JP2008542805A - Method, system and apparatus for generating pseudo-random data sequence - Google Patents

Abstract

  The present invention provides an apparatus and method for generating a pseudo-random data sequence (1) from an initial data flow (3), defining a codeword set constituting a complete prefix code (5), and an output word set Defining (7), defining an desynchronization function (f) for associating a codeword of the complete prefix code (5) with an output word of the output word set (7), and an initial data flow ( 3) decomposing into a sequence (11) of words encoded according to the complete prefix code (5), and for constructing the pseudorandom data sequence (1), Associating a corresponding output word with the word in column (11) according to the desynchronization function (f).

Description

  The present invention relates to the field of encryption / decryption, and the present invention relates to a system and method for generating a pseudo-random number data sequence.

  The present invention finds a very favorable application for generating a bit string for the purpose of symmetric encryption, which is an encryption process using the same secret key for encryption and decryption. The background of the present invention is firstly a flow encryption method in which a message is added bit by bit to a pseudo-random data sequence having the same length, and secondly, an encryption operation and a decryption operation are performed. It is the same method. Symmetric encryption is equally employed in all types of communications such as mobile communications (GSM, UMTS, etc.), the Internet (SSL, etc.), microchip cards (bank cards), etc.

  The most basic symmetric encryption technique is known as flow encryption, which adds a plaintext message bit by bit to a random number sequence of the same length. This technique raises the essential and difficult problem of generating a long pseudorandom sequence.

  In the most frequently used flow encryption method, in order to save hardware, a linear feedback shift register is employed, and a pseudo-random number sequence generated independently of a message to be encrypted is used.

  A significant drawback of linear feedback shift registers is that they are linear. Indeed, knowing the number of register output bits equal to the register length and the feedback polynomial associated with the register, the output bits and all subsequent states of the register can be determined.

  Therefore, to “break” the linearity of a linear feedback shift register, it is standard practice to combine outputs from multiple registers and possibly the internal state of the registers, for example using a non-linear Boolean function. is there.

  FIG. 5 shows a generator 121 of this kind. This is described in EP 0 619 659 and is a reduced cipher comprising a first linear feedback shift register 123a, a second linear feedback shift register 123b, and means 125 for selecting the output of the generator 121. It is known as a generator.

  At each shift, the two registers 123a and 123b are shifted simultaneously, and if the output of the first register 123a is “1”, the output of the device 121 is equal to the output of the second register 123b, and so on. If so, no bits are output.

  In a reduced cipher generator, not only the outputs of the two linear feedback shift registers, but more generally any set of bit strings can be combined. The reduced cipher generator belongs to the class of stream encryption systems where one linear feedback shift register controls the other registers. The idea is to break the linearity of the register by changing the number of shifts both between the various utilization registers and between two consecutive bits.

  A variation of the reduced cipher generator, known as a self-reducing cipher generator, is based on the same principle but uses only one register. The output bit of the register is read two by two, and if the first bit is “1”, the output of the system is the second bit, otherwise the first bit is the second so that no bit is output. Controls the output of bits.

  Using only one linear feedback resistor has many drawbacks. A significant drawback is the vulnerability resulting from the linearity of the device. A similar disadvantage arises if registers are combined using Boolean functions. At the hardware level, these disadvantages arise from the complexity of the function implementation. In addition, the function is fixed and vulnerable to attack.

  Further, if the shift register feedback used in the pseudo-random number generator is normal or easily predictable, the generator is vulnerable to algebraic attacks.

  In addition, statistical methods show certain weaknesses of the reduced random number generator. In particular, in the reduced random number generator, the number of shifts performed by two registers varies between two output bits, but both registers have the same value.

The present invention is a method for generating a pseudo-random data sequence from an initial data flow,
Defining a set of codewords that make up a complete prefix code;
Defining the output word set;
Defining an desynchronization function that associates an arbitrary codeword of the complete prefix code with an output word from the output word set;
Decomposing an initial data flow into a sequence of words encoded according to the complete prefix code;
Associating words in the encoded word sequence with corresponding output words according to the desynchronization function to construct the pseudo-random data sequence;
A method comprising:

In this way, the initial data flow can be uniquely decomposed by the complete prefix code and can be easily generated by the finite automaton. Furthermore, this method is simple to implement and uses an initial data flow desynchronization function that generates a pseudo-random data sequence. In fact, the use of a perfect prefix code and an “asynchronization component” generates a guaranteed minimum number of bits, thus preventing algebraic attacks and at the same time effectively disabling algebraic attacks.
In contrast, even if the reduced random number generator is used as the desynchronization component in the pseudo random number sequence generator, the minimum guaranteed rate is effectively zero.

  The desynchronization function is preferably a parameterized function that depends on predetermined parameters whose values can be modified during the generation of the pseudorandom data sequence.

  Relying on initialization parameters that can be modified for desynchronization increases the complexity of the relationship between the initial data flow and the pseudorandom data sequence, making it more difficult to predict the pseudorandom data sequence.

  According to a feature of the invention, the output word set comprises complementary output words for each output word.

  For example, this balances the number of “0” s and “1” s in the output word set for a given output word length.

  The code word of the complete prefix code has a length limited by an upper limit h, and the code has the desynchronization function if the output word x is the same length as other output words y. The number of inverse images of the output word x by is preferably the same as the number of inverse images of the output word y by the desynchronization function.

  This gives a statistically good property to the pseudo-random data sequence, while guaranteeing a minimum rate that does not depend on the specific properties of the initial data flow. In particular, this ensures that the Hamming weight of the generated output pseudorandom data sequence does not provide any information about the initial data sequence. In other words, the bit having the value “0” and the bit having the value “1” in the output sequence have the same amount of information regarding the initial data sequence.

The word of the complete prefix code preferably has a length limited by a lower limit m and has an upper limit length l for the word of the complete prefix code and is smaller than the upper limit length l or For any equal length k, the complete prefix code preferably comprises 2 ^m-1 words of length k.

  This further improves the statistical properties described above by optimizing the probability distribution of the pseudorandom data sequence.

を具備する符号語集合Ｃ_１で定義することと、
・出力語集合を、２進集合Ｅ_１＝｛０，１｝からの語で定義することと、
・パラメータ化された非同期化関数の所定パラメータｕは、ベクトル

であり、ここで前記ベクトルの成分は、集合｛０，１｝に属することと、
・前記パラメータ化された非同期化関数ｆ_ｕを、次の

で定義することと、
を特徴とする。 The first configuration of the method is:
・ If h ≧ 2, complete prefix code is of the form

A codeword set C ₁ comprising:
Defining an output word set with words from the binary set E ₁ = {0, 1};
The predetermined parameter u of the parameterized desynchronization function is a vector

Where the components of the vector belong to the set {0, 1};
The parameterized desynchronization function f _u is

And defining
It is characterized by.

  This configuration is preferably relatively inexpensive to implement and can be used to configure hardware encryption. Furthermore, the ratio between the number of output bits (ie, the number of bits in the pseudo-random data sequence) and the number of input bits (ie, the number of bits in the initial data flow) is strictly greater than 1/3, and the length h The guaranteed minimum value of the number of output bits is 1.

の２バイトから生成する符号語集合Ｃ_２で定義することと、
・出力語集合を、集合

からの語で定義することと、
・前記パラメータ化された非同期化関数の所定パラメータνは、成分が集合｛０，１｝に属するベクトル

であり、最初の８個の成分の値

は不変であるとともに、最後の成分の値

は可変であることと、
・前記パラメータ化された非同期化関数

は、ｗ_１ｗ_２の形の任意の語に、
・もし、次の条件

の１つが満たされるならば、語ｗ_１を、
・もし、次の条件

の１つが満たされるならば、語ｗ_２を、
・もし、

ならば空語εを、
関連付けることと、
を特徴とする。 Other implementations of the method include:
・ Complete prefix codes are of the form

A codeword set C ₂ generated from 2 bytes of
・ Output word set is set

Defining with the words from
The predetermined parameter ν of the parameterized desynchronization function is a vector whose components belong to the set {0, 1}

And the value of the first 8 components

Is invariant and the value of the last component

Is variable,
The parameterized desynchronization function

Is an arbitrary word of the form w ₁ w ₂ ,
・ If the following conditions

If one of the following is satisfied, the word w ₁ is
・ If the following conditions

If one of the following is satisfied, the word w ₂ is
·if,

Then the empty word ε,
Associating,
It is characterized by.

  This implementation can preferably be used for software-type encryption. Further, the ratio between the number of output bytes and the number of input bytes is strictly larger than 1/3, and the guaranteed minimum value of the number of output bytes for an input of length h bytes is 1.

  The present invention provides a generator for generating a pseudo-random data sequence from an initial data flow, comprising a memory and a processing unit, wherein the memory stores a codeword set and an output word set constituting a complete prefix code, The processing unit reads the initial data flow, decomposes the initial data flow into a sequence of words encoded according to the complete prefix code, and generates the pseudo-random data sequence according to an desynchronization function. A generator is characterized in that it is possible to associate a word in the sequence of encoded words with a corresponding output word.

  In this way, the generator generates a pseudo-random data sequence with a minimum rate that does not depend on the specific nature of the initial data flow. Moreover, this generator is easy to implement and relatively inexpensive, as it is effective.

  The generator preferably further includes parameterization means for making the desynchronization function dependent on a predetermined parameter and correcting the value of the predetermined parameter during generation of the pseudo-random number data sequence.

  In this way, it becomes more difficult to predict the pseudo-random number data sequence without knowing the value of the initialization parameter or the time when the initialization parameter was changed.

  The present invention also constitutes an encryption / decryption device comprising an exclusive OR gate and a generator having the above characteristics.

  This apparatus combines each bit of a pseudo-random number data sequence with a corresponding bit of the data sequence of a message to be encrypted by addition modulo 2 to construct an encrypted data sequence having a high linear complexity. Configure a simple way.

  The present invention also includes at least two components connected via a network, and each of the at least two components includes an encryption / decryption device having the above characteristics. Configure the system.

  Thus, the secure system has a structure that is simple to implement and at the same time has an inherently complex mechanism.

  Other features and advantages of the present invention will become apparent upon reading the description given below through non-limiting examples and with reference to the accompanying drawings.

  FIG. 1 illustrates a schematic embodiment of a method for generating a pseudo-random data sequence 1 from an initial data flow 3 according to the present invention.

  The term “word” (or pattern) refers hereinafter to a finite sequence of characters from any alphabet, for example a binary set of alphabets comprising only 0 and 1. Each word then has a given length. For example, 0,11,000,1010,00111 are words having lengths 1, 2, 3, 4, and 5, respectively. Further, the “empty” word ε is a word having a length of 0 (ie, a word that does not have any characters).

  The initial data flow 3 corresponds to a data string having a high “linear complexity”. For example, the initial data flow 3 may be generated by the initial generation means 23 (see FIG. 3A) including the longest periodic linear feedback shift register.

  Actually, an arbitrary periodic sequence can be generated by an infinite number of linear feedback shift registers. One of these registers is shorter than all others. This shortest register length is called the “linear complexity” of the flow. If the linear complexity of the initial data sequence is L, the Berlekamp-Massey algorithm is used to reconstruct the initial state of the register (and actually all the columns) from the partial sequence of the initial data sequence of length 2L. Can be used.

Thus, in order to generate a secure pseudorandom data sequence, it is recommended that the initial data flow 3 has a high linear complexity. In fact, at present, known best algorithm and, if the initial data flow 3 of linear complexity L is less than 160, it is the initial data flow 3 reconfigurable operation less than 2 ^80. It is therefore preferable to take the initial data flow 3 so as to have a linear complexity L greater than or equal to 160.

  According to the present invention, the codeword set 5 a is defined to constitute a “complete prefix code” 5.

  The general term “code” refers to a set of words on a particular alphabet. The nature of the code is then considered in relation to the alphabet in question.

Let A be any fixed alphabet. Consider a word composed of letters from A, and let C denote the sign on A. Then
1) The word x is called the “prefix” of the word w if there is a y such that w = xy (this notation indicates that x is connected to y). If there is no previous code word in code C that is a prefix of another word of the code, C is called a “prefix code”.
2) If connecting word w is the word and C, in other words, if the word _{w 1,} w 2 in C, ..., if possible be written as _w = w _{1 w} 2 ... _{w n} with _{w n,} The word w is said to have been encoded by C. Then, for any word w, if word w 'exists and ww' is encoded with C, C is said to be "complete". For any word w, there is a codeword u belonging to words w ′ and C, and u is a prefix of word ww ′, ie there are codeword u and word u ′ belonging to words w ′ and C Only if ww ′ is equal to uu ′, it is possible to indicate that the code C is complete.

  If C is both a prefix code and a complete code, then C is said to be a complete prefix code.

Further, a set 7 of output words 7 a represented by E is defined so that E is included in the union of {0, 1} ^k and {ε}, and the desynchronization function f is an arbitrary prefix code 5 Are associated with the output word 7 a from the output word set 7.

で記す相補的な出力語７ａを具備する出力語集合７を選択するのが好ましい。 For example, the output word set 7 includes the set E = {ε, 0,1} or E = {0,1} or E = {ε} and {0,1} ^8k (k ≧ 1, that is, a plurality of bytes). And the union. In particular, for any given output word 7a, denoted by s, to balance the number of “0” s and “1” s in the output word set for a given output word length,

It is preferable to select an output word set 7 having a complementary output word 7a as described below.

  Furthermore, the desynchronization function f is a basic operation that can be implemented at a relatively low cost (such as bitwise addition modulo 2).

  Thus, the method of the present invention employs the complete prefix code 5 C, the output word set 7 E, and the desynchronization function f as inputs.

  Furthermore, the method according to the invention comprises a decomposition operation 10 which decomposes the initial data flow 3 into a sequence of words 11 encoded according to the complete prefix code 5. Indeed, the use of the full prefix code 5 constitutes a unique decomposition of the initial data flow 3.

  The complete prefix code 5 is preferably recognizable by a finite automaton that determines whether the word w is in the complete prefix code 5 for a given word w.

  In fact, FIGS. 2A and 2B schematically show two embodiments of finite automata 13a and 13b for decomposing the initial data flow 3 into a sequence 11 of encoded words. A finite automaton is a path or word such that each word of the complete prefix code 5 can be defined by a path set 17 between an initial state 15 labeled I and an end state 15 labeled F. It comprises a set of nodes or states 15 connected by arrows 17. In this way, when the bit is read, the path 17 corresponding to the value of the bit is taken, and when the end state F is reached, it is known that the reading of the word of the complete prefix code 5 has just ended, and the initial state By returning to I, the next word can be read.

In the embodiment of FIG. 2A, the code word of the complete prefix code 5 defined by C = {10 ^* 1,01 ^* 0} is recognized. Here, 10 ^* 1 (or 01 ^* 0) represents a set of words in the form of 10 ^k1 (or 01 ^k0 ), where k is an integer. Note that 10 ⁰ 1 corresponds to word 11 and 01 ⁰ 0 corresponds to word 00. Thus, this finite automaton 13a breaks down the initial data flow 3 into a sequence of encoded words 11 comprising words of the form 10 ... 01, 01 ... 10, 11 and 00.

2B has a length limited by the upper limit h of the complete prefix code 5 defined by the codes C = {10 ^{h + 1} , 01 ^{h + 1} , 10 ^k 1,01 ^k 0, k ≦ h}. Recognize codewords.

  Furthermore, the method according to the invention comprises an associating operation 20 for associating the words of the encoded word sequence 11 with the corresponding output word 7a according to the desynchronization function f in order to construct the pseudorandom data sequence 1.

  Thus, the application of the mechanism of the present invention relates to the decomposition 10 of the input sequence (ie, the initial data flow 3) into the rapid complete prefix code 5 word sequence 11. Each time a word of the complete prefix code 5 is recognized, an image of the word by the desynchronization function f generates an output word. This mechanism is repeated until the last bit of the input string of the initial data flow 3 is reached or until a stop condition determined by the user is met.

  Note that in the environment of encryption applications, it is preferable that some or all of the data of the mechanism (reference 5, function f) can be kept secret data of the encryption system.

の形である。 The desynchronization function f is preferably a parameterized function that depends on the value of a predetermined parameter that can be modified during the generation of the pseudorandom data sequence 1. This parameterized function then replaces the elements from the set E of output words 7 with any binary vector ν of length m, i.e. any element ν of {0,1} ^m , and a complete prefix code. 5 Associate with any C word x

It is the form.

  The method of the invention then receives as input the initial data flow 3 and the binary vector ν. The selection of the vector ν may be the result of applying a (non-linear) operation to the initialization vector. Of course, the vector ν may take a predetermined value (for example, ν is a null vector). The vector ν can be modified during processing and therefore preferably dependent on the generation of the pseudorandom data sequence 1.

  In this way, this parameter increases the complexity of the relationship between the initial data flow 3 and the pseudorandom data sequence 1, making it more difficult to predict the pseudorandom data sequence 1.

Furthermore, in order to guarantee a minimum rate independent of the specific nature of the initial data flow 3, the code word of the full prefix code 5 has a length limited by the upper limit h and if it is the output word s ₁ If the other output word s ₂ has the same length, the number of inverse images of the output word s ₁ by the desynchronization function f is the same as the number of inverse images of the output word s ₂ by the same function f. Preferably there is.

からの任意の組（ｓ_１，ｓ_２）に対して、集合

及び

内の長さｋの元の数は、それぞれ等しい。 In other words, the complete prefix code 5 has the following preferable properties.
There is an integer h and all words of the full prefix code 5 C have a length less than or equal to h.
・ Any set for any integer k

For any pair (s ₁ , s ₂ ) from

as well as

The original number of length k is equal to each other.

  Furthermore, this ensures that the Hamming weight of the generated output pseudorandom data sequence 1 (ie the number of bits of value “1”) does not supply any information in the initial data sequence 3. In other words, the bit having the value “0” and the bit having the value “1” in the output pseudorandom data sequence 1 have the same information amount as the initial data sequence 3.

は、丁度２^ｍ−１個の長さｋの語を具備する。 The word of the complete prefix code 5 preferably has a length limited by a lower limit m, and there is a greater length l of the word of the complete prefix code than the larger length l. For any length k that is also smaller or equal, the complete prefix code preferably comprises 2 ^m−1 words of length k. In other words, the association function f _ν satisfies the following property. There is an integer m, all possible words of code C have a length greater than or equal to m, and there is also an integer l ≧ m, greater than or equal to m, and from l For any integer k that is small or equal, the sign

Comprises exactly 2 ^m−1 words of length k.

  In this way, with the uniform distribution of the initial data flow 3, the intermediate rate is of the order 1 / (m + 1). In particular, for a given bit of a pseudo-random data sequence, whatever the given bit is (0 or 1), the probability that the codeword that generated the bit has length k is k Proportional to inverse. The selection of this probability distribution is optimal with respect to the statistical properties that the pseudorandom data sequence 1 must satisfy.

によって定義する完全プレフィクス符号を考察する。ここで、

は、和集合記号を表す。ｈは固定された整数（ｈ≧２）であるとともに、例えば、出力語集合は、２進集合Ｅ_１＝｛０，１｝の語によって定義する。 In a specific first embodiment of the invention,

Consider the complete prefix code defined by here,

Represents a union symbol. h is a fixed integer (h ≧ 2) and, for example, the output word set is defined by the words of the binary set E ₁ = {0, 1}.

を定義する。前記パラメータ化された関数ｆ_ｕを次のように定義する。 Furthermore, a vector whose components belong to the set {0, 1}

Define The parameterized function f _u is defined as follows.

の形の語に対して）、又は固定された値ｈ−１（

の形の語に対して）とを知って、値ｆ_ｕ（ｘ）を計算する。 In this embodiment, the initial data flow 3 reads bit by bit, and for any word x with code C ₁ , the first bit of word x and the value n (

Or a fixed value h−1 (for words of the form

For a word of the form) and calculate the value f _u (x).

とし、

とする。さらに、フラグは値０で初期化するとともに、符号Ｃ_１の語を認識した後のみ値１を取る。前記フラグの値は、各語の認識後にリセットする。各語の認識に対して、現在の語の第１ビットを変数ｃに一時的に格納するとともに、前記語の長さを変数「ｌｅｎｇｔｈ」内で更新する。出力ビットの値は、変数ｓに格納する。 In order to explain the mechanism of the first embodiment,

age,

And Further, flag is initialized with the value 0, it takes a look at the value 1 after recognizing the words of the code C _1. The value of the flag is reset after each word is recognized. For each word recognition, the first bit of the current word is temporarily stored in the variable c, and the length of the word is updated in the variable “length”. The value of the output bit is stored in the variable s.

For example, this first embodiment comprises the following mechanism iterations.

  This embodiment is preferably inexpensive to implement and can be used to implement encryption with electronic circuitry in hardware. Furthermore, the ratio between the intermediate rate, that is, the number of output bits (the number of bits of the pseudo random number data string 1) and the number of input bits (the number of bits of the initial data flow 3) is strictly larger than 1/3. Furthermore, the guaranteed minimum number of output bits for an input of length h is 1.

の２バイトからなる符号語集合Ｃ_２によって、完全プレフィクス符号５を定義するとともに、出力語集合は、集合

からの語によって定義する。 In a specific second embodiment of the present invention, the following form

A complete prefix code 5 is defined by a codeword set C ₂ composed of 2 bytes of

Defined by words from

を、最初の８個の成分の値

が不変になるとともに、最後の成分の値

が可変になるように定義する。 Furthermore, a vector whose components belong to the set {0, 1}

Is the value of the first 8 components

The value of the last component as

Is defined to be variable.

は、ｗ_１ｗ_２の形の任意の語に、
・もし、次の条件

の１つが満たされるならばｗ_１を、
・もし、次の条件

の１つが満たされるならばｗ_２を、
・もし、

ならば空語εを、
関連付ける。 Further, the parameterized function

Is an arbitrary word of the form w ₁ w ₂ ,
・ If the following conditions

W ₁ if _one of
・ If the following conditions

W ₂ if one of
·if,

Then the empty word ε,
Associate.

と記す。 In order to explain the mechanism of the second embodiment, the integer h is set so that h ≧ 1, the flag is initialized with the value 0, and the value 1 is taken only after the word C ₂ is recognized. Like that. For the recognition of each word, the last byte read is temporarily stored in the variable c, and the length of the word is updated in the variable “length”. The value of the output byte is stored in the variable s. Concatenation of _two bytes w ₁ and w ₂

.

  For example, this second embodiment comprises the following mechanism iterations.

  In the second embodiment, it is preferable that software-type encryption can be used. Furthermore, the intermediate rate, ie the ratio between the number of output bytes and the number of input bytes, is strictly greater than 大 き い, and the minimum guaranteed number of output bytes for an input of length h bytes is 1.

  FIG. 3A very schematically illustrates an embodiment of the generator 21 that generates the pseudorandom data sequence 1.

The generator 21 comprises initial generating means 23 comprising at least one longest period linear feedback shift register for generating the initial data flow 3. It is known that all words or patterns of length k (where T = 2 ^k −1) appear at least once in the longest period T sequence. The linear feedback shift register is a table of finite length bits (registers) having a linear combination represented by a polynomial called a feedback polynomial. In each shift, the bit having the largest subscript is shifted out, all the other bits are shifted by one subscript, and the bit having the smallest subscript takes the value of the linear combination before the shift.

The feedback polynomial is preferably, for example, a primitive polynomial corresponding to a linear feedback shift register that generates the longest periodic sequence, or a polynomial in the form of Q = (x ² +1) P, where P is a primitive polynomial.

  Furthermore, the generator 21 includes a memory 25 and a processing unit 27. The memory 25 stores codeword sets that constitute the complete prefix code 5 and the output word set 7.

  The processing unit 27 reads the initial data flow 3 and decomposes the initial data flow 3 into a sequence 11 of words encoded according to the complete prefix code 5 and also converts the words in the sequence 11 of the encoded words. In order to generate a pseudo-random number data string, it is associated with the corresponding output word according to the desynchronization function f. The desynchronization function f associates an output word from the output word set 7 with an arbitrary code word of the complete prefix code 5.

  Note that the processing unit 27 can perform the disassembly operation 10 and the association operation 20 simultaneously. In this way, the processing unit 27 reads the initial data flow 3 bit by bit and calculates an image of the word by the desynchronization function 9 each time a word of the complete prefix code 5 is found.

  Therefore, the generator is simple to implement and does not depend on the decomposing means (memory 25 and processing unit 27) for decomposing the input initial data flow 3 in a unique way and the specific nature of the initial data flow 3 Asynchronous means (memory 25 and processing unit 27) for generating a pseudo-random number data sequence having the minimum rate.

  FIG. 3B illustrates another embodiment of the generator 21 that generates the pseudorandom data sequence 1. The embodiment differs from the embodiment of FIG. 3A because it further comprises parameter setting means 29. The parameter setting means 29 makes the desynchronization function f dependent on a predetermined parameter and corrects the value of the parameter while generating the pseudo random number data sequence 1.

  FIG. 4 shows a secure system 30 comprising at least two components interconnected via a communication network 35 of a type such as the Internet, GSM, UMTS, WiFi, UltraWideBand.

  This figure shows the first component 33 a connected to the second component 33 b via the communication network 35.

  The first component 33a (or second component 33b) includes a first terminal 37a (or second terminal 37b), a first encryption / decryption device 39a (or second encryption / decryption device 39b), The first modem 41a (or the second modem 41b), and the modems 41a and 41b are any devices that can interface with the communication network 35.

  Each of the first and second encryption / decryption devices 39a and 39b includes a generator 21 that generates the pseudo-random data sequence 1 as described above, and an exclusive OR gate 43.

  Each encryption / decryption device 39a, 39b performs flow encryption or decryption by encrypting or decrypting a message bit by bit.

  According to this embodiment, the first encryption / decryption device 39a performs an encryption operation. In this way, the pseudo random number data sequence 1 called an encrypted sequence is combined with each bit of the corresponding portion of the plaintext message 45 transmitted by the first terminal 37a by the exclusive OR gate 43. This generates encrypted text 47 that the first modem 41a then transmits to the second component 33b. In this way, the encryption operation obtains the encrypted text 47 by adding the encrypted string bit by bit to the plain text of the message 45.

  The second encryption / decryption device 39b adds the same encrypted string 1 bit by bit to the encrypted text 47 transmitted by the first component 33a in order to obtain the plain text of the message 45. The descrambling operation is performed. Therefore, the encryption and decryption operations are the same.

FIG. 1 is a highly schematic illustration of the method of the present invention for generating a pseudorandom data sequence. FIG. 2A schematically illustrates an embodiment of a finite automaton for decomposing an initial data flow into a sequence of encoded words in accordance with the present invention. FIG. 2B schematically illustrates an embodiment of a finite automaton for decomposing an initial data flow into a sequence of encoded words in accordance with the present invention. FIG. 3A schematically illustrates an embodiment of the pseudorandom data sequence generator of the present invention. FIG. 3B schematically illustrates an embodiment of the pseudorandom data sequence generator of the present invention. FIG. 4 shows a secure system comprising the generator of FIG. 3A or 3B. FIG. 5 is a diagrammatic representation of a prior art generator.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Output pseudorandom data sequence 3 Initial data flow 5 Complete prefix code 5a Codeword set 7 Output word set 7a Output word 10 Decomposition operation 11 Encoded sequence 20 Association operation

Claims (11)

In a method for generating a pseudo random number data sequence (1) from an initial data flow (3),
Defining a set of codewords that constitute the complete prefix code (5);
Defining the output word set (7);
Defining an desynchronization function (f) for associating a code word of the complete prefix code (5) with an output word from the output word set (7);
Decomposing the initial data flow (3) into a sequence of words (11) encoded according to the complete prefix code (5);
Associating a corresponding output word according to the desynchronization function (f) with a word of the encoded word sequence (11) to construct the pseudo-random data sequence (1);
A method comprising the steps of:   The de-synchronization function (f) is a parameterized function that depends on a predetermined parameter whose value can be modified during generation of the pseudo-random data sequence (1). Method.   The method of claim 1, wherein the output word set (7) comprises complementary output words for each output word.   The code word of the complete prefix code (5) has a length limited by the upper limit h, and if the output word x and another output word y have the same length, The method according to claim 1, wherein the number of inverse images of the output word x by the function is equal to the number of inverse images of the output word y by the function. The word of the complete prefix code (5) has a length limited by a lower limit m, and has an upper limit length l of the word of the complete prefix code (5). 5. The method of claim 4, wherein for any length k that is small or equal, the complete prefix code comprises 2 ^m-1 words of length k. ・ The complete prefix code (5) has the following form with h ≧ 2.

Is defined by a codeword set C ₁ having
The output word set (7) is defined by words from the binary set E ₁ = {0, 1}
The predetermined parameter u of the parameterized desynchronization function (f) is a vector whose components belong to the set {0, 1}

And
The parameterized desynchronization function f _u is

6. The method according to claim 4, wherein the method is defined as follows. ・ The complete prefix code (5) has the following form:

Defined by a codeword set C ₂ composed of 2 bytes of
・ Output word set (7) is set

Defined by the words from
The predetermined parameter ν of the parameterized desynchronization function (f) is a vector whose components belong to the set {0, 1}

And the value of the first 8 components

Is invariant and the value of the last component

Change,
Parameterized desynchronization function

Is an arbitrary word of the form w ₁ w ₂ ,
・ If the following conditions

W ₁ if _one of
・ If the following conditions

W ₂ if one of
·if,

Then the empty word ε,
The method of claim 4, comprising associating. In the generator for generating the pseudo random number data sequence (1) from the initial data flow (3),
A memory (25) and a processing unit (27);
The memory stores a code word set and an output word set (7) constituting a complete prefix code (5),
The processing unit (27) can read the initial data flow (3) and can decompose the initial data flow into a sequence of words (11) encoded according to the complete prefix code (5). In addition, in order to generate the pseudo random number data sequence (1), output words corresponding to the words of the encoded word sequence (11) can be associated according to the desynchronization function (f). Generator.   A parameter means (29) for making the desynchronization function (9) dependent on a predetermined parameter and correcting the predetermined parameter value during generation of the pseudo-random number data sequence (1) is further provided. 9. The generator according to 8. In an encryption / decryption device comprising an exclusive OR gate (43),
11. An encryption / decryption device further comprising a generator (21) according to claim 9 or 10. In a secure system comprising at least two components (37a, 37b) connected via a network (35),
Secure system, characterized in that said at least two components each comprise an encryption / decryption device (39a, 39b) according to claim 10.

Images