DE102015203573A1 - Method and apparatus for generating random bits - Google Patents

Method and apparatus for generating random bits

Info

Publication number
DE102015203573A1
DE102015203573A1 DE102015203573.5A DE102015203573A DE102015203573A1 DE 102015203573 A1 DE102015203573 A1 DE 102015203573A1 DE 102015203573 A DE102015203573 A DE 102015203573A DE 102015203573 A1 DE102015203573 A1 DE 102015203573A1
Authority
DE
Germany
Prior art keywords
input
device
logic level
digital inverter
digital
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
DE102015203573.5A
Other languages
German (de)
Inventor
Markus Dichtl
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Priority to DE102015203573.5A priority Critical patent/DE102015203573A1/en
Publication of DE102015203573A1 publication Critical patent/DE102015203573A1/en
Application status is Withdrawn legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes

Abstract

A random bit generating (ZB) method employs a ring oscillator circuit (2) comprising a plurality of digital inverter devices (31-3n), each digital inverter device (3j) having an input (31j) and an inverting output (32j) has. A harmonic wave state of the ring oscillator circuit (2) is generated by, at one start time, the input (31j) and the inverting output (32j) of at least two of the digital inverter devices (31-3n) at a same logic level (H, L) are forced (S1). After a predetermined period of time at a sampling time, the signals (A1-An) applied to outputs (32j) of a plurality of digital inverter devices (31-3n) are simultaneously sampled (S3) to generate at least one random bit (ZB). By using harmonics, a high generation rate for random bits (ZB) can be achieved. A correspondingly configured device (1) is used in an encryption device (100).

Description

  • The present invention relates to an apparatus and method for generating one or more random bits. For example, a random bit sequence is generated which is used as a binary random number. The proposed methods and devices for generating random bits serve, for example, the implementation of random number generators. In particular, the invention enables the generation of true random bits for use in encryption devices.
  • Random data is needed, for example, in security applications, where, for example, cryptographic keys or the like are derived from random bits generated. In security-relevant applications, for example in asymmetric authentication methods, random bit sequences are necessary as binary random numbers.
  • Random number generators are known, which have ring oscillators, which are constructed from series-connected inverters. Random jitter then results from fluctuating throughput times of the signals through the inverters. These jitter, that is, an irregular variation with time in state changes of the signals sent by the inverters, can be accumulated in the case of multiple passes through the ring oscillator circuit, so that ultimately a random analog signal is produced.
  • In the DE 10 2008 048 292 A1 A method and a device for generating random bits is presented, in which the phase positions of harmonic edges of a ring oscillator serve as the basis of random bit generation. However, it is desirable to increase the possible generation rate of random bits with moderate hardware and energy overhead.
  • Thus, it is an object of the present invention to provide an improved random number generator.
  • Accordingly, a method for generating random bits by means of a ring oscillator circuit comprising a plurality of digital inverter devices is proposed. A respective digital inverter device has an input and an inverting output. In the method, an oscillation state with harmonics of the ring oscillator circuit is generated such that, up to a start time, the input and the inverting output of at least two, preferably three, of the digital inverter devices are pulled to a same logic level. After a predetermined time period at a sampling instant, the signals applied to outputs of a plurality of digital inverter devices are sampled simultaneously to generate at least one random bit.
  • Alternatively or additionally, in one variant of the method, at least one digital inverter device is replaced by a digital delay device which has an input and an output. Instead of forcing the input and inverting output of one of the at least two of the digital inverter devices to the same logic level, the input of the digital delay device becomes a first logic level and the output of the digital delay device is inverse to the first logic level until the start time second logical level forced.
  • Until the start time, at least two, and preferably three, inconsistency points are generated in the ring of inverter devices. Inconsistency means that compared to the normal operation of an inverter device, the respective input signal at the input of the inverter device has a first logic level and the signal applied to the output of the inverter device has a second logic level, which is identical to the first. A logical level may be denoted H (high) or 1 (one), where the inverse is L (low) or 0 (zero). A respective logic level corresponds to a voltage or a potential. For example, an H level may be assigned a voltage of 1.2V, while an L level may be assigned -1.2V. Other assignments are conceivable.
  • Alternatively or additionally, an inconsistency point is generated in that the input and the output are brought to different logic levels by a delay device used in the ring oscillator. After start time, this inconsistency propagates through the ring of inverters and / or delay devices.
  • A delay device can be understood as digital bijective imaging, and a ring oscillator as a concatenation of feedback digital bijections. Another digital bijection can be implemented by an inverter. It is conceivable, for example, an embodiment of the delay device as a look-up table (LUT), which outputs the identity. Likewise, two inverter devices connected in series can be understood as delay devices.
  • As soon as the corresponding constraint condition is released at the start time, the ring oscillator circuit begins to oscillate. The inconsistencies shift then, so that random chaotic signal or level forms on the Inputs and / or outputs of the inverter devices and / or the delay device (s) are present. Compared to a classical ring oscillator circuit in which a fundamental or zero harmonic propagates as an inconsistency point as a function of the transit times through the inverter devices in the ring oscillator circuit, the constraints of at least two inconsistencies produce more varying signal components. Jitter impressed by the inverter devices and / or the delay device (s) has a greater influence. The fact that jitter occurs simultaneously at several points in the ring, a faster sampling is possible at the sampling time as in the classical ring oscillator circuit.
  • Preferably, more than one true random bit, more preferably more than two true random bits, are generated on average, that is to say over several scans or acquisitions of random bit values. A true random bit can be understood to be a binary wet that is not predictable per sample or acquisition. The probability of occurrence for zero or one is then e.g. 50%.
  • In embodiments of the method, the digital inverter devices in which the respective input and output are forced to the same logic level prior to the start time are not directly adjacent.
  • This can prevent harmonics from being extinguished directly. In embodiments, the number of provided in the ring oscillator circuit digital inverter devices is such that those inverter devices whose inputs and outputs of the constraint, that are forced to the same logic level, are equally spaced from each other. In this case, the distance in the number of inverter devices located between them can be dimensioned in the signal path. Similarly, inconsistencies that are coupled through delaying devices can be spaced.
  • In embodiments, all outputs of all digital inverter devices and / or the delay device (s) are sampled simultaneously. With the aid of the sampling, it is possible to detect a plurality of bits or bit values which are passed on to further processing.
  • In embodiments, the predetermined time period is such that, at the sampling time, the number of digital inverter devices having the same logic level at their input and inverting output is equal to the number of digital inverter devices whose input and output are at the start time its inverting output forced to the same logic level is at least equal. It is conceivable that in the course of the propagation of the harmonics by the ring oscillator circuit cancel inconsistency points. If the period between the start time and the sampling time is selected short enough, the number of inconsistencies, ie the propagating harmonics or harmonics remains the same.
  • In embodiments, after the sampling time at a further start time, the input and the inverting output of at least two of the digital inverter devices are temporarily forced to a same logic level, and after a further predetermined time period at a further sampling time, the plurality of digital inverter inverters Means for generating at least one further random bit sampled simultaneously.
  • It is possible that, after the sampling, harmonics are repeatedly generated in the ring oscillator circuit, which in turn are the basis for random bit generation by sampling. As a result, a particularly high random bit generation rate can be achieved.
  • Preferably, between the sampling time and the further sampling time such a long period of time that the generated oscillation state has at least partially decayed with harmonics of the ring oscillator circuit.
  • In embodiments of the method, multiple bit values are detected from sampling the outputs of the plurality of digital inverter devices and / or the delay device, and from the plurality of bit values, at least one random bit or on average more than random bits are determined, averaging over multiple samples the outputs of the plurality of digital inverter devices and / or the delay device / s takes place. By sampling, for example, with sample-and-hold elements, a logic level is determined from the respective output signal of the inverter device. Since the output signals are subject to large fluctuations, in particular due to the multiple harmonics, the sampling can usually not detect a well-defined logical L or H level. The respective scanning device also randomly decides on the actual detected bit value.
  • In embodiments, at least two random bit values are determined from the plurality of bit values. Since the determinable entropy of the multiple bit values, which can be stored as a bit word is usually greater than two, with the help of only one simultaneous sampling of the multiple inverter means a plurality of random bit values are determined.
  • In further embodiments, the multiple bit values for generating the at least one random bit are subjected to algorithmic post processing. This may in particular be a cryptographic function, hash function or a block cipher. By using algorithmic post-processing, unequal distributions of bit values between 0 and 1 can be at least partially compensated.
  • There is also proposed an apparatus for generating random bits, which comprises:
    a ring oscillator circuit comprising a plurality of digital inverter devices, a respective digital inverter device having an input and an inverting output;
    a plurality of controllable switching devices arranged such that the input and the inverting output of at least two of the inverting inverter devices can be forced to a same logic level;
    a sampling device configured to sample the signals applied to inputs of a plurality of digital inverter devices at a sampling time; and
    a control device, which is coupled to the controllable switching devices and the scanning device and for generating a vibration state with harmonics of the ring oscillator circuit controls the switching devices such that up to a start time each of the input and the inverting output of at least two of the digital inverter devices to a same logical levels are forced.
  • Preferably, the control device is set up to cause the implementation of a previously described and subsequently described method for generating random bits.
  • In one embodiment of the device, at least one digital inverter device is replaced by a digital delay device having an input and an output. The controller then controls the switching means such that, instead of the input and inverting outputs, one of the at least two of the digital inverter devices is forced to the same logic level, up to the start time, the input of the digital delay means to a first logic level and the output of the digital delay means digital delay means is forced to a first logical level inverse second logic level.
  • With the help of the method and the device, it is possible to generate random bits with a high data rate with low outlay on costs. The harmonics, ie inconsistencies propagating in the ring of the ring oscillator, are rather unstable and strongly dependent on the environmental conditions and the individual hardware design of the chip.
  • In embodiments, the entropy of the generated random bit values is regularly monitored. If the entropy is detected below a predetermined threshold, either the time between the start time and the sample time is changed, or the ring oscillator is reconfigured.
  • Since the harmonics or sensitively sensitive to external influences, resulting in an increased entropy, which can correspond to true random numbers. Nevertheless, the generation is possible with only digital components.
  • The random bit generating device may be part of an encryption device. In this respect, an encryption device is proposed, which comprises a computing device for performing an encryption algorithm on input data and a device for generating random bits, as described above and below.
  • Depending on one or more random bits generated by means of the random bit generator, encrypted data is generated.
  • In this respect, the random bit generation apparatus and method allow for extra-secure encryption, as reliable random bits can be generated.
  • In embodiments, the device is part of an FPGA device or an ASIC device.
  • The method can in particular be implemented on or in an FPGA or ASIC device via suitable description languages, for example VHDL or Verilog.
  • Furthermore, a computer program product is proposed, which causes the execution of the method as explained above on a program-controlled device.
  • A computer program product, such as a computer program means, for example, as a storage medium, such as memory card, USB stick, CD-ROM, DVD, or in the form of a downloadable file provided by a server in a network or delivered. This can be done, for example, in a wireless communication network by transmitting a corresponding file with the computer program product or the computer program means done. As a program-controlled device is in particular a control device, such as a microprocessor for a smart card or the like in question. The method or device may also be hardwired or implemented in configurable FPGAs or ASICSs.
  • The embodiments and features described for the proposed device apply accordingly to the proposed method.
  • Further possible implementations of the invention also include not explicitly mentioned combinations of features or embodiments described above or below with regard to the exemplary embodiments. The skilled person will also add individual aspects as improvements or additions to the respective basic form of the invention.
  • Further advantageous embodiments and aspects of the invention are the subject of the dependent claims and the embodiments of the invention described below. Furthermore, the invention will be explained in more detail by means of preferred embodiments with reference to the attached figures.
  • 1 shows a schematic representation of an embodiment of an apparatus for generating random bits;
  • 2 shows a schematic flow diagram for a method for generating random bits;
  • 3 shows a detail of the embodiment of an apparatus for generating random bits according to 1 ;
  • 4 shows a further detail of the embodiment of an apparatus for generating random bits according to 1 ;
  • 5 shows a schematic representation of an embodiment of an encryption device; and
  • 6 FIG. 12 shows a table of frequencies of occurring bit patterns in an exemplary embodiment of a device for generating random bits.
  • In the figures, the same or functionally identical elements have been given the same reference numerals, unless stated otherwise.
  • In the 1 Fig. 12 is a schematic representation of an embodiment of a random bit generating apparatus by means of a ring oscillator circuit. Furthermore, in the 2 schematically a process sequence for operating in the 1 illustrated random bit generator 1 indicated. In the following, the method or the operation of the in 1 shown device based on the 1 and 2 explained.
  • The device 1 for generating random bits comprises a ring oscillator circuit 2 , The ring oscillator circuit 2 is of interlinked digital inverter circuits 3 1 - 3 n or delay elements 14 q constructed. A respective digital inverter circuit 3 1 - 3 n or delay elements 14 q an input signal E 1 -E n is supplied on the input side, and on the output side, an output signal A 1 -A n can be tapped. In the embodiment according to the 1 is every inverter 3 1 - 3 n coupled between two switching devices. The switching devices are with 4 1 - 4 n denotes.
  • In the 3 is a detail of that in the 1 shown device and shows the inverter 3 j . The inverter 3 j has an entrance 31 j and an exit 32 j . The input signal is denoted by E j and the output signal by A j . In normal operation of the inverter 3 j , the output signal A j has the inverse to the input signal E j logical level. The inverter, for example, converts an input signal E j = 0 or L into an output signal A j = 1 or H. The input side is the inverter 3 j a switching device 4 j , which makes it possible to force the input signal E j to a defined H or L level. To generate a propagating through the ring, the inverter 3 j starting signal edge is in the idle state of the ring oscillator, the switch 4 j is set to the logical value which is the logical inverse of that of the inverter 3 j-1 is the logical value Q = W j-1 . At the output of the inverter 3 j is thus the value W j-1 .
  • To start the ring oscillator, the switch 4 j to the signal from the output of the inverter 3 j-1 switched. The entrance of the inverter 3 j is switched so from the logical inverse of W-1 to W j j -1. In this respect, it is possible by appropriate control of the switching devices 4 j the entrance 31 j and the exit 32 j for a short time, such as Less than a nanosecond, to force to the same logic level W j-1 . This is then one for a logical inverter 3 j inconsistent state. This state only continues until the signal change at the input of the inverter 3 j has passed through the inverter, then passes through the resulting signal edge or inconsistency point the rest of the ring.
  • 3 shows for the switching device 4 j an embodiment in which a controllable switch 11 between the levels H and L is switchable and Further, as a simple line without influence on the signal Q is adjustable. This is set via suitable control signals CT j . There are further embodiments of the switching devices 4 1 - 4 n conceivable.
  • Similarly, an inconsistent constraint condition may be generated on other inverters of the ring as well. In the 4 is a detail of that in the 1 shown device and shows instead of the inverter 3 j is a delay element 14 q. In the 1 is for example such a delay element 14 q indicated. The delay element 14 q has an entrance 141 and an exit 142 , The input signal is denoted by E q and the output signal by A q . In normal operation of the delay element 14 q has the output signal A q and the input signal E q the same logic level. The input side is the delay element 14 q switching means 4 q upstream, which makes it possible to force the input signal E q to a defined H or L level. To produce a propagating through the ring, the delay element 14 q starting signal edge is in the idle state of the ring oscillator 2 the desk 4 q is set to the logical value, which is the logical inverse of that of the inverter 3 q-1 is logical value W q-1 . At the output of the delay element 14 q is thus also the logical inverse of W q-1 .
  • To start the ring oscillator 2 becomes the switch 4 q to the signal from the output of the inverter 3 Switched q-1 . The input of the delay element 14 q is thus switched from the logical inverse of W q-1 to W q-1 . In this respect, it is possible for a short time, by appropriate control of the switching devices 4 q the entrance 141 to the logical value W q-1 and the output 142 to force the logical inverse of W q-1 , one for a logical delay element 14 q inconsistent state. This state only lasts until the signal change at the input of the delay element 14 q has gone through this, then passes through the resulting signal edge or inconsistency point the rest of the ring.
  • In a corresponding manner, inconsistent constraint conditions can also be generated on other delay elements which are not explicitly shown.
  • The in the 1 indicated switching devices 4 1 - 4 n are controllable by means of control signals CT 1 -CT k + 1 , so that selected inverters 3 1 - 3 n input and output side can be forced to the same logic level for a short period of time. A control device 6 for example, that in the 2 implied method implements or the implementation of the same by means of the device 1 coordinates, generates corresponding control signals CT 1 -CT n .
  • Furthermore, the output side are connected to the inverter devices 3 1 - 3 n scanning devices 5 1 - 5 n docked. The scanning devices 5 1 - 5 n are the output signals A 1 -A n fed. In response to corresponding scanning signals CS 1 -CS n , which also from the control device 6 are generated, the present at the sampling time signal level of the respective output signal A 1 -A n is sampled and provided as a bit value BW 1 -BW n . The bit values BW 1 -BW n become a memory device 7 fed. About suitable control and regulating signals CTS, the control device 6 the bit values BW 1 -BW n generated from the respective sampling, for example, as bit word BW. For this purpose, the control device has, for example, a memory device 10 and computing devices 8th . 9 ,
  • To gain random bits at a high data rate, the controller causes 6 in that first in step S1 (cf. 2 ) a selection of inverter devices, such as the inverter device 3 2 , 3 j and 3 k , input and output side is forced to the same logical level. In this case, the logic levels for the inputs of the selected inverter devices 3 2 , 3 j and 3 k be the same, but also different. For example, the input / output signal combination E 2 = A 2 = L and E j = A j = H.
  • At a start time, this forced condition is canceled in step S2. For example, as in the 3 is indicated, with the aid of control signals CT 2 , CT 3 , CT j , CT j + 1 , CT k and CT k + 1, the respective switching device switched or reprogrammed so that no constraints, ie predetermined level more coupled to the inputs and outputs become. As a result, the ring oscillator circuit begins to oscillate, in such a way that at least two points of inconsistency move through the ring. In the above example, three inconsistency sites move through the ring.
  • A harmonic can be understood to mean that more than one inconsistency point, ie the input and output signals of an inverter have the same logic levels. One can also speak of harmonics. After the harmonics through the inverter 3 1 - 3 n propagate and thereby induce random waveforms, for example, because of the hardware design or external physical influences, the waveform is affected, a scan is performed in step S3. The scanning is done, for example, by sample-and-hold members 5 1 - 5 n , the output side to the inverter 3 1 - 3 n are coupled. The bits BW 1 -BW n derived therefrom yield a bit pattern with a certain randomness or entropy.
  • One or more random bits can now be generated from the bit pattern. This takes place in step S4, for example with the aid of the control device 6 which subject the bitword to a cryptographic hash function. Due to the use of the hash function, a true random number ZZ can be calculated. It is also conceivable that block ciphers are used for postprocessing the generated bit values BW 1 -BW n .
  • Due to the low stability of the harmonics, the random bits can be obtained after a short oscillation time of the ring oscillator, and then the constraints for the restart of the generator can be applied.
  • This is in the 2 indicated by the repetition arrow W. As such, the steps S1-S4 are repeatedly performed so that many random bits can be generated at a high generation rate. For example, in a scan, multiple random bits ZB are generated because the entropy of the bit values BW 1 -BW n is greater than two.
  • The device 1 is particularly suitable for use in an encryption device. An apparatus for encrypting data is shown as an embodiment in the 5 indicated. The encryption device 100 has a device for generating random bits 1 and a computing device 13 , The encryption device 100 It is used to encrypt the real data DT, that of the device 100 supplied in encrypted or ciphered output data CDT. In this case, the computing device 13 a random number or random bit sequence from the random bit generator 1 fed. This random bit sequence ZZ can be used as a cryptographic key, so that encrypted data CDT are generated from the input data DT using an encryption algorithm, for example AES or the like. Due to the random number generation, which can be done with high data rate, results in a particularly secure and fast encryption option.
  • The Applicant has now carried out investigations with ring oscillators, which are operated according to the given procedure. In particular, the Applicant has implemented a corresponding random number generator using a Spartan-3 FPGA board from Xilinx. It was like in the 1 shown ring oscillator circuit used with 27 inverters. The constraint was imposed on nine inverters. That is, on every third inverter 3 1 , 3 4 , 3 7 , etc., the same logic levels are applied until the start time. It can be said that this starts a 9th harmonic of the ring oscillator at the start time. Alternatively, this may also be referred to as the 8th harmonic, where the fundamental with an inconsistency site that propagates is referred to as the fundamental.
  • By the nine inconsistencies, which after release according to step S2 in 2 propagate, they are also acted upon by a respective jitter through the inverter used. The harmonic forms receive chaotic random signal characteristics very quickly.
  • In the investigations of the Applicant, a corresponding ring oscillator was started and sampled or sampled after a period of 140 ns on all 27 inverters. The sampled 27 bit values result in a bit pattern BW. In the table in 6 shows the bit patterns obtained in 1,221,605 samples at their respective frequencies. In the 6 the 21 bit patterns are displayed line by line, the first digit corresponding to the bit value BW 1 and the last digit to the bit value BW 27 . In each case one recognizes the inconsistencies or indicators for harmonics. The right-hand column shows the frequency of the bit patterns obtained in the 1,221,605 samples.
  • It can be seen that in all bit patterns there are still the nine inconsistency points, ie bit values with the same logical level adjacent to one another. Only in some of the patterns are the inconsistencies still distributed equidistantly, otherwise there has been a shift due to the propagation through the ring oscillator. The third bit pattern captured 3,370 times and the last bit pattern captured 221,142 times are the transitions 11 or HH equidistant.
  • From the recorded frequencies, Applicant has determined an entropy of 2.87 bits per 27 bitsample. That is, more than one random bit can be derived from a respective bit pattern. Assuming that after sampling for a period of 140 ns, a decay time of 20 ns is waited during which the constraints are temporarily rewritten, 6.25 million 27 bit values per second can be generated. This results in 17.9 million bits of entropy per second. In this respect, random bits with high entropy of particularly high production rate can be generated. Compared with known methods, an increase in the entropy generated per time is thus clearly possible.
  • It also results in a low power consumption per bit generated, since the inverter devices provide power for their inverter function consume, need to be active only for a short period of time. It also results in a low hardware cost, since known ring oscillator circuits can be used. This results in good implementability, especially in ASIC circuits.
  • Although the invention has been further illustrated and described in detail by the preferred embodiment, the invention is not limited by the disclosed examples, and other variations can be derived therefrom by those skilled in the art without departing from the scope of the invention.
  • QUOTES INCLUDE IN THE DESCRIPTION
  • This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.
  • Cited patent literature
    • DE 102008048292 A1 [0004]

Claims (13)

  1. Method for generating random bits (ZB) by means of a ring oscillator circuit ( 2 ), which has several digital inverter devices ( 3 1 - 3 n ), wherein a respective digital inverter device ( 3 j) an input ( 31 j ) and an inverting output ( 32 j ), wherein a vibration state with harmonics of the ring oscillator circuit ( 2 ) is generated in such a way that up to a start time in each case the input ( 31 j ) and the inverting output ( 32 j ) of at least two of the digital inverter devices ( 3 1 - 3 n ) are forced to a same logic level (H, L) ( S1 ), and after a predetermined period of time at a sampling instant at outputs ( 32 j ) several digital inverter devices ( 3 1 - 3 n ) present signals (A 1 -A n ) for generating at least one random bit (ZB) are sampled simultaneously (S3).
  2. Method according to claim 1, characterized in that on average more than in random bit (ZB) is generated.
  3. The method of claim 1 or 2, characterized in that the outputs ( 32 j ) all digital inverter devices ( 3 1 - 3 n ) are scanned simultaneously.
  4. Method according to one of claims 1-3, characterized in that the predetermined period is selected such that at the sampling time, the number of digital inverter devices ( 3 1 - 3 n ), where at their entrance ( 31 j ) and its inverting output ( 32 j ) the same logic level (H, L) is present, with the number of digital inverter devices ( 3 1 - 3 n ) at which, at the start time, their input ( 31 j ) and its inverting output ( 32 j ) are forced to the same logic level (H, L) is at least equal.
  5. Method according to one of claims 1-4, characterized in that after the sampling time to another start time in each case the input ( 31 j ) and the inverting output ( 32 j ) of at least two of the digital inverter devices ( 3 1 - 3 n ) temporarily to a same logic level (H, L) are forced, and after a further predetermined period at a further sampling time, the outputs ( 32 j ) several digital inverter devices ( 3 1 - 3 n ) for generating at least one further random bit (ZB) are scanned simultaneously.
  6. Method according to one of claim 5, characterized in that between the sampling time and the further starting time such a long period is that the generated oscillation state with harmonics of the ring oscillator circuit ( 2 ) has at least partially subsided.
  7. Method according to one of claims 1-6, characterized in that from a sampling (S3) of the outputs of the plurality of digital inverter devices a plurality of bit values (BW 1 -BW n ) are detected, and from the plurality of bit values (BW 1 -BW n ) at least one random bit value (ZB) is determined.
  8. A method according to claim 7, characterized in that from the plurality of bit values (BW 1 -BW n ) on average more than one random bit value (ZZ) is determined.
  9. A method according to claim 7 or 8, characterized in that the plurality of bit values (BW 1 -BW n ) for generating the at least one random bit (ZB) of an algorithmic post-processing, cryptographic function, in particular a cryptographic function, hash function (HW) or a Block cipher, undergo.
  10. Method according to one of claims 1-9, characterized in that at least one digital inverter device ( 3 1 - 3 n) (by a digital delay device 14 q ) having an input and an output, and wherein instead of the input ( 31 j ) and the inverting output ( 32 j ) one of the at least two of the digital inverter devices ( 3 1 - 3 n ) are forced to the same logic level (H, L), the input ( 141 q ) the digital delay device ( 14 q ) to a first logic level (H, L) and the output ( 142 q ) the digital delay device ( 14 q ) until the start time is forced to a second logic level (L, H) inverse of the first logic level.
  11. Contraption ( 1 ) for generating random bits comprising: a ring oscillator circuit ( 2 ), which has several digital inverter devices ( 3 1 - 3 n ), wherein a respective digital inverter device ( 3 j ) an entrance ( 31 j ) and an inverting output ( 32 (j ) has several controllable switching devices ( 4 1 - 4 n ) which are set up such that the input ( 31 j ) and the inverting output ( 32 j ) of at least two of the digital inverter devices ( 3 1 - 3 n ) can be forced to a same logic level (H, L), a scanning device ( 5 1 - 5 n ) which is set up at outputs ( 32 j) a plurality of digital inverter means ( 3 1 - 3 n ) applied signals (A 1 -A n ) to be sampled at a sampling time, and a control device ( 6 ) connected to the controllable switching devices ( 4 1 - 4 n ) and the scanning device ( 5 1 - 5 n ) and for generating a vibration state with harmonics of the ring oscillator circuit ( 2 ) the switching devices ( 4 1 - 4 n ) controls such that up to one Start time each time the input ( 31 j ) and the inverting output ( 32 j ) of at least two of the digital inverter devices ( 3 1 - 3 n ) are forced to a same logic level (H, L).
  12. Device according to claim 11, characterized in that at least one digital inverter device ( 3 1 - 3 n ) by a digital delay device ( 14 q) is replaced, which (an input 141 q ) and an output ( 142 q ), and the control device ( 6 ) the switching devices ( 4 1 - 4 n ) controls such that instead of the input ( 31 j ) and the inverting output ( 32 j ) one of the at least two of the digital inverter devices ( 3 1 - 3 n ) are forced to the same logic level (H, L) until the start time of the input ( 141 q ) the digital delay device ( 14 q ) to a first logic level (H, L) and the output ( 142 q ) the digital delay device ( 14 q) is forced to a first logic level to the inverse of the second logic level (L, H).
  13. Encryption device ( 100 ) with a device ( 1 ) according to claim 11 or 12, and a computing device ( 13 to perform an encryption algorithm on input data (DT) in response to a random bit (ZB) generated by means of the apparatus of claim 11 or 12 for generating encrypted data (CDT).
DE102015203573.5A 2015-02-27 2015-02-27 Method and apparatus for generating random bits Withdrawn DE102015203573A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
DE102015203573.5A DE102015203573A1 (en) 2015-02-27 2015-02-27 Method and apparatus for generating random bits

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE102015203573.5A DE102015203573A1 (en) 2015-02-27 2015-02-27 Method and apparatus for generating random bits

Publications (1)

Publication Number Publication Date
DE102015203573A1 true DE102015203573A1 (en) 2016-03-24

Family

ID=55444956

Family Applications (1)

Application Number Title Priority Date Filing Date
DE102015203573.5A Withdrawn DE102015203573A1 (en) 2015-02-27 2015-02-27 Method and apparatus for generating random bits

Country Status (1)

Country Link
DE (1) DE102015203573A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007054319A1 (en) * 2007-10-19 2009-04-23 Samsung Electronics Co., Ltd., Suwon Random number generator
DE102008048292A1 (en) 2008-09-22 2010-04-08 Siemens Aktiengesellschaft Apparatus and method for generating a random bit string
DE102013210147A1 (en) * 2013-05-31 2014-12-18 Siemens Aktiengesellschaft Generate random bits
DE102013213095A1 (en) * 2013-07-04 2015-01-08 Siemens Aktiengesellschaft Generating a number of random bits

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007054319A1 (en) * 2007-10-19 2009-04-23 Samsung Electronics Co., Ltd., Suwon Random number generator
DE102008048292A1 (en) 2008-09-22 2010-04-08 Siemens Aktiengesellschaft Apparatus and method for generating a random bit string
DE102013210147A1 (en) * 2013-05-31 2014-12-18 Siemens Aktiengesellschaft Generate random bits
DE102013213095A1 (en) * 2013-07-04 2015-01-08 Siemens Aktiengesellschaft Generating a number of random bits

Similar Documents

Publication Publication Date Title
CN105659207B (en) Circuit suitable for the structure for generating the circuit of random order and for generating random order
KR101727130B1 (en) Device and method for obtaining a cryptographic key
US20140189890A1 (en) Device authentication using a physically unclonable functions based key generation system
Merli et al. Side-channel analysis of PUFs and fuzzy extractors
ES2384679T3 (en) Device and procedure to generate a sequence of random bits
US6954770B1 (en) Random number generator
US7224795B2 (en) Variable-length key cryptosystem
US8667265B1 (en) Hardware device binding and mutual authentication
US6253223B1 (en) Robust random number generator
Moradi et al. On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting
US9031232B2 (en) Bit sequence generation apparatus and bit sequence generation method
JP5248328B2 (en) Equipment security based on signal generators
Özkaynak Cryptographically secure random number generator with chaotic additional input
Armknecht et al. On lightweight stream ciphers with shorter internal states
Hirano et al. Characteristics of fast physical random bit generation using chaotic semiconductor lasers
DE102004047425B4 (en) Random number generator and method for generating random numbers
Vasyltsov et al. Fast digital TRNG based on metastable ring oscillator
JP4893895B2 (en) Multi-bit sampling of oscillator jitter for random number generation
WO2014177300A1 (en) System and method for generating random bits
US8468186B2 (en) Combination of values from a pseudo-random source
Wayne et al. Low-bias high-speed quantum random number generator via shaped optical pulses
US20030152221A1 (en) Sequence generator and method of generating a pseudo random sequence
Xin et al. A configurable ring-oscillator-based PUF for Xilinx FPGAs
Che et al. PUF-based authentication
JP2004518224A (en) Random number generator and random number generation method

Legal Events

Date Code Title Description
R163 Identified publications notified
R230 Request for early publication
R119 Application deemed withdrawn, or ip right lapsed, due to non-payment of renewal fee