JP2000010480A - Random number generation method and cipher communication method as well as memory medium storing random number generation program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a genuine random number generation apparatus which is safe in spite of opening of all of information exclusive of cipher keys to the public and is high in speed equal to or higher than a communication speed and a cipher communication method and an apparatus therefor. SOLUTION: This cipher communication method uses a decimal integer random number generator which has a period of >=1030 formed by using a multiplex accuracy computation method capable of producing arbitrary accuracy, an apparatus which has a bit conversion table having all patterns of 8 or 16 bits, consults the table by using a portion of decimal random numbers obtd. by adding the decimal number of a secret key to the decimal integer random number generator and continuously fetches the binary pit strings of 8 or 16 bits at one time and an apparatus which reads communication text or ciphertext, converts the communication text into the ciphertext or converts the ciphertext into the communication text by executing exclusive OR (XOR) of this binary information and the binary bit strings.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a stream cipher communication method using a random number sequence having an infinite period as a one-time use disposable key.

[0002]

2. Description of the Related Art Stream ciphers are generally used in line encryption devices in communication networks. The stream cipher key sequence generation method can be divided into a synchronous method and a self-synchronous method. In the synchronous system, the key sequence is generated independently of the sequence of the communication text (or ciphertext). In the self-synchronous system, the key sequence is generated depending on the previous ciphertext sequence.
In any case, the key sequence is a true random number, that is, a random number in which the probability of occurrence of 0 and 1 is 0.5 and each bit is distributed independently and identically to other parts (Reference: "Introduction to Cryptography"). Author: Eiji Okamoto, Kyoritsu Shuppan Co., Ltd., published in 1994). The fact that a stream cipher using true random numbers is completely unbreakable means that
This is a well-known fact in the art. The present invention provides a stream cipher method that can be used in a synchronous and self-synchronous manner.

At present, true random numbers can only be physically created, and even the balance of 0 and 1 seems to require only correction. Even if it can be created, if it is used as a cipher, it cannot be created on the receiving side due to lack of reproducibility because it has no reproducibility.
There is a contradiction that a true random number required by the same length must be sent to the communication partner. Therefore, a scheme has been devised to create a pseudo random number close to a true random number from a deterministic (deterministic) algorithm.

At present, a key sequence used for stream cipher is often created by a complicated combination of non-linear feedback and a shift register. In this key sequence creation method, the cycle of the obtained random numbers is relatively short, and It is not possible to disclose the register configuration or algorithm from the viewpoint of security. The present invention maintains the security that if the initial conditions (encryption key) are kept secret, the same random number sequence cannot be created even if the algorithm is released, and the pseudo-random number cycle can be arbitrarily long. It relates to a method for generating random numbers.

As techniques for generating the pseudo-random numbers, Japanese Patent Application Nos. 8-108058 (prior application 1) and 8
There is -338584 (prior application 2). This technique will be described specifically. First, using a long-period decimal random number generator, create a decimal number having more digits than the required length of the binary bit string, and convert it to 0 or 1 for each digit. Has been disclosed. To lengthen the period of the decimal random number,
The number of digits of the random number is set to 30 or more. For this reason, the random number generator employs a multi-precision arithmetic method. One digit of the decimal number created in this way is compressed and converted to 0 or 1, and is used as a binary random number.

When pseudo-random numbers are used for cryptographic communication,
Since it is only necessary to send the seed of the random number to the communication partner as the initial condition,
The key distribution method used in secret key cryptography can be used.

[0007]

However, the techniques disclosed in Japanese Patent Application Nos. Hei 8-108058 and Hei 8-338583 have three disadvantages. One is to obtain a binary bit string close to a true random number,
It is very difficult to change the three parameters, that is, the algorithm and constant of decimal random number, the conversion method of decimal / binary, and the initial value of decimal random number. Second, there is the problem of calculation speed. If the integer calculated by the multi-precision arithmetic method is decomposed for each digit and made one bit at a time, the communication speed cannot be followed. Third, the algorithm cannot be published. The decimal number is made invisible by the compression conversion, but once the decimal number is known,
The binary bit string can be accurately predicted. Executing compression conversion four times or more to increase the operation speed
Needless to say, this is an obstacle in that a decimal number is calculated. Also, even if the compression conversion is performed twice, it is not safe to publish the algorithm.

The following describes how close a binary bit string created by the method of the prior application is to a true random number. However, since there is no clear standard for this measure, the following four conditions are examined and the condition a. And b. Was subjected to a statistical significance test.

A. Good balance of generated bits.
(The 1-bit balance is obvious, but the balance from 2 to 8 bits was also examined. For example, in the 2-bit balance, the random number bit string is divided into two bits at a time, 00, 0
Count the number of 1,10,11. )

B. The ratio of the number of runs of length i and i + 1 is 0.5. However, the run referred to here is a portion of a bit sequence of 0s and 1s where n consecutive 1s and both sides are sandwiched by 0s are a "run of 1s" of length n. When n 1s have already been output after 0, the probability that the next 0 will be output to form a run of length n is 0.5, while the next is 1, then the 0
Is 0.25, and the probability that limit → ∞ (number of runs of length n + 1 / number of runs of length n) = 0.5 holds with probability 1. The same applies to “run of 0”. lim → ∞ means that the bit string is infinitely long. (Reference: "Random number" Author: Masanori Fushimi, University of Tokyo Press, 1989)

C. No autocorrelation.

D. The period must be long enough to be practically non-existent.

When the binary bit string created by the method of the prior application was strictly examined under the above conditions, the condition c. And d. Is no problem, but a. 2 bits or more of balance and b. Is often rejected because of its significance.

The problem that the operation speed is slow is a fatal drawback in the field of cryptographic communication. Since it is impossible to follow the speed of transmitting information online, a binary bit string is created in advance, and encryption or decryption is performed. You have to restrict the usage, such as loading at the timing of performing. The problem to be solved by the present invention is to provide a method for generating pseudo-random numbers close to true random numbers, which is safe even if all information other than the encryption key is disclosed, and is as fast as the communication speed. .

[0015]

According to a first embodiment of the present invention, to solve the above-mentioned problem, a cycle of 10 ⁶⁰ or more created by using a multi-precision arithmetic method capable of providing an arbitrary accuracy is used. And a bit conversion table having an entire pattern of 8 bits or 16 bits, and a part of a decimal random number obtained by adding a decimal number of a secret key to the decimal integer random number generator. A device for pulling a bit conversion table and continuously extracting a binary bit string of 8 or 16 bits at a time, reading a plaintext or ciphertext, and obtaining an exclusive OR (XOR) of the binary information and the binary bit string ) Operation to convert plaintext to ciphertext,
Alternatively, there is provided an encrypted communication method using an apparatus for converting a ciphertext into a plaintext.

In order to solve the above-mentioned problems, the second aspect of the present invention
According to the third and third embodiments, a decimal integer random number generator having a period of 10 ³⁰ or more created by using a multi-precision arithmetic method capable of giving an arbitrary accuracy, a decimal integer random number generator having a normal accuracy, This example has a bit conversion table having an entire pattern of 8 bits or 16 bits, and in this example, a linear congruential method based on a decimal random number obtained by adding a decimal number of a secret key to the multi-precision decimal integer random number generator. Calculates parameters and initial values of a normal-precision decimal integer random number generator using, and uses them to generate decimal integer random numbers. Then, a bit conversion table is obtained by using the obtained normal-precision decimal integer random number, a device for continuously extracting a binary bit string of 8 or 16 bits at a time, a plaintext or a ciphertext are read, and the binary information thereof is read. An encryption communication method is provided, which performs an exclusive OR (XOR) operation with a binary bit string to convert a plaintext into a ciphertext or a device that converts a ciphertext into a plaintext.

In order to solve the above-mentioned problems, the fourth aspect of the present invention is described.
According to the embodiment, in the bit conversion table, the bit string stored in each row is not of a fixed length as described in the above embodiment, has a length of 1 to 10 bits, and further, each row of the table is Use only 0 or 1 only. In the fourth embodiment, only the bit conversion table is described.

Here, in the initialization processing of the bit conversion table in the above four cases, it is important to randomize the line number using a random number created from an encryption key. By adding this processing, the arrangement of the row numbers of the bit conversion table at the start of use can be hidden.

When extracting a bit string from the bit conversion table, it is possible to add a process of changing the order of the bit string and / or removing a part or all of the bit string. By performing this processing by a bit processing operation, the length of one row of the fixed-length bit conversion table can be freely set in a range of 8 to 32 bits. The number of fixed-length bits must be determined in relation to the length of the plaintext. For example, it is recommended to take 8 bits if the plaintext is about 500 bytes, 12 bits if the plaintext is 500 to 5000 bytes, and 16 bits if it exceeds 500 bytes.

Further, when the bit conversion table is to be drawn, control is performed so that new rows are drawn in a random order as far as possible until all the rows are drawn. By doing so, it was discovered that the property of the binary random number was close to a true random number. Also, the order of the next round after all the lines are drawn is controlled so as to be almost uncorrelated with the order up to that time. If the way of drawing the bit conversion table is completely controlled, the last row can be predicted. In this case, use a self-synchronous encryption method or use one block of binary random numbers (for example, 8 bits).
It is made extra, an exclusive OR operation is performed on adjacent blocks, and then a new binary random number is obtained.

Here, the decimal random number generator will be described. The algorithms of the decimal random number generator studied in the present invention are the following four types.

1. Linear congruential method X _{n + 1} = (aX _n + c) mod m where a and c are parameters, and m is, for example, 10 ⁶⁴
It is. mod is an operation for obtaining a remainder. In this case, Xi is a 64-digit positive number.

2. Stirring An improved version of the linear congruential method. Auxiliary table V [0], V
The first k values of X _n are put in [1],..., V [k−1], and the (k + 1) th value is put in Y. (K is 100)

[Outside 1] This is the largest unintended integer. j is a random number satisfying 0 ≦ j <k.

B. Let V [j] be Y and output. After that, the next value of _Xn is put into V [j].

C. a. Move to

According to this method, k random numbers are produced by a linear congruential method, placed, and when they are taken out, they are stirred and then taken out.

3. Rojisuteiku Mapping Method _{X n + 1 = 4X n (} 1-X n) The random number has a 0 <x <1 value. Note that there is a decimal point at the left end of the integer random number. Since there is a theoretical periodic solution and its probability cannot be made zero, it may fit into a short period. However, it is convenient because you can use only the initial value.

4. Addition method X _n = (X _n−24 + X _n−55 ) mod mn ≧ 55 In this method, the first 55 pieces need to be made by another random number generator. The calculation speed is fast because only addition and remainder operations are performed.

The above 1, 2 and 4 are described in Knuth's book (Reference: "Quadrature arithmetic method / random number", author; KNUT
H, translation; Masaaki Shibuya, Science, 1985)
Reference was made to (Reference: "Introduction to Chaos", author; Hiroyuki Nagashima, Yoshikazu Baba, Baifukan, 1993).

Conventionally, the linear congruential method has been considered to be unsuitable for cryptography. However, tracking is conscious by not treating random numbers as they are or by randomizing the first line number in the line number of the bit conversion table. You can use it if you use it properly. It is attractive that a random number having the maximum number of rows of the bit conversion table as the maximum cycle can be obtained only by selecting the parameters a and c.
You should randomize the table rows in 17 ways before using them.

Hereinafter, the operation of the present invention will be described. In the cryptographic communication method of the present invention, a method for solving the above-mentioned three problems at once is devised and used. Hereinafter, a typical case will be described.

First, all patterns of 8 bits, that is, 000
000000000000000000001010,
.., 11111111 are prepared in a table of 256 rows × 8 columns. The order of the rows in the above table is randomized using a given decimal random key. That is,
Even if information other than the secret key is disclosed, the order of the rows in the table is
Don't let the attacker know. Next, a key is added to a decimal random number generator using a multi-precision arithmetic method to create a long-digit decimal number obtained. This decimal number is decomposed for each digit and taken out, and the table is drawn using the information. The 8 bits are directly taken out of the table and used as a binary random number. When the long-digit decimal number is used up, the long-digit decimal number is updated by a multi-precision arithmetic decimal random number generator.

The type of table is 10 bits in addition to 8 bits.
12 or 16 bits can be used. If one wants to avoid a binary bit string having 0s continuing for too long, for example, it is only necessary to remove rows where all 0s are present or to limit the table to only certain rows. However, in this case, it is known that the property of the binary bit string of the output deteriorates, and the binary bit string goes away from the true random number.

[0034]

Embodiments of the present invention will be described below with reference to the drawings.

(First Embodiment) FIG. 1 is a flowchart showing the operation of the cryptographic communication method according to the first embodiment of the present invention.

This embodiment corresponds to claim 1.

One set of an encryption communication device for realizing the encryption communication method whose operation is shown in FIG. 1 is required for each of the transmission side and the reception side. The transmitting side inputs the plaintext and outputs the ciphertext, and the receiving side inputs the ciphertext and outputs the plaintext. Note that the communication part is omitted. If the key of the decimal number, that is, the initial value is the same, communication of complete encryption can be performed.

The operation of the cryptographic communication method according to the first embodiment of the present invention shown in FIG. 1 will be described below for each step.

First, the process starts in step S101. It is assumed that the secret key 1 is shared by an existing technology, for example, the Diffie-Hellman method.

In step S103, the secret key 1
Initialize the zero-base random number generator. In the present embodiment, the secret key 1 has 64 decimal digits. This decimal random number generator uses a multiple precision arithmetic method. The algorithm of random number generation is not limited, but it is required that the period be long. After initialization, warm-up is performed, and if the key length is less than 64 digits, it is set to 64 digits. Regarding the warm-up described above, usually, the random number generator idles several times as a warm-up first. Especially when the initial value is less than the specified number of digits, be sure to warm up.

In step S104, a bit conversion table is created. In the present embodiment, a table of all 8-bit patterns is used. If the n-th entry of the bit conversion table is expressed as tb [n], tb [0] to tb [0]
The above 8-bit all bit pattern is stored in b [255].

In step S105, the order of each entry in the table is randomized using the latest decimal random number. The randomizing method includes the following step S10
It is desirable to use a method other than the odd increment method used in 6.

In step S106, the pointer of the bit conversion table and the increment for updating the pointer are set. In the present embodiment, three pointers are used. A set of initial values is given below, for example. However, in the following, n is an 8-digit integer extracted from the latest 64-digit random number.

First, the above three pointers are respectively p [0] = n% 256 (where the symbol% indicates the operator of the remainder operation) p [1] = (p [0] +85)% 256 p [2] = (p [1] +85)% 256.

Next, the update increment corresponding to each of the pointers is set to delt [0] = 9 delt [1] = 11 delt [2] = 13.

In step S108, plain text is read on the transmitting side and cipher text is read on the receiving side using the data, ie, cipher text 2. Data is read into the input buffer. The output buffer pointer is set to 0. However, the size of the input buffer and the size of the output buffer are both 256 × 3 (3 is the number of pointers).

In step S109, the end of the data is determined.

In step S110, an end flag is set. Although not shown in the figure, the end flag is reset in steps before step S105.

In step S111, a 64-digit decimal random number is generated using a multiple precision arithmetic method. As the initial value of the random number at the start of the loop, the one set in step S103 is used. The purpose of this step is to obtain a random number with a long period.

Step S112 is a step S112.
This shows the entrance to a loop in which a series of processes up to 123 is repeated 64 times.

In step S113, the above step S
The decimal random number generated in step 111 is decomposed to take out one digit at a time. Hereinafter, the extracted number is defined as d.

In step S114, the process branches into four branches according to the value range of d. The branching method described in FIG. 1 is merely an example.

In step S115, d is 1, 2, 2,
3, where p [0] = (p
[0] + delt [0])% Set to 256.

In step S116, d is 4, 5,
6, and the processing here is p [1] = (p
[1] + delt [1]) Set to% 256.

In step S117, d is 7, 8,
9 and the processing here is p [2] = (p
[2] + delt [2]) Set to% 256.

Step S118 is a case where d is 0, and the process skips to step S123.
This procedure is to increase complexity.

In step S119, the above step S1
15, the pointer p [? Set in any of steps S116 and S117. ], The 8-bit pattern is copied from the row of the bit conversion table to the output buffer, and the pointer of the output buffer is advanced by one byte (= 8 bits).

In step S120, a check is made with a pointer to see if the output buffer is full. If the output buffer is full, the process skips to step S121.

In step S123, the number of loops is 64
It is checked whether or not the number of times has been reached. If the number of times has not reached 64, the process returns to step S112. If the number of times has reached 64, the process returns to step S111.

In step S121, when the output buffer is full, the exclusive OR (X
(OR) operation and outputs the result to ciphertext or plaintext 3.
The transmitting side obtains the ciphertext, and the receiving side obtains the plaintext.

In step S124, it is determined whether or not there is any data sentence by checking the end flag. If the end flag has not been set, the process returns to step S105.

If the end flag has been set, the process ends in step S125.

(Second Embodiment) FIG. 2 is a flowchart showing the operation of the cryptographic communication method according to the second embodiment of the present invention.

This embodiment corresponds to claim 2.

As in the first embodiment, one set of an encryption communication device for realizing the encryption communication method whose operation is shown in FIG. 2 is required for each of the transmission side and the reception side. The transmitting side inputs the plaintext and outputs the ciphertext, and the receiving side inputs the ciphertext and outputs the plaintext. Note that the communication part is omitted. If the key of the decimal number, that is, the initial value is the same, communication of complete encryption can be performed.

The operation of the cryptographic communication method according to the second embodiment of the present invention shown in FIG. 2 will be described below for each step.

In step S201, when starting the process, it is assumed that the secret key is shared between the transmitting side and the receiving side.

In step S203, a decimal random number generator is initialized with the secret key 21. In the present embodiment,
The secret key 21 has 32 decimal digits. This decimal random number generator uses a multiple precision arithmetic method. The algorithm of random number generation is not limited, but it is required that the period be long. After initialization, warm-up is performed, and if the key length is less than 32 digits, it is set to 32 digits.

In step S204, a bit conversion table is created. In the present embodiment, as in the first embodiment, the bit conversion table is a table of all 8-bit patterns. Bits are set in tb [0] to tb [255].
Store the pattern. The order of each entry in the table is randomized using the latest decimal random number (32 digits).

In step S206, the plaintext is read on the transmitting side and the ciphertext is read on the receiving side using the data, that is, the ciphertext 22. Data is read into the input buffer. Do not use the output buffer pointer. The sizes of the input buffer and the output buffer are both 256 × k. Where k
Is the number of repetitions of a series of processes from step S210 to step S217 described below.

In step S207, the end of the data sentence is determined.

In step S208, an end flag is set. Although not shown in the figure, the end flag is reset in step S204.

In step S209, a 32-digit decimal random number is generated by using a multiple precision arithmetic method. As the initial value of the random number at the start of the loop, the one set in step S203 is used. The purpose of this step is to obtain a random number with a long period.

Step S210 includes steps S211 to S211.
An entrance to repeat a series of processes in step S216 is shown.
The number of repetitions is equal to k described in step S206.

At step S211, step S209
The 8 digits are extracted from the end of the 32 digit decimal number generated in the above. Hereinafter, this eight-digit number is defined as n.

Step S212 is an entrance where the parameter m is incremented by one from 0 to 254, and steps S213 to S216 are performed 255 times.

In step S213, n is updated using a normal decimal random number generator with n as a seed. If the random number generator needs to be initialized, it is performed in step S203.
Above, "ordinary decimal random number generator" is expressed as
This means that it does not use the multiple precision arithmetic method.

In step S214, p = m + n% (2
56-m). In the above,% is an operator indicating a modulus operation, and in this case, it means that n is divided by (256-m) to obtain a remainder. p is a table pointer and m
It refers to any of the lines up to the last 255 lines.

In step S215, the 8-bit pattern in the p-th row of the table is stored in the output buffer.

In step S216, since the p-th row of the table has been used, it is replaced with an m-th row which has not been used yet. In this process, the used row numbers are arranged for the m rows from the beginning of the table, and the unused row numbers are arranged for the m + 1 to 255 rows.

In step S217, since the last one row remains after the repetition of 255 times, the 8-bit pattern of that row is stored in the output buffer.

In step S218, step S206
Performs an exclusive OR (XOR) operation between the input buffer and the output buffer that have been read in step (1), and outputs the result to the ciphertext or plaintext 23. The transmitting side obtains the ciphertext, and the receiving side obtains the plaintext.

In step S220, it is determined from the end flag whether or not there is any data sentence. If the end flag has not been set, the process returns to step S206. If the end flag has been set, step S22
At 1, the process ends.

After that, when performing cryptographic communication with the same communication partner, the exchange of the secret key is unnecessary if the state of the table and the decimal random number generator of the multi-precision operation are held.

(Third Embodiment) FIG. 3 is a flowchart showing the operation of the cryptographic communication method according to the third embodiment of the present invention.

This embodiment also corresponds to claim 2.

As in the first embodiment, one set of an encryption communication device for realizing the encryption communication method whose operation is shown in FIG. 3 is required for each of the transmission side and the reception side. The transmitting side inputs the plaintext and outputs the ciphertext, and the receiving side inputs the ciphertext and outputs the plaintext. Note that the communication part is omitted. If the key of the decimal number, that is, the initial value is the same, communication of complete encryption can be performed.

The operation of the cryptographic communication method according to the third embodiment of the present invention shown in FIG. 3 will be described below for each step.

In step S301, the process starts. In the following, it is assumed that the secret key is shared between the transmitting side and the receiving side.

In step S303, the decimal random number generator (64 digits) is initialized using the 64-digit decimal secret key 31. The decimal random number generator uses a multiple precision arithmetic method. After initialization, the warm-up described above is performed.

In step S304, the bit conversion table for the pointer (0) is initialized. In the present embodiment, two pointers are used. Details will be described later with reference to FIG.

In step S305, the bit conversion table for pointer (1) is initialized. Details will be described later with reference to FIG.

In step S307, plaintext or ciphertext 3
2 is read into the input buffer. The sender reads the plaintext and the receiver reads the ciphertext. Next, the output buffer pointer is set to zero. The sizes of the input and output buffers are equal in multiples of 128 bytes.

In step S308, the end of the data sentence is determined. If completed, an end flag is set in step S309. Although omitted in the figure, step S30
At 3, the end flag is reset.

In step S310, a 64-digit decimal random number is generated by using a multiple precision arithmetic method. The purpose of this step is to obtain a long-period random number.

In step S311, step S312
-A series of processes of step S316 is repeated.

In step S312, step S310
Is extracted one digit at a time from the end of the 64-digit decimal number generated in. Hereinafter, the extracted one-digit number is defined as d.

In step S313, the process branches depending on whether d is an odd number or an even number. If d is an odd number, the process skips to step S314. In step S314, the bit conversion table is drawn using the pointer (1), and the process proceeds to step S316. Details will be described with reference to FIG.

In step S315, a bit conversion table is drawn using the pointer (0).

At step S316, the extracted 1-bit (8-bit) bit string is stored in the output buffer.
Advances the output buffer pointer by one.

In step S317, the output buffer pointer is checked, and if it is full, the flow branches to step S318. If it is not full, the process returns to step S310.

At step S318, step S307 is executed.
An exclusive OR (XOR) operation is performed between the contents of the input buffer and the contents of the output buffer, which are read in step (1), and the result is output as ciphertext or plaintext 33. The transmitting side obtains the ciphertext, and the receiving side obtains the plaintext.

In step S320, it is determined from the end flag whether or not there is a data sentence. If the end flag has not been set, the process returns to step S307.

When the end flag is set, the process ends in step S321.

FIG. 4 is a flowchart showing the operation of the initialization routine used in steps S304 and S305 of the cryptographic communication method according to the third embodiment of the present invention. This flowchart is described in a format close to the C language.

Hereinafter, steps S304 and S304 of the encryption communication method according to the third embodiment of the present invention shown in FIG.
The operation of the initialization routine used in step 305 will be described for each step. In the following, a table is a bit conversion table. Step S350 is a declaration of entry to this routine.

In step S351, arguments (arguments) and external variables (parameters) are defined. All variables and arrays defined are integers. The input n is an 8-digit integer, and the output table is a two-dimensional array argument, one being used and the other being rewriting the row number. The above-mentioned separate arrays are used for the pointer (0) and the pointer (1). The output flag sw is 0 or 1 to indicate that it is in use. The output flag sws indicates that rewriting is in progress, opposite to the flag sw.

The output p indicates the first pointer, the outputs a and c indicate constants used in the linear congruential random number generator, and the output counter indicates the number of times the table has been drawn.

In step S352, the process branches depending on whether n is an odd number or an even number. If n is an odd number, step S354
If n is an even number, the process moves to step S353.

In step S353, the table used first is set to 0, and the table being rewritten is set to 1.

In the step S354, the table used first is set to 1 and the table being rewritten is set to 0.

In step S355, p, a, and c for setting the bit pattern of the table used first are set to n.
Calculate from In the random number generation method of the linear congruential method, according to the Knuth method (reference: "quasi-numerical algorithm / random number", author: KNUTH, translation: Shibuya Masaaki, Science Inc., 1985) so that the period becomes 256. Determine c. a-1
Is an odd number so that is a multiple of 4.
The specific calculation method of p, a, and c is as described in step S355 of FIG.

At step S356, the bit pattern of the table to be used first and the first pointer p are set. The specific setting method of the table and the pointer p is as described in step S356 of FIG.

In step S357, different values for p, a, and c are obtained from the values obtained in step S355.
counter, that is, the number of times the table is drawn is set to zero.
The specific calculation method of p, a, and c is as described in step S357 of FIG.

In step S358, the initialization processing ends, and the routine returns to the higher-level routine that is the caller of this routine.

FIG. 5 is a flowchart showing the operation of the table read / write routine used in steps S314 and S315 of the encryption communication method according to the third embodiment of the present invention. This flowchart is described in a format close to the C language.

Hereinafter, steps S314 and S314 of the encryption communication method according to the third embodiment of the present invention shown in FIG.
The operation of the table read / write routine used in 315 will be described for each step. In the following, a table is a bit conversion table.

Step S370 is a declaration of entry to this routine.

In step S371, arguments and external variables are defined. The output outbyt is a character variable and the rest are integer variables. The input orbit is a 64-digit random number and is divided into four-digit numbers in the array. Otherwise, step S
351 is the same as the definition.

In step S372, a bit string is extracted outbyt. Put the binary representation of p in the counter-th row of the table being rewritten and calculate a new pointer p.

The counter is incremented by one. The specific setting method of outbyt, table, and new pointer p is as described in step S372 in FIG.

In the step S373, the table is set to 256
Check if counter has been drawn by counter. coun
If ter has not become 256 yet, step S374
Then, return to the upper routine that called this routine.

In the step S375, the table is set to 256
Now that we have rounded up, we calculate the parameters for the next linear congruential random number generator and the starting row. Reset counter to zero.

The specific method of setting n, p, a, c, and counter is as described in step S375 in FIG.

In step S376, step S37
7. The table is switched by the selection in step S378.

In step S379, the reading / writing of the table is finished, and the routine returns to the higher-level routine that called this routine.

(Fourth Embodiment) Table 1 shows an example of a bit conversion table of an encryption communication method according to a fourth embodiment of the present invention.

Table 1 is an example of a general bit conversion table other than the fixed-length table used in the above embodiment.

A sequence of “0” s formed in a binary random number,
A table is prepared so that the ratio of the number of runs to "1" is close to 0.5. By alternately drawing a table containing only "0" and a table containing only "1", the number of runs can be controlled. This example
In the table with only “0”, the total number of rows is 1032. The table of "1" is omitted, but is the same as Table 1 except that the column of the bit pattern is changed to "1". Randomize line numbers before use. The method is performed with reference to steps S212 to S217 in FIG.
A and c are determined so that 1032 = 2 ³ × 3 × 43. In the latter case, c is 6 × 43 and a-1 is 4 × 3.
The aforementioned Knuth teaches that it should be a multiple of × 43.

In the table of “0” and the table of “1”, the seed of the random number used when the line numbers are randomized first is changed. The number of runs having a length of 1 is 518 in this example, and the total number of bits is 2048. Using all the two tables “0” and “1”,
A binary random number of 4096 bits (= 512 bytes) is generated. The size of the buffer for reading the data sentence is in units of 512 bytes. The longest run in Table 1 is 10, but it is possible to change this to 8 or 12 to change the buffer size.

The method of drawing the table can be easily performed by modifying FIG. The table of pointer (0) is replaced with the table of “0”, and the table of pointer (1) is replaced with the table of “1”. Since these two tables are alternately drawn, d calculated in step S312 is unnecessary. However, in order to calculate the parameters a and c of the linear congruential method and the initial value p of the pointer, a random number generator having a long number of digits is required. is necessary. The calculation method of the parameters a and c has been described above. Since the number of bits to be extracted changes, it is necessary to provide a pointer indicating up to which bit of the output byte has been processed. The determination of which table to draw first can be determined using the method shown in the operational flow of FIG.

[0132]

[Table 1] This table is an example of a special table (before randomizing rows).

[0133]

According to the random number generation method of the present invention, encryption / decryption processing exceeding the communication speed can be performed.

In addition, according to the random number generation method of the present invention, it has been proved that the output is often closer to a true random number in the above-described statistical test.

[Brief description of the drawings]

FIG. 1 is a flowchart showing an operation of an encryption communication method according to a first embodiment of the present invention.

FIG. 2 is a flowchart illustrating an operation of an encryption communication method according to a second embodiment of the present invention.

FIG. 3 is a flowchart illustrating an operation of an encryption communication method according to a third embodiment of the present invention.

FIG. 4 is a flowchart showing the operation of an initialization routine used in steps S304 and S305 of the cryptographic communication method according to the third embodiment of the present invention.

FIG. 5 is a flowchart showing an operation of a table read / write routine used in steps S314 and S315 of the cryptographic communication method according to the third embodiment of the present invention.

[Explanation of symbols]

 1,21,31 Private key 2,22,32 Input plaintext or ciphertext 3,23,33 Output ciphertext or plaintext

[Procedure amendment]

[Submission date] April 15, 1999 (1999.4.1
5)

[Procedure amendment 1]

[Document name to be amended] Statement

[Correction target item name] Claim 1

[Correction method] Change

[Correction contents]

[Procedure amendment 2]

[Document name to be amended] Statement

[Correction target item name] Claim 2

[Correction method] Change

[Correction contents]

[Procedure amendment 3]

[Document name to be amended] Statement

[Correction target item name] Claim 4

[Correction method] Change

[Correction contents]

[Procedure amendment 4]

[Document name to be amended] Statement

[Correction target item name] 0007

[Correction method] Change

[Correction contents]

[0007]

Meanwhile [0008], prior application Japanese Patent Application No. 8-108058, are open <br/> shown in Japanese Patent Application No. 8-338583 technology, has three drawbacks. One is to obtain a binary bit string close to a true random number by using three parameters, a decimal random number algorithm and a constant.
It is very difficult to change the binary / binary conversion method and the initial value of the decimal random number. Second, there is the problem of calculation speed. If the integer calculated by the multi-precision arithmetic method is decomposed for each digit and made one bit at a time, the communication speed cannot be followed. Third, the algorithm cannot be published. The decimal number is made invisible by the compression conversion, but once the decimal number is known, the binary bit string can be accurately predicted. It goes without saying that executing the compression conversion four or more times in order to increase the calculation speed is an obstacle in the sense that a decimal number is calculated. Also, even if the compression conversion is performed twice, it is not safe to publish the algorithm.

[Procedure amendment 5]

[Document name to be amended] Statement

[Correction target item name] 0014

[Correction method] Change

[Correction contents]

The problem that the operation speed is slow is a fatal drawback in the field of cryptographic communication. Since it is impossible to follow the speed of transmitting information online, a binary bit string is created in advance to perform encryption or decryption. You have to limit the usage, such as loading it at the right time. The problem to be solved by the present invention is to provide a method for generating pseudo-random numbers close to true random numbers, which is safe even if all information other than the encryption key is disclosed, and is as fast as the communication speed. .

[Procedure amendment 6]

[Document name to be amended] Statement

[Correction target item name] 0015

[Correction method] Change

[Correction contents]

[0015]

According to a first embodiment of the present invention, to solve the above-mentioned problem, a cycle of 10 ⁶⁰ or more created by using a multi-precision arithmetic method capable of providing an arbitrary accuracy is used. It has a decimal integer random number generator, and all the patterns of 8-bit or 16-bit binary bit strings are stored in each row.
The number of 0s and the number of 1s forming a binary bit string
The whole bit table has the same bit conversion table, and the bit conversion table is drawn using a part of the decimal random number obtained by adding the decimal number of the secret key to the decimal integer random number generator, and 8 or 16 bits at a time. A device for continuously extracting a binary bit string, reading a plain text or cipher text, and performing an exclusive OR (XOR) operation on the binary information and the binary bit string to convert the plain text into a cipher text;
Alternatively, there is provided an encrypted communication method using an apparatus for converting a ciphertext into a plaintext.

[Procedure amendment 7]

[Document name to be amended] Statement

[Correction target item name] 0016

[Correction method] Change

[Correction contents]

In order to solve the above-mentioned problems, the second aspect of the present invention
According to the third and third embodiments, a decimal integer random number generator having a period of 10 ³⁰ or more created by using a multi-precision arithmetic method capable of providing an arbitrary precision, a decimal integer random number generator having a normal precision, All bits of an 8-bit or 16-bit binary bit string
Construct a binary bit string stored in each row with a turn
A decimal random number obtained by adding a decimal number of a secret key to the multi-precision decimal integer random number generator. In this example, a parameter and an initial value of a normal-precision decimal integer random number generator using the linear congruential method are calculated in this example, and then used to generate a decimal integer random number. Then, a bit conversion table is obtained by using the obtained normal-precision decimal integer random number, a device for continuously extracting a binary bit string of 8 or 16 bits at a time, a plaintext or a ciphertext are read, and the binary information thereof is read. An encryption communication method is provided, which performs an exclusive OR (XOR) operation with a binary bit string to convert a plaintext into a ciphertext or a device that converts a ciphertext into a plaintext.

[Procedure amendment 8]

[Document name to be amended] Statement

[Correction target item name] 0017

[Correction method] Change

[Correction contents]

In order to solve the above-mentioned problems, the fourth aspect of the present invention is described.
According to the embodiment, in the bit conversion table, the bit string stored in each row is not of a fixed length as described in the above embodiment, has a length of 1 to 10 bits, and further, each row of the table is Two that are only 0 or only 1
Is divided into sub-tables. And two sub
The table is indexed alternately to extract bit strings,
This is a binary random number sequence. Combine these two subtables
Then, the 0 of the binary bit string stored in each row is
The number and the number of 1 will be equal for the whole table
It is arranged like. In the fourth embodiment, only the bit conversion table is described.

[Procedure amendment 9]

[Document name to be amended] Statement

[Correction target item name] 0022

[Correction method] Change

[Correction contents]

1. Linear congruential method X _{n + 1} = (aX _n + c) mod m where a and c are parameters, and m is, for example, 10 ⁶⁴
It is. mod is an operation for obtaining a remainder. In this case, Xi is a 64-digit integer .

[Procedure amendment 10]

[Document name to be amended] Statement

[Correction target item name] 0029

[Correction method] Change

[Correction contents]

The above 1, 2 and 4 are described in Knuth's book (Reference: "Quadrature arithmetic method / random number", author; KNUT
H, translation; Masaaki Shibuya, Science, 1985)
Reference was made to (Reference: "Introduction to Chaos", author; Hiroyuki Nagashima, Yoshikazu Baba, Baifukan , 1993).

[Procedure amendment 11]

[Document name to be amended] Statement

[Correction target item name]

[Correction method] Change

[Correction contents]

[0107] In step S351, the argument (Agyume
Cement) and a definition of external variables (parameters). All variables and arrays defined are integers. The input n is an 8-digit integer, and the output table is a two-dimensional array argument, one being used and the other being rewriting the row number. The above-mentioned separate arrays are used for the pointer (0) and the pointer (1). The output flag sw is 0 or 1 to indicate that it is in use.
The output flag sws indicates that rewriting is in progress, opposite to the flag sw.

[Procedure amendment 12]

[Document name to be amended] Statement

[Correction target item name]

[Correction method] Change

[Correction contents]

[0133]

According to the random number generation method of the present invention, encryption / decryption processing exceeding the communication speed can be performed.

[Procedure amendment]

[Submission date] July 30, 1999 (July 7, 1999)
0)

[Procedure amendment 1]

[Document name to be amended] Statement

[Correction target item name] Claim 1

[Correction method] Change

[Correction contents]

Claims (5)

[Claims] 1. A random number for generating a binary random number using a decimal integer random number generating means and a bit conversion table in which the number of 0s and 1s in a binary bit string stored in each row are equal in the entire table. A first step of generating a decimal random number by said decimal random number generating means, a second step of extracting a predetermined number of decimal digits from the generated decimal random number, and A third step of converting the obtained decimal number into a row number of the bit conversion table;
A fourth step of extracting a bit string that is the contents of the row number of the bit conversion table. 2. A decimal integer random number generating means employing a multi-precision arithmetic method capable of providing an arbitrary precision, a decimal integer random number generating means employing a normal single precision arithmetic method, and a binary number stored in each row. A random number generation method for generating a binary random number using a bit conversion table in which the number of 0s and 1s in a bit string are equal in the entire table, wherein the multi-precision decimal random number generation means generates a decimal random number. A first process, a second process of extracting a predetermined number of decimal numbers having a predetermined number of digits from the generated decimal random number, and a process of generating the single-precision decimal random number based on the extracted decimal number. A third step of calculating necessary parameters and / or initial values and the like; a fourth step of generating a decimal random number by the single-precision decimal random number generation means which can be used as a result thereof; Decimal random number generation A fifth step of calculating the row number of the bit conversion table from the decimal random number generated by the generating means, and a sixth step of extracting a random number bit string that is the content of the row number corresponding to the calculated value of the bit conversion table
And a random number generation method. 3. The method according to claim 1, wherein the decimal integer and the decimal random number according to claim 1 or 2 are replaced with an integer and a random number based on a power of two. Item 4. The random number generation method according to Item 2. 4. A method of generating a random number bit string by the method according to claim 1, reading a communication message (or a ciphertext), and performing an exclusive OR (XOR) operation with the binary information. To convert the communication text into cipher text (or convert the cipher text into communication text). 5. A storage medium storing a program for generating a random number bit string by the method according to claim 1. Description: