WO2004032098A1 - 疑似乱数発生方法及び疑似乱数発生器 - Google Patents
疑似乱数発生方法及び疑似乱数発生器 Download PDFInfo
- Publication number
- WO2004032098A1 WO2004032098A1 PCT/JP2003/008794 JP0308794W WO2004032098A1 WO 2004032098 A1 WO2004032098 A1 WO 2004032098A1 JP 0308794 W JP0308794 W JP 0308794W WO 2004032098 A1 WO2004032098 A1 WO 2004032098A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- random number
- bit string
- shift register
- selection
- pseudo
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/582—Pseudo-random number generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
- H04L9/0668—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator producing a non-linear pseudorandom sequence
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/582—Pseudo-random number generators
- G06F7/584—Pseudo-random number generators using finite field arithmetic, e.g. using a linear feedback shift register
Definitions
- the present invention relates to a pseudo-random number generating method for generating a pseudo-random number used in cryptographic communication, digital signature, and the like, a pseudo-random number generator, and a random number generating program.
- One of these encryption methods is a sequential encryption method (stream encryption method).
- the sequential encryption method the same pseudo-random number is generated on the transmitting side and the receiving side, and the transmitting side creates a ciphertext bit string using the pseudo-random number bit string and the plaintext bit string, and sends it to the receiving side as ciphertext.
- the receiving side obtains a plaintext bit string using the bit string of the ciphertext and the bit string of the pseudo-random number received from the transmitting side and decrypts the plaintext.
- FIG. 16 is a diagram illustrating a conventional sequential encryption method.
- the encryption device 100 on the transmission side has a pseudo-random number generator 101 and a logical operation processing unit 102.
- the decryption device 110 on the reception side has a pseudo-random number generator 111.
- the pseudorandom number generator 101 of the encryption device 100 and the pseudorandom number generator 111 of the decryption device 110 generate the same pseudorandom number by giving the same secret key. It has a logical structure.
- the logical operation processing unit 102 of the encryption device 100 and the logical operation processing unit 112 of the decryption device 110 perform an exclusive OR operation in bit units.
- FIG. 17 is a diagram for explaining the pseudo-random number generator 101 of the encryption device 100. Since the pseudo random number generator 111 of the decryption device 110 has the same configuration as the pseudo random number generator 101 of the encryption device 100, detailed description thereof is omitted.
- the pseudo-random number generator 101 is a nonlinear compiler-type pseudo-random number generator (Nonlinear Combiner Generator). As shown in Fig. 17, a plurality of linear feedback pack shift registers (Linear Feedback Shift Register; LFSR) 1 0 3 and a non-linear conversion unit 104, and non-linearly converts the bit string output from each linear feedback shift register 103 to generate a pseudo random number.
- LFSR Linear Feedback Shift Register
- each linear Fi one-back shift register 103 one shift operation at their respective 1-bit ( ⁇ 1, ⁇ 2, ⁇ ⁇ ⁇ X L) to output the non-linear conversion section 104, each linear It has a configuration for outputting a 1-bit pseudorandom number based on a bit string input from the feedback shift register 103. .
- FIG. 18 is a diagram simply illustrating the configuration of a general linear feed-pack shift register 103.
- the linear feedpack shift register 103 has a plurality of shift registers 105 capable of storing 1-bit information and a plurality of exclusive OR operation circuits 106.
- the output of each shift register 105 and each exclusive OR are A feedback tap 107 is connected to one input of the arithmetic circuit 106.
- Feedback tap 107 (C n — C n -2, ⁇ C n ) indicates connection when 1,
- a value of 0 indicates a disconnection, each of which is set to 1 or 0 in advance.
- the characteristic polynomial that generates the ⁇ sequence is represented by the following expression.
- the exponent n of the first item is a linear feedback shift.
- the order of the register 103 that is, the number of shift registers, indicates the exponent part of the second and subsequent items, and indicates the connection position by the feedback tap. If the characteristic polynomial shown in the above equation is a primitive polynomial, the linear feedback shift register outputs M sequences.
- Such a conventional nonlinear compiler-type pseudo-random number generator can be configured with simple logic based on bitwise logical operations, and is considered to be suitable for implementation in so-called hardware.
- Patent Document 1 the output from the linear feedback shift register is exclusive-ORed. It has been proposed to change it by an arithmetic processing such as (for example, see Patent Document 1). [Patent Document 1]
- the linear feedback shift register 103 observes twice the output of the number of shift registers, and thus the configuration of the linear feedback shift register 103, that is, the number of shift registers and the connection position, and all of the initial values Can be specified. Therefore, if the linear feedback shift register 103 having a fixed configuration is used as it is for the pseudorandom number generator 101, the encryption strength is weak and there is a problem in security.
- the characteristic polynomial is fixed to a value that outputs the M-sequence in advance, and it is considered that the configuration of the linear feed-pack shift register cannot be easily changed.
- the conventional nonlinear compiler-type pseudo-random number generator must continuously and repeatedly execute a 1-bit unit operation using the linear feedback shift register 103.
- Such processing is good at hardware and can be performed at relatively high speed, but it is not good at software, and the processing speed is extremely slow as compared with hardware.
- the non-linear converter 104 executes a simple operation such as a logical product and an exclusive logical sum. Therefore, the throughput of the linear feedback shift register 103 is lower than the throughput of the non-linear converter 104, and the part that outputs a random number bit string in the entire generator, that is, the linear feedback shift register 103 is a bottleneck. Become. For this reason, conventional nonlinear combiner-type pseudo-random number generators are more complete when implemented in software than when implemented in hardware. There was a problem that the body throughput decreased, and it was difficult to use it with software.
- the number of shift registers 105 of the linear feed-pack shift register 103 and the number of linear feedback shift registers 103 must be a certain number. Need more. However, the throughput is lower as the number of shift registers 105 of the linear feedback shift register 103 increases or as the number of linear feedback shift registers 103 increases. is there. Therefore, it was difficult to achieve high throughput while securing high encryption strength.
- An object of the present invention is to make it easy and simple to configure a linear feed-pack shift register while maintaining strong encryption strength.
- An object of the present invention is to provide a pseudo-random number generation method and the like that can be dynamically changed and that can achieve a higher throughput while securing a sufficiently high cipher strength.
- Pseudo-random number Tsutomusei method with the first aspect for solving the above-mentioned problems has n shift registers, the number of bits of one period (2 ⁇ ⁇ ) - 1 or the bits strings can be output
- a first step of setting an initial value of a simple linear feedback shift register and a second step of obtaining a derived value which is relatively prime to the number of bits for one cycle of the linear feedback shift register from the initial value by a predetermined arithmetic processing.
- the derived value is multiplied by a value obtained by doubling the number of bits for one cycle of the linear feedback shift register to calculate the number of bits of the bit string to be output by the first linear feedback shift register.
- a 4th step of outputting the calculated number of bit strings from the linear feedback shift register based on the initial value is to extract the bit string at each interval of the derived values to generate a new bit string
- the sixth step is to reconfigure the configuration of the linear feedback shift register into a configuration that can output the new bit string
- an initial value of a linear feedback shift register having ⁇ shift registers and capable of outputting a bit string in which the number of bits for one cycle is ( 2 ⁇ ) 11 is set, and a predetermined operation is performed. Through processing, the derived value that is relatively prime to the number of bits for one cycle of the linear feedback shift register is obtained from the initial value.
- the derived value is multiplied by a value that is twice or more the number of bits for one cycle of the linear feed-back shift register, and the number of bits of the bit string output by the first linear feedback shift register is calculated.
- a bit sequence for the calculated number of bits is output from the linear feedback shift register based on the initial value, and a bit sequence is extracted from the output bit sequence at each derived value interval to generate a new bit sequence.
- the configuration of the linear feedback shift register is reconfigured to a configuration capable of outputting the new bit string, and pseudo random numbers are generated from the reconfigured linear feedback shift register based on the initial values.
- the configuration of the linear feedback shift register can be dynamically changed based on the initial value, and a ⁇ -series bit string can be output from the changed linear feedback shift register. Therefore, the reader cannot obtain the configuration of the linear feedback shift register before reconstruction based on the pseudo-random number output from the pseudo-random number generator, and cannot decrypt the initial value or the secret key. As a result, high encryption strength can be obtained, and confidentiality of information can be maintained.
- a hash function is applied to the initial value to obtain a hash value, and a prime number closest to the hash value is adopted as a derived value. It is characterized by the following.
- the hash value is obtained by performing a hash function on the initial value, and the prime number closest to the hash value is adopted as the derived value, so that the difficulty of estimating the derived value can be increased. Confidentiality can be obtained.
- a third aspect of the present invention is the pseudo random number generating method according to the first or second aspect, wherein the reconfiguration of the linear feedback shift register is performed using a Parlay-camp Massey algorithm.
- the present invention makes use of a Parlay-camp Massey algorithm, which is capable of obtaining a linear feedback shift register from a bit string having a bit number of at least two cycles or more.
- the invention of claim 4 is the pseudorandom number generation method according to any one of claims 1 to 3, wherein the invention of the sixth step has a seventh step of nonlinearly transforming the generated pseudorandom number. I do.
- the generated pseudo-random numbers are non-linearly converted, so that the pseudo-random numbers can be given a non-linear life, and the encryption strength can be further improved.
- Pseudo-random number ⁇ apparatus has n shift registers, the number of bits of one period (2 lambda n) - 1 single bit string to be capable of outputting a linear Fi one Dobakkushifu Value register, an initial value setting means for setting an initial value of the linear feedback shift register based on the secret key, and a predetermined operation processing which is relatively prime to the number of bits for one cycle of the linear feedback shift register from the initial value.
- Derived value calculation means for obtaining a certain derived value, and one cycle of bits of the linear feedpack shift register. The value obtained by doubling the number is multiplied by the derived value to obtain the first linear feedpack shift register.
- Bit number calculating means for calculating the number of bits of the bit string to be output by the star, and the bit strings corresponding to the calculated bit number are output from the linear feedback shift register based on the initial value.
- Bit stream output means a new bit stream generation means for extracting a bit stream from the output bit stream at intervals of a derived value to generate a new bit stream, and a linear feed-pack shift register configured to output the new bit stream
- a pseudo-random number generating means for generating a pseudo-random number based on the initial value from the reconstructed linear feedback shift register.
- the bit sequence obtained by sampling the bit sequence of the M sequence every s bits is obtained when the number of bits ((2 ⁇ ⁇ ) 1 1) for one cycle of the M sequence and the derived value s are disjoint. ⁇ system of linear feedback shift register with other configurations A column is formed, and the fact that a linear feed-pack shift register can be obtained from a bit sequence having a bit number of at least two cycles or more is used.
- an initial value of a linear feedback shift register having n shift registers and capable of outputting a bit string in which the number of bits for one cycle is ( 2 ⁇ ) 11 is set, From the initial value, the derived value that is relatively prime to the number of bits for one cycle of the linear feed-pack shift register is obtained from the initial value.
- the derived value is multiplied by a value that is twice or more the number of bits for one cycle of the linear feed-pack shift register, and the number of bits of the bit string output by the first linear feedback shift register is calculated.
- a bit sequence for the calculated number of bits is output from the linear feedback shift register based on the initial value, and a bit sequence is extracted from the output bit sequence at each derived value interval to generate a new bit sequence.
- the configuration of the linear feedback shift register is reconfigured to a configuration capable of outputting the new bit string, and pseudo random numbers are generated from the reconfigured linear feedback shift register based on the initial values.
- the configuration of the linear feedback shift register can be dynamically changed based on the initial value, and the bit stream of the ⁇ series can be output from the changed linear feedback shift register. Therefore, the reader cannot obtain the configuration of the linear feedback shift register before reconstruction based on the pseudo-random number output from the pseudo-random number generator, and cannot decrypt the initial value or the secret key. As a result, high encryption strength can be obtained, and confidentiality of information can be maintained.
- a second linear feedback shift having a configuration capable of outputting a new bit string instead of the linear feedback shift register reconfiguring means.
- a linear feedback shift register generating means for generating a register is provided, and the pseudorandom number generating means generates a pseudorandom number based on an initial value by a second linear feedback shift register.
- the linear feedback shift register can be divided into the first linear feed pack shift register and the second linear feed pack shift register, and the confidentiality can be further improved.
- a pseudo random number generator according to claim 7 has a selection random number bit string output unit that outputs a selection random number bit string having a predetermined number of bits based on a secret key, and has a larger number of bits than the selection random number bit string.
- Amplified random number bit string selecting means capable of selecting a corresponding amplified random number bit string from among: , And.
- a plurality of amplified random numbers in the random number table are output by outputting a selection random number bit string having a predetermined number of bits based on the secret key and referring to the random number table using the selection random number bit string. Since the corresponding amplified random number bit sequence is selected from the bit sequence and nonlinearly converted by the non-linear conversion means and output as a pseudo-random number, it has a larger number of bits based on the selection random number bit sequence having a small bit sequence. An amplified random number bit string can be obtained.
- the random number bit string input to the non-linear conversion means can have a larger number of bits.
- Speed can be increased.
- the invention according to claim 8 is the pseudorandom number generator according to claim 7, wherein the secret key is given to generate an amplified random number bit string based on the secret key and store the bit string in a random number table. And a random number table initial setting unit for performing an initial setting of the random number table.
- an amplified random number bit string is generated based on the secret key, stored in the random number table, and the initial setting of the random number table is performed. Can be changed. Therefore, the encryption strength can be increased.
- the invention according to claim 9 is the pseudo random number generator according to claim 7 or 8,
- a plurality of selection random number bit string output means are provided, a random number table is provided corresponding to each selection random number bit string output means, and an amplified random number bit string selection means is output from each selection random number bit string output stage.
- Each of the random number bit strings for selection is referred to the corresponding random number table using the selected random number bit string, and the corresponding amplified random number bit string is selected from each of the random number tables.
- the non-linear conversion is performed by a non-linear function using each wide random number bit string selected from each of the random number tables by the selection means, and the result is output as a pseudo random number.
- each of the selection random number bit string output means outputs the selection random number bit string, and each of the random number tables is referred to by using each of the selection random number bit strings.
- a pseudo random number is generated by performing a non-linear conversion by a non-linear function using each of the amplified random number bit strings, thereby improving the throughput of a portion that outputs a random number bit string which has conventionally been a bottleneck, and a pseudo random number generator. The overall throughput can be increased.
- a plurality of random number tables are provided for each of the selection random number bit string output means, respectively, And an exclusive OR operation processing means for performing an exclusive OR operation on each of the width random number bit strings selected from the above for each selection random number bit string output means and outputting the result to the non-linear conversion means.
- each width random number bit string selected from each random number table is subjected to exclusive OR operation for each selection random number bit string output means and then output to the non-linear conversion means, so that it is generated by the amplified random number bit string generation means. It is possible to increase the encryption strength as compared with the case where the random number bit string is used as it is.
- the invention according to claim 11 is the pseudo random number generator according to claim 9 or 10, characterized in that the pseudo random number generator includes a random number table exchange means for exchanging each random number table at a predetermined timing.
- the random number tables are exchanged at a predetermined timing, the random number table as a reference source can be changed. Therefore, fixed It is possible to increase the encryption strength as compared with the encrypted one.
- the invention according to claim 12 is the pseudo random number generator according to claim 11, wherein the random number table replacing means selects a random number bit string for selection necessary to refer to each random number table. Each time the random number bit string output means outputs, the random number tables are exchanged.
- the present invention shows one specific example of the predetermined timing described in the above-mentioned claim. According to this, each time the selection random number bit string output means outputs a selection random number bit string required to refer to each random number table, the random number tables are exchanged. Therefore, the random number table as the reference source can be changed in a short cycle, and the encryption strength can be further increased.
- the random number table replacing means includes a random number table replacing random number equal to the number of each random number table. It generates random number table replacement random numbers as a table number of the random number table and assigns it to each random number table, and switches the order of the random number table according to a preset rule based on the table number.
- the present invention shows a specific example of the random number table replacing means described above. According to this, a random number for replacing a random number table is generated, added to each random number table as a table number of a random number table, and the order of the random number table is changed based on the table number assigned.
- the order of the random number table can be changed easily and quickly, the throughput on the upstream side can be improved as compared with the non-linear conversion means, and the throughput of the non-linear conversion means can be approximated, and the throughput of the entire pseudo-random number generator can be reduced. Speed can be increased.
- the invention according to claim 14 is a pseudo-random number generation program for causing a computer to function as the following means, and outputs a random number bit string for selection having a predetermined number of bits based on a secret key.
- This is a program for functioning as non-linear conversion means for non-linearly converting the random number bit string selected by the selection means and the amplified random number bit string selection means by a non-linear function and outputting as a pseudo random number.
- a plurality of amplified random numbers in the random number table are output by outputting a selection random number bit string having a predetermined number of bits based on the secret key and referring to the random number table using the selection random number bit string. Since the corresponding amplified random number bit sequence is selected from the bit sequence and nonlinearly converted by the non-linear conversion means and output as a pseudo-random number, it has a larger number of bits based on the selection random number bit sequence having a small bit sequence. An amplified random number bit string can be obtained.
- the random number bit string input to the non-linear conversion means can have a larger number of bits.
- a secret key is given to generate an amplified random number bit string based on the secret key, and the sequence is stored in a random number table.
- the computer is caused to function as random number table initial setting means for performing initial setting of the random number table.
- an amplified random number bit string is generated based on the secret key, stored in the random number table, and the initial setting of the random number table is performed. Can be changed. Therefore, the encryption strength can be increased.
- the invention according to claim 16 is the pseudo random number generation program according to claim 14 or 15, wherein a plurality of selection random number bit string output means are provided, and the random number table is selected from each selection random number bit string output means.
- the amplification random number bit string selecting means uses the random number bit strings output from the selection random number bit string output means to output the random number corresponding to each selection random number bit string output means.
- Each non-linear conversion means refers to each table and selects a corresponding amplified random number bit string from each random number table. It is characterized in that nonlinear conversion is performed by a nonlinear function using each amplified random number bit string selected from the table and output as a pseudo random number.
- each of the selection random number bit string output means outputs the selection random number bit string, and each of the random number tables is referred to by using each of the selection random number bit strings.
- a pseudo random number is generated by using each amplified random number bit sequence and performing a non-linear transformation using a non-linear function, thereby outputting a random number bit sequence upstream of the non-linear conversion means which has conventionally been a bottleneck.
- the throughput of the pseudo-random number generator can be increased, and the throughput of the pseudo-random number generator can be increased.
- a plurality of random number tables are provided for each of the selection random number bit string output means, and each random number bit is selected by the amplified random number bit string selection means.
- the computer is made to function as exclusive-OR operation processing means for performing exclusive-OR operation on each amplified random number bit string selected from the table for each selection random number bit string output means and outputting the result to the nonlinear conversion means.
- each amplified random number bit string selected from each random number table is subjected to exclusive OR operation for each selection random number bit string output means and then output to the non-linear conversion means, so that it is generated by the amplified random number bit string generation means. It is possible to increase the encryption strength as compared with the case where the random number bit string is used as it is.
- the invention according to claim 18 is the pseudorandom number generation program according to claim 16 or 17, wherein the computer is caused to function as a random number table exchange means for exchanging the random number tables at a predetermined timing. It is characterized by. According to the present invention, the random number tables are replaced with each other at a predetermined timing, so that the random number table serving as a reference source can be changed. Therefore, the encryption strength can be increased as compared with the fixed one.
- the random number table exchange means selects a random number bit string for selection necessary for referring to each random number table.
- the bit string output means outputs, the random number tables are exchanged.
- the present invention shows one specific example of the predetermined timing described in the above-mentioned claim. According to this, each time the selection random number bit string output means outputs a selection random number bit string required to refer to each random number table, the random number tables are exchanged. Therefore, the random number table as the reference source can be changed in a short cycle, and the encryption strength can be further increased.
- the invention according to claim 20 is the pseudorandom number generation program according to claim 18 or claim 19, wherein the random number table replacing means includes a random number table replacing random number equal to the number of each random number table.
- the method is characterized in that a random number for replacing the random number table is assigned to each random number table as a table number of the random number table, and the order of the random number table is changed based on the table number according to a preset rule.
- the present invention shows a specific example of the above random number table replacing means. According to this, a random number for replacing a random number table is generated, added to each random number table as a table number of a random number table, and the order of the random number table is changed based on the table number assigned. Therefore, the order of the random number table can be changed easily and quickly, the throughput on the upstream side can be improved more than the non-linear conversion means, and the throughput of the non-linear conversion means can be approximated, and the throughput of the entire pseudo-random number generator can be increased. Can be
- FIG. 1 is a diagram illustrating a pseudo random number generator 1 according to the present embodiment.
- a non-linear compiler type pseudo random number generator 1 will be described as an example.
- the pseudo random number generator 1 includes an initial value setting unit (not shown) for setting an initial value based on a secret key given by a user, and a pseudo random number based on the initial value received from the initial value setting unit. And a plurality of pseudo-random number generators 10 for generating the pseudo-random numbers, and non-linear transformations respectively connected to the output sides of the plurality of pseudo-random number generators 10 for nonlinearly converting the pseudo-random numbers output from the respective pseudo-random number generators 10 It has a part 20.
- the initial value setting unit converts the secret key given by the user into a bit string, A process of dividing the number into the number of generators 10 and generating initial values to be assigned to the linear feedpack shift registers 11 of the pseudorandom number generator 10 described later is performed.
- the pseudo random number generation unit 10 has L elements arranged in parallel with each other, and each has a linear feedpack shift register 11 and a linear feedpack shift register reconstructing means 12.
- the linear feedback shift register 11 has n shift registers capable of storing 1-bit information and an exclusive OR operation circuit, as in the case of the prior art.
- the number of bits of one period (2 ⁇ ⁇ ) - 1 or the bits ⁇ IJ is previously set to the output possible a so-called M-sequence.
- FIG. 2 illustrates an initial polynomial of linear feedback shift register 11 in the present embodiment.
- Initial polynomial is a characteristic polynomial that is pre-configured to output the M-sequence, (that represents the " ⁇ " in FIG. 2)
- exponent 1 Attribute indicates the number of shift registers, two items The subsequent exponents indicate the connection positions connected to the exclusive OR operation circuit.
- the first-stage linear feedback shift register ll (LFSR 1) has 13 1 shift registers, and the eighth, third, and second shift registers are exclusive-ORed by feedback taps. It is connected to.
- the number n of shift registers is set to a prime number.
- the linear feedback shift register 11 outputs 2 ms bit strings, and extracts the bit strings at intervals of the derived value s from the 2 ms bit strings to generate a new bit string. Then, the configuration of the linear feedback shift register 11 is changed by the Burleigh Camp Massey algorithm using the new bit string.
- the case where the number of bits of the bit string output from the linear feedback shift register 11 is 2 ms is described as an example, but if the number of bits of the new bit string is 2 m or more, Since the minimum equivalent linear feedback shift register can be obtained, it is sufficient that the number is 2 ms or more.
- the Burleigh camping algorithm is to obtain a bit string with more than twice the number of shift registers n (linear complexity) of the linear feedback shift register 11 and output that bit string. It is an algorithm that can obtain the smallest possible linear feedback shift register.
- the Burleigh Camp Massey algorithm is described in detail in, for example, Reference 1, “Introduction to Cryptography Theory (2nd Edition)”, Kyoritsu Shuppansha, Eiji Okamoto, published on April 10, 2002.
- an initial value is set by the initial value setting unit (step S1).
- the initial value is set by dividing the secret key given by the user by a predetermined calculation process.
- the initial value is set as follows.
- the initial value is to divide the secret key “ABCDEFGHI JKLMN ⁇ P” into two characters “AB”, “CD”, ⁇ , “OP” ', and fill the remaining shift registers with embedded characters (P adding).
- the above initial value setting method is one of the embodiments, and may be set by another method.
- each initial value is input to each pseudo random number generation unit 10 and set in the shift register of the linear feed pack shift register 11.
- step S2 to S6 a process for reconfiguring the configuration of the linear feedback shift register 11 is performed by the linear feedback shift register reconfiguring means 12 (steps S2 to S6).
- a derived value s which is relatively prime to the number m of bits for one cycle of the linear feedback shift register 11 is calculated from an initial value by a predetermined arithmetic processing (step S 2).
- a hash function such as MD5 (Message Digest 5) is applied to the initial value to obtain a hash value, and a prime number that is closest to the hash value is employed. Therefore, the degree of difficulty in estimating the derived value can be increased, and higher confidentiality can be obtained.
- the derived value s may be obtained from the initial value and may be relatively prime to the number of bits m, and is not limited to the value obtained by the above calculation method.
- the predetermined arithmetic processing must be an arithmetic processing that can satisfy one-wayness.
- step S3 the number of bits 2ms of the bit string output from the linear feedback shift register 11 is calculated (step S3).
- bit string having a bit number of 2 ms is output from the linear feedback shift register 11 based on the initial value (step S4), and a new bit string is generated from the bit string (step S5).
- the new bit string is composed of bit strings extracted from the 2 ms bit string at intervals of the derived value s , and the number of bits is 2 m.
- bit system IJ in which the output sequence is sampled every s bits of the bit sequence of the M sequence has another configuration if the number of bits m in one cycle of the M sequence and the derived value s are relatively prime. Since this is an M-sequence of a linear feedback shift register, this new bit system is also an M-sequence.
- the configuration of the linear feedback shift register 11 is reconfigured based on the new bit sequence (step S6).
- the reconstruction of the linear feedback shift register 11 is performed using the Burleigh Camp Massey algorithm. According to the Burleigh Camp Massey algorithm, if there is a bit string having a bit number of at least two cycles or more, an equivalent and smallest linear feedback shift register capable of outputting such a bit string can be obtained.
- the characteristic polynomial of the linear feedback shift register is derived from the new bit string having a number, and reconstruction is performed.
- the linear feedback shift register 11 after reconstruction has the same order and characteristic polynomial of a different connection as before reconstruction, and can output a different M-sequence than before reconstruction when given the same initial value. Having a configuration.
- a pseudo random number is generated from the reconstructed linear feedback shift register 11 based on the initial value. Is performed (step S7). As a result, a pseudo-random number of an M sequence different from that before the reconstruction is generated from the pseudo-random number generation unit 10.
- the pseudo-random numbers output from the pseudo-random number generation units 10 are input to the non-linear conversion unit 20, and the non-linear conversion unit 20 performs the non-linear conversion based on a predetermined non-linear function f (x). (Step S8).
- the pseudorandom number can be given a non-linear property, and the encryption strength can be further improved.
- the configuration of the linear feedback shift register 11 can be easily and dynamically changed based on the initial value, and the M sequence can be output even after the change. Can be. Therefore, the reader cannot obtain the configuration of the linear feedback shift register before the reconstruction.
- the existing cryptanalysis method that has been established based on the premise that the configuration of the linear feedback shift register is known is not established. Therefore, high signal strength can be obtained, and confidentiality of information can be maintained.
- the non-linear compiler type pseudo-random number generator 1 has been described as an example.
- the present invention is not limited to the non-linear compiler type pseudo-random number generator 1 and may be a pseudo-random number generator using a linear feed-pack shift register.
- it may be used for a pseudo-random number generator used in a block type encryption method.
- step S6 instead of reconfiguring the configuration of the linear feedback shift register 11 based on the new bit sequence, a second linear feedback shift register having a configuration capable of outputting the new bit sequence is generated.
- step S7 a pseudorandom number may be generated based on the initial value by the second linear feedpack shift register.
- the linear feedpack shift register can be divided into two, and the confidentiality can be further improved.
- the pseudo-random number generator 1 according to the first embodiment may be configured by any of software and hardware.
- FIG. 4 is an explanatory diagram schematically showing functions of the pseudorandom number generator 1 in the second embodiment.
- the pseudo random number generator 1 according to the present embodiment is a non-linear compiler type pseudo random number generator 1 realized by executing a pseudo random number generation program on computer hardware.
- the pseudo random number generator 1 includes a random number bit string output unit 50, a random number bit string amplification unit 60, and a non-linear conversion unit 80.
- the random number bit string output section 50 includes ⁇ selection random number bit string output means 51.
- the selection random number bit string output means 51 to 51 ⁇ continuously outputs a selection random number bit string having N i bits based on an L k bit secret key K given by a user, For example, it is composed of a linear feedback shift register.
- the random number bit string amplifying section 60 is configured to output an N o -bit amplified random number bit string having a bit number larger than N i bits by giving a N i -bit selection random number bit string.
- a table section 61 and exclusive OR operation processing means 63 are provided.
- the random number table section 61 is composed of ⁇ (hereinafter simply referred to as “a j3”) random number tables 62 storing (28 N i) random number bit strings. Then, as shown in FIG. 4, three (plural) random number tables 62 are provided corresponding to the respective random number bit string output means 51 for selection.
- FIG. 5 is a schematic diagram illustrating the configuration of one random number table. Each random number table 6 2 urchin by that shown in FIG.
- the index It has a bit string storage section Ro provided in one-to-one correspondence with the number and capable of storing the above-mentioned amplified random number bit string.
- the selection random number bit string output from the output unit is selected as an argument, and the index number of the corresponding index part R i is selected, and the index number corresponding to the index number is selected. It is configured such that an amplified random number bit string of No bits can be selected from the random number bit string storage unit Ro.
- the exclusive-OR operation processing means 63 performs exclusive-OR operation on the ⁇ amplified random number bit strings extracted by referring to the random number table 6 Sie 2 ⁇ to each of the selection random number bit string output means 51. Arithmetic processing is performed, and the amplified random number bit string is output to the non-linear converter 80. As a result, instead of outputting the amplified random number bit string read from the random number tables 62 to 62 ⁇ to the nonlinear conversion section 80 as it is, the encryption strength is prevented from being dependent on the amplified random number bit string itself, and the encryption strength is prevented. Is further improved.
- FIG. 6 is a conceptual diagram illustrating each component included in the random number bit string amplifying unit 60. As shown in FIG.
- the random number bit string amplifying section 60 includes an amplified random number bit string selecting means 64 as its internal mechanism. ⁇ random number bit string selection hand stage 6 4, each selection random number bit string output section 5 1 - 5 1 reference each random number table 6 2-6 2 respectively for selection random number bit string outputted from the ⁇ as an argument, the argument It is configured to select an amplified random number bit string from the bit string storage section Ro corresponding to an index number having a value equal to.
- the random number bit string width section 60 is set in the random number table section 61 by the random number table initial setting section 65 for initializing the random number table section 61 and the random number table initial setting section 65.
- An amplified random number bit string generating means 66 for generating an amplified random number bit string is provided.
- the random number table initial setting means 65 divides the random number bit string generated by the amplified random number bit string generating means 66 into N o bits, and stores all the random number bit string storage sections R o in each of the random number tables 6 2 6 2 ⁇ 0.
- the random number table 6 2 corresponding to the first selection random number bit string output means 51 is used for the a-th selection random number bit string output means 5 1 ⁇ . It is configured to store up to the corresponding random number table 62 in order. '
- the amplified random number bit string generating means 66 outputs a random number bit string based on the secret key ⁇ .
- RC 4 S yppetric Streap Cipher made by RSAD ata Security Inc.
- any other device primarily a stream-type cipher that can output a pseudo-random bit sequence at high speed, such as a normal linear feed-pack shift register, may be used.
- the random number bit string ⁇ 6 0 a random number table interchanged example means 6 7 for performing processing to switch the order of the random number table 6 2 ⁇ 6 2 alpha at a predetermined timing, the random number table swap
- the means 67 is provided with a random number generating means 68 for changing the order of the random number table.
- the random number table replacement means 67 is generated by the replacement random number generation means 68.
- the assigned random numbers for replacement are sequentially assigned to the random number tables 6 2 i to 6 2 ⁇ 0 in the order in which they were generated as table numbers of the random number table, and the random number table of the random number table is determined based on the assigned random numbers.
- the order is changed, and the order of the amplified random number bit string in the random number table section 61 is changed in table units.
- the replacement random number generation means 68 performs a process of generating a random number table replacement random number based on an arbitrary secret key ⁇ 0.
- the random number bit string output unit 50 outputs ⁇ random numbers having ⁇ i bits. Each time a random number bit string for selection is input, [ ⁇ ] 3 replacement random numbers are generated.
- a value obtained by extracting L k bits from the amplified random number bit string output from the amplified random number bit string generating means 66 given the secret key ⁇ is used as the arbitrary secret key # 0.
- the present invention is not limited to this. For example, it may be generated by other means or may be separately input by the user.
- the non-linear converter 80 has a first-order uncorrelated non-linear function f (x) with ⁇ input and 1 output, and nonlinearly converts the ⁇ amplified random bit streams output from the random bit stream amplifier 60. Then, it is configured to output one random number bit string having ⁇ bits as a pseudo-random number ⁇ .
- the secret key ⁇ is selected from 128 bits, 256 bits, 512 bits, and 104 bits, and the number of random number bit string output means 51 for selection and the The number of random number tables corresponding to the random number bit string output means 51 and the number of bits N i of the random number bit string for selection are selected within a range that a value multiplied by each other is equal to the number of bits L k of the secret key K. Is done.
- FIG. 7 is a flowchart for explaining a pseudo random number generating method according to the present embodiment.
- the random number bit string output unit 50 uses the secret key K to select the random number bit string output unit 5.
- An initial value of 1 is set (step S12).
- the random number bit string output means 51 for selection is constituted by a linear feed-pack shift register, the initial value stored in each shift register is set based on the secret key K.
- the random number table initial setting means 65 then initializes the random number table section 61 (step S13).
- the secret key K is given to the wide random number bit string generating means 66, and a random number bit string is generated at high speed.
- the random number bit string generated by the amplified random number bit string generating means 24 is divided for each No bit by the random number table initial setting means 65, and each random number table 6 2 2 ⁇ 0 is obtained as an amplified random number bit string. Are sequentially stored in all random number bit string storage units R ⁇ . Thus, the initial setting of the random number table section 61 is performed in advance by giving the secret key ⁇ .
- the apparatus enters a standby state. Then, triggered by the input to the plaintext encryption device (see the related art), the amplification of the random number bit string is started (steps S14 to S16).
- the selection random number bit string output means 51 outputs i3 selection random number bit strings each having N i bits, which is the number of the random number table, and stores them in the random number bit string amplification unit 60 ( Step S14).
- Step S 1 5 perform the order switching process of the random number table 6 2 ⁇ 6 2 alpha 3 by the random number table sequentially interchanging means 2 6 (Step S 1 5).
- Step S 1 5 perform the order switching process of the random number table 6 2 ⁇ 6 2 alpha 3 by the random number table sequentially interchanging means 2 6 (Step S 1 5).
- Step S 1 5 perform the order switching process of the random number table 6 2 ⁇ 6 2 alpha 3 by the random number table sequentially interchanging means 2 6 (Step S 1 5).
- a number of replacement random number by replacement for random number generation means 6 8 as the table number for order in replacement of the random number table, to impart to the random number table 6 2 ⁇ 6 2 ⁇ ⁇ .
- These table numbers are sequentially given from the random number table 62 i in the order of occurrence.
- table numbers from 1 to ⁇ ] 3 are assigned to the random number tables 62 to 62 in no particular order. Then, a process of replacing the order of the wide random number bit string in the random number table unit 61 in each random number table is performed based on the assigned table number.
- the amplified random number bit strings stored in the random number bit string storage section R o of the random number table ′ section 61 are replaced in units of each random number table according to a preset rule such as ascending order or descending order.
- the amplified random number bit string selecting means 6 4 When the order interchanged processing of the random number table 6 2 E to 6 2 alpha beta is completed, the amplified random number bit string selecting means 6 4, amplification answer from the random number table 6 within S i S 2 alpha An amplified random number bit string selection process of selecting a random number bit string is performed (step S16). Amplifying the random number bit string selecting means 6 4, using the respective selection ⁇ random number bit string stored in the random number bit ⁇ section 2 0, corresponding random number table 6 2 i ⁇ 6 2 ⁇ ⁇ were referenced respectively, the random number Table 6 Select the corresponding amplified random number bit string from SS2.
- the exclusive OR operation processing means 63 When the selection process of the amplified random number bit string is completed, the exclusive OR operation processing means 63 then performs an exclusive OR operation process (step S 17).
- the exclusive OR operation processing means 63 performs an exclusive OR operation on each of the selection random number bit string output means 51 on the ⁇ jS amplified random number bit strings read from each random number table 6 SS 2 ⁇ 0. . As a result, ⁇ new amplified random number bit strings having No bits are generated.
- the non-linear conversion unit 80 non-linearly converts the ⁇ -bit amplified random number bit sequence of No bits based on a preset non-linear function, and outputs one random bit sequence having ⁇ ⁇ bits as a pseudo-random number. .
- the pseudo-random number is output from the non-linear converter 80, the process returns to step S14 again, and the processes from step S14 to step S18 are repeated. Then, pseudorandom numbers are generated as needed to convert plaintext to ciphertext.
- the pseudorandom number generator 1 by referring to the random number table based on the N i -bit selection random number bit string output by the selection random number bit string output means 51, N having a bit number larger than N i bits An o-bit amplified random number bit string can be supplied to the nonlinear conversion unit 80. Therefore, it is possible to improve the throughput on the upstream side of the nonlinear conversion unit 80 which has conventionally been a bottleneck, and to approach the throughput of the nonlinear conversion unit 80. Therefore, the overall throughput of the pseudo random number generator 1 can be increased.
- the pseudo-random number generator 1 refers to a plurality (j3) of random number tables using the random number bit string output from the one selection random number bit string output means 51 and selects from each random number sample. A process of performing an exclusive OR operation on the random number bit string is performed. Therefore, unlike the case where the amplified random number bit string read from the random number table 61 is directly output to the non-linear converter 80, the encryption strength is prevented from being dependent on the amplified random number bit string generation means 66 itself, and the encryption strength is further improved. Let me.
- FIG. 8 is a conceptual diagram schematically showing the pseudo random number generator 1 of the present embodiment
- FIG. 9 is a conceptual diagram schematically showing the random number table section 61.
- each set value (parameter) is set as follows will be described as an example.
- each selection random number bit string output means 51 reconfigures the linear feedback shift register 53 based on a secret key ⁇ ⁇ given by the user, and outputs the linear feedback shift register after the reconfiguration. 5 3 ′ It is configured to output a sequence of data.
- the selection random number bit string output means 51 has an initial value setting means 12, a linear feedback shift register 53, and a linear feedback shift register reconstructing means 14.
- the initial value setting means 12 sets an initial value based on a secret key K given by a user, converts the secret key K into a bit string, and sets the initial value in the shift register of the linear feedback shift register 53 as an initial value. It is configured to be assigned to.
- the initial value setting means 12 uses RC4 S y p pt r i c S t r e a p C i p h e r (manufactured by RSA Da t a S e c u r t y I n c.), And is shared with the amplified random number bit string generating means 66.
- the linear feedpack shift register 53 has n shift registers capable of storing 1-bit information and an exclusive OR operation circuit, as described in the background art. Then, in the present embodiment, a bit string in which the number of bits m for one cycle is (2 ⁇ n) -1 is set in advance to a configuration capable of outputting a so-called ⁇ sequence.
- FIG. 11 illustrates an initial polynomial of the linear feedback shift register 53 in the present embodiment.
- the initial polynomial is a characteristic polynomial that is set in advance so as to output a ⁇ sequence.
- the exponent of one item indicates the number of shift registers, and the exponent of the second and subsequent items is connected to an exclusive OR circuit. Indicates the connection position.
- the first-stage linear feedback shift register (LFSR1) 53 has 129 shift registers, and the 80th, 8th, and 1st shift registers are connected to the exclusive OR operation circuit by feedback taps. It indicates that In the present embodiment, the number ⁇ of shift registers is set to all prime numbers.
- the linear feedback shift register reconfiguring means 14 reconfigures the linear feedback shift register 53 by dynamically changing the configuration of the linear feedback shift register 53 using the secret key ⁇ .
- It is an M-sequence of a linear feedback shift register having the following characteristics.Also it is possible to output the bit sequence from the bit sequence having the number of bits of at least two cycles or more by the Parley-Jump Massey algorithm.
- the linear feed-pack shift register 53 is reconfigured by utilizing the fact that the characteristic polynomial of the register can be obtained.
- the linear feedback shift register reconstructing means 14 calculates a derived value s from the initial value given by the initial value setting means 12, and calculates the derived value s and a bit for one cycle of the linear feedback shift register 53.
- a 2 ms bit string is output from the linear feedback shift register 53, and a bit string is extracted from the 2 ms bit string at every interval of the derived value s to generate a new bit string. Then, using the new bit string, the configuration of the linear feedback shift register 53 is changed by the Burleigh Camp Massey algorithm.
- the Burleigh-Camp Massey algorithm is a linear feedback shift register 53. By obtaining a bit string that has twice or more the number of shift registers n (linear complexity) of 53, the bit string can be output. This is an algorithm that can obtain the equivalent minimum linear feedback shift register. For details on the Burleigh Camp Massey algorithm, see, for example, Reference 1 “Introduction to No.1 Theory (2nd Edition)”, Kyoritsu Shuppansha, Eiji Okamoto, published on April 10, 2002, I have.
- FIG. 12 is a flowchart for explaining the reconfiguration processing of the linear feedback shift register 53.
- an initial value is set by the initial value setting means 12 (step S41).
- the initial value is set based on the L k-bit secret key K given by the user.
- the initial value setting means 1 and 2 the initial value is When set, its initial value is set in the shift register of the linear feedpack shift register 53.
- a derived value s which is relatively prime to the number of bits m for one cycle of the linear feed-pack shift register 53 is calculated from the initial value by a predetermined arithmetic processing (step S42).
- a hash function such as MD5 (Message Digest 5) is applied to the initial value to obtain a hash value, and the prime number closest to the hash value is used.
- the derived value s may be obtained from the initial value and may be mutually prime with the number of bits m, and is not limited to that obtained by the above calculation method.
- MD5 Message Digest 5
- the predetermined arithmetic processing must be an arithmetic processing capable of satisfying one-wayness.
- the number of bits of the bit string to be output from the linear feedback shift register 53 is calculated as 2 ms (step S43).
- bit string having 2 ms bits is output from the linear feedback shift register 53 based on the initial value (step S44), and a new bit string is generated from the bit string (step S45).
- the new bit string is composed of bit strings extracted at intervals of the derived value s from 2 ms bit strings, and the number of bits is 2 m.
- bit sequence obtained by sampling the bit sequence of the M sequence every s bits is a linear feedback having another configuration if the number of bits m for one cycle of the M sequence and the derived value s are relatively prime. Since the shift register becomes an M sequence, this new bit sequence also becomes an M sequence.
- the configuration of the linear feed-pack shift register 53 is reconfigured based on the new bit string (step S46).
- the reconstruction of the linear feedback shift register 53 is performed using the Parlay Camp Massey algorithm. According to the burst camping algorithm, if there is a bit string having a bit number of at least two cycles or more, an equivalent minimum linear filter capable of outputting such a bit string is provided. Since the feedback shift register 53 can be obtained, a new characteristic polynomial of the linear feedback shift register 53 is derived from a new bit string having 2 m bits, and reconstruction is performed.
- the linear feedpack shift register 5 3 ′ after reconstruction has the same order and different connection characteristic polynomials as those before reconstruction, and when given the same initial value, gives an M-sequence different from that before reconstruction. It has a configuration that can output.
- Step S47 a process of generating a random number bit sequence from the reconfigured linear feedback shift register 53 'based on the initial value is performed.
- the random number bit string output unit 50 outputs an M sequence random number bit string different from that before the reconstruction.
- step S46 instead of reconfiguring the configuration of the linear feedback shift register 53 based on the new bit sequence, a second linear feedback shift register having a configuration capable of outputting the new bit sequence is generated.
- step S47 a random number bit string may be generated based on the initial value by the second linear feedback shift register. According to this, the linear feedback shift register 53 can be divided into two, and confidentiality can be further improved.
- the selection random number bit string output means 51 can easily and dynamically change the configuration of the linear feedback shift register 53 based on the initial value, and can output an M sequence even after the change. Therefore, the attacker cannot obtain the configuration of the linear feedback shift register 53 before the reconfiguration. As a result, the existing cryptanalysis method that has been conventionally established based on the premise that the configuration of the linear feedback shift register 53 is known no longer holds. Therefore, high encryption strength can be obtained, and confidentiality of information can be maintained.
- FIG. 10 is a flowchart for explaining a pseudorandom number generation method in the present embodiment.
- the initial value of the linear feedback shift register 53 before configuration is set (step S21).
- the linear feedpack shift register 53 is reconfigured based on the initial value (step S22), and the initial value is set in the reconfigured linear feedpack shift register 53 '(step S22). twenty three ) .
- This initial value is set for all the random number bit string output means 11 i to l 18 .
- the random number bit string amplifying unit 60 performs an initial setting of the random number table unit 61 (step S24).
- the secret key K is given to the amplified random number bit string generation means 66, and a process of generating a random number bit string is performed at high speed.
- the amplified random number bit string generation means 6 6 and the random number bit string output means 51 for selection are shared with the initial value setting means 12 of the random number bit output means 51.Therefore, the random number set output as the initial value of the linear feedback shift register 53 is not output separately. Use the columns as they are.
- step S21 to S24 When the above initial value setting step is completed (steps S21 to S24), the apparatus enters a standby state. Then, the process shifts to a process of generating a pseudo random number (steps S25 to S27), triggered by an input to a plaintext encryption device (see the related art).
- a process of outputting a selection random number bit string to each of the selection random number bit string output means 51 to 18 and storing the same in the buffer of the random number bit string amplification unit 60 is performed.
- the selection random number bit string output means 51 1 to 5 18 output an 8-bit selection random number bit string, respectively (step S 27), and the number is output to each selection random number bit string output means 1.
- step S 2 In Y es
- 16 replacement random numbers are generated by the replacement random number generating means 68 based on the secret key KO (step S28), and the order of the random number table is switched (step S29).
- the replacement of the order of the random number table 62I ⁇ 62 16 on the basis of the granted table number.
- a process of changing the table numbers in descending order so that the table numbers are arranged in the order of No. 1 to No. 16 is performed on the random number bit string output means for selection 51 to 1 n .
- the order of the amplified random number bit string in the random number table section 61 is randomly changed in units of random number tapes.
- step S 30 ⁇ S 32 the process of selecting the amplified random bit sequence corresponding from each random number table 6 Si S 2 within 16 is performed (step S 30 ⁇ S 32).
- the random number table 62 is referenced using the first selection random number bit string output from the selection random number bit string 11 and stored in the buffer as an argument (step S32). Then, an index number having a value equal to the argument is selected, and an amplified random number bit string stored in the random number bit string storage Ro corresponding to the index number is selected.
- the selection random number bit string output from the selection random number bit string output means 51 and stored in the buffer as corresponding to the random number table 62i is “000000 11”, this is regarded as an 8-digit binary number, and a decimal number To get the argument "3”.
- the random number table 62 is referred to, and the amplified random number bit string “0101 10101101 1101 10” stored in the random number bit string storage Ro having the index number R 0 of “3” is selected.
- step S 31 When each selecting amplified random bit sequence from the random number table 62 i and the random number table 62 2 (Ye s in step S 31), performs an XOR operation processing of these two amplifying random number bit string (step S 33), Generate one new amplified random number bit string with 16 bits.
- step S 30 the same processing is performed for each of the random number tables 62 3 to 62 16 (Yes in step S 30).
- the new amplified random number bit string is output to the non-linear conversion unit 80, and the non-linear conversion is performed. Move to the stage.
- the nonlinear conversion is performed by the nonlinear function f (x) (step S34). Get one random bit string with 16 bits. Then, the necessary number of pseudo-random numbers is obtained by repeatedly executing the processing of steps S25 to S34.
- the computer used for the experiment was CPU: Pentiun (registered trademark) 4 (1.7 GHz), memory: 256 MB. Each set value is the same as in the above-described embodiment.
- the experiment was performed with the secret key K 0 used in the replacement random bit string generation means 28 being fixed to the following in hexadecimal notation.
- FIG. 13 is a table showing the measurement results of the throughput.
- the conventional type in the table is a conventional non-linear compiler-type pseudo random number generator as shown in FIG. 17 constructed using eight linear feed-pack shift registers 53 and a non-linear conversion section 80. Is shown.
- the average throughput of the pseudorandom number generator 1 was improved from the average throughput of the linear feedpack shift register 53 itself to the average throughput of the nonlinear conversion unit 80.
- it can be seen that it is approximately 170 times that of the conventional type (116.4 Mbps / sec800.680 Mbps / sec 171.176 . Therefore, it can be seen from the throughput measurement results that the use of the random number table 62 is effective in increasing the speed of the pseudo random number generator 1.
- the throughput of the pseudo-random number generator 1 in the present embodiment is represented by the following equation (1). [Formula]
- T 1 indicates the average throughput of one linear feedback shift register 53
- T 2 indicates the average throughput of RC 4 (amplified random number bit string generation means 66).
- T3 indicates the average throughput of the random number table exchange processing by the random number table exchange means 67
- ⁇ 4 indicates the average throughput of one random number table 62.
- ⁇ 5 indicates the average throughput of the nonlinear conversion unit 80.
- NIST pseudorandom number test tool
- N 1 ST is a tool for testing randomness of data output from physical random numbers and pseudo-random number generators, and is a statistical package consisting of 16 tests. NIST is described in detail at http: crs nist.gov/rug.
- Figure 14 is a table showing the NIST parameters used in this test. If the p-value output by performing various tests satisfies 0 ⁇ p-value ⁇ 1, it is considered that the test item passed. When the pseudo-random numbers of the pseudo-random number generator 1 according to the present example were tested, it was confirmed that all the test items passed.
- Fig. 15 shows the NIST test results from this experiment.
- the linear feedback shift register can be obtained from the bit string having the above number of bits, the configuration of the linear feedback shift register can be dynamically changed based on the initial value. M from feedback shift register A sequence bit string can be output.
- the reader cannot obtain the configuration of the linear feedback shift register before reconstruction based on the pseudo-random number output from the pseudo-random number generator, and cannot decrypt the initial value or the secret key.
- a high encryption strength can be obtained, and confidentiality of information can be maintained.
- a random number bit string for selection having a predetermined number of bits is output based on a secret key, and the random number table is referred to using the random number bit string for selection. Since the corresponding random width bit string is selected from a plurality of amplified random number bit strings and nonlinearly converted by the non-linear conversion means and output as a pseudo-random number, a larger number of bits is provided based on the selection random number bit string having a small bit string. An amplified random number bit string can be obtained.
- the random number bit string input to the non-linear conversion means can have a larger number of bits.
- Speed can be increased.
- FIG. 3 is a diagram illustrating a pseudo random number generator according to the present embodiment.
- 5 is a flowchart illustrating an operation of the pseudo random number generator according to the present embodiment.
- FIG. 4 is an explanatory diagram of a random number table part.
- FIG. 6 It is a conceptual diagram explaining each component comprised in a random number bit string amplification part.
- FIG. 5 is a flowchart illustrating a pseudo random number generation method according to the present embodiment.
- FIG. 7 is a flowchart for explaining the reconstruction process of the linear feedback shift register.
- FIG. 3 is a diagram illustrating a conventional sequential encryption method.
- FIG. 3 is a diagram illustrating a pseudo random number generator of the encryption device.
- FIG. 3 is a diagram simply illustrating a configuration of a general linear feedback shift register.
- Linear feedback shift register reconstructing means Nonlinear converter
- Linear feedback shift register reconstruction means Random number bit string amplifying unit
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computational Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Nonlinear Science (AREA)
- Tests Of Electronic Circuits (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/530,574 US20060039558A1 (en) | 2002-10-07 | 2003-07-10 | Pseudo-random number generation method and pseudo-random number generator |
AU2003252595A AU2003252595A1 (en) | 2002-10-07 | 2003-07-10 | Pseudo-random number generation method and pseudo-random number generator |
JP2004541207A JP4052480B2 (ja) | 2002-10-07 | 2003-07-10 | 疑似乱数発生方法、疑似乱数発生器、及び疑似乱数発生プログラム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2002294184 | 2002-10-07 | ||
JP2002-294184 | 2002-10-07 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004032098A1 true WO2004032098A1 (ja) | 2004-04-15 |
Family
ID=32064030
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2003/008794 WO2004032098A1 (ja) | 2002-10-07 | 2003-07-10 | 疑似乱数発生方法及び疑似乱数発生器 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20060039558A1 (ja) |
JP (1) | JP4052480B2 (ja) |
CN (1) | CN1714377A (ja) |
AU (1) | AU2003252595A1 (ja) |
WO (1) | WO2004032098A1 (ja) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100454236C (zh) * | 2004-05-13 | 2009-01-21 | 华为技术有限公司 | 随机数发生装置和软件测试的系统及方法 |
US7587046B2 (en) * | 2004-11-10 | 2009-09-08 | Electronics And Telecommunications Research Institute | Method and apparatus for generating keystream |
JP2009273054A (ja) * | 2008-05-09 | 2009-11-19 | Mitsubishi Electric Corp | 暗号化通信システム |
JP2010181789A (ja) * | 2009-02-09 | 2010-08-19 | Mitsubishi Electric Corp | 情報処理装置及び情報処理方法及びプログラム |
CN101040306B (zh) * | 2005-09-09 | 2012-01-04 | 三菱电机株式会社 | 伪随机数生成装置 |
WO2016194382A1 (ja) * | 2015-06-04 | 2016-12-08 | 典平 露崎 | 放射性同位元素の自然崩壊を利用した唯一性を実現する装置 |
JP2017005697A (ja) * | 2015-06-04 | 2017-01-05 | 典平 露崎 | 放射性同位元素の自然崩壊を利用した唯一性を実現する装置 |
JP2019518397A (ja) * | 2016-06-06 | 2019-06-27 | アジャイルピーキュー, インコーポレイテッド | データ変換システムおよび方法 |
Families Citing this family (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101032592B1 (ko) * | 2006-07-21 | 2011-05-06 | 호쿠리쿠 니혼 덴키 소프트웨어 가부시키가이샤 | 암호 장치, 기록 매체, 및 방법 |
KR100766081B1 (ko) | 2006-08-30 | 2007-10-12 | 삼성전자주식회사 | 영상신호처리장치 및 그의 영상신호처리방법 |
KR101070628B1 (ko) * | 2007-05-21 | 2011-10-07 | 삼성전자주식회사 | 영상처리장치 및 그 제어방법 |
KR100931507B1 (ko) * | 2007-12-11 | 2009-12-11 | 한국전자통신연구원 | Rfid 시스템에서 대칭키 암호화 기반 통신 데이터 보호방법과 이를 수행하기 위한 리더 및 태그 |
KR101685173B1 (ko) * | 2009-07-13 | 2016-12-12 | 주식회사 팬택 | 무선통신 시스템에서의 시퀀스 생성 방법 및 그 장치 |
US8949493B1 (en) * | 2010-07-30 | 2015-02-03 | Altera Corporation | Configurable multi-lane scrambler for flexible protocol support |
CN102752110B (zh) * | 2011-04-19 | 2015-04-15 | 中国银行股份有限公司 | 一种动态密码生成方法及系统 |
JP5882602B2 (ja) * | 2011-05-20 | 2016-03-09 | キヤノン株式会社 | 画像形成装置、画像形成装置の制御方法、及びプログラム |
GB2491896A (en) * | 2011-06-17 | 2012-12-19 | Univ Bruxelles | Secret key generation |
CN102314332B (zh) * | 2011-07-27 | 2014-04-09 | 中国科学院计算机网络信息中心 | 伪随机数生成装置和方法 |
US8767954B2 (en) * | 2011-12-01 | 2014-07-01 | Colloid, Llc | Methods and systems for deriving a cryptographic framework |
US20140112469A1 (en) * | 2012-10-22 | 2014-04-24 | John M. Layne | Novel encryption processes based upon irrational numbers and devices to accomplish the same |
US9201629B2 (en) | 2013-03-14 | 2015-12-01 | International Business Machines Corporation | Instruction for performing a pseudorandom number seed operation |
US8873750B2 (en) * | 2013-03-14 | 2014-10-28 | International Business Machines Corporation | Instruction for performing a pseudorandom number generate operation |
AT515097B1 (de) * | 2014-03-31 | 2015-06-15 | Hödl Josef | Verschlüsselungsverfahren und Pseudo-Zufallszahlengenerator |
DE102015100760A1 (de) * | 2015-01-20 | 2016-07-21 | Infineon Technologies Ag | Generieren von Zufallszahlen |
US10680810B2 (en) * | 2016-10-26 | 2020-06-09 | Nxp B.V. | Method of generating an elliptic curve cryptographic key pair |
US11055065B2 (en) * | 2018-04-18 | 2021-07-06 | Ememory Technology Inc. | PUF-based true random number generation system |
CN110768785B (zh) * | 2019-10-22 | 2023-05-02 | 宜人恒业科技发展(北京)有限公司 | 一种编、解码方法、相关装置及计算机设备 |
CN113504894B (zh) * | 2021-09-09 | 2021-12-17 | 华控清交信息科技(北京)有限公司 | 一种随机数产生器、生成伪随机数的方法和一种芯片 |
CN115714644B (zh) * | 2022-10-31 | 2023-08-15 | 北京海泰方圆科技股份有限公司 | 一种随机数生成方法及装置 |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS61246787A (ja) * | 1985-03-27 | 1986-11-04 | 富士通株式会社 | 乱数混合処理方式 |
JPS62144243A (ja) * | 1985-12-18 | 1987-06-27 | Nec Corp | 乱数発生器 |
JPH04115616A (ja) * | 1990-08-31 | 1992-04-16 | Toshiba Corp | ランダム符号発生装置 |
JPH0736672A (ja) * | 1993-07-20 | 1995-02-07 | Canon Inc | 乱数発生器、及びそれを用いた通信システム及びその方法 |
JPH07104976A (ja) * | 1993-10-06 | 1995-04-21 | Nec Corp | 擬似乱数発生装置 |
JPH09179726A (ja) * | 1995-12-25 | 1997-07-11 | Nec Corp | 擬似乱数発生装置 |
JPH10240500A (ja) * | 1997-02-28 | 1998-09-11 | Toshiba Corp | 乱数生成装置及び方法、暗号化装置及び方法、復号装置及び方法、並びにストリーム暗号システム |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2845308B2 (ja) * | 1993-04-02 | 1999-01-13 | 株式会社アドバンテスト | 並列疑似ランダムパターン発生器 |
CA2128115C (en) * | 1993-07-20 | 1999-08-10 | Keiichi Iwamura | Encryption apparatus, communication system using the same and method therefor |
US5910907A (en) * | 1997-02-20 | 1999-06-08 | C.K. Chen | Shift register based pseudorandom number generator |
EP1223506B1 (en) * | 2001-01-16 | 2006-12-13 | Telefonaktiebolaget LM Ericsson (publ) | Random number generator using compression |
FR2832231B3 (fr) * | 2001-11-15 | 2003-12-19 | Jean Luc Stehle | Procede pour generer des nombres aleatoires |
-
2003
- 2003-07-10 JP JP2004541207A patent/JP4052480B2/ja not_active Expired - Fee Related
- 2003-07-10 WO PCT/JP2003/008794 patent/WO2004032098A1/ja active Application Filing
- 2003-07-10 AU AU2003252595A patent/AU2003252595A1/en not_active Abandoned
- 2003-07-10 US US10/530,574 patent/US20060039558A1/en not_active Abandoned
- 2003-07-10 CN CNA038255723A patent/CN1714377A/zh active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS61246787A (ja) * | 1985-03-27 | 1986-11-04 | 富士通株式会社 | 乱数混合処理方式 |
JPS62144243A (ja) * | 1985-12-18 | 1987-06-27 | Nec Corp | 乱数発生器 |
JPH04115616A (ja) * | 1990-08-31 | 1992-04-16 | Toshiba Corp | ランダム符号発生装置 |
JPH0736672A (ja) * | 1993-07-20 | 1995-02-07 | Canon Inc | 乱数発生器、及びそれを用いた通信システム及びその方法 |
JPH07104976A (ja) * | 1993-10-06 | 1995-04-21 | Nec Corp | 擬似乱数発生装置 |
JPH09179726A (ja) * | 1995-12-25 | 1997-07-11 | Nec Corp | 擬似乱数発生装置 |
JPH10240500A (ja) * | 1997-02-28 | 1998-09-11 | Toshiba Corp | 乱数生成装置及び方法、暗号化装置及び方法、復号装置及び方法、並びにストリーム暗号システム |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100454236C (zh) * | 2004-05-13 | 2009-01-21 | 华为技术有限公司 | 随机数发生装置和软件测试的系统及方法 |
US7587046B2 (en) * | 2004-11-10 | 2009-09-08 | Electronics And Telecommunications Research Institute | Method and apparatus for generating keystream |
CN101040306B (zh) * | 2005-09-09 | 2012-01-04 | 三菱电机株式会社 | 伪随机数生成装置 |
JP2009273054A (ja) * | 2008-05-09 | 2009-11-19 | Mitsubishi Electric Corp | 暗号化通信システム |
JP2010181789A (ja) * | 2009-02-09 | 2010-08-19 | Mitsubishi Electric Corp | 情報処理装置及び情報処理方法及びプログラム |
WO2016194382A1 (ja) * | 2015-06-04 | 2016-12-08 | 典平 露崎 | 放射性同位元素の自然崩壊を利用した唯一性を実現する装置 |
JP2017005697A (ja) * | 2015-06-04 | 2017-01-05 | 典平 露崎 | 放射性同位元素の自然崩壊を利用した唯一性を実現する装置 |
US10708044B2 (en) | 2015-06-04 | 2020-07-07 | Quantaglion Co., Ltd. | Pulse generation device using a radioisotope and authentication system |
JP2019518397A (ja) * | 2016-06-06 | 2019-06-27 | アジャイルピーキュー, インコーポレイテッド | データ変換システムおよび方法 |
Also Published As
Publication number | Publication date |
---|---|
AU2003252595A1 (en) | 2004-04-23 |
JPWO2004032098A1 (ja) | 2006-02-02 |
US20060039558A1 (en) | 2006-02-23 |
CN1714377A (zh) | 2005-12-28 |
JP4052480B2 (ja) | 2008-02-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2004032098A1 (ja) | 疑似乱数発生方法及び疑似乱数発生器 | |
US5365588A (en) | High speed encryption system and method | |
US8290148B2 (en) | Encryption processing apparatus, encryption processing method, and computer program | |
JP3339688B2 (ja) | 非決定論的ミクスチャー発生器ストリーム暗号化システム | |
CA2723405C (en) | Cryptographic system including a random number generator using finite field arithmetics | |
CN101040474B (zh) | 为提高安全性的置换数据变换 | |
EP2096616A1 (en) | Encryption device, encryption method, and computer program | |
US20110211691A1 (en) | Common key block encryption device, common key block encryption method, and program | |
Kanso | Modified self-shrinking generator | |
KR20110004474A (ko) | 갈루아 폐체 암호 시스템 | |
WO1994016509A1 (en) | A method and apparatus for generating a cipher stream | |
JPH0863097A (ja) | データを暗号化するための対称暗号化方法およびシステム | |
CN102857337A (zh) | 为提高安全性的置换数据变换 | |
US20040096056A1 (en) | Method of encryption using multi-key process to create a variable-length key | |
CN112422272B (zh) | 一种防功耗攻击的aes加密方法及电路 | |
KR20180081559A (ko) | 암호화 동작을 위한 키 시퀀스 생성 | |
KR100800468B1 (ko) | 저전력 고속 동작을 위한 하드웨어 암호화/복호화 장치 및그 방법 | |
JP2004363739A (ja) | 改竄検知可能な、共通鍵暗号の暗号化装置または復号化装置 | |
JPH10240500A (ja) | 乱数生成装置及び方法、暗号化装置及び方法、復号装置及び方法、並びにストリーム暗号システム | |
WO2014013680A1 (ja) | ユニバーサルハッシュ関数演算装置、方法およびプログラム | |
Ghazi et al. | Robust and efficient dynamic stream cipher cryptosystem | |
JPH11298471A (ja) | ブロック暗号化方法及び装置 | |
RU2141729C1 (ru) | Способ криптографического преобразования блоков двоичных данных | |
KR101131167B1 (ko) | 스트림 암호를 위한 키수열 발생 방법 및 장치. 블록 암호를 위한 S-box 및 상기 S-box에서의 치환 방법 | |
Cardell et al. | Linear models for high-complexity sequences |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2004541207 Country of ref document: JP |
|
ENP | Entry into the national phase |
Ref document number: 2006039558 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10530574 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20038255723 Country of ref document: CN |
|
122 | Ep: pct application non-entry in european phase | ||
WWP | Wipo information: published in national office |
Ref document number: 10530574 Country of ref document: US |