KR100304368B1 - Generation method of de bruijn sequences - Google Patents

Abstract

The present invention uses a D-homomorphism property in order to implement a nonlinear random number generator with a drastically reduced amount of computation. The high stage (more than about 40 to 50 stages) is used in the de Bruijn sequence of low stages (2, 3, 4 or 5 stages). De Bruijn's sequence is obtained directly and the delta algorithm is applied. The object of the present invention is n-dimensional vector As input, and the function S, , First step of obtaining output values by applying sequentially; n-dimensional vector With input -D de bruise function for output of A second process of obtaining an output value by applying; n-dimensional vector A function that takes n-1 bits from the front after shifting 1 bit to the left A third step of obtaining an output value by inputting the input to the delta algorithm; It is achieved by a fourth process of obtaining an n-order de bruzen's sequence function by performing an Exclusive O-calculation of each value obtained through the above 1-3 processes.

Description

DE BRUIJN SEQUENCES}

The present invention relates to a random number generation technology of a random number applied to an encryption system, and more particularly, to a method for generating a de Bruijn sequence that can greatly reduce the calculation amount of a function while generating a random number in a non-linear form. will be.

In general, a stream cipher system generates an ciphertext by using an operator such as an exclusive oracle 2A on the transmitting side, exclusively calculating random numbers of the plain text and the random number generator 1A, and then generating the ciphertext. Is transmitted to the other party through a wired or wireless channel.

On the other hand, the receiving side performs an exclusive OR operation on the random number of the random number generator 1B generating the random number in the same form as the random number generator 1A in the exclusive oragate 2B using the cipher text received through the transmission channel. Restore plain text.

In general, the authentication between the client and the server refers to a procedure for confirming whether or not the other party is really the intended real party when the server wants to transmit data to the other party, and the client authenticates the server with reference to FIG. The explanation is as follows.

First, the client generates a series of random numbers Ra and sends it to the server side. The server performs an operation on the received random number Ra and a key known in advance on both sides, and transmits the result value Xb to the client side. The client also performs the same operation as the server with the random number Ra and the key to obtain a result value Xa.

Thereafter, the respective result values Xa and Xb are compared with each other and determined to be authenticated if the server is the same. Of course, the process of the server authentication of the client is also performed as in the above authentication process.

In this case, the reason why the random number is used is to prevent a third party who is illegally tapping the communication line from being recognized as a server. In other words, if authentication is always performed with the same data only, the third party who is intercepted in the middle can transmit the data and pretend to the server.

Typically, a lot of linear feedback shift registers (LFSR) are used as the random number generator as described above, which has a linear characteristic, and thus has a defect that is vulnerable to external attack. In the case of using a nonlinear random number generator, there is a strength that is not easily exposed to external attacks, but there is a problem in that a large cost is required. This is because the de Bruijn function is typically used as a nonlinear random number generator because it requires a large amount of computation and a high performance central processing unit.

In other words, Lempel proposed a method of obtaining n + 1 Bruijn function from n (Integer> 0) de Bruijn function. To find out, we need to find all functions between n and m. Therefore, the calculation amount is increased exponentially, and there is a limit to the practical use.

Accordingly, an object of the present invention is to provide a method for generating a high-level de bruzen sequence that directly obtains a high-level de Bruijn sequence using a D-homomorphism property.

1 is a schematic diagram of a typical stream cipher system;

2 is a diagram illustrating a procedure of a client authenticating a server.

3 is in Arithmetic exploded view of.

Figure 4 is a table comparing the number of operations according to the present invention and the conventional method.

*** Description of the symbols for the main parts of the drawings ***

1A, 1B: Random Number Generator 2A, 2B: Exclusive Oagate

De bruzen sequence generation method for achieving the object of the present invention is n-dimensional vector As input, and the function S, , Process of obtaining output values of predetermined bits by sequentially applying )and; n-dimensional vector With input K-de-de Bruijn function for the output of A second process of obtaining an output value of a predetermined bit by applying )and; n-dimensional vector A function that takes n-1 bits from the front after shifting 1 bit to the left A third process of obtaining an output value of a predetermined bit by using )and; Exclusive o-calculation of each value obtained through the above steps 1-3 processes the n-de-Bruzen sequence function ( The fourth step is to obtain a), it will be described in detail with reference to FIGS. 3 and 4 attached to the operation thereof as follows.

An nth order binary de Bruijn graph Gn is a direction graph of all binary n ordered pairs, 2 ⁿ ordered pairs, with 2 ^{n + 1} corners. Two corners per vertex in , Leads to. The de Bruijn cycle is a closed path that must go through each vertex of G _n and only once. The number of different de Bruijn cycles is It is known as [1].

The de Bruijn cycle has a period of 2 ⁿ when Are all represented by different binary sequences {S _i }. These sequences are called n-th order de Bruijn sequences and can be created as nonlinear feedback transfer reservoirs [2-8].

Since the de Bruijn sequence has good randomness characteristics and high linear complexity, it has been used for the design of stream ciphers and authentication between client servers. Thus, many studies have been conducted on the characteristics of the sequence and how to generate it.

Lempel proposed a method for generating de Bruijn sequences based on D-homomorphism [9]. However, since the method generates the entire sequence repeatedly, if n is large, it is difficult to actually write because of the increase in computation and memory.

Here, the conventional de Bruijn hydrothermal generation method using Lempel's D-homomorphism is as follows.

N-dimensional vector space when Consider, at B ⁿ and 이동 is defined as the following equation (1),

'x moves to y'. Read 'y is the element immediately after x' or 'x is the element just before y'. Every element of B ⁿ has two elements immediately after it, and two elements immediately before it. In binary complement of x _i When writing Twin of x, Are each called a pair of x's. then ego, Is Equivalent to, and also It can be seen that it is equivalent to. K-cycles in G _n , when ego, K different vertices Says closed sequence. Thus, when writing the first bit of x _i with n elements into c _i , this is a sequence of bits It can be represented by.

function To It is easy to see that D is a two-to-one transcription function. Function D preserves the shift relationship, of The graph above is Homomorphism [2]. Also, If the number of k-circuits Γ 1 is even, Γ is k-circuited for function D. Wow It is known to be an image of vice versa and vice versa [2].

in The number of 1 in the cycle is Im well known Circulation is a function D With a pair of different cycles C It is original. On the other hand, x In the end When we are at x and Swap elements immediately after and Since x can be made into one cycle [5], x is in C end Pair and x in If you can find two cycles C and Can be made into a single cycle.

now ego, Vertex Think about it. If e is in C Must And vice versa. Also Because of Wow Is a pair. Therefore, the following theorem can be derived. In the future, a function that produces an n-th order de Bruijn sequence is called an n-th order de Bruijn sequence function.

Theorem 1 [2]: Let ψ be the (n-1) order de Bruijn sequence function and define h as

here, ego, to be. H is then an n-th order de Bruijn sequence function. Here, in order to find the n-th order de Bruijn sequence function h, it is necessary to find all the sequence functions below n-th order, which requires a lot of memory and time. The following describes the algorithm and evolution process of obtaining n-th order functions from functions that are much lower than n-th order.

Hereinafter, the de Bruijn hydrothermal generation method according to the present invention will be described in detail.

When n is not large, the theorem 1 can be used to obtain a higher order de Bruijn sequence function from a lower order de Bruijn sequence function. However, if n is large, it is very difficult to derive n th order de Bruijn sequence function from the lower order de Bruijn sequence function by repeating theorem 1. We now describe an algorithm that produces a higher order de Bruijn sequence from a lower order de Bruijn sequence function without having to calculate the de Bruijn sequence function over and over again.

First, the method for effectively calculating the function D will be described.

Theorem 2: when there is a nonnegative integer n Speaking of

to be.

Proof: Let's prove by mathematical induction. When (Equation 3) is clearly established. now If Eq. (3) holds When you put

(End of proof)

Theorem 2 can be used to calculate D effectively. As an example Think about it. Because of,

to be. The exclusive OR operation required to compute Less can be easily seen.

Left shift function

And then Bit selection function

As high as, the following properties can be easily obtained.

Properties 1: Wow end When is an element of,

This holds true.

now, when, Speaking of the method in FIG. , from Can be obtained.

Since the above is also generalized, the following theorem is obtained.

Theorem 3: when,

Speaking of

to be.

Proof: Let's prove by mathematical induction. In this case, Equation 12 is clearly established. now If we assume that Eq. (12) holds,

If,

Because of, Equation (12) holds in Eq. (End of proof).

now, Break function

When set to, from the property 1, the following is obtained.

Properties 2 : when,

now, Here are some special elements of.

Then, it is easy to see that the following equation holds.

when To

---------------------- (Eq. 24)

Let's put it. Then, the function Can be expressed as

---------------------- (Eq. 25)

here, ego, to be.

Properties 3 : when,

() D ( x ) = 0 and x = 0 or x = f are equivalent.

Ii) D ( x ) = f and x = 5 or x = a are equivalent.

Viii) a person If there is, all

about to be.

Iii) if D ⁱ ( x ) = 5 If there is, all , on

about to be.

I) if D ⁱ ( x ) = 0 , x ≠ 0 , x ≠ f, then D ^j ( x ) = 5 or D ^j ( x ) = a

Is present.

Definition 1 : Positive When there is, in Function Is defined as in the following (Equation 26).

In the above formula (26), The function is a function that determines whether the sequence x is equal to {1,0,1,0, ...} (in the algorithm represented by vector 5 as (Eq. 17)). = 1, if different = 0 The delta (Equation 26) is' 1, 0, 1, 0, ...} if the form of {1,0,1,0, ...} occurs at least once while performing the D operation (n-1) for the sequence X 'Means.

From property 3, When 1 is 1, it is easy to see that only one term is 1 in the right equation of Equation 26. Because if U (x) = 1 then x = 5 and vice versa, two or more terms cannot be 1 together. The method of calculating is shown in the delta algorithm below. The third and fourth stages are based on ii) and iii) of property 3, respectively. Steps 5 to 10 find D ^r ( x ) = 5 or a using property 3 above.

Delta algorithms;

Input: n, i, x

Step.0 input n, i, x

Step.1 if x = 5 then ( x ): = 1. Exit .

if x = a or x = f, or x = 0, then ( x ): = 0. Exit .

Step.2 d: = n-i + 1

Step.3 if D ^d (x) ≠ 0, then ( x ): = 0. Exit .

Step.4 k = 1, m: = d-1

Step.5 while do

Step.6

Step 7 if D ^t (x) = 5, then ( x ): = 1. Exit .

Step 8 if D ^t (x) = a, then ( x ): = 0. Exit .

Step.9 if D ^t (x) = f, then t: = t-1, goto Step 7.

Step.10 if D ^t (x) = 0, then m: = t-1, else k: = t

Step.11 end

Now, let's consider (Equation 2) again.

Can be rewritten as

Where x = to be. now, When x ^(k) = , x ⁽ⁱ⁾ = D ( x ^{(i + 1)} ), use Equation 28 in Can be calculated.

Theorem 3, property 2, and In the definition of Eq.

--- (Eq. 29)

Equation 29 is the proof of the following 'theorem 1'.

Helpful Theorem 1: functionIs the quadratic de Bruijn sequence function, when,

Is an n-th order de Bruijn sequence function.

In addition, generalizing the above help theorem 1, the following theorem 4 can be obtained.

Theorem 4 : Functions Is the k-order de Bruijn sequence function, when,

In the end, in (31) 'Means n-th order de Bruijn sequence function (n> k) according to the present invention, 'Is an n-dimensional vector With the function S, , Apply sequentially to obtain an output value of a predetermined bit (eg 1 bit). 'Is an n-dimensional vector With input K-dimensional deBruijn function for the output of Is an item that calculates the output value of a predetermined bit (for example, 1 bit) by applying 'Is an n-dimensional vector A function that takes n-1 bits from the front after shifting 1 bit to the left It is an item that obtains an output value of a predetermined bit (for example, 1 bit) by inputting the delta algorithm.

Using theorem 4 above, the function It is possible to obtain the next bit of the nth order de Bruijn sequence from the lower order de Bruijn sequence without calculating.

As an example,

when,

When comparing the conventional calculation method and the calculation method of the present invention for as follows.

Existing method;

The method according to the invention;

Therefore, as shown in FIG. 4, the delta algorithm of the present invention performs very little computation, resulting in very high overall computation speed.

References cited in the above description are as follows.

[1] N.G de Bruijn, 'A Combinatorial Problem', Nederl. Akad.Wetensch. Proc., Vol. 49, pp. 758-764,1946

[2] A. Lempel 'On a Homomorphism of the De Bruijn Graph and Its Applications to the Design of Feedback Shift Registers', IEEE Trans, vol. 19, pp. 1204-1209, Dec. 1970.

[3] A. Lempel, 'Cryptology in Transition', Computing Surveys, vol. 11, pp. 285-303, Dec. 1979

[4] S.W. Golomb, Shift Register Sequences, Aegean Park Press, Laguna Hills, CA, 1982.

[5] H. Fredrickson, 'A Survey of Full Cycle Algorithms', SIAM Review, vol. 24, pp. 195-221, April 1982.

[6] A.H. Chan, R. A. Games, and E.L. key, 'On the Complexities of de Bruijn Sequences', J. Comb. Theory, Ser. A, vol. 33, pp. 233-246, Nov. 1982.

[7] T. Helleseth and T. Klove, 'The Number of Cross-Join Pairs in Maximum Length Linear Sequences', IEEE Trans. Inform. Theory, vol. pp. 1731-1733, Nov. 1991.

[8] T. Chang, I. Song, H.M. Kim, and S.H. Cho, 'Cross-Joins in de Bruijn Sequences and Maximum Length Linear Sequences', IEICE Trans. Fundamentals, vol. E76A, pp. 1494-1501, Sep. 1993.

[9] F.S. Annexstein, 'Generating De Bruijn Sequences: An Efficient Implementation', IEEE Trans. Computers, vol. 46, pp. 198-200, Feb. 1997.

[10] S. Baase, Computer Algorithms: Introduction to Design and Analysis, Addison-Wesley, Reading, MA, A9978.

As described in detail above, the present invention directly obtains the de Bruijn sequence of the high stage (about 40-50 stages or more) by the de Bruijn sequence of the low stage (2, 3, 4 or 5 stages) using the D-homomorphism property, In this case, by applying the delta algorithm, the total amount of computation is greatly reduced, thereby making it possible to implement a low-cost nonlinear random number generator.

Claims (2)

n-dimensional vector As input, and the function S, , First step of obtaining output values by applying sequentially; n-dimensional vector With input -D de bruise function for output of A second process of obtaining an output value by applying; n-dimensional vector A function that takes n-1 bits from the front after shifting 1 bit to the left A third step of obtaining an output value by inputting the input to the delta algorithm; And a fourth step of obtaining an nth order de-bruise sequence function by performing an Exclusive O-calculation of each value obtained through the above steps 1-3. The delta algorithm of claim 1, wherein the delta algorithm of the third process is performed if x = 5 with respect to an input n, i, x. (x): = 1, where x = a or x = f, or x = 0 (x): = first step of setting to 0; d: = n-i + 1, and if D ^d (x) ≠ 0 (x): setting a second value to 0; a third step of setting k = 1, m: = d-1; Under conditions Calculating a fourth step; If D ^t (x) = 5 (x): set to 1, if D ^t (x) = a (x) a fifth step of setting 0; A sixth step in which if t ^t (x) = f, t = t-1 and return to the fifth step; A method of generating a de bruise sequence, which is performed in a seventh step of setting m: = t−1 when D ^t (x) = 0 and k: = t under other conditions.