KR20030093197A - Random number generator using compression - Google Patents

Abstract

The present invention relates to a random number generator that receives a plurality of input bits based on at least one random or pseudo random source. The bits are compressed according to a compression scheme such as Ziv-Lempel to improve the entropy and randomness of the random source (s). In addition, problems arising with respect to fluid statistical properties, for example due to temperature changes, aging of components, etc., are minimized / eliminated. In this way, a random number generator is provided that safely and effectively generates high quality random numbers. The invention also relates to a corresponding method of generating at least one random number based on a hardware source / unit.

Description

Random number generator with compression {RANDOM NUMBER GENERATOR USING COMPRESSION}

Random or pseudo-random numbers (hereinafter used interchangeably) are used to provide randomly appearing symbols that can be used in many cryptographic and communication applications, such as, for example, session keys, random challenges, initialization vectors, and the like.

Unfortunately, random number generation is a very difficult task to achieve, for example general purpose processors are not good at generating random numbers because of their inherent crystalline behavior. One solution is to use the physical properties of the hardware entity / unit as a source of random input.

In addition, state-of-the-art cryptographically secure random number generators with high unpredictability are extremely demanding computationally and are based on known computational challenges, no matter what characteristics of hardware modules they are based on. Various methods for generating random numbers are considered, for example, in Chapter 5 of "The Handbook of Applied Cryptography," by AJ Menezes, PC van Oorschot and SA Vanstone, et al., Which is hereby incorporated by reference in its entirety. It is.

Based on difficult computational problems, cryptographically secure random number generators are very complex operations that are expensive in terms of hardware, power consumption, and / or computational / execution times that are particularly problematic in portable devices such as mobile phones, PDAs, etc. need. An example of such a generator can be found in Section 5.5 of "The Handbook of Applied Cryptography by A.J. Menezes, P.C. van Oorschot and S.A. Vanstone," in CRC Press 1997.

Examples of sources for random or pseudo-random data include: current internal state of the hardware module / unit / device, date, time, free memory available, elapsed time between particle emission during the radioactive decay process, semiconductor diode or resistor There are any sources that have a thermal noise of, or generally a high grade of unpredictable / entropy.

In general, hardware-based random number generators are also difficult to find hardware sources that have sufficient entropy and / or randomness, and the hardware generally generates states of randomness and / or pseudorandom for any application. It does not change quickly enough to be used as a suitable input, and has the disadvantage that it is difficult to generate random bits based on hardware sources at a sufficiently high rate. Another problem is that the statistical properties of physical hardware sources change over time as a result of environmental influences (eg, temperature), aging and / or wear, so that initially "good" random sources are recalled. The effect may be less random.

ANSI X.9.17 (in CRC Press 1997, see page 173 of "The Handbook of Applied Cryptography by AJ Menezes, PC van Oorschot and SA Vanstone") is a cryptographic primitive, ie the use of DES to Increasing Unpredictability DES cryptographic algorithms are a more expensive solution (in terms of hardware complexity and / or CPU operations), in addition to the fact that sources of random input can have floating statistical characteristics. Unwanted side effects still hurt.

US patent specification 5,778,069 discloses a pseudo random number generator that combines multiple bits from a number of different sources into one input bit string. The hash value is computed by using a hashing function on the input bit stream, and the stream generator uses the hash value to generate a random bit output bit stream. Different sources may include internal sources such as status registers within the generator itself, external sources such as computers supplying operating parameters (such as current date, time, free memory available, etc.), and bits associated with the execution of the program / application. It may be another external source, such as a program / application to supply.

The present invention relates to a random number generator adapted to receive a plurality of input bits based on at least one random or pseudo-random source. ,

Memory means containing the status of the bits,

Calculating means for applying a predetermined function to at least one bit of the state, which is represented by at least one random number.

The invention also relates to a method of generating at least random numbers, the method comprising:

Receiving a plurality of input bits based on at least one random or pseudo-random source,

Storing the state of the bits in memory,

Applying a predetermined function to at least one bit of the state, resulting in at least one random number.

In addition, the present invention relates to a computer readable medium comprising a computer system for performing the method according to the present invention, and a program for allowing a computer to perform the method of the present invention.

1 schematically illustrates a functional block diagram of a random number generator according to the present invention.

2 schematically illustrates a functional block diagram of a random number generator according to an embodiment of the present invention.

3 illustrates a generalized functional block diagram of a random number generator according to another embodiment of the present invention.

4 is a flow diagram illustrating a method according to the invention.

5 shows a preferred embodiment of the present invention that includes a random number generator and / or may employ the method according to the present invention.

6 shows an example of how input bits are affected by compression means.

7 shows a more detailed example of how an output bit is affected by compression means and what output is produced.

It is an object of the present invention to provide a random number generator that safely and effectively generates high quality random numbers.

The purpose is

A random number generator of the above-mentioned kind, further comprising compression means for compressing said input bits, which are stored in said memory means as at least part of said state, resulting in a compressed string of bits.

This provides a random number generator that greatly improves the entropy of the random source (s) by using compression on the bits representing the source (s). In addition, problems associated with fluid statistical characteristics due to temperature changes, component aging, etc. are minimized / removed.

Compression / coder means removes redundant data from the random source (s) to maximize the entropy of the input bits, thereby improving the random quality of the generated random or pseudo-random symbol / sequence.

Preferably, the compression means is adaptive, ie it can be adapted to the changing statistical properties of the input data. Such means are generally known as general source coding means.

The input bits are obtained, for example, by sampling the random source (s) at a predetermined rate.

The random source (s) can be a combination of random or pseudo-random sources.

According to a preferred embodiment, at least one random or pseudo-random source comprises at least one hardware source and the input bits represent at least one physical characteristic of the at least one hardware source.

This typically provides at least one hardware-based random or pseudo-random source that provides a high quality random and / or pseudo-random input to the generator. Compression means makes it possible to avoid statistical flow by keeping the input high quality with respect to randomness and entropy.

According to one embodiment of the generator, the state also includes at least a portion of the state of the finite state machine (FSM).

In this way, the memory means can change the state and thus the input to the computing means, even if the random or pseudo-random source (s) are not. By doing so, random and / or pseudo-random sources with relatively low rates, but still relatively rapidly changing, because the overall state, i.e., the state including the FSM and random / pseudo-random input, change every clock cycle. Can be used as.

In addition, it is generally simpler to ensure that the FSM does not have local cycles of the enabled state.

According to another embodiment, the finite state machine (FSM) is a linear feedback shift register (LFSR) or a nonlinear feedback shift register (FSR).

Since LFSR is a FSM with good statistical properties, it increases the overall randomness and entropy in the state of the memory means.

Nonlinear FSRs have much better statistical properties that increase security slightly with increased complexity.

In a preferred embodiment, the memory means comprises a circular buffer having a length of at least 1 bit.

Thus, a very simple and effective part of the memory means is provided.

In a preferred embodiment, the calculating means is adapted to calculate at least one hash value resulting in at least one random number using a hashing function.

The hash function makes it virtually impossible to determine the function's input based on the output, greatly increasing the security of the random / random sequence generated.

Optionally, the computing means includes feedback to the FSM, thereby increasing the output rate of the random number.

In another embodiment, the hashing function is:

SHA-1,

RIPEMD-160,

MD5 or

Any other suitable hashing or similar function.

In a preferred embodiment, the compression means compresses the input bits according to the Lempel-Ziv compression scheme.

Lempel-Ziv compression algorithm is a well-known general source coding method. The algorithm is adaptable, for example Zig, Lempel's "A universal algorithm for sequential data compression" in May 1977, IEEE Transaction on Information Theory Vol. 23, no 5, p. 337-343, and in 1978. In September, IEEE Transactions on Information Theory, Vol. 24, no 5, p. 530-536, described in "Compression of individual sequences via variable rate coding" by Ziv, Lempel.

Optionally, the compression means may be adapted to another compression / encoding scheme / algorithm such as partial pattern matching (PPM), Huffman, Tunstall, etc., or other compression schemes used to obtain better compression, lower implementation costs, and / or execution speed. Compress the input bits accordingly.

In one embodiment, the random number generator is used in a portable device.

In a preferred embodiment, the portable device is a mobile phone.

Another object of the present invention is to provide a method for safely and efficiently generating high quality random numbers.

The object is achieved by a method of the kind mentioned above, which method

Compressing the input bits, which are stored in the memory as at least part of the state, resulting in a compressed bit string.

According to a preferred embodiment, at least one random or pseudo-random source comprises at least one hardware source, the input bits representing at least one physical characteristic of the at least one hardware source.

According to one embodiment of the method, the state further comprises at least a portion of the state of the finite state machine (FSM).

According to another embodiment, the finite state machine (FSM) is a linear feedback shift register (LFSR) or a nonlinear feedback shift register (FSR).

In a preferred embodiment, the memory means comprises a circular buffer having a length of at least 1 bit.

In a preferred embodiment, the calculating means is adapted to calculate at least one hash value resulting in the random number using a hashing function.

In another embodiment, the hashing function is:

SHA-1,

RIPEMD-160,

MD5 or

Any other suitable hashing or similar function.

In a preferred embodiment, the compression means compresses the input bits according to the Lempel-Ziv compression scheme.

In one embodiment, the method is used in a portable device.

In a preferred embodiment, the method is used for a mobile phone.

The method and its embodiment correspond to the random number generator and its embodiment, which have the same advantages as above (for this reason they are not described again).

The invention also relates to a computer-readable medium having stored thereon instructions for causing a processing unit or computer system to execute the methods described above and below. Computer-readable media include, for example, CD-ROM, CD-R, DVD RAM / ROM, floppy disk, hard disk, smart card, network accessible via a network connection, ROM, RAM, and / or flash memory, or the like. There is generally any other kind of medium that provides the computer system with information as to how instructions / commands are executed.

Thus, when the computer retrieves the electronic information as a result of the contents of such a computer readable medium, the advantages mentioned above in connection with the corresponding method according to the invention are obtained.

Finally, the invention relates to a computer system comprising means adapted to execute a program, in which case the program, when executed, causes the computer system to carry out the method according to the invention, thereby achieving the above mentioned advantages and / or effects. To get it.

Computer system includes, for example, one or more processor means, such as a special purpose or general purpose CPU, which can be programmed / instructed at one time or another in a manner that causes the computer to fully or partially execute the method according to the invention. Means a system.

The invention will be more fully described with reference to the drawings.

1 schematically illustrates a functional block diagram of a random number generator according to the present invention. A number of input bits 101 are shown representing information of one or more random and / or pseudo-random sources (not shown). Input bit 101 may be obtained, for example, by sampling the source (s) at an appropriate rate. In a preferred embodiment, at least one source is a hardware based source.

The compression means 102 receives the input bits 101 and compresses them according to some compression scheme or method similar to that described above. Examples of compression of the input bits 101 are provided in connection with FIGS. 6 and 7. Compression means 102 improves the entropy and randomness of input bit 101 by removing redundant information from input bit 101. The compression means 102 also eliminates the effect of fluid characteristics when using a hardware based source.

Preferably, the compression means uses a Lempel-Ziv compression scheme.

Optionally, the compression means may be adapted to another compression / coding scheme / algorithm such as partial compression mathing (PPM), Huffman, Tunstall, etc., or other compression schemes used to achieve better compression, lower implementation costs, and / or execution speed, for example. Compress the input bits accordingly.

The results from the compression means 102 are stored in the memory means 103 as at least part of the state.

In one embodiment, the memory means 103 is a circular buffer having a length of at least 1 bit. In a circular buffer, the last element of the buffer becomes the first element of the buffer when the buffer is completely filled, thereby avoiding overloading / overwriting.

Optionally, the state of the memory means 103 also comprises a copy of the state of the finite state machine (FSM) or FSM, thereby providing a random and / or pseudo random source (and thus from the compression means 102). Although the output) does not change, the state of the memory means 103 can be changed for every clock signal. The FSM may be any suitable linear feedback shift register (LFSR) or nonlinear feedback shift register (FSR), an example of an FSM being described in more detail below with respect to FIGS. 2 and 3. The FSM is shifted at least one step.

The calculating means 104 calculates a given function for the state of the memory means 103 to derive at least one random number or pseudo random number 105. Preferably, a hashing function is used by the calculating means 104 to derive the random number (s) 105 to improve the security of the process, which is why the hashing function is based on the output of the hashing function. This is because it is almost impossible or at least very difficult to derive.

Optionally, a function other than the above may be used by the calculation means 104 to ensure the output of the random number or pseudorandom number or random number sequence.

Optionally, the calculation means 104 provides feedback to the memory means 103 or more specifically the FSM of the memory means 103 to increase the output rate of the random number or pseudo random number (s) / columns, for example calculation / hashing. The output from the means 104 can be divided into two, one part being random / column and the other part not necessarily the same part as used to control the FSM / LFSR.

2 schematically illustrates a functional block diagram of a random number generator according to an embodiment of the present invention. A number of random or pseudo random bits 201 are shown, obtained from a hardware source (not shown), for example by sampling at least one physical parameter from a source at a predetermined rate. Bit 201 preferably represents one or more physical characteristics of the hardware source / unit.

Optionally, bits are obtained based on other sources that do not necessarily have to be hardware based random or pseudo random sources.

Bit 201 is compressed by compression means 202 to remove redundant information, maximize entropy, and remove any effects due to the fluidity of the statistical properties of hardware-based sources / units. By doing this, the bits 201 after compression are as random as possible.

Preferably, the compression means uses a Lempel-Ziv compression scheme.

Optionally, the compression means is used to compress the input bits according to other compression schemes / algorithms such as partial pattern matching (PPM), Huffman, Tunstall, etc., or to obtain better compression, lower implementation cost, and / or execution speed, for example. Compress the input bits according to different compression schemes.

The compressed bits are stored in memory, preferably in circular buffer 203. The memory preferably further includes at least a portion of the state of the FSM 204. The FSM 204 causes the memory state to change during every random number generation or every clock cycle, even if the hardware source is not, which is typically quite significant because the physical characteristics of the hardware unit change at a relatively slower rate than the FSM circuitry. It often happens.

If the state of the FSM 204 has good statistical / random characteristics, high quality additional random number is introduced into the memory means.

The FSM will eventually cycle as all finite state machines, ie return to the previously generated state.

In most applications, the FSM will operate in the binary symbol range as shown in the above example, i.e. the symbols will be " 0 " However, other symbol ranges other than the above may also be used, as is well known from the theory of FSM, linear feedback shift register, and the like.

The linear feedback shift register (LFSR) is an example of an FSM that has good statistical properties, thereby increasing the overall randomness and entropy of the state of the memory means.

The LFSR is advantageously chosen in such a way that the generated state sequence will cycle through all non-zero states, which can be realized by selecting a feedback connection corresponding to the primitive polynomial in the symbol field (e.g., , CRC Press 1997, pages 195-196, see The Handbook of Applied Crypotography by AJ Menezes, PC van Oorschot and SA Vanstone ").

Although there is a slight increase in complexity when the feedback of the LFSR is modified to produce a full-length sequence, such as the de Bruin sequence, the security can be significantly increased, i.e. the LFSR contains zero state (all It will cycle through all possible states (including "0").

Nonlinear feedback shift registers (FSRs) are FSMs with much better statistical properties, which slightly increases the complexity of the implementation hardware, but further increases security.

Next, the overall state of the memory means 203; 204 is used as input to the hashing means 205 to further improve security, resulting in one or more random or pseudo random bits.

Applying a hashing or similar " one-way " function to the memory means 203; 204 makes it almost impossible to determine the relationship between the input and output of the hashing means 205, which is a random number or Increase the security of pseudo random numbers / heat.

Optionally, part of the state of the memory means 203; 204 is supplied to the hashing means 205.

Examples of hashing functions are SHA-1, RIPEMD-160, MD5, or generally any other suitable hashing or similar one-way function.

3 illustrates a generalized functional block diagram of a random number generator according to another embodiment of the present invention. This figure corresponds to FIG. 2 except that a plurality of N random and / or pseudo random sources 201 and 201 'are shown instead of just one as in FIG.

The random source 201; 201 'may comprise any hardware based or non hardware based source that can be sampled / detected in any way to generate a symbol representing at least one random number and / or pseudo random number. A random number is a number that represents the often detected / sampled physical parameter (s) of a 'real' random characteristic, and a pseudo random number is such as internal states such as hardware circuits / units, clock circuits, CPUs, memory states, etc. Refers to a number representing a parameter based on a crystalline unit (although it is complex).

Some examples of random sources are: elapsed time between particle emissions during radioactive decay, thermal noise from semiconductor diodes or resistors, or the like, or any source that generally has high unpredictability / entropy based on physical properties.

Radioactive sources and sensors can be encapsulated, for example, in hard plastic or the like, so that no third party violates security as it determines the parameter (s).

Some examples of pseudo-random sources are: the current internal state of the hardware module / unit / device, the date and / or time of the computer system, the free memory available, the memory state (eg in the FSM), read and / or write operations. During this process, there is a speed change of the hard disk, a combination of multiple asynchronous clocks.

In this way, a better random and / or pseudo random input is obtained by the generator, thereby improving the quality of the output random number / pseudo random number (s).

4 is a flow chart illustrating a method according to the present invention. The method is initiated and started in step 400. In step 401, for example, by sampling the source (s), a number of bits are obtained that represent parameters of one or more random and / or pseudo random sources. Preferably, at least one source is a hardware based source, but other sources may be used as described above.

In step 402, the FSM is shifted at least one step to another state. The FSM can be any suitable linear feedback shift register (LFSR) or nonlinear feedback shift register (FSR) as described above. This allows the input criteria (and thus the final output) of the random number and / or pseudo random number generation to change every clock cycle regardless of the change in the source (s).

In step 403, the bits obtained in step 401 are compressed and placed in a memory element, preferably a circular buffer.

Compression is preferably performed according to the Lempel-Ziv compression scheme, but is used to obtain other compression schemes / algorithms such as partial pattern matching (PPM), Huffman, etc., such as better compression, lower implementation cost, and / or execution speed. Other compression schemes may also be used.

In step 404, the compressed bits and the bits of the current FSM state are combined into a single bit string or the like.

Alternatively, instead of combining the compressed bits and the FSM state, they can be stored as part of a single memory element.

In step 405, the combined compressed bit and the bit in the FSM state are used as input to a hashing function to derive at least one random number and / or pseudo random number. The hashing function makes it almost impossible to derive the input of the hashing function based on the output, thereby improving the security of the generated random and / or pseudo random numbers.

The hashing function can be any of SHA-1, RIPEMD-160, MD5 or generally any other suitable hashing or similar function.

In step 406, a test is performed to see if more random number (s) can be generated. If this is possible, the method loops back to perform steps 401 to 406 once again.

Optionally, as long as the FSM is shifted at least one step per induction of the final random number and / or pseudo random number (s), step 402 is also performed after step 404 instead of before step 403 or elsewhere in the step sequence. May be implemented.

Optionally, steps 402 and 403 may also be executed in parallel or in the reverse order (403 before 402).

5 shows a preferred embodiment of the present invention, which comprises a random number generator and / or uses the method according to the present invention. A mobile phone 501 is shown having a display means 504, a keypad 505, an antenna 502, a microphone 506 and a speaker 503. By including a random number generator and / or using the method, high quality random number generation can be provided with less power consumption and / or calculation / execution time as it is provided with relatively little complexity in hardware.

6 shows an example of how input bits are affected by compression means. Bits 601 obtained from at least one random and / or pseudo random source, such as hardware based source (s), are shown. In this example, the distribution of "0" is approximately 25% and the distribution of "1" is approximately 75%, which means that the source (s) triples "1" to "0" due to fluid statistical characteristics, etc. It means that it occurred. This is not an optimal distribution of random bits because one symbol occurs more frequently than another symbol, which reduces the security and randomness of the generated random sequence.

Bit 601 is compressed by compression means 602 according to the Huffman compression scheme, or in another suitable manner as described above, and the output bit stored in memory means 603 is approximately equal to the distribution of " 0 " 50% and distribution of " 1 " is approximately 50%, since the compression means maximizes entropy by removing any redundant information from the bit 601.

Optionally, the bit 601 also includes the state of the FSM as described above. That is, bits 601 are formed of bits from random and / or pseudo random source (s) and bits of the FSM.

Fig. 7 shows a more detailed example of how the input bits are affected by the compression means and what output occurs.

Compression means 702 for receiving an input sequence u ∈ {0,1}, a memory means including a circular buffer 703 containing the state of the code word, and a maximum length LFSR 704 also comprising the state FSM is shown. The memory means also includes a MOD2 adder 705 that combines at least a portion of the state of the buffer 703 and at least a portion of the state of the LFSR 704. In the above example, LFSR 704 is 4 in length and buffer 703 is 12 in length, although other types and lengths of buffers and FSMs may be used. Buffer 703 and LFSR 704 are shown in their initial state.

In this embodiment, the state of the buffer 703 and the LFSR 704 is used as the input 706 in the calculation means / hashing means (not shown).

The input sequence u has a statistical property, which can be described by a Markov chain and has a corresponding entropy value.

In the specific example above, the compression / coder means 702 is for example a message set M 메시지 {"1";"10";"100"; The input sequence u is compressed using a fixed source code such as Tunstall code with " 000 "}. That is, the raw / random data sequence u is analyzed into blocks corresponding to the message set of code C ₀ C ₁ . In this example, the Tunstall code encodes the message as follows (M's time is increasing from right to left):

M C ₀ C ₁ One 1 1 10 1 0 100 0 1 000 0 0

That is, the input sequence / column u is analyzed until "1" or three consecutive "0s" are met. As soon as "1" is encountered, "11" is output as a codeword; If a single "0" is encountered before "1" (in time), "10" is output; If two "0s" are encountered before "1" (in time), "01" is output; Finally, if three "0s" are encountered consecutively without meeting "1", "00" is output.

For example, the following input sequence (with time increasing from right to left) (Where the sequence is spatially separated to better represent the set of messages in the input string),

: 000 000 10 000 1 000 100 1 100 10 1 100 1

Generate the output as an encoded string (with increasing time from right to left):

00 00 01 00 11 00 10 11 10 01 11 10 11

However, it should be noted that in the given example the source encoder / compression means does not always emit a codeword every input symbol.

Variable length inputs are preferred for fixed length outputs because buffer clocking is easier when only fixed size steps are required.

The generated sequence of codewords is placed in a circular buffer 703 as described later.

Optionally, other source encoder / compression means may be used, for example those mentioned above, or in general any other suitable means that ensures high entropy and / or low redundancy after processing the input sequence.

The LFSR 704 preferably has the following state transition operations:

A state that includes " 0000 " that transitions to itself, and other states that transition according to:

0 "1000"

1 "1100"

2 "1110"

3 "1111"

4 "0111"

5 "1011"

6 "0101"

7 "1010"

8 "1101"

9 "0110"

10 "0011"

11 "1001"

12 "0100"

13 "0010"

14 "0001"

Here, state "0001" 14 transitions to state "1000" (0), and state cycles (0-14) are repeated.

These two cycles of length 1 and 15 together consume the entire state space of the FSM / LFSR 704 respectively.

In operation, the compression means 702 may operate as follows:

1) First, shift the buffer 703 and the LFSR 704

2) Read symbol from sequence u

3) if there is no complete message block (M), go back to 1, otherwise,

If the number of shifts since the last codeword is <2, shift the buffer 703 once more

Write the codeword (C ₀ C ₁ ) in the first two positions of the buffer.

Optionally, the buffer can be clocked exactly twice between the two source codes being written.

Hereinafter, exemplary input string While receiving, the status of buffer 703 and LFSR 704 is shown. Initial values / states of buffer 703 and LFSR 704 are indicated in parentheses.

Buffer (000000000000) LFSR (1000) Parity One * 110000000000 1100 0 0 011000000000 1110 One 0 001100000000 1111 0 One 010110000000 0111 0 One * 110101100000 1011 0 0 011010110000 0101 One One 100101011000 1010 One 0 010010101100 1101 0 0 001001010110 0110 One One 010100101011 0011 0 One * 110101001010 ** 0001 One 0 011010100101 1000 One 0 101101010010 ** 0100 One One 010110101001 0010 One 0 101011010100 ** 1001 0 0 010101101010 0100 One 0 001010110101 0010 One One * 110010101101 ** 1001 One 0 111001010110 ** 1100 One

0 011100101011 1110 0 0 001110010101 ** 0111 One 0 100111001010 ** 0011 0 One 100011100101 1001 0 0 110001110010 ** 1100 0 0 011000111001 1110 One 0 001100011100 ** 0111 0 0 000110001110 1011 0 0 000011000111 0101 One 0 000001100011 ** 0010 One

Where * indicates an extra shift and ** indicates that the LFSR state is affected by the buffer.

The state of the buffers and LFSRs are used as inputs to hashing or similar one-way functions to greatly improve the security of generated random numbers / columns, since it is virtually impossible to determine the function's input based on the output.

Optionally, a hashing or similar function may use only part of the state.

As a very simple example, the following hash function is considered:

h (x ₁ , x ₂ , ... x ₁₆ ) = Σ'x _i = (x ₁ + x ₂ ... + x ₁₆ ) MOD2

Here, i = 1 ... 16, and Σ 'represents the sum of MOD2.

In this very simple example, h is equal to the parity of the combined state as shown in the table above.

In practical applications, h is a one-way hash function such as MD-5, SHA-1, RIPEMD-160 or any other suitable hashing or similar function.

It may be desirable for the length of the buffer to be relative prime to the block size of the codeword (not applicable to this simple example).

In a preferred embodiment, the new codeword is written to the buffer and not overwritten with the previous data, but rather "adding" the codeword data to at least one position / state in the buffer. Adding may be, for example, an XOR-ring of additive MOD 4 or 4 bits.

Claims (22)

A random number generator adapted to receive a plurality of input bits 101 (201, 201 '; 601) based on one or more random or pseudo random sources, Memory means (103; 203, 204; 603; 703, 704) containing a state of a bit, In a random number generator comprising computation means (104, 205) for applying a predetermined function to one or more bits of the state that result in one or more random numbers (105), Compressing the input bits 101; 201; 201 ′; 601 which are stored in the memory means 103; 203, 204; 603; 703, 704 as resulting condensed bitstreams. And a compression means (102; 202; 602; 702). The method of claim 1, Wherein the one or more random or pseudo random sources comprise one or more hardware sources, and wherein the input bits represent one or more physical features of the one or more hardware sources. The method according to claim 1 or 2, The state further comprises at least a portion of a state of a finite state machine (FSM) (204). The method of claim 3, wherein The finite state machine (FSM) is a linear feedback shift register (LFSR) (704) or a non-linear feedback shift register (FSR). The method according to any one of claims 1 to 4, And said memory means (103; 203, 204; 603; 703, 704) comprise a circular buffer (203; 703) having a length of at least one bit. The method according to any one of claims 1 to 5, And said calculating means (104, 205) is adapted to calculate one or more hash values resulting in said random number (105) using a hashing function. The method of claim 6, The hashing function is: SHA-1, RIPEMD-160, MD5 or Random number generator, characterized in that it is any other suitable hashing or similar function. The method according to any one of claims 1 to 7, And said compressing means compresses the input bits according to the Lempel-Ziv compression scheme. The method of claim 1, wherein And said random number generator being used in a portable device. The method of claim 9, Random number generator, characterized in that the portable device is a mobile phone (501). As a method of generating at least random numbers, Receiving a plurality of input bits based on one or more random or pseudo random sources, Storing the state of the bits in memory, A method of generating a random number comprising applying a predetermined function to one or more bits of the state that result in one or more random numbers, Compressing the input bits that are stored in the memory as at least part of the state, resulting in a compressed string of bits. The method of claim 11, Wherein the one or more random or pseudo random sources comprise one or more hardware sources, and wherein the input bits represent one or more physical features of the one or more hardware sources. The method according to claim 11 or 12, Wherein said state further comprises at least a portion of a state of a finite state machine (FSM). The method of claim 13, The finite state machine (FSM) is a linear feedback shift register (LFSR) or a non-linear feedback shift register (FSR). The method according to any one of claims 11 to 14, And said memory means comprises a circular buffer having a length of at least one bit. The method according to any one of claims 11 to 15, And said computing means is adapted to calculate one or more hash values resulting in said random number using a hashing function. The method of claim 16, The hashing function is: SHA-1, RIPEMD-160, MD5 or A random number generation method characterized in that it is any other suitable hashing or similar function. The method according to any one of claims 11 to 17, And said compressing means compresses the input bits according to the Lempel-Ziv compression scheme. The method according to any one of claims 11 to 18, Wherein said method is used in a portable device. The method according to any one of claims 11 to 19, And wherein said method is used in a mobile telephone. A computer readable medium, 21. A computer readable medium having stored thereon instructions for causing a processing unit to execute a method according to any of the claims 11-20. A computer system comprising means adapted to execute a program, comprising: A computer system, when executed, causes a computer system to perform a method according to any of the preceding claims.