropy source round function according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a random number generation system based on an SM4 counter mode according to an embodiment of the present disclosure;
fig. 5 is a schematic view of an electronic device provided in an embodiment of the present disclosure.
Detailed Description
The embodiments of the present disclosure are described in detail below with reference to the accompanying drawings.
The embodiments of the present disclosure are described below with specific examples, and other advantages and effects of the present disclosure will be readily apparent to those skilled in the art from the disclosure in the specification. It is to be understood that the described embodiments are merely illustrative of some, and not restrictive, of the embodiments of the disclosure. The disclosure may be embodied or carried out in various other specific embodiments, and various modifications and changes may be made in the details within the description without departing from the spirit of the disclosure. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present disclosure, and the drawings only show the components related to the present disclosure rather than the number, shape and size of the components in actual implementation, and the type, amount and ratio of the components in actual implementation may be changed arbitrarily, and the layout of the components may be more complicated.
In addition, in the following description, specific details are provided to facilitate a thorough understanding of the examples. However, it will be understood by those skilled in the art that the aspects may be practiced without these specific details.
The embodiment of the disclosure provides a random number generation method based on an SM4 counter mode, and the method can be applied to the encryption process of an internet scene.
Referring to fig. 1, a schematic flow chart of a random number generation method based on an SM4 counter mode according to an embodiment of the present disclosure is provided. As shown in fig. 1, the method mainly comprises the following steps:
step 1, initializing a random number generator, wherein the random number generator comprises a bit string V, a bit string Key and a reseed counter;
in specific implementation, the internal state working _ state of the random number generator may be composed of three parts: v, key, and rest _ counter, which are defined as follows:
a) Bit string V: the length is 128 bits, and updating is carried out when a group of random numbers with the length of 128 bits are generated;
b) Bit string Key: the length is 128 bits, and the random number is updated when a preset group number of random numbers are generated;
c) Reseed _ counter: the number of times the random number is requested is recorded and updated after initialization or seed update.
The self-designed entropy source used in the initialization process generates a new 128-bit random number by transforming a 128-bit pseudo-random number in a series of transformations, wherein the 128-bit pseudo-random number can be given by a user or generated by calling a system rand () function, and then initializes the relevant state information of the random number generator, namely a bit string V, a bit string Key and a reseed counter, by using the pseudo-random number.
Step 2, obtaining initial seed materials from an entropy source;
further, the step 2 specifically includes:
and (3) performing iteration by using an entropy source round function, converting the pseudo-random number with a preset length, generating a plurality of new random numbers with the same length, and taking all the new random numbers as the initial seed material.
In specific implementation, as shown in fig. 2, iteration is performed by using an entropy source round function, specifically, first, a 128-bit input is divided into 4 blocks, each block has 32 bits, and 20 round function iterations shown in fig. 2 are performed, where an F function is performed as follows:
firstly, the first step is to
Figure 352348DEST_PATH_IMAGE007
And
Figure 909231DEST_PATH_IMAGE008
performing XOR operation, and summing the results
Figure 645106DEST_PATH_IMAGE009
Make mould
Figure 296536DEST_PATH_IMAGE010
The addition operation, namely:
Figure 434256DEST_PATH_IMAGE011
Figure 896462DEST_PATH_IMAGE012
secondly, will
Figure 870365DEST_PATH_IMAGE013
Performing a linear operation;
Figure 810639DEST_PATH_IMAGE014
Figure 537287DEST_PATH_IMAGE015
in which<<<Operation representation bit string
Figure 419661DEST_PATH_IMAGE013
Performing cyclic left shift operation;
finally will be
Figure 130128DEST_PATH_IMAGE016
XOR with the number of rounds and then AND
Figure 608514DEST_PATH_IMAGE017
Make mould
Figure 489137DEST_PATH_IMAGE010
The addition operation, namely:
Figure 293145DEST_PATH_IMAGE018
Figure 490908DEST_PATH_IMAGE019
the F function operation flow is as shown in fig. 3, the iteration round function has 20 rounds, the output is 128 bits, the iteration output result of 20 rounds is used as part of the initial seed material, and the initial seed material can be generated by calling the entropy source twice. If a user needs more seed materials, the entropy source round function is called for many times to generate enough seed materials, and fig. 2 and fig. 3 show a transformation mode and a round function used in the process from the bit value acquired by the entropy source to the generation of the seed materials. The 128 bits obtained from the entropy source are divided into 4 blocks of 32 bits each, and the input of the round function is
Figure 38564DEST_PATH_IMAGE020
The wheel function output is
Figure 254651DEST_PATH_IMAGE021
Iterate 20 rounds, wherein
Figure 760718DEST_PATH_IMAGE022
Indicating the current round value.
Step 3, deriving the initial seed material based on SM4 to obtain a derived seed material;
on the basis of the foregoing embodiment, the step 3 specifically includes:
step 3.1, filling the initial seed material S, wherein S = byte number | | | of the initial seed material, byte number of the derivative seed material, byte number | | |0x80, where both byte number of the initial seed material and byte number of the derivative seed material are 32 bit numbers, symbol | | | represents connection of a bit string, and when the bit length of S after filling is not a multiple of 128, continuing to fill 0x00 until the bit length of S after filling is a multiple of 128;
step 3.2, selecting a key used in the SM4 CBC mode and a 0-bit string with 96 bits and connecting the initial vector IV with the initial seed material S, where the initial vector IV and the initial seed material S are 0x00000000, and connecting the initial vector IV and the initial seed material S, that is, IVs = IV | | S;
step 3.3, encrypting the IVS in the CBC mode of SM4 by using the secret key, and taking the output 128-bit MAC value as the secret key K in the ECB mode of SM 4;
step 3.4, select the initial vector IV as 0x00000001 to connect to 96 bit 0 bit string, and also connect IV to S, that is: IVSS = IV | | S;
step 3.5, encrypting the IVSS in the CBC mode of the SM4 by using the secret key, and taking the output 128-bit MAC value as the encrypted data X in the ECB mode of the SM 4;
step 3.6, under the action of the secret key K, encrypting the X in the ECB mode of the SM4, and outputting a 128-bit value
Figure 180198DEST_PATH_IMAGE023
Is then encrypted
Figure 265966DEST_PATH_IMAGE023
Outputting a 128-bit value
Figure 838024DEST_PATH_IMAGE024
Figure 249414DEST_PATH_IMAGE025
I.e. 256 bits of derivative seed material.
In specific implementation, the SM4 algorithm is the first commercial block cipher standard published by the domestic official in 2006-2 month, and is a cipher algorithm recommended to be used by the security standard of the wireless local area network in china. The packet length and the key length are 128 bits, and an unbalanced Feistel structure is adopted, so that the encryption and decryption speed is high, the performance is high, and the like. The random number generator used in the patent is a random number generator based on an SM4 counter mode and independently designed for a domestic system, a domestic device and a domestic chip.
The Electronic Cipher Book (ECB) mode and the cipher text block chaining (CBC) mode are two working modes of the block cipher, the electronic cipher book mode has the characteristics of simplicity in operation and easiness in implementation, and meanwhile due to the independence of the blocks, parallel processing is facilitated, and error propagation can be well prevented. The cipher text block linking mode links the encryption processes of all the blocks together, so that the cipher text of a certain block does not depend on the plain text of the block but depends on all the plain text blocks before (including) the block, and meanwhile, the operation of initial vector randomization is used in the encryption process, meanwhile, the correlation between the plain text blocks and the cipher text blocks is covered, and the safety is improved.
After the initial seed material is obtained, performing seed material derivation, wherein the seed material after derivation is used for updating the internal state of the random number generator, and the step of executing the derivation function can be as follows:
filling an initial seed material, wherein S = the byte number of the initial seed material | | | | derived seed material | | |0x80, the byte numbers of the initial seed material and the derived seed material are both 32 bit numbers, and the symbol | | | represents the connection of a bit string. When the bit length of the padded S is not a multiple of 128, continuing to pad 0x00 until the bit length of the padded S is a multiple of 128;
selecting a key 0x000102030405060708090A0B0C0D0E0F used in the SM4 CBC mode, then selecting A0-bit string with an initial vector IV of 0x00000000 and 96 bits connected, and connecting the IV with the S, namely: IVS = IV | | S. Encrypting the IVS in the CBC mode of the SM4 under the action of the key, and outputting a 128-bit MAC value as a key K in the ECB mode of the SM 4; the alternative initial vector IV is a 0-bit string of 0x00000001 concatenated with 96 bits, also concatenating IV with S, i.e.: IVSS = IV | | S. Under the effect of the key(s),the IVSS is encrypted in the CBC mode of SM4, and the 128-bit MAC value is output as encrypted data X in the ECB mode of SM 4. Encrypting X in ECB mode of SM4 under the action of key K, and outputting 128-bit value
Figure 890611DEST_PATH_IMAGE023
And then encrypted
Figure 763757DEST_PATH_IMAGE023
Outputting a 128-bit value
Figure 439589DEST_PATH_IMAGE024
Figure 21881DEST_PATH_IMAGE026
I.e. 256 bits of derived seed material.
Step 4, updating the state of the random number generator by utilizing the derivative seed material;
on the basis of the above embodiment, the step 4 specifically includes:
step 4.1, under the action of the current state Key value, the encryption V +1 in the ECB mode of the SM4 obtains a 128-bit output result output1;
step 4.2, under the action of the current state Key value, the encryption V +2 in the SM4 ECB mode obtains a 128-bit output result output2;
step 4.3, connecting output1 and output2, and then carrying out exclusive or operation on the obtained product and 256-bit derivative seed materials;
and 4.4, taking the first 128 bits of the obtained result as an updated value of Key and the last 128 bits of the result as an updated value of V.
In specific implementation, after 256-bit derived seed materials seed are obtained, the derived seed materials are used for updating the internal states Key and V of the random number generator based on the current internal state, and the state updating function is executed as follows:
firstly, under the action of a current state Key value, encrypting V +1 in an SM4 ECB mode to obtain a 128-bit output result output1;
secondly, under the action of the current state Key value, the encryption V +2 in the ECB mode of the SM4 obtains a 128-bit output result output2;
connecting output1 and output2, and then carrying out exclusive OR operation on the output1 and the output2 and a 256-bit derived seed key seed;
the first 128 bits of the result are used as the updated value of Key, and the last 128 bits of the result are used as the updated value of V.
Step 5, outputting a random number;
the step 5 specifically includes:
step 5.1, judging whether the reseeding counter exceeds the reseeding interval or not, if so, executing reseeding operation, otherwise, executing step 5.2;
step 5.2, setting the target seed material as a 0-bit string with 256 bits;
step 5.3, under the action of the Key value of the current internal state, encrypting V +1 of the current internal state in the ECB mode of the SM4 to obtain 128-bit output result output;
step 5.4, taking the previous requested _ number _ of _ bits of output as the output random number;
and 5.5, updating the states of the target seed material and the current internal states Key and V to obtain a new internal state Key and a new internal state V of the random number generator, and recording the number of times of outputting the random number according to the value of the reseeding counter plus 1.
In specific implementation, after the initialization of the random number generator is completed, the random number generator can output random numbers, the random number generator returns random numbers with required given length based on the current internal state, the random number output each time is 128 bits at most, the internal state of the random number generator is updated while the random numbers are output, and the execution steps of the random number output are as follows:
and judging whether the reseed counter exceeds a reseed interval or not, and if so, executing reseed operation, specifically, updating the state based on the current internal state. The execution steps are as follows:
firstly, 256 bits of initial seed materials are obtained from an entropy source;
deriving the initial seed material to obtain 256 bit derived seed materials, wherein the deriving step of the seed material deriving process is the same as the deriving function executing step of the initializing process;
and finally, updating the states of the derivative seed material and the current internal state Key and V to obtain the internal state of the new random number generator, wherein the state updating process is the same as the state updating function execution step of the initialization process.
If the interval is not exceeded, executing the next step, and setting the seed material as a0 bit string with 256 bits;
under the action of a current internal state Key value, encrypting V +1 of the current internal state in an SM4 ECB mode to obtain a 128-bit output result output;
taking the previous requested _ number _ of _ bits of output as an output random number;
and updating the state of the seed material and the current internal state Key and V to obtain a new internal state Key and a new internal state V of the random number generator, and simultaneously recording the number of times of outputting the random number according to the value of the reseeding counter plus 1.
Since the state is updated every time the random number is output, it is difficult to infer the output of the random number in the next state from the output of the current random number without knowing the internal state, and the output of the random number reaches at least 128 bits of entropy.
In the random number generation method based on the SM4 counter mode provided in this embodiment, through five steps of initializing the random number generator based on the SM4 counter mode, acquiring an entropy source seed, deriving a seed based on the SM4, updating a state of the random number generator, and outputting a random number, the security of the bottom layer of the cryptographic algorithm is improved.
On the basis of the above-described embodiments,
corresponding to the above method embodiment, referring to fig. 4, the present disclosure also provides a random number generation system 40 based on an SM4 counter mode, including:
an initialization module 401, configured to initialize a random number generator, where the random number generator includes a bit string V, a bit string Key, and a reseed counter;
an obtaining module 402 for obtaining initial seed material from an entropy source;
a derivation module 403, configured to derive the initial seed material based on SM4 to obtain a derived seed material;
an update module 404 for updating the random number generator state with the derivative seed material;
an output module 405 for outputting a random number;
the output module 405 specifically includes:
step 5.1, judging whether the reseeding counter exceeds the reseeding interval, if so, executing reseeding operation, otherwise, executing step 5.2;
step 5.2, setting the target seed material as a 0-bit string with 256 bits;
step 5.3, under the action of the current internal state Key value, encrypting the V +1 of the current internal state in the SM4 ECB mode to obtain a 128-bit output result output;
step 5.4, taking the previous requested _ number _ of _ bits of output as the output random number;
and 5.5, updating the states of the target seed material and the current internal state Key and V to obtain a new internal state Key and a new internal state V of the random number generator, and recording the number of times of outputting the random number according to the value of the reseeding counter plus 1.
The system shown in fig. 4 can correspondingly execute the content in the above method embodiment, and details of the part not described in detail in this embodiment refer to the content described in the above method embodiment, which is not described again here.
Referring to fig. 5, an embodiment of the present disclosure also provides an electronic device 50, including: at least one processor and a memory communicatively coupled to the at least one processor. Wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the random number generation method based on the SM4 counter mode in the foregoing method embodiments.
The disclosed embodiments also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the random number generation method based on the SM4 counter mode in the foregoing method embodiments.
The disclosed embodiments also provide a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions that, when executed by a computer, cause the computer to perform the random number generation method based on the SM4 counter mode in the aforementioned method embodiments.
Referring now to FIG. 5, a schematic diagram of an electronic device 50 suitable for use in implementing embodiments of the present disclosure is shown. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., car navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 5, electronic device 50 may include a processing means (e.g., central processing unit, graphics processor, etc.) 501 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data necessary for the operation of the electronic apparatus 50 are also stored. The processing device 501, the ROM 502, and the RAM 503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Generally, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touch pad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, etc.; output devices 507 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, and the like; storage devices 508 including, for example, magnetic tape, hard disk, etc.; and a communication device 509. The communication means 509 may allow the electronic device 50 to communicate with other devices wirelessly or by wire to exchange data. While the figures illustrate an electronic device 50 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided.
In particular, the processes described above with reference to the flow diagrams may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or installed from the storage means 508, or installed from the ROM 502. The computer program performs the above-described functions defined in the methods of the embodiments of the present disclosure when executed by the processing device 501.
It should be noted that the computer readable medium in the present disclosure can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer readable signal medium may comprise a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
The computer readable medium may be embodied in the electronic device; or may be separate and not incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to perform the steps associated with the method embodiments.
Alternatively, the computer readable medium carries one or more programs which, when executed by the electronic device, enable the electronic device to perform the steps associated with the method embodiments.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware.
It should be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof.
The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present disclosure should be covered within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (6)

1. A random number generation method based on SM4 counter mode is characterized by comprising the following steps:
step 1, initializing a random number generator, wherein the random number generator comprises a bit string V, a bit string Key and a reseed counter;
step 2, obtaining initial seed materials from an entropy source;
step 3, deriving the initial seed material based on SM4 to obtain a derived seed material;
step 4, updating the state of the random number generator by utilizing the derivative seed material;
step 5, outputting a random number;
the step 5 specifically includes:
step 5.1, judging whether the reseeding counter exceeds the reseeding interval or not, if so, executing reseeding operation, otherwise, executing step 5.2;
step 5.2, setting the target seed material as a 0-bit string with 256 bits;
step 5.3, under the action of the Key value of the current internal state, encrypting V +1 of the current internal state in the ECB mode of the SM4 to obtain 128-bit output result output;
step 5.4, taking the previous requested _ number _ of _ bits of output as an output random number;
and 5.5, updating the states of the target seed material and the current internal state Key and V to obtain a new internal state Key and a new internal state V of the random number generator, and recording the number of times of outputting the random number according to the value of the reseeding counter plus 1.
2. The method according to claim 1, wherein the step 2 specifically comprises:
and (3) performing iteration by using an entropy source round function, converting the pseudo-random number with a preset length, generating a plurality of new random numbers with the same length, and taking all the new random numbers as the initial seed material.
3. The method according to claim 1, wherein the step 3 specifically comprises:
step 3.1, filling the initial seed material S, wherein S = byte number | | | of the initial seed material, byte number of the derivative seed material, byte number | | |0x80, where both byte number of the initial seed material and byte number of the derivative seed material are 32 bit numbers, symbol | | | represents connection of a bit string, and when the bit length of S after filling is not a multiple of 128, continuing to fill 0x00 until the bit length of S after filling is a multiple of 128;
step 3.2, selecting a key used in the SM4 CBC mode and a 0-bit string with 96 bits and connecting the initial vector IV with the initial seed material S, where the initial vector IV and the initial seed material S are 0x00000000, and connecting the initial vector IV and the initial seed material S, that is, IVs = IV | | S;
step 3.3, encrypting the IVS in the CBC mode of SM4 by using the secret key, and taking the output 128-bit MAC value as the secret key K in the ECB mode of SM 4;
step 3.4, select the initial vector IV as 0x00000001 to connect to a 96-bit 0-bit string, and also connect IV to S, that is: IVSS = IV | | S;
step 3.5, encrypting the IVSS in the CBC mode of the SM4 by using the secret key, and taking the output 128-bit MAC value as the encrypted data X in the ECB mode of the SM 4;
step 3.6, under the action of the secret key K, encrypting X in the ECB mode of SM4, and outputting a 128-bit value
Figure 961437DEST_PATH_IMAGE002
Is then encrypted
Figure DEST_PATH_IMAGE003
Outputting a 128-bit value
Figure DEST_PATH_IMAGE005
Figure DEST_PATH_IMAGE007
I.e. 256 bits of derivative seed material.
4. The method according to claim 1, wherein the step 4 specifically comprises:
step 4.1, under the action of the current state Key value, the encryption V +1 in the ECB mode of the SM4 obtains a 128-bit output result output1;
step 4.2, under the action of the current state Key value, encrypting V +2 in the SM4 ECB mode to obtain a 128-bit output result output2;
step 4.3, connecting output1 and output2, and then carrying out exclusive or operation on the obtained product and 256 bit derived seed materials;
and 4.4, taking the first 128 bits of the obtained result as an updated value of Key and the last 128 bits of the result as an updated value of V.
5. A random number generation system based on an SM4 counter mode, comprising:
the initialization module is used for initializing a random number generator, wherein the random number generator comprises a bit string V, a bit string Key and a reseed counter;
an acquisition module to acquire initial seed material from an entropy source;
a derivation module, configured to derive the initial seed material based on SM4 to obtain a derived seed material;
an update module to update a state of the random number generator with the derivative seed material;
the output module is used for outputting the random number;
the output module specifically includes:
step 5.1, judging whether the reseeding counter exceeds the reseeding interval or not, if so, executing reseeding operation, otherwise, executing step 5.2;
step 5.2, setting the target seed material as a 0-bit string with 256 bits;
step 5.3, under the action of the Key value of the current internal state, encrypting V +1 of the current internal state in the ECB mode of the SM4 to obtain 128-bit output result output;
step 5.4, taking the previous requested _ number _ of _ bits of output as the output random number;
and 5.5, updating the states of the target seed material and the current internal state Key and V to obtain a new internal state Key and a new internal state V of the random number generator, and recording the number of times of outputting the random number according to the value of the reseeding counter plus 1.
6. An electronic device, characterized in that the electronic device comprises:
at least one processor; and (c) a second step of,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the random number generation method based on the SM4 counter mode of any one of the preceding claims 1-4.
CN202211653313.8A 2022-12-22 2022-12-22 Random number generation method, system and equipment based on SM4 counter mode Active CN115632782B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211653313.8A CN115632782B (en) 2022-12-22 2022-12-22 Random number generation method, system and equipment based on SM4 counter mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211653313.8A CN115632782B (en) 2022-12-22 2022-12-22 Random number generation method, system and equipment based on SM4 counter mode

Publications (2)

Publication Number Publication Date
CN115632782A true CN115632782A (en) 2023-01-20
CN115632782B CN115632782B (en) 2023-03-21

Family

ID=84910105

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211653313.8A Active CN115632782B (en) 2022-12-22 2022-12-22 Random number generation method, system and equipment based on SM4 counter mode

Country Status (1)

Country Link
CN (1) CN115632782B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117873431A (en) * 2024-03-13 2024-04-12 杭州金智塔科技有限公司 Random number generation method and device based on SM4 cryptographic algorithm

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101882062A (en) * 2010-05-21 2010-11-10 房慧龙 True random bit stream generator
CN102541508A (en) * 2010-12-29 2012-07-04 鸿富锦精密工业(深圳)有限公司 True random number generating system and method
CN105376055A (en) * 2015-12-09 2016-03-02 捷德(中国)信息科技有限公司 Method for generating pseudo random number and pseudo random number generator
CN105426158A (en) * 2015-12-09 2016-03-23 福州瑞芯微电子股份有限公司 Random number generating method and device
CN110851112A (en) * 2019-11-06 2020-02-28 成都卫士通信息产业股份有限公司 Random bit generation method and device, electronic equipment and storage medium
US20200201604A1 (en) * 2018-12-21 2020-06-25 Graphcore Limited Pseudo-random number generator
US20200389293A1 (en) * 2019-06-05 2020-12-10 Certicom Corp. System and method for operating pseudorandom generators
CN112835554A (en) * 2020-12-31 2021-05-25 中国科学院信息工程研究所 Random number generation, regeneration and tracking method based on non-uniform random source in group and electronic device
US20220103265A1 (en) * 2019-02-15 2022-03-31 Apple Inc. Method for initialization seed generation for pn sequences in remote interference management

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101882062A (en) * 2010-05-21 2010-11-10 房慧龙 True random bit stream generator
CN102541508A (en) * 2010-12-29 2012-07-04 鸿富锦精密工业(深圳)有限公司 True random number generating system and method
CN105376055A (en) * 2015-12-09 2016-03-02 捷德(中国)信息科技有限公司 Method for generating pseudo random number and pseudo random number generator
CN105426158A (en) * 2015-12-09 2016-03-23 福州瑞芯微电子股份有限公司 Random number generating method and device
US20200201604A1 (en) * 2018-12-21 2020-06-25 Graphcore Limited Pseudo-random number generator
US20220103265A1 (en) * 2019-02-15 2022-03-31 Apple Inc. Method for initialization seed generation for pn sequences in remote interference management
US20200389293A1 (en) * 2019-06-05 2020-12-10 Certicom Corp. System and method for operating pseudorandom generators
CN110851112A (en) * 2019-11-06 2020-02-28 成都卫士通信息产业股份有限公司 Random bit generation method and device, electronic equipment and storage medium
CN112835554A (en) * 2020-12-31 2021-05-25 中国科学院信息工程研究所 Random number generation, regeneration and tracking method based on non-uniform random source in group and electronic device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117873431A (en) * 2024-03-13 2024-04-12 杭州金智塔科技有限公司 Random number generation method and device based on SM4 cryptographic algorithm

Also Published As

Publication number Publication date
CN115632782B (en) 2023-03-21

Similar Documents

Publication Publication Date Title
JP5911654B2 (en) Random number generator and stream cipher
US20120269340A1 (en) Hierarchical encryption/decryption device and method thereof
CN108418686A (en) A kind of how distributed SM9 decryption methods and medium and key generation method
CN113573304B (en) Signature realization, signature verification method, signature terminal, signature verification terminal and storage medium
CN112019323B (en) Data encryption and decryption methods and devices, storage medium and electronic equipment
US11057205B2 (en) Seed key expansion method and its uses
US8122075B2 (en) Pseudorandom number generator and encryption device using the same
CN115392487A (en) Privacy protection nonlinear federal support vector machine training method and system based on homomorphic encryption
CN109495266B (en) Data encryption method and device based on random number
CN109714368B (en) Message encryption and decryption method and device, electronic equipment and computer readable storage medium
CN112054896B (en) White box encryption method, white box encryption device, terminal and storage medium
CN115632782B (en) Random number generation method, system and equipment based on SM4 counter mode
WO2019043921A1 (en) Encryption device, decryption device, encryption method, decryption method, encryption program, and decryption program
CN114785524A (en) Electronic seal generation method, device, equipment and medium
CN110213050A (en) Key generation method, device and storage medium
CN111798236B (en) Transaction data encryption and decryption methods, devices and equipment
CN117744123A (en) Security protection method and system for private data, electronic equipment and storage medium
CN115277064B (en) Data encryption and data decryption methods and devices, electronic equipment and medium
CN115766244A (en) Internet of vehicles information encryption method and device, computer equipment and storage medium
JP5489115B2 (en) Originality assurance device, originality assurance program, and recording medium for recording the program
JP4857230B2 (en) Pseudorandom number generator and encryption processing device using the same
CN114826560A (en) Method and system for realizing lightweight block cipher CREF
CN114491421A (en) File encryption method, file processing method, file encryption device, file processing device, readable medium and electronic equipment
Assafli et al. The Evaluation of Time-Dependent Initialization Vector Advanced Encryption Standard Algorithm for Image Encryption
KR101076747B1 (en) Method and apparatus for random accessible encryption and decryption by using a hierarchical tree structure of stream cipher module

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant