IE20010315A1 - Random Number Generation - Google Patents
Random Number GenerationInfo
- Publication number
- IE20010315A1 IE20010315A1 IE20010315A IE20010315A IE20010315A1 IE 20010315 A1 IE20010315 A1 IE 20010315A1 IE 20010315 A IE20010315 A IE 20010315A IE 20010315 A IE20010315 A IE 20010315A IE 20010315 A1 IE20010315 A1 IE 20010315A1
- Authority
- IE
- Ireland
- Prior art keywords
- processor
- random number
- processes
- stream
- binary digits
- Prior art date
Links
Abstract
A method for the generation of one-time sequences of bits of arbitrary length based on the randomness of execution time allotted to threads with different priority inside a digital computer running a multitasking operative system is presented. When two or more processes are running inside a computer or other processor, the time allotted to each task depends on the load of the system at a particular instant in time. The random number generator makes use of the fact that in modern multitasking environments, the resources allocated to a process is a complex function of the state of the processor and operating system at a particular point in time to generate a random sequence of bits of arbitrary length. The random number generator phase executes two processes in parallel with different priorities assigned to them, and counts the number of cycles or iterations they were able to complete. It then compares the two cycle counts and retains the least significant bit of the difference, which is deemed to have an uncertainty of 50%. This is a particular implementation of a more general idea that links the realms of physics and information theory.
Description
SYSTEM AND METHOD FOR GENERATION OF ONE-TIME SEQUENCES OF UNIFORMLY DISTRIBUTED BITS BASEaDN-PHYSICAfePHENOMENA
BACKGROUND OF THE INVENTION
CSfitR'iNW®'*5*’4*’’1··*'
1.
Field of the Invention
The field of invention is the area of Random Number Generation and all related fields in which they are usable.
2. Discussion of the Prior Art
In many practical applications of digital computers (cryptography, digital signatures, authentication, gambling, simulation, etc.), it is necessary to have a stream or sequence of random numbers. Typically, pseudo-random number generators used by applications running on digital computers make use of some sort of algorithm or function that operates on a 'seed' value to give a sequence of numbers as discussed in B. Schneier, Applied Cryptography, John Wiley & Sons, New York, 1996, 2nd ed., Chapter 16, R.K. Nichols, ICSA Guide to Cryptography, McGraw Hill, New York, Chapter 11, W. Press et al, Numerical Recipes in C, Cambridge University Press, 1988,2nd ed., and (5)Warneke, et al., Smart Dust: Communicating with a Cubic-Millimeter Computer, IEEE Computer, January 2001, pps. 44-51, which are hereby incorporated by reference as if fully set forth herein. These functions are chosen in such a way to approximate a uniform distribution of probabilities, among them Schneier, in Applied Cryptology, lists Linear (or Polynomial) Congruential Generators, Linear Feedback Shift Registers, combinations of both, Stop and Go generators, Self-Decimated Generators, Shrinking Generators, Additive Generators, etc. It is habitual practice to have two or more generators with dissimilar statistical distributions in tandem or cascade arrangements. Pseudo-random number generators have serious limitations in practical applications because distributions are not totally uniform having more or less strong correlations among them. In addition, since the process is totally
1ST CL itH L
OPEN TO PUBLIC INSPECTION UNDER SECTION 28 AND RULE 23
JNL No. -.OFWeb<£bo3_
ΙΕΟ 1031 5 deterministic, the same seed will generate the same number sequence in any computer in which it runs, thus limiting seriously its use in applications such as cryptography, digital signatures, authentication, gambling, security, simulation, etc.
All pseudo-random number generators have another disadvantage, they are subject to ’’attack, that is, from a long enough portion of a sequence it is possible to guess the next value in the sequence, which restricts their range of application.
Good random number sequences can be generated by physical means, i.e., complex mechanical or electrical systems, or by looking at natural phenomena such as the emission of gamma rays by a decaying radioactive source. Schneier, in Chapter 17 of Applied Cryptology, described several ways in which the state of the system can be used to generate random numbers. They include using the machine clock, keyboard latency, mouse commands, etc. Time measures obtained in that way are usually transformed by using hash functions to get the adequate range and distribution. Calculation of this function is usually expensive in terms of time.
Physical random number generators are based on the general idea that the evolution of a complex enough system is stochastic, that is, given enough time the configuration of the system will visit all possible states with equal probabilities.
SUMMARY OF THE INVENTION
The invention here makes use of the discovery that a digital computer or other processor running a modem multitasking operative system, although deterministic, is a complex enough system to be stochastic. Therefore certain measures of the internal state can be considered stochastic, and these can be used as a source of uniformly distributed random numbers.
The way in which the system of the present invention works is by indirectly measuring a quantity that depends on the state of the system (Hardware + Operative System + Applications) at a particular point in time. Because of the unlikelihood of the
?.g Ο 1 η 31SI state of the system being exactly the same for two different instants, any function of the state of the system will be, for all practical matters, a stochastic variable. Moreover, the instantaneous parameters of its distribution (average, dispersion, etc.) can be used to assess the state of the system.
The state of any processor can be represented as a vector whose components include Shannon’s (SJ, physical (r|J, and algorithmic (AJ entropies. These entropic parameters evolve over time and changes in one parameter result ins corresponding changes in other parameters. In order to determine the state of a processor at a given point in time, some form of observation must yield a measurement. However, the very act of observing changes or perturbs the system being observed. In a system wherein two processors are communicating, observing the communication process at time k will perturb the communication process, resulting in changes to both Sk and qk as well as additions to Ak of the state of the communication process at time k. The changes to the physical entropy of a system comprising at least two communicating processors, triggered by a change to Shannon’s entropy for this system, is defined as the “Reciprocal Entropic Transformation or RET” of the communication process.
In the case of one computer running at least two processes, each process can be considered as an individual processor. If these processes spend time and energy communicating then a RET exists between communicating processes. In the case of several computers communicating over a network, the RET includes information about the instantaneous state of the network itself. The present invention is a simple application of this RET concept, which captures some of the information about the instantaneous state of the network itself to build a common secret, i.e., a one-time pad, between communicating processes.
The present invention also comprises a process or method for generating random numbers for use as keys in a wide variety of applications, including, but not limited to cryptography, digital signatures, authentication, gambling, simulation, security, etc.
The uniformly distributed bits generator ofthe present invention executes a process that measures the performance of a given task with respect to its own application thread. The process generates a stream of binary digits by taking the least significant bit of the difference in the number of cycles allocated to tasks (sub-processes in FIG. 2) running with different priorities, and adding it to the stream. If, in the process of generating the stream, the successive differences are stored, the average and standard deviations can be calculated and used as a fingerprint for the instantaneous state of the system.
The bit-stream generated by the procedure described above, will be different each time the process is run, even if it is run in the same computer or processor.
The state of a computer system (hardware + operative systems) can be assessed by running known tasks in different threads and measuring how much resources are allocated to them.
The present bit stream generator is immune to attacks known to work with pseudo-random number generators. The functions for the primary and secondary threads can be made as light as needed, depending on the computing power available, which will make possible the efficient generation of long sequences even in small programmable logic control devices. Generation of large sequences can be obtained from devices as small as four bits.
In certain applications, it will be possible to run more than one low priority thread at a time in which case many bits can be added to the stream simultaneously.
The concept can be extended to multiprocessor and/or multicomputer (network) environments. In those cases each computer/processor will be running a different thread and communicating how much of it was processed upon request of the controller computer/processor. In this way one can add n - 1 bits to the stream at a time, n being the number of processors/computers.
A network can be as small as physically possible, e.g., the circuitry of a semiconductor chip or even smaller than “Smart Dust”, see Warneke, et at, Smart Dust: Communicating with a Cubic-Millimeter Computer, IEEE Computer, January 2001, pps. 44-51. At this very small physical level, the sets of symbols evolved by the present invention will relate to the quantum state of the communications medium, e.g., the chip or the “Smart Dust”. Therefore, the set of symbols evolved by the present invention for such a reduced device size network describes the quantum state of the process of communication between all parties. Since the present invention is entirely based on the physical medium of the communication process, at this very small physical level the set of symbols evolved by the present invention also describes the quantum state of all processes that each participant involved in the process of communication are running concurrently and in addition to the process of communication. Further, if the communication system comprising the communicating processes and the medium of communication, is physically small enough for these quantum effects to be manifested, then the present invention can be used to make inferences about the quantum state of the small-sized communication system. The present invention extends these principles of quantized communication to classical systems.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates how the bit-stream is generated by iteration of the cycle described as “process.
FIG. 2 illustrates in detail the process comprised of a counter associated to the application thread and two sub-processes running in different threads with different priority. Upon completion of sub-process 1, the application checks how many cycles sub-process 2 was allotted by the thread manager. Sub-process 2 can start at any time after the application is started.
FIG. 3 illustrates an exemplary embodiment of the random number generator as a key and signature generator for a cryptographic system. In this system, communication channels A and B can be considered as the threaded process. The last bit of the difference in transmission time (At) of a preestablished message between channels A and B can be added to the stream that can function as private key, and the value of At can be used to compile statistical information that can be used as signature.
DESCRIPTION OF THE EXEMPLARY EMBODIMENTS
IE o 1 Ο 315
Example 1
An example of the application of this method is the private key generator used by the copending applications entitled Keyless Encryption System and Method, see Irish provisional patent applications S2000/236, filed March 29, 2000 and 2000/754 filed September 19,2000.
Example 2
Another practical example of the utility of the invention can be understood with regards to the following description. Suppose a user wants to safeguard sensitive data on storage medium. One possible safeguard will be to remove the medium and lock it in a safe to which only the user has access. Such a technique is cumbersome and expensive. By using this invention even a processor of low power can generate a large stochastic sequence of bits to be used as a one-time pad for encryption of the files. The one-time pad itself can be encrypted with a standard algorithm, see Part III of Schneier, and saved in the same medium by using a password and the system's physical signature. This way, the contents of the files stored in the medium can be browsed only when the same system is used and the password is known.
Example 3
A further safeguard of the invention is that each set of data can be encrypted with a unique one-time pad, which is a function of the system state at the time the pad is
IE u ) 0 3 1 5 generated. Therefore, even if a computer is stolen or hacked, it cannot be used to generate the one-time pad to decrypt the data.
Although the present invention has been described with regards to preferred embodiments, it will be clear to those skilled in the art that the invention could be used in different applications or embodiments without departing from the spirit of the invention.
Claims (25)
1. A method of generating a random number as an arbitrary length sequence of binary digits (bits) based on the temporal state of a processor, said method comprising: a. initiating execution of at least one process on said processor; b. executing at least one other process on said processor such that the process of step (a) and the process of step (b) are concurrently running; c. taking a least significant bit of each of the differences in the number of cycles performed by steps (a) and each process of step (b) and adding them to form a bit stream; and d. repeating steps (a) - (c) a number of times until a desired stream length is obtained.
2. A method of generating a random number as an arbitrary length sequence of binary digits based on the temporal state of a processor, said method comprising: a. initiating execution of at least one high priority process on said processor; b. executing at least one low priority process on said processor such that the process of step (a) and the process of step (b) are concurrently running; c. taking a least significant bit of each of the differences in the number of cycles performed by step (a) and each process of step (b) and adding them to form a bit stream; and d. repeating steps (a) - (c) a number of times until a desired stream length is obtained.
3. A method of generating a random number as an arbitrary length sequence of binary digits based on the temporal state of a multi-processor computer system, said method comprising: a. initiating execution of at least one process on a processor of said computer system; b. executing at least one other process on another processor of said computer system; c. taking a least significant bit of the difference in the number of cycles performed by each pair of processes in step (a) and step (b) and adding them to form a bit stream; and IBO 103 15 d. repeating steps (a) - (c) a number of times until a desired stream length is obtained.
4. A method of generating a random number as an arbitrary length sequence of binary digits based on the temporal state of a multi-computer network, said method comprising: a. initiating execution of at least one process on a computer of said network; b. executing at least one other process on another computer of said network; c. taking a least significant bit of the difference in the number of cycles performed by each of pair of processes of steps (a) and (b) and adding them to form a bit stream; and d. repeating steps (a) - (c) a number of times until a desired stream length is obtained.
5. A method of generating a random number as an arbitrary length sequence of binary digits based on the temporal state of a processor, said method comprising: a. initiating execution of at least one process on said processor; b. executing at least one other process on said processor such that the processes of step (a) and step (b) are concurrently running; c. allowing the processes of steps (a) and (b) to run until occurrence of a pre-determined event; d. taking a least significant bit of the difference in the number of cycles performed by each of steps (a) and (b) and adding them to form a bit stream; and e. repeating steps (a) - (d) a number of times until a desired stream length is obtained.
6. A method of generating a random number as an arbitrary length sequence of binary digits based on the temporal state of a multi-processor computer system, said method comprising: a. initiating execution of at least one process on one processor of said computer system; b. executing at least one other process on other processors of said computer system; c. allowing the processes of steps (a) and (b) to run until occurrence of a pre-determined event; IE tt ι 0 3 1 5 d. taking a least significant bit of the differences in the number of cycles performed by each pair of processes of steps (a) and (h) and adding them to form a bit stream; and e. repeating steps (a) - (d) a number of times until a desired stream length is obtained.
7. A method of generating a random number as an arbitrary length sequence of binary digits based on the temporal state of a network of computer systems, said method comprising: a. initiating execution of at least one process on one processor of said network system; b. executing at least one other process on other processors of said network system; c. allowing the processes of steps (a) and (b) to run until occurrence of a pre-determined event; d. taking a least significant bit of the differences in the number of cycles performed by each pair of processes of steps (a) and (d) and adding them to form a bit stream; and e. repeating steps (a) - (d) a number of times until a desired stream length is obtained.
8. A method of generating a random number as an arbitraiy length sequence of binary digits based on the temporal state of a multi-computer network, said method comprising: a. initiating execution of a receiver process on one computer of said network; b. executing at least two other sender processes on other computers of said network such that the processes of step (b) are concurrently sending a pre-determined message to the process of step (a); c. allowing the process of step (a) to receive said message from each process of step (b); d. taking a least significant bit of the differences in transmit times for each pair of processes of step (b) and adding them to form a bit stream; and ΙΕ01 ns 15 e. repeating steps (a) - (d) a number of times until a desired stream length is obtained.
9. A method of generating a random number as an arbitrary length sequence of binary digits based on the temporal state of a computer system, comprising the steps of a. selecting a stream length that defines the length of the random number to be generated; b. initiating execution of at least one process on said computer system; c. monitoring execution of said processes for occurrence of at least one triggering event; d. taking at least one associated performance measurement when said triggering event occurs; e. adding said performance measurements to a temporally identified data set; f. iterating through steps (c), (d), and (e) until at least one stopping condition has occurred; g. repeating steps (b) through (f) until the number of performance measurements is at least one more than stream length; and h. executing a difference function over said data sets to obtain a random number as a stream length sequence of binary digits.
10. The method of claim 9 wherein: said processes are one high priority process and at least one low priority process; said triggering event is completion of said high priority process; said performance measurements are number of cycles completed by each said process; said stopping condition is completion of said high priority process; and said difference function takes least significant bits of differences in the number of cycles performed by said high priority process and each said low priority process, for each said data set, and concatenates them in temporal order to form a bit stream. ll 0 ϊ η ? 7 c
11. The method of claim 9, further comprising the step of: ' y a. calculating distribution statistics over all said data sets for use as a fingerprint for the instantaneous state of said system.
12. The method of claim 11 wherein: said processes are at least two transmitters of a pre-established message having each said process transmitting on a separate channel; said triggering events are receipt of said message on any said channel; said performance measurements are transmission time of said message on said channel that received said message; said stopping condition is receipt of said message by all said channels; and said difference function takes least significant bits of differences in transmission times, for each said data set, and concatenates them in temporal order to form a bit stream.
13. The method of claim 9 wherein: said computer system is a multiprocessor system; and said processes are running on different processors of said computer system.
14. The method of claim 9 wherein: said computer system is a multicomputer networked system; and said processes are running on different computers of said networked system.
15. An apparatus that generates a random number as an arbitrary length sequence of binary digits based on the temporal state of a computer system, comprising: a. at least one processor; b. a threaded process having at least two threads; c. a memory coupled to each said processor that stores instructions of said threaded process adapted to be executed by said processor: ΙΕΟ 1 OS ί 5 to accept a count that is a total of the number of bits to be in a generated random number, to obtain for each thread ’count 1 number of performance measurements having a predetermined statistical precision, and to construct said random number by concatenation of the least significant bit of a function of the differences between said performance measurements.
16. The apparatus of claim 15 wherein said threaded process is further adapted to fingerprint the system with statistical information derived from said performance measurements.
17. A system that generates a random number as an arbitrary length sequence of binary digits based on the temporal state of a computer system, comprising: a. a threaded process with at least two associated threads; b. means for collecting a set of temporally based performance measurements with a predetermined statistical precision about each said thread; and c. means for creation of a random number of arbitrary length as a sequence of binary digits from a difference function applied to said set.
18. The system of claim 17, further comprising: d. means for creation of a fingerprint for the instantaneous state of the system from distribution statistics of said set.
19. A medium that stores instructions for generating random numbers as an arbitrary length sequence of binary digits based on the temporal state of a computer system, adapted to be executed as a threaded process by at least one processor of the computer system to perform the steps o f: a. associating at least two threads with the threaded process; b. collecting a set of temporally based performance measurements with a pre-determined statistical precision for each said thread where the size of the set is equal to the length of the sequence of binary digits; c. applying a difference function to the set; and d. concatenating the least significant bit of each of the results of the difference function to create the random number as a sequence of binary digits. ΙΕΟ 18315
20. The medium of claim 19 wherein the instructions stored and executed as the threaded process further include the step of e. creating a fingerprint of the instantaneous state of the system from distribution statistics of said set.
21. A method of encryption comprising: employing the bit-stream generated by the method of claim I in an encrypting and decrypting process.
22. The method of claim 21 wherein the encrypting and decrypting process includes encrypting a key.
23. A method of simulation comprising: employing the bit-stream generated by the method of claim 1 in a simulation process.
24. A method of generating a digital signature comprising: employing the bit-stream generated by the method of claim 1 in a digital signature verifying process.
25. A method of generating an identification comprising: employing the bit-stream generated by the method of claim 1 in an access authenticating
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| IE20010315A IE20010315A1 (en) | 2000-03-29 | 2001-03-29 | Random Number Generation |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| IE20000237 | 2000-03-29 | ||
| IE20000620 | 2000-08-03 | ||
| IE20000863A IE20000863A1 (en) | 2000-10-26 | 2000-10-26 | System and method for generation of one-time sequences of uniformly distributed bits based on physical phenomena |
| IE20010315A IE20010315A1 (en) | 2000-03-29 | 2001-03-29 | Random Number Generation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| IE20010315A1 true IE20010315A1 (en) | 2002-02-20 |
Family
ID=27670825
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| IE20010315A IE20010315A1 (en) | 2000-03-29 | 2001-03-29 | Random Number Generation |
Country Status (1)
| Country | Link |
|---|---|
| IE (1) | IE20010315A1 (en) |
-
2001
- 2001-03-29 IE IE20010315A patent/IE20010315A1/en not_active IP Right Cessation
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2016203169B2 (en) | System and Methods for Encrypting Data | |
| Impagliazzo et al. | One-way functions are essential for complexity based cryptography | |
| US11646867B2 (en) | Systems and methods implementing countermeasures to phase tracking attacks on ring oscillator based entropy sources | |
| US11368319B2 (en) | Integrated circuit performing authentication using challenge-response protocol and method of using the integrated circuit | |
| JP2014075082A (en) | Random number generator and random number generation method | |
| Marton et al. | Generation and testing of random numbers for cryptographic applications | |
| AU2021209164A1 (en) | Systems and computer-implemented methods for generating pseudo random numbers | |
| Sleem et al. | TestU01 and Practrand: Tools for a randomness evaluation for famous multimedia ciphers | |
| Mengdi et al. | Overview of randomness test on cryptographic algorithms | |
| Karimovich et al. | Computer's source based (Pseudo) random number generation | |
| WO2001073542A1 (en) | Random number generation | |
| CN112580114B (en) | Information processing method, device, equipment and storage medium | |
| IE20010315A1 (en) | Random Number Generation | |
| IES20010314A2 (en) | Random Number Generation | |
| IE20000863A1 (en) | System and method for generation of one-time sequences of uniformly distributed bits based on physical phenomena | |
| Feng et al. | A new construction of pseudorandom number generator | |
| Yu et al. | On designing PUF-based TRNGs with known answer tests | |
| CN214175074U (en) | Parallel true random number generator and carrier thereof | |
| Chugunkov et al. | Pseudorandom Number Generators with Predeterminated Period and Pre-period | |
| Blackledge et al. | Encryption using deterministic chaos | |
| Nita et al. | Pseudorandom Number Generators | |
| Li et al. | Chaos-based pseudo-random number generators and chip implementation | |
| Mishra et al. | Non Deterministic Pseudorandom Generator for Quantum Key Distribution | |
| CN111884799A (en) | CRPs library construction method and system based on RO-PUF | |
| Gomathisankaran et al. | Tantra: A Fast PRNG Algorithm and its Implementation. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM9A | Patent lapsed through non-payment of renewal fee |