JPS61239328A - Random number generator - Google Patents

Random number generator

Info

Publication number
JPS61239328A
JPS61239328A JP60080827A JP8082785A JPS61239328A JP S61239328 A JPS61239328 A JP S61239328A JP 60080827 A JP60080827 A JP 60080827A JP 8082785 A JP8082785 A JP 8082785A JP S61239328 A JPS61239328 A JP S61239328A
Authority
JP
Japan
Prior art keywords
mod
integer
output
random number
registers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP60080827A
Other languages
Japanese (ja)
Other versions
JPH0721764B2 (en
Inventor
Eiji Okamoto
栄司 岡本
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to JP60080827A priority Critical patent/JPH0721764B2/en
Publication of JPS61239328A publication Critical patent/JPS61239328A/en
Publication of JPH0721764B2 publication Critical patent/JPH0721764B2/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/582Pseudo-random number generators
    • G06F7/586Pseudo-random number generators using an integer algorithm, e.g. using linear congruential method

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Engineering & Computer Science (AREA)

Abstract

PURPOSE:To generate highly stable random number sequence at a high speed when bits of random number sequence are obtained, by performing four operations of y=[a(y2-y1)(mod q)]p+y1 by using a remainder theorem instead of operating y=x<2>(mod n). CONSTITUTION:Selectors 101 and 104 respectively store given y0 and z0 in registers 102 and 105 under the initial state and outputs of square remainder circuits 103 and 106 in the registers 102 and 105 after the initial state. The square remainder circuits 103 and 106 respectively count yi=yi-1<2>(mod p) and zi=zi-1<2>(mod q) against integers yi-1 and zi-1 stored by the registers 102 and 105 by using prime numbers (p) and (q). An arithmetic circuit 107 calculates 'the lowest-order bit of bi=[a(zi-yi)(mod q)]p+y1' from yi and zi by using the prime numbers (p) and (q) and an integer (a) and outputs the lowest-order bit.

Description

【発明の詳細な説明】 (産業上の利用分野) 本発明は暗号通信などで用いる乱数発生器に関する。[Detailed description of the invention] (Industrial application field) The present invention relates to a random number generator used in cryptographic communications and the like.

(従来技術とその問題点〕 暗号通信などで用いる乱数列は、ある時点までに発生さ
れt乱数列のみからその時点以後に発生されるべき乱数
が容易にわからないことが必要である。1983年にプ
レナム・プレス(PLENUMPRES8)が発行した
アドバンセズ・イン・クリフトロジー(ADVANCE
S  IN CRYPTOLOGY)の61頁〜78頁
には、この条件を満を丁乱数列が掲載されている。すな
わち、乱数列を(bl。(Prior art and its problems) Random number sequences used in encrypted communications etc. must be generated up to a certain point in time, and the random numbers to be generated after that point cannot be easily determined from only the t random number sequence.In 1983, ADVANCES IN CLIFTOLOGY (ADVANCE) published by PLENUMPRES8
A random number sequence that satisfies this condition is published on pages 61 to 78 of SIN CRYPTOLOGY. That is, the random number sequence is (bl.

Je・・・・・・)とすると、ビットbi框bi= [
Xi最下位ビットJ(n=1.2゜・・・・・・ン 但し、   xj= x、−1(mod  n)(n=
1e 2*・−”)、xo:利用者が任意に与える初期
整数、n =p−q(p、 q’:は゛素数)で与えら
れる。しかし、n′g:因数分解すると同じ手間、をか
けさえすれば、b1*Js・・・・・・、biのみから
bi+1’を求められることが前記文献に示されている
。因数分鬼解を困難にするためにはp・qを数百ビット
の長さにする必要があるが、このときx  (mod 
 n)の計算に手間がかかるのが欠点である。Je...), then bit bi stile bi = [
Xi least significant bit J (n=1.2゜...) However, xj= x, -1 (mod n) (n=
1e 2*・-"), xo: An initial integer given arbitrarily by the user, n = p-q (p, q': is a prime number). However, n'g: The same effort is required when factoring. It is shown in the above literature that bi+1' can be calculated from only bi by multiplying b1*Js..., bi. It is necessary to make the length in bits, but in this case x (mod
The disadvantage is that the calculation of n) is time-consuming.

(発明の目的〕 本発明の目的に上記欠点を除去し、安全性の高い乱数を
従来エフも高速に発生することにある。(Object of the Invention) It is an object of the present invention to eliminate the above-mentioned drawbacks and generate highly secure random numbers at high speed compared to conventional methods.

(発明の構成) 本発明の乱数発生器は、第一の整数入力yi−□。(Structure of the invention) The random number generator of the present invention has a first integer input yi-□.

(n=1.2.3.・・・・・・〕および第一の素数p
から第一の関afを用いて yi= fcyi−0)Cmod  p)を演算して第
一の整数出力yiとする第一の演算手段と、第二の整数
入力Xi−□および第二の素数qから前記第一の関数を
−用いてz ・= f(zH−t)(mod  q)鳳 を演算して第二の整数出力ziとする第二の演算手段と
、初期状態で第一の初期整数y0を記憶し、前記第一の
整数入力差(−□の初期値として出力し、前記第一の演
算手段が前記第一の整数出力y、を出力するごとにこの
出力に更新して記憶して前記第一の整数入力y・  と
じて出力する第一の記憶手段と、初期状態で第二の初期
整数Zok記憶し、前記第二の整数入力Zを□の初期値
として出力し、前記第二の演算手段が前記第二の整数出
力zi を出力するごとに00出力に更新して記憶して
前記第二の整数入力”i−1として出力する第二の記憶
手段と、前記第一の整数出力Yis  第二の整数出力
zi、嘱−の素数p、第二の素数qおよび第三の整数a
から第二の関数gを用いて1((a(zi−yi)(m
od  q))p+yH)−を演算して出力する第三の
演算手段とを有することを特徴とする。(n=1.2.3...) and the first prime number p
a first calculation means for calculating yi=fcyi-0)Cmod p) using a first function af from to obtain a first integer output yi; a second integer input Xi-□ and a second prime number; a second calculation means for calculating z = f (zH - t) (mod q) from q using the first function to obtain a second integer output zi; The initial integer y0 is stored and output as the initial value of the first integer input difference (-□, and updated to this output every time the first calculation means outputs the first integer output y. a first storage means for storing and outputting the first integer input y; storing a second initial integer Zok in an initial state and outputting the second integer input Z as an initial value of □; a second storage means for updating and storing the second integer output zi to a 00 output each time the second arithmetic means outputs the second integer output zi and outputting it as the second integer input "i-1"; One integer output Yi, second integer output zi, one prime p, second prime q and third integer a
1((a(zi-yi)(m
od q)) p+yH)- and third calculation means for calculating and outputting the result.

(本発明の作用・原理) 前述の乱数列(b1* b2* bSm・・・・・・)
のビットbiを得るとき、最も時間がかかる演算は、一
般式で示せば、 y=  x 2  (moQじn5) である。ところが n=p−q  であるから、中国人
の剰余定理を用いると、yに次式で与えられる。(Operation/principle of the present invention) The aforementioned random number sequence (b1* b2* bSm...)
When obtaining the bits bi of , the operation that takes the most time is expressed as a general formula: y=x 2 (moQjin5). However, since n=p-q, using the Chinese remainder theorem, y is given by the following equation.

Y=apYs  ”1)(1)’t  (mod  n
)           (1)但し )’t =X 
 (nod  p)7、 ==X  (nod  q) gl p + b q = 1          (
2)中国人の剰余定理は例えば、昭晃堂発行「符号理論
」第5版(宮用、岩垂、今井著、5F3和54年)の3
11頁〜312頁に載っている。さて、式(1)に式(
2)を代入すると Y=a()’x −3’t )p”Yl (mod  
n)となり%n=1)−(lで割ることを考慮すると、
y=(a(Y 2− ’/ t )(modq))p+
y1 (mod n)となる。ところで、(aO’z−
’11)(mod  q))1)”)’tは既にnxり
小さい。なぜなら0 < acYz −Yx ) (m
od q)りQ−10<yx<p−i ガ>’3 0 < (a(Yx −3’t ) (mod q))
p+y区(’!−+)P+P−t =Pヤ(畔−1が示
されるからである。従ってyは )’=[a(’!z −7t ) (mod q)) 
・p+yt(3)但し、  Yx =X  (mod 
 p)       (4)yH=x  (mod q
)      (5)で与えられる。式(3)、 (4
)、 (5)に丁べてmax(ptq)以下の数の四則
演算で実行できるので、y==x  (mod  n) のまま計算するエリ速い。式(3)、 (4)、 (5
1e用いて乱数列(bl、b雪、b3.・・・・・・)
のとットbiは、 b゛=rxi の最下位ビット」 ! 但し、 x−=(a(z−−y)(mod q)’Jp4−Vj
J        jJ 二 字 3’ jY J −1(rno d p )z−= z
2    (mod  q)J     J−1 YosZo は使用者が与える整数 a= p  (mod q) となる0本発明はこの原理で乱数列を発生する乱数発生
器である。Y=apYs ”1)(1)'t (mod n
) (1) However, )'t =X
(nod p)7, ==X (nod q) gl p + b q = 1 (
2) The Chinese remainder theorem is, for example, 3 of the 5th edition of "Coding Theory" published by Shokodo (written by Miyayo, Iwadare, and Imai, 5F3, 1954).
It is listed on pages 11 to 312. Now, the formula (1) is replaced by the formula (
2), Y=a()'x −3't )p”Yl (mod
n), and considering dividing by %n=1)-(l,
y=(a(Y2-'/t)(modq))p+
y1 (mod n). By the way, (aO'z-
'11)(mod q))1)")'t is already smaller than nx, because 0 < acYz - Yx ) (m
od q)riQ-10<yx<p-i ga>'3 0 < (a(Yx -3't) (mod q))
p+y ward ('!-+)P+P-t =Pya (because 纔-1 is indicated. Therefore, y is)'=[a('!z -7t) (mod q))
・p+yt(3) However, Yx =X (mod
p) (4)yH=x (mod q
) is given by (5). Equation (3), (4
) and (5), it can be executed using four arithmetic operations with numbers less than or equal to max(ptq), so it is faster to calculate as y==x (mod n). Equations (3), (4), (5
Random number sequence using 1e (bl, b snow, b3...)
Note bi is the least significant bit of b゛=rxi''! However, x-=(a(z--y)(mod q)'Jp4-Vj
J jJ two characters 3' jY J -1(rno d p)z-=z
2 (mod q) J J-1 YosZo is an integer given by the user a=p (mod q) 0 The present invention is a random number generator that generates a random number sequence based on this principle.

(実施例) 第1図(a)は本発明の第1の実施例を示すためのブロ
ック図である。図において、セレクタ101と104は
初期状態において、与えられたy、と      よz
、を各々レジスター02,105に格納し、初期状態以
降は後述する2乗剰余回路103.106の出力を各々
レジスター02,105に格納する。(Embodiment) FIG. 1(a) is a block diagram showing a first embodiment of the present invention. In the figure, selectors 101 and 104 are initialized to a given y, and yz
, are stored in registers 02 and 105, respectively, and after the initial state, outputs of squared remainder circuits 103 and 106, which will be described later, are stored in registers 02 and 105, respectively.

2乗剰余回路103,106は前記素数pt qを用い
てレジスタ102.105が記憶している整数Yi−x
、”i−□に対して、各々 )’i”)’i−□′(m
od  p)と”i=”l−1”(mod ct)  
!計数する。演算回路107は、前記素数p、qおよび
整数aを用いて該YiとXiからb i=「(a(zi−yi)(mod q)) p+yi
の最下位ビット」 を計算して出力する。The square remainder circuits 103 and 106 use the prime number ptq to calculate the integer Yi-x stored in the registers 102 and 105.
, "i-□, respectively )'i")'i-□'(m
od p) and “i=”l-1” (mod ct)
! Count. The arithmetic circuit 107 calculates from the Yi and Xi using the prime numbers p, q and the integer a: b i = "(a(zi-yi)(mod q)) p+yi
Calculates and outputs the least significant bit of .

演算回路107[81図(b)に示すブロック図で溝底
される。図において、減算回路108で入力yiとzi
からzi−Yi  を計算し、乗除算回路109でa(
zH−yH)(mod q)に変換し、乗算回路110
でさらにpイ苦し、加算回路111でさらに前記yiを
加える。この結果Its (a(zH−yi)(mod
  q))−p+yi であるが、セレクタ112はこ
の最下位ピッ)f取り出して出力する。The arithmetic circuit 107 [81 is illustrated in the block diagram shown in FIG. 81(b). In the figure, the subtraction circuit 108 inputs yi and zi
zi−Yi is calculated from , and the multiplication/division circuit 109 calculates a(
zH-yH) (mod q) and multiplier circuit 110
Then, p is further added, and the adder circuit 111 further adds the above-mentioned yi. As a result, Its (a(zH-yi)(mod
q))-p+yi, but the selector 112 extracts this lowest pip)f and outputs it.

wcz図に本発明の鷹2の実施例を示す九めのブロック
図である。図において、セレクタ201゜204は初期
状態においては各々与えられ几y o *Zo’を選択
し、初期状態以降においては、後述するレジスタ205
の記憶内容と2乗剰余回路203の出力を各々選択して
各々レジスタ202と205に格納する。2乗剰余回路
203[レジスタ202が記憶している数を2乗してp
またはqで割った余りを出力する。pとqを用いる順序
は次の通りである。最初rz p 1c用い、次はqを
用い以下繰り返す。演算回路206は、前記2乗剰余回
路203がpt用いt時点でのみ動作させる。これに、
この時点の直前にレジスタ202,205にハyiとz
i  が格納されているからである。演算回路206は
前記の演算回路107と全く同じである。It is the 9th block diagram which shows the Example of the hawk 2 of this invention in a wcz diagram. In the figure, in the initial state, selectors 201 and 204 select the respective input y o *Zo', and after the initial state, selectors 201 and 204 select the register 205 to be described later.
and the output of the squared remainder circuit 203 are selected and stored in the registers 202 and 205, respectively. Squared remainder circuit 203 [Squares the number stored in the register 202 and calculates p
Or output the remainder after dividing by q. The order in which p and q are used is as follows. First use rz p 1c, then use q and repeat the following. The arithmetic circuit 206 is operated only at time t when the remainder square circuit 203 uses pt. to this,
Just before this point, enter yi and z in registers 202 and 205.
This is because i is stored. Arithmetic circuit 206 is exactly the same as arithmetic circuit 107 described above.

従って出力も同じbiである。Therefore, the output is also the same bi.

以上の説明において、pとqtl−交換しても出力は全
く同じである。In the above explanation, even if p and qtl are exchanged, the output is exactly the same.

なお以上の説明においては、yi=yi−1なる多項式
を用いて乱数を発9生ずる例について述べたが、これは
Yi=3’i、、−0のみに限る必要はなく、y・=f
Cyi)なる形の多項式で工い。In the above explanation, an example was described in which random numbers are generated using the polynomial yi = yi-1, but this need not be limited to Yi = 3'i, -0, and y = f.
Cyi).

また以上の説明においては、セレクタ112において、
(a(zi−yi)(mod  q))−p+yi f
)最下位ビットが取り出される構成について述べ友。Furthermore, in the above description, in the selector 112,
(a(zi-yi)(mod q))-p+yi f
) Friend mentioning the configuration in which the least significant bit is taken out.

しかしこれttl CaCz−−y−)Cmod  q
)) ・p+yil凰 るという構成にしてもよい。この場合セレクタ112は
比較器とおきかわることとなる。But this ttl CaCz--y-)Cmod q
)) ・The configuration may be such that p+yil decreases. In this case, the selector 112 will be replaced by a comparator.

(発明の効果) 以上詳細に説明した工うに、本発明によれば、安全性の
高い乱数を従来エフも高速に発生できる。(Effects of the Invention) As described above in detail, according to the present invention, highly secure random numbers can be generated at high speed compared to conventional methods.

【図面の簡単な説明】[Brief explanation of drawings]

第1図(a)u本発明の第一の実施例を示すブロック図
、第1図(b)は第1図(a)の演算回路を示すブロッ
ク図、第2図に本発明の第二の実施例を示すブロック図
である。 図において、101,104,112,201゜204
にセレクタ、102,105,202゜205はレジス
タ、103,106,203は2乗剰余回路、107,
206は演算回路、108は減算回路、109は乗除算
回路蔦110は乗算回路、111は加算回路を各々示す
。 第1図(の) lθ4  1o!;  1 、Q    ヤ〜      −一 ≧b       NFIG. 1(a) is a block diagram showing the first embodiment of the present invention, FIG. 1(b) is a block diagram showing the arithmetic circuit of FIG. 1(a), and FIG. 2 is a block diagram showing the first embodiment of the present invention. It is a block diagram showing an example of. In the figure, 101, 104, 112, 201°204
is a selector, 102, 105, 202゜205 is a register, 103, 106, 203 is a square remainder circuit, 107,
206 is an arithmetic circuit, 108 is a subtraction circuit, 109 is a multiplication/division circuit, 110 is a multiplication circuit, and 111 is an addition circuit. Figure 1 (of) lθ4 1o! ; 1, Q ya~ -1≧b N

Claims (1)

【特許請求の範囲】 第一の整数入力y_i_−_1(i=1、2、3、・・
・・・・・・・)および第一の素数pから第一の関数f
を用いて y_i=f(y_i_−_1)(mod p)を演算し
て第一の整数出力y_iとする第一の演算手段と、 第二の整数入力z_i_−_1および第二の素数qから
前記第一の関数fを用いて z_i=f(z_i_−_1)(mod q)を演算し
て第二の整数出力z_iとする第二の演算手段と、 初期状態で第一の初期整数y_oを記憶し前記第一の整
数入力y_i_−_1の初期値として出力し、前記第一
の演算手段が前記第一の整数出力y_iを出力するごと
にこの出力に更新して記憶して前記第一の整数入力y_
i_−_1として出力する第一の記憶手段と、 初期状態で第二の初期整数z_oを記憶し、前記第二の
整数入力z_i_−_1の初期値として出力し、前記第
二の演算手段が前記第二の整数出力z_iを出力するご
とにこの出力に更新して記憶して前記第二の整数入力z
_i_−_1として出力する第二の記憶手段と、 前記第一の整数出力y_i、第二り整数出力z_i、第
一の素数p、第二の素数qおよび第三の整数aから第二
の関数gを用いてg{〔a(z_i−y_i)〔mod
 q)〕p+y_i}を演算して出力する第三の演算手
段とを有することを特徴とする乱数発生器。[Claims] First integer input y_i_-_1 (i=1, 2, 3,...
) and the first prime number p to the first function f
a first calculation means that calculates y_i=f(y_i_-_1) (mod p) using , and obtains a first integer output y_i; a second calculation means for calculating z_i=f(z_i_-_1) (mod q) using the first function f to obtain a second integer output z_i; and storing the first initial integer y_o in an initial state. is output as the initial value of the first integer input y_i_-_1, and each time the first calculation means outputs the first integer output y_i, it is updated to this output and stored, and the first integer is Input y_
a first storage means for outputting as i_-_1; a second calculating means for storing a second initial integer z_o in an initial state and outputting it as an initial value of the second integer input z_i_-_1; Every time the second integer output z_i is output, it is updated to this output and stored, and the second integer input z
a second storage means for outputting as _i_-_1; and a second function from the first integer output y_i, the second integer output z_i, the first prime number p, the second prime number q and the third integer a. Using g, g{[a(z_i-y_i)[mod
q)] third calculation means for calculating and outputting p+y_i}.
JP60080827A 1985-04-16 1985-04-16 Random number generator Expired - Lifetime JPH0721764B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP60080827A JPH0721764B2 (en) 1985-04-16 1985-04-16 Random number generator

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP60080827A JPH0721764B2 (en) 1985-04-16 1985-04-16 Random number generator

Publications (2)

Publication Number Publication Date
JPS61239328A true JPS61239328A (en) 1986-10-24
JPH0721764B2 JPH0721764B2 (en) 1995-03-08

Family

ID=13729252

Family Applications (1)

Application Number Title Priority Date Filing Date
JP60080827A Expired - Lifetime JPH0721764B2 (en) 1985-04-16 1985-04-16 Random number generator

Country Status (1)

Country Link
JP (1) JPH0721764B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0673134A2 (en) * 1994-03-15 1995-09-20 Canon Kabushiki Kaisha Pseudo-random number generator, and communication method and apparatus using encrypted text based upon pseudo-random numbers generated by said generator

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0673134A2 (en) * 1994-03-15 1995-09-20 Canon Kabushiki Kaisha Pseudo-random number generator, and communication method and apparatus using encrypted text based upon pseudo-random numbers generated by said generator
EP0673134A3 (en) * 1994-03-15 1996-08-07 Canon Kk Pseudo-random number generator, and communication method and apparatus using encrypted text based upon pseudo-random numbers generated by said generator.
US5828752A (en) * 1994-03-15 1998-10-27 Canon Kabushiki Kaisha Pseudo-random number generator and communication system employing the same

Also Published As

Publication number Publication date
JPH0721764B2 (en) 1995-03-08

Similar Documents

Publication Publication Date Title
JP4842993B2 (en) Mixed radix generator with selected statistical artifacts
JP4866389B2 (en) Closed Galois field combination
JP4559505B2 (en) Extending the repetition period of random sequences
JP4828068B2 (en) Computer efficient linear feedback shift register
CN109791517B (en) Protecting parallel multiplication operations from external monitoring attacks
JP2011528444A (en) Closed Galois encryption system
JP2009110002A (en) Cryptographic system configured for extending repetition period of random sequence
Jahan et al. Improved RSA cryptosystem based on the study of number theory and public key cryptosystems
Xiao et al. 2-Adic complexity of two classes of generalized cyclotomic binary sequences
JP7155173B2 (en) Protecting Modular Inversion Operations from External Observation Attacks
US6480606B1 (en) Elliptic curve encryption method and system
JP2002229445A (en) Modulator exponent device
WO2002041138A1 (en) Automatically solving quatratic equations in finite fields
CN107463849B (en) Privacy information restoration methods based on single server
CN108347334B (en) Method for generating a cryptographic key pair
Perrin Probability 1 Iterated Differential in the SNEIK Permutation.
JPS61239328A (en) Random number generator
Biyashev et al. Modification of the cryptographic algorithms, developed on the basis of nonpositional polynomial notations
Kuswaha et al. Data Transmission using AES-RSA Based Hybrid Security Algorithms
JP2001066987A (en) Secure parameter generating device and method for algeblaic curve cryptograph, and recording medium
Halevi Key agility in MARS
ES2293665T3 (en) METHOD FOR THE CRYPTOGRAPHIC CONVERSION OF INPUT BLOCKS OF L DIGITAL DATA INFORMATION BITS IN OUTPUT BLOCKS OF L BITS.
KR102360837B1 (en) Method, apparatus and system for operating point multiplication
Jilna et al. Implementation of an elliptic curve based message authentication code for constrained environments
Mondal et al. An efficient reversible cryptographic circuit design