JP2005149412A - Memory shuffling device, memory shuffling method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a memory shuffling device which performs memory shuffling with less latency. <P>SOLUTION: For each address of a memory 1, the memory shuffle device has a flag register file 3, which holds flag information indicating a first state in which the data held in the memory should be an initial value or a second state which is different from the first state. A memory-shuffling part 4 is provided with an arithmetic function for receiving a certain address of the memory 1 and outputting the initial value of data to be held at a certain address. When a memory exchange part 45 of the memory-shuffling part 4 performs memory exchange, flag information is referred to for both target addresses; pieces of the held data of the addresses are calculated by using the arithmetic function, if the flag information is in the first state; and memory access is performed, if it is in the second state. Memory access corresponding to one time portion can be omitted in the first state. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a memory shuffle device that shuffles the contents of a memory, a memory shuffle method, and a program.

  Encryption technology is used to keep communication contents secret. Some encryption uses a random number generator. The random number generator is configured based on the following principle. The random number generator has a storage device that stores an internal state, a unit that updates the internal state of the storage device, and a unit that outputs a random number based on the internal state of the storage device. The initial value of the internal state of the storage device is the key.

  Since the circuit scale can be reduced, stream ciphers using pseudorandom number generation by LFSR are often used. In a random number generator based on LFSR, the shift register is the internal state storage device. However, the stream cipher based on LFSR has a problem of low security. In particular, there is a problem that if the circuit design information is known, it can be decoded. Another problem is that software is slow.

  Therefore, recently, stream cipher based on memory exchange has been used. Although the circuit scale does not become small, it has the feature that it can be performed at high speed by software. The fact that the algorithm is known does not mean that it can be decoded immediately.

  A stream cipher random number generator based on memory exchange has internal state storage means (an array on a memory) and two address registers. In one random number generation, the contents of the two address registers are updated, and the contents of the memory at the third address (for example, the sum of the two address registers) obtained from the two address registers are output as random numbers. Exchange the contents of the address pointed to by the address register.

  Possible variations are an address register update method and a method for obtaining a third address.

  The random number generation described above is not a key-dependent operation. In order to ensure security, the contents of the memory are shuffled depending on the key before random number generation so that the random number series changes depending on the key. If the address register is updated depending on the key without shuffling the memory, the output random number sequence has a high correlation with the key.

  The memory is shuffled as follows. As with the above random number generation, two address registers are prepared. First, the memory is initialized with a predetermined value depending on the address (for example, 0 is written at address 0, 1 is written at address 1,..., I is written at address i). Then, the operation of updating the two address registers depending on the key and exchanging the contents of the addresses indicated by the two address registers is repeated an appropriate number of times. Thus, by updating the address register depending on the key, the memory is shuffled depending on the key.

A conventional shuffle algorithm is disclosed in Non-Patent Document 1, for example.
Ichiro Senba, “Combinatorial Mathematics”, Corona, 1999

  Stream ciphers based on memory exchange have recently been widely used in the world. It is also used for IEEE 802.11, which is a wireless LAN standard, and SSL / TLS for accessing a web site safely over the Internet. The number of applications that require high-speed processing is increasing, and not only processing by software as in the past but also processing by hardware is increasing.

  When stream encryption based on memory exchange is to be realized by hardware, the processing time is measured by the number of clocks required, that is, latency. Access to the memory is an operation that requires at least one clock, and it can be said that the processing speed of the stream cipher based on the memory exchange is governed by the number of memory accesses.

  Since one random number generation is completed in about several clocks at most, it can be performed at high speed. When the keys are exchanged for different values, it is necessary to restart the memory shuffle from the beginning, which takes 1000 clocks or more and takes a very long time.

  In this way, stream ciphers based on memory exchange can generate random numbers at high speed, but if you try to exchange keys frequently to increase security, you will have to perform memory shuffle every time, so latency will be reduced. There is a problem of increasing and slowing down.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a memory shuffle device, a memory shuffle method, and a program that can perform memory shuffle with less latency.

  The present invention provides a memory shuffle device for setting a memory for holding random number generation data in a shuffled state after setting an initial value, and a first address for holding a first address in the memory. Address register, a second address register for holding a second address in the memory, and for each address of the memory, the data to be held in the address of the memory is an initial value A flag register file for holding flag information indicating a first state indicating a second state different from the first state and an address of the memory should be input and held at the address of the memory An initial value calculating means for outputting an initial value of data; first data held at the first address of the memory; An exchange means for exchanging the second data held at the second address of the memory, an initial value is set in the first and second address registers, and after the exchange, Setting means for setting update values in the first and second address registers, and the exchange means refers to the flag information for each of the first and second addresses when performing the exchange. Whether the first state or the second state is checked. If the flag information corresponding to the address is the first state, the initial value calculation means is not accessed without accessing the memory. To obtain data held at the address of the memory, and when the flag information corresponding to the address is in the second state, the memory is accessed to And obtaining data held in the re of the address.

  According to the present invention, the number of memory accesses can be reduced in the memory shuffle required as pre-processing of the random number generator (stream cipher) based on the memory exchange, so that the latency required for the memory shuffle can be reduced. it can. Further, when implemented in hardware, a memory shuffle device that performs memory shuffle while saving latency with a circuit scale as small as possible can be realized. It is highly effective for applications that frequently change keys to increase security.

The present invention relating to the apparatus is also established as an invention relating to a method, and the present invention relating to a method is also established as an invention relating to an apparatus.
Further, the present invention relating to an apparatus or a method has a function for causing a computer to execute means corresponding to the invention (or for causing a computer to function as means corresponding to the invention, or for a computer to have a function corresponding to the invention. It can also be realized as a program (for realizing the program), and can also be realized as a computer-readable recording medium on which the program is recorded.

  According to the present invention, memory shuffling can be performed with less latency.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 shows a configuration example of a random number generation device according to an embodiment of the present invention.

  The random number generator is stored in a memory 1 for holding each data that is a source of random number generation, an initial value generating unit 2 for generating an initial value of each data held in the memory 1, and a memory 1 A flag register file 3 for storing information indicating whether or not the contents of each data are in an initial value state that has not yet been updated; a memory shuffle unit 4 for shuffling data held in the memory 1; A random number generator 5 for generating random numbers based on data held in the memory 1, a control circuit (not shown) for controlling the entire apparatus, key information, etc., and generated random numbers are output. An input / output unit (not shown) is provided. The initial value generation unit 2 may be omitted.

  As shown in FIG. 1, the memory shuffle unit 4 of the present embodiment includes a key information storage unit 41 for storing key data (key information) given from the outside, a first address register 42, a second address register 42, and a second address register 42. An address register 43, an address register update unit 44, and a memory exchange unit 45 are included. When key information is not used, the key information storage unit 41 may be omitted.

  Note that the random number generator 5 may be the same as the random number generator of a known random number generator. FIG. 1 shows an example of the random number generation unit 5. In this example, the random number generation unit 5 includes a first address register 51, a second address register 52, an address register update unit 53, a selection unit 54, A memory exchanging unit 55 is included.

  Also, the initial value generation unit 2 may be the same as the random number generation unit of a known initial value generation unit.

  In the present embodiment, n represents the maximum value of the address space in the memory 1 and the flag register file 3. That is, the memory 1 and the flag register file 3 can designate addresses from 0 to n as addresses, and can hold n + 1 contents.

  In the random number generation device of FIG. 1, the procedure is roughly divided into the following three phases. (1) First, the initial value generation unit 2 generates an initial value to be set for each address from address 0 to address n of the memory 1 in accordance with an instruction from the control circuit. Each generated initial value is set to each address. (2) Next, the memory shuffle unit 4 shuffles the memory 1 while referring to and writing to the flag register file 3 and the memory 1 in accordance with instructions from the control circuit. (3) Finally, the random number generator 5 generates random numbers using the memory 1 in accordance with instructions from the control circuit. In the case of the configuration in which the initial value generation unit 2 is omitted, of course, the procedure (1) is omitted.

  Hereinafter, the memory shuffle (2) will be described in detail. (1) and (3) may be the same as the conventional procedure.

  FIG. 2 shows an example of a memory shuffle procedure in the present embodiment. In FIG. 2, each box is an operation performed within the same clock at the same time as a processing unit.

  As described above, n indicates the maximum value of the address space.

  M [i] is the content of address i in the memory 1. The memory 1 can read and write the contents by designating the i address. Unlike the flag register file 3, the memory 1 requires at least one clock to read and write the contents.

  F [i] is the contents of address i of the flag register file 3. When the address is designated, the flag register file 3 can read and write the corresponding 1-bit contents. Since the flag register file 3 is a register, it can be read without a clock. However, one clock is required for writing.

  A1 is the content held in the first address register 42. A2 is the content held in the first address register 43. Both can hold values of at least 0 to n.

  a1 is an initial value of the first address register 42. a2 is an initial value of the second address register 43. Note that a1 and a2 may be values that depend on the key, or values that do not depend on the key (for example, a1 = 0, a2 = 1).

  D1 is the contents of the register that reads and holds the contents of the memory 1 pointed to by A1. D2 is the contents of the register that reads and holds the contents of the memory 1 pointed to by A2. Note that these registers are omitted in FIG.

  The function will be described below.

  Note that the function is configured by a combinational circuit when realized by hardware. In this case, it is desirable to evaluate the function within one clock, but a sequential circuit that takes a plurality of clocks may be used.

  f (x) is a function that takes an address x as an input and outputs an initial value corresponding to the address x in the memory 1. For example, f (x) = x may be used.

  g1 (x) is a function that takes the address register A1 as input and outputs the updated value of A1.

  g2 (x) is a function that takes the address register A2 as input and outputs the updated value of A2.

  Note that g1 may be a function that depends on the key and all or part of A2 and D2, or may be a function that does not depend on the key. Also, g1 may be a function that depends on all or part of the key, A1, and D1, or may be a function that does not depend on it.

  The operation will be described below.

(Step S1)
First, initialization is performed. The contents of initialization are the following three.

  • All the contents F [0] to F [n] of the flag register are set to 0. Here, the content M [x] at address x is in the same state (initial state) as f (x) when F [x] = 0, and f (x) when F [x] = 1. )) Is not necessarily the same state (at least once updated).

Set the contents of the address register A1 to the initial value a1.
Set the contents of the address register A2 to the initial value a2.

  In addition, a1 and a2 are produced | generated based on the key memorize | stored in the key information storage part 41, for example.

  The following processing can be performed once to exchange the memory, and the memory 1 can be shuffled by repeating this a predetermined number of times (m times) (step S10). Note that m may be an arbitrary constant, but may depend on the key.

(Step S2)
First, the flag registers F [A1] and F [A2] are examined.

  Here, there are four processing flows depending on the contents of the flag registers F [A1] and F [A2].

(First Case) When F [A1] = 0 and F [A2] = 0 In this case, first, three independent operations of Step S3 are performed at the first clock, and then Step S9 is performed at the second clock. The four independent operations are performed.

(Step S3)
Since F [A1] = 0, the contents of the address indicated by A1 in the memory 1 can be understood that M [A1] is equal to f (A1) even if the memory 1 is not actually read. Write f (A1).
The contents M [A2] of the address pointed to by A2 in the memory 1 are originally written in the memory M [A1] pointed to by A1, but since F [A2] = 0, M [ Since A2] is known to be f (A2) without being read, f (A2) is written to M [A1].
Since the memory M [A1] at the address indicated by A1 is rewritten as described above, M [A1] and f (A1) are not always the same. To indicate this, 1 is written to F [A1].

  These three operations are independent and have no dependency, so they can be performed within the same clock.

(Step S9)
Write D1 to memory M [A2] at the address pointed to by A2.
Since the memory M [A2] at the address indicated by A2 is rewritten above, M [A2] and f (A2) are not necessarily the same. To indicate this, 1 is written to F [A2].
Update the contents of the address register A1 to g1 (A1).
Update the contents of address register A2 to g2 (A2).

  In addition, g1 and g2 are calculated | required based on the key memorize | stored in the key information storage part 41, for example.

  Since these four operations are independent and have no dependency, they can be performed within the same clock.

  This step S9 is an operation performed in all cases.

  In this first case, it is possible to save clocks (two clocks) required for reading the memory twice, and it is possible to exchange the memory with a total of two clocks.

(Second Case) When F [A1] = 1 and F [A2] = 0 In this case, first, two independent operations in step S4 are performed at the first clock, and then step S8 at the second clock. And finally, the four independent operations in step S9 are performed at the third clock.

(Step S4)
Since F [A1] = 1, M [A1] is not necessarily equal to f (A1), so the memory 1 must actually be read. That is, M [A1] is read and held in D1.
Since F [A2] = 0, it can be seen that the content M [A2] of the address indicated by A2 in the memory 1 is equal to f (A2) even if the memory 1 is not actually read. Write f (A2).

  These two operations are independent and have no dependency, so they can be performed within the same clock.

(Step S8)
Write D2 to memory M [A1] at the address indicated by A1.
Since the memory M [A1] at the address indicated by A1 is rewritten as described above, M [A1] and f (A1) are not always the same. To indicate this, 1 is written to F [A1].

  These two operations are independent and can be performed within the same clock since there is no dependency.

  This step S8 is an operation performed in the second case to the fourth case.

(Step S9)
As described above, four independent processes are performed.

  In this second case, a clock (one clock) required for one memory read can be saved, and the memory can be replaced with a total of three clocks.

(Third Case) When F [A1] = 0 and F [A2] = 1 In this case, first, two independent operations of Step S5 are performed at the first clock, and then Step S8 of the second clock And finally, the four independent operations in step S9 are performed at the third clock.

(Step S5)
Since F [A1] = 0, it is understood that the content M [A1] of the address indicated by A1 in the memory 1 is equal to f (A1) even if the memory 1 is not actually read. Write f (A1).
Since F [A2] = 1, M [A2] is not necessarily equal to f (A2), so the memory 1 must actually be read. That is, M [A2] is read and held in D2.

  These two operations are independent and have no dependency, and can be performed within the same clock.

(Step S8)
As in the second case, two independent processes are performed.

(Step S9)
As described above, four independent processes are performed.

  In the third case, a clock (one clock) required for one memory read can be saved, and the memory can be exchanged with a total of three clocks.

(Fourth Case) When F [A1] = 1 and F [A2] = 1 In this case, first, the operation of step S6 is performed at the first clock, the operation of step S7 is performed at the second clock, and then Two independent operations in step S8 of the third clock are performed, and finally, four independent operations in step S9 are performed in the fourth clock.

  Note that step S6 and step S7 may be performed in the reverse order.

(Step S6)
Since F [A1] = 1, M [A1] and f (A1) are not always the same, so the memory 1 must actually be read. That is, M [A1] is read and held in D1.

(Step S7)
Since F [A2] = 1, M [A2] and f (A2) are not necessarily the same, so the memory 1 must actually be read. That is, M [A2] is read and held in D2.

(Step S8)
Similar to the second and third cases, two independent processes are performed.

(Step S9)
As described above, four independent processes are performed.

  In the fourth case, the memory can be exchanged with a total of four clocks.

  Note that the operation of step S6 and the operation of step S7 are independent and have no dependency, but the memory 1 cannot read out different addresses within the same clock for a normal memory device. Therefore, two clocks are required. However, when a dual port memory is used as the memory 1, two different addresses can be read within the same clock, and in this case, the number of necessary clocks can be saved.

  As described above, one of the processes from the first case to the fourth case is executed by one iteration, and one memory replacement can be performed, which is repeated m times (step S10). As a result, the memory 1 is shuffled.

  Note that it is preferable that at least one of the initial value a1, the initial value a2, the function g1, the function g2, and the number of repetitions m is a function depending on the key.

  By the way, depending on the initial value a1, the initial value a2, the function g1, the function g2, and the number of repetitions m, not all addresses (0 to n) in the memory are to be exchanged. In some cases, F [x] = 0 may remain even when the memory shuffle process is completed.

  In the configuration in which the initial value generation unit 2 is omitted, in this case, since the contents of the memory M [x] at the address x have not been written, what is written is undefined. Therefore, when x such that F [x] = 0 exists, it is necessary to write f (x) in M [x].

  In order to avoid such a situation, one or both of A1 and A2 may take all addresses of the memory as values. For example, if a1 = 0, g1 (x) = x + 1, and the number of repetitions is n + 1, it is guaranteed that A1 takes a value from 0 to n.

  In the above example, for a certain address x, F [x] = 0 means that M [x] and f (x) match, and F [x] = 1 means that M [x ] And f (x) are not necessarily the same. However, in some cases, f (x) may be written to M [x] even in a state other than the initial state. Therefore, M [x] and f (x) are compared, and if M [x] = f (x), 0 may be written in F [x], otherwise 1 may be written ( In this case, for a certain address x, F [x] = 0 means that M [x] and f (x) match, and F [x] = 1 means that M [x] and f (x x) will not match). Thereby, the latency can be further reduced.

  FIG. 3 shows a configuration example when the shuffler 4 that performs the operation of FIG. 2 is realized by hardware.

  The two address registers A1 and A2 are updated by functions g1 and g2, respectively.

  In the data register D1, f (A1) or an input obtained by switching the input Mout from the memory by the selector s1 is written. In the data register D2, f (A2) or an input obtained by switching the input Mout from the memory by the selector s2 is written.

  The contents of switching D1 or D2 by the selector s4 are output to the write Min in the memory.

  The contents obtained by switching A1 or A2 by the selector s3 are output to the address input Ain of the memory.

  The contents of the address registers A1 and A2 are each output to the flag register file f.

  Each selector is switched by a control unit (not shown).

  Next, the random number generator 5 will be briefly described.

  The random number generator 5 reads the contents of the memory 1 that has been shuffled at random, and outputs this as random numbers. The random number generator 5 may be a known one.

  In the case of the configuration illustrated in FIG. 1, for example, first, initial values are set in the contents i and j of the first address register 51 and the second address register 52, and the selection unit 54 adds the values. The contents of the memory whose address is i + j are read out and used as a random value. The memory exchanging unit 55 exchanges the contents of the addresses i and j in the memory. Then, the address register update unit 53 updates the contents of the first address register 51 and the second address register 52. The selection unit 54 reads the contents of the memory whose address is a value i + j obtained by adding them, and sets this as the next random value. The memory exchanging unit 55 exchanges the contents of the addresses i and j in the memory. Repeat as many times as necessary.

  Next, FIG. 4 shows another example of the memory shuffle procedure in the present embodiment.

  This example shows an example in which the function g2 depends on the contents held in the register D1 (reads out and holds the contents of the memory 1 indicated by A1).

  This example is applicable to, for example, stream ciphers used in wireless LAN standard IEEE 802.11. Here, an example will be described in which an 8-bit (0 to 255) numerical value can be stored in each address of the memory and the maximum address value n is 255.

  In this example, the contents of the address register A2 cannot be determined until the contents of the register D1 are determined. Therefore, the operation part for updating the contents of A2 with g2 is different from the processing procedure of FIG.

  Here, an example of each constant and each function is shown below.

n = 255
a1 = 0
a2 = 1
f (x) = x
g1 (A1) = A1 + 1
g2 (A2, D1, k) = (A2 + D1 + k) mod 256
However, k is an input of a key sequence (stored in the key information storage unit 41) and depends on A1. k is defined as follows, where key is a byte array of keys (key [0], key [1], key [2], key [3],...), and keylen is a byte length of the key. k = key [A1 mod keylen]
In the prior art, 256 memory accesses for writing 0 to 255 in M [0] to M [255] and 256 memory exchanges (4 memory accesses per memory exchange) are performed. A total of 1280 memory accesses is required, including 1024 memory accesses. According to this example, in the configuration in which the initial value generation unit 2 is omitted, M [0] to M [255] are set in advance. , 256 memory accesses to write the initial value can be saved, and 256 memory references can be saved out of 256 memory exchanges, so that 1024-256 = 768 memory accesses can be reduced to a total of 768 times. Has been.

  Although the case where the memory is a single port has been described above, the same configuration can be adopted when the memory is a dual port, and the latency can be reduced.

  The address update function is generally a key-dependent function, but is not explicitly shown here. This is because any function depending on the key can be used.

Each of the above functions can be realized even if it is described as software and processed by a computer having an appropriate mechanism.
The present embodiment can also be implemented as a program for causing a computer to execute predetermined means, causing a computer to function as predetermined means, or causing a computer to realize predetermined functions. In addition, the present invention can be implemented as a computer-readable recording medium that records the program.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. In addition, various inventions can be formed by appropriately combining a plurality of components disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

The figure which shows the structural example of the random number generator which concerns on one Embodiment of this invention. The figure which shows an example of the operation | movement procedure of the memory shuffle in the same embodiment The figure which shows the structural example at the time of implement | achieving the shuffle part which performs the operation | movement of FIG. 2 with hardware. The figure which shows an example (example applied to the IEEE802.11 standard) of the operation | movement procedure of the memory shuffle in the same embodiment

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Memory, 2 ... Initial value generation part, 3 ... Flag register file, 4 ... Memory shuffle part, 5 ... Random number generation part, 41 ... Key information storage part, 42, 43, 51, 52 ... Address register, 44, 53 ... Address register update unit, 45, 55 ... Memory exchange unit, 54 ... Selection unit

Claims (14)

In the memory shuffle device for setting the initial value to the memory holding the data that is the basis for random number generation,
A first address register for holding a first address in the memory;
A second address register for holding a second address in the memory;
For each address of the memory, flag information indicating a first state indicating that data to be stored in the address of the memory is an initial value or a second state different from the first state is stored Flag register file to
Initial value calculation means for inputting an address of the memory and outputting an initial value of data to be held at the address of the memory;
Exchanging means for exchanging the first data held at the first address of the memory and the second data held at the second address of the memory;
Setting initial values in the first and second address registers, and setting means for setting updated values in the first and second address registers after the exchange,
In performing the exchange, the exchange means refers to the flag information for each of the first and second addresses to check whether the state is the first state or the second state, and corresponds to the address. If the flag information is in the first state, the initial value calculation means obtains data held at the address of the memory without accessing the memory, and the flag corresponding to the address When the information is in the second state, the memory is shuffled by accessing the memory and obtaining data held at the address of the memory. The second state indicated by the flag information corresponding to each address of the memory indicates that the data to be held at the address of the memory may not be an initial value.
The exchange means performs the exchange, because the flag information corresponding to a certain address of the memory is in the first state, so that the initial value calculation means does not access the memory, and the initial value calculation means 2. The memory shuffler according to claim 1, wherein when the data held at the address of the memory is obtained, the flag information corresponding to the address is set to the second state. The second state indicated by the flag information corresponding to each address of the memory indicates that the data to be held at the address of the memory is not an initial value,
The exchange means, when performing the exchange, when writing data held at another address of the memory to a certain address of the memory, the data is initially stored at the certain address. 2. The memory shuffle according to claim 1, wherein when the value is equal to the value, the flag information corresponding to the address is set as the first information, and when the value is not equal, the flag information is set as the second information. apparatus.   4. The memory shuffler according to claim 1, wherein the flag register file sets flag information corresponding to all addresses in the first state as an initial setting.   The memory shuffler according to any one of claims 1 to 4, further comprising means for repeatedly executing the replacement a predetermined number of times.   The setting means performs the setting for at least one of the first or second address register so that all addresses of the memory are held at least once during the exchange of the number of repetitions. The memory shuffler according to claim 5.   After the exchange of the number of repetitions is completed, the flag information is referred to, and the address of the memory is determined to have the flag information corresponding to the address in the first state, and the corresponding flag For the address where the information is in the first state, the initial value calculation means further obtains data held at the address of the memory and writes the data to the address of the memory. The memory shuffler according to claim 5.   6. The memory shuffler according to claim 5, further comprising means for writing the initial value to all addresses of the memory prior to the replacement. Means for entering key information;
Means for storing the inputted key information,
2. The memory shuffle device according to claim 1, wherein the setting unit uses a method depending on the key information as a method of obtaining the update value for at least one of the first or second address registers. .   The setting means uses a method depending on the second address as a method for obtaining the update value for the first address register, and / or a method for obtaining the update value for the second address register. 2. The memory shuffler according to claim 1, wherein a method depending on the first address is used. The exchange means is
A first data register for holding the first data obtained by accessing the memory or by the initial value computing means; and the second data obtained by accessing the memory or obtained by the initial value computing means A second data register for holding
In the exchange, the flag information is checked for each of the first and second addresses with reference to the flag information, and the flag information corresponding to the first address is checked. And the flag information corresponding to the second address are in cases other than the case where the first state is the first state, the first data once held in the first data register is stored in the memory. 2. The memory shuffler according to claim 1, wherein the second data written to the second address and temporarily held in the second data register is written to the first address of the memory.   In the exchange, the exchange means refers to the flag information for each of the first and second addresses to check whether the state is the first state or the second state, and corresponds to the first address. When the flag information corresponding to the second address and the flag information corresponding to the second address are both in the first state, the first data obtained by the initial value calculating means is temporarily used as the first data. Holding in the register and writing the second data obtained by the initial value calculating means to the first address of the memory are performed at the first clock and temporarily held in the first data register. 12. The memory shuffler according to claim 11, wherein writing the first data to the second address of the memory is performed with a second clock. In the memory shuffling method of the memory shuffle device for setting the memory holding the data for generating the random number to the shuffled state after setting the initial value,
First data held at the first address of the memory specified by the first address register and held at the second address of the memory specified by the second address register An exchange step for exchanging the second data;
Setting update values in the first and second address registers;
And repeatedly executing the first and second steps a predetermined number of times,
In the exchange, for each of the first and second addresses, a first state or a first state indicating that data to be held at the address of the memory is an initial value for each address of the memory A flag register file for holding flag information indicating a second state different from the state is checked to determine whether the first state or the second state, and the flag information corresponding to the address is In the first state, without accessing the memory, the initial value calculation means for inputting the address of the memory and outputting the initial value of data to be held at the address of the memory, When the data held at the address of the memory is obtained and the flag information corresponding to the address is in the second state, the memory is accessed. Memory shuffling method characterized by obtaining data held in the address of the memory. In a program for causing a computer to function as a memory shuffle device for setting the initial value to a memory that holds data that is a source of random number generation,
The program is
First data held at the first address of the memory designated by the first address holding means, and held at the second address of the memory designated by the second address holding means. An exchange step for exchanging with the second data being
Setting an update value in the first and second address holding means;
And causing the computer to execute a step for repeatedly executing the first and second steps a predetermined number of times,
In the exchange step, for each of the first and second addresses, a first state or a first state indicating that data to be held at the address of the memory is an initial value for each address of the memory The flag information corresponding to the address is checked by referring to flag information holding means for holding flag information indicating a second state different from the first state, and determining whether the first state or the second state. Is the first state, without accessing the memory, by an initial value calculation means for inputting the address of the memory and outputting the initial value of data to be held at the address of the memory Obtaining data held at the address of the memory, and accessing the memory when the flag information corresponding to the address is in the second state Te, program characterized in that to let for data held in the address of the memory.

Images