WO2010149142A1 - Système permettant de produire sur des ordinateurs en mode normal des listes de bits randomisées de longueur quelconque - Google Patents
Système permettant de produire sur des ordinateurs en mode normal des listes de bits randomisées de longueur quelconque Download PDFInfo
- Publication number
- WO2010149142A1 WO2010149142A1 PCT/DE2010/000713 DE2010000713W WO2010149142A1 WO 2010149142 A1 WO2010149142 A1 WO 2010149142A1 DE 2010000713 W DE2010000713 W DE 2010000713W WO 2010149142 A1 WO2010149142 A1 WO 2010149142A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- values
- stock
- length
- key
- random
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
Definitions
- the present invention is concerned with a system for generating arbitrarily long randomized bit lists on computers in normal operation, as they are needed for secure encryption by ONE-TIME-PAD (OTP) method.
- OTP ONE-TIME-PAD
- the key is a one-time key and must be as long as plain text.
- the present invention is primarily intended for "normal operation" computer systems, ie it relies solely on standard random generators and certain events which always and suitably occur during normal operation of a computer system Normal operation if it is not profoundly manipulated
- the present invention can therefore be used immediately in practice.
- the quantum mechanical methods and the present invention would complement each other very well. If the key generation is designed to be redundant, i. If keys are generated independently via two devices, one key can be securely encrypted with the other and thus a super key can be generated. A device could then still fail or be disturbed.
- the system with any standard random number generator and a dynamic memory is characterized in that a bitmap is generated by reinitializing the random number generator piecewise in a bitmap module based on an arbitrary random number generator and based on suitably accumulated stock values in such a way that for each reinitialization step at least one randomly determined and then securely encrypted value from the collected stock of values is used, the At least part of the value stock is obtained by collecting address values of dynamically allocated objects, ie by evaluating certain address values of the dynamic memory area of the computer system and the time of collection or of a time associated with the allocation of the respective object.
- the secure encryption is "information destroying", that is the encrypted plaintext (cipher) carries no information in the sense that, mathematically justified, no information can be obtained about the cipher alone.
- one-time-pad (OTP) methods are information-destructive, because every bit of the plaintext K is associated with a random bit and is used only for this combination. The key must therefore be generated randomly for K (one-time key) and must be at least as long as K.
- bit addition Since the bit addition has the properties of an "abelian group", you can, for example, calculate "as with integers". Bit addition in algebra is also known as "addition in the smallest field (
- bit addition has also been carried out briefly and the characteristics relevant for the enciphering have been proven. It will be a practical one Instead of the + character, the A character is used for the corresponding bit operator, which is available in many programming languages.
- the right side then delivers
- K K ⁇ E, which is added component by component. If O is a bitmap of the same length with all zeros, then:
- the inventive method is now based on a value store, which is obtained by collecting address values of allocated objects.
- the triggering event is thus the allocation of an object in the dynamic memory by a program that is executed on the computer system.
- a stock value is arbitrarily determined by expanding at least two pieces of information for generation. These are the address value of an object dynamically generated in the system according to the invention and the collection time or a time associated with the allocation, as shown in FIG. 1.
- FIG. 1 the architecture of the system according to the invention is shown.
- FIG. 1 shows how application programs running on the computer system generate a value store directly or indirectly via the new bit list module by collecting address values, which is then used later by the bit list module for the list generation. It is also recorded that the bitmap module itself (as an application program) is used to obtain the stock value.
- Collecting can be easily implemented by, for example, writing a timer-controlled monitor program that constructs itself objects. Such a program would thus put itself in the "background operation" of the computer system.
- a random generator is used to randomize both the timer setting and the object construction via subobjects, the collecting of the address values provides optimal starting values for the generation of the stored value from the address value x and the respective collection time t can be easily construct a value that is unpredictable from the outside in normal operation, for example, that with t as the initialization size for the standard random number generator generates a key and then x is encrypted with this key secure.
- the collection of address values can therefore generate an arbitrarily large stock of values that can not be predicted from outside without massive manipulation of normal operation. Any value stock is possible and unlikely, without any reasonable additional assumptions, a kind of "white noise" that normal operation generates.
- the present invention introduces a system that uses a computer-based randomization method which can deliver arbitrarily long bit lists in high randomization quality.
- the method relies on standard random number generators and on inventory values obtained by collecting (and evaluating) certain events that provide address values.
- This document describes a method for generating arbitrarily long randomized bit lists based on random number generators for bitlists.
- An (elementary) random generator Z is described below as a tuple (f, g, m)
- bit number (Z): m (read: bit number of Z)
- list (X): list ((X u ..., XM-I)) XM for M> 1
- a vector B (B 1 , ..., B n ), n> 0, is generated step by step by means of Bytelisten B 1 , which together give a sufficiently long total list, ie
- B: (B 1 , ..., B n , b) Expand Il B by b
- the stock values are generated on the computer system-technically conditioned and without connection with any technical data so that they are not externally foreseeable.
- each sub-list of a subsequent step is randomly and randomly randomized, because:
- step i + 1 the selected stock values are encrypted securely and independently. • It is virtually impossible to simulate the set of possible outcomes over the set of possible input values.
- the first three rules can be read directly from the definition of ⁇ .
- the so-defined encryption method is symmetrical, i. the encryption function / and the decryption function g use the same key y, i. it always applies:
- Each file is a sequence of bytes, ie bit sequences of length 8. 3 generation of random numbers
- Y is the set of bitlists of length n and if the key yE Y is calculated using a function F: X ⁇ Y, an attacker - if he knows F - only has to search through more F (X) by going through the x EX and the F (x) is calculated.
- the search space X can obviously easily be screened with a notebook 23 .
- the method presented here is a hybrid method that combines certain arithmetic techniques with technical elements to simulate ZZF in a quality sufficient for cryptographic application:
- the starting value range is so large that it can not be scanned.
- the task of the key generation can now be formulated as follows:
- Recursive ZZG are calculated condition-based in a primitive recursive manner from a starting state, with each newly calculated number changing the current state.
- the start state can be specified by specifying initial data in an initialization step. In this sense, a recursive ZZG is describable over
- a high quality recursive ZZG such as e.g. MT19937 can not be used without further constraints for key generation, i.
- MT19937 a high quality recursive ZZG
- further demands are to be made:
- Claim 3 is comparatively easy to fulfill by producing the output sequence centrally on a computer system located in a secure area.
- Claim 1 throws us back to our initial problem, especially in combination with requirement 2.
- this problem can be somewhat mitigated by calculating an output sequence of length m + n with a random m in the order of 10 ° in a warm-up phase and then only the last n numbers of the sequence are used.
- the stocking process is of sufficient quality, i. provides values that can neither be predicted nor simulated externally (for the purpose of screening).
- n t of the sections are within sufficient limits (eg 10 2 ⁇ Ti 1 ⁇ 10 5 ).
- the ONE-TIME-PAD (OTP) encryption step in the calculation of x 1 can even be omitted if the stocking process is perfect, ie has no statistical abnormalities (see below). However, the encryption step also provides the output sequence with practically sufficient quality if the stocking process excludes deviating statistical hypotheses or if such hypotheses must be based on extreme additional assumptions 4 .
- the value store is obtained on a computer system in normal operation by suitably evaluating certain operating events, i. We use technical features of a computer system in normal operation that can not be observed or predicted from the outside and evaluate it appropriately.
- An operational event is basically a pair ⁇ time value ⁇ .
- Allocation Event The allocation of memory in the dynamic memory area through a background process of the computer system controlled by timers, which in turn are set randomly (e.g., via a modulo calculation to the current timestamp).
- the operational events can be designed to be unpredictable from the outside. This is especially true in a garbage collector system environment, e.g. in that the background process accumulates character buffers of randomly determined length in a table and gradually overwrites that table.
- the stocking process ⁇ manages a record from «JGD 1 (stock data record), which can serve as an initial data record for MT19937 (see above).
- This reserve data set is initialized appropriately and then continuously changed by AES encryption 0 .
- an AES key r is generated via g without reinitialization - i. E. a key in length that AES demands - and then encrypted with r AES-.
- a hash value is derived from the allocation event and g is reinitialized with this value.
- Each stock request is treated like a stock update.
- the supply set is doubly encrypted: First it is encrypted as described above AES- and then it is OTP-encrypted, whereby this key is generated via MT19937 (suitable warmed up) (without reinitialization).
- the stock value w is continuously transformed via the background process as well as with each request. More precisely, the data record is initialized as an event (timestamp) and then cumulatively changed under event control! The stock process thus represents, as it were, typically a noise of the operating process.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
La présente invention concerne un système qui fonctionne selon un procédé de randomisation assisté par ordinateur et qui peut fournir des listes de bits de longueur quelconque à un haut niveau de qualité de randomisation. Ledit procédé utilise des générateurs aléatoires normalisés et des valeurs de réserve qui ont été acquises par la collecte (et lévaluation) dévénements déterminés qui fournissent des valeurs dadresse. En mode normal dun système informatique, il est ainsi possible de produire une réserve de valeurs de taille quelconque qui ne peut être pronostiquée extérieurement, c'est-à-dire que toute réserve est possible et également probable sans hypothèse supplémentaire (en quelque sorte un « bruit blanc » du mode normal). En utilisant une telle réserve de valeurs et un générateur aléatoire normalisé, il est possible de produire unitairement des listes de bits de longueur quelconque au moyen dun processus ditération par réinitialisation, chaque étape de réinitialisation utilisant au moins une valeur de réserve sélectionnée de manière aléatoire et verrouillée de façon fiable.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102009029749A DE102009029749A1 (de) | 2008-02-29 | 2009-06-22 | System zur Erzeugung beliebig langer randomisierter Bitlisten auf Rechnern im Normalbetrieb |
DE102009029749.9 | 2009-06-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010149142A1 true WO2010149142A1 (fr) | 2010-12-29 |
Family
ID=42751528
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/DE2010/000713 WO2010149142A1 (fr) | 2009-06-22 | 2010-06-22 | Système permettant de produire sur des ordinateurs en mode normal des listes de bits randomisées de longueur quelconque |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2010149142A1 (fr) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5778069A (en) * | 1996-04-10 | 1998-07-07 | Microsoft Corporation | Non-biased pseudo random number generator |
US20040162864A1 (en) * | 2002-07-08 | 2004-08-19 | Globespan Virata Inc. | System and method for generating pseudo-random numbers |
EP1840731A2 (fr) * | 2006-03-31 | 2007-10-03 | Sap Ag | Système et procédé pour générer des nombres pseudo-aléatoires |
WO2007148244A1 (fr) * | 2006-06-20 | 2007-12-27 | Nxp B.V. | Système générateur de nombres aléatoires et procédé de génération de nombres aléatoires |
-
2010
- 2010-06-22 WO PCT/DE2010/000713 patent/WO2010149142A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5778069A (en) * | 1996-04-10 | 1998-07-07 | Microsoft Corporation | Non-biased pseudo random number generator |
US20040162864A1 (en) * | 2002-07-08 | 2004-08-19 | Globespan Virata Inc. | System and method for generating pseudo-random numbers |
EP1840731A2 (fr) * | 2006-03-31 | 2007-10-03 | Sap Ag | Système et procédé pour générer des nombres pseudo-aléatoires |
WO2007148244A1 (fr) * | 2006-06-20 | 2007-12-27 | Nxp B.V. | Système générateur de nombres aléatoires et procédé de génération de nombres aléatoires |
Non-Patent Citations (2)
Title |
---|
GUTMANN P: "Software Generation of Practically Strong Random Numbers", INTERNET CITATION, 29 January 1998 (1998-01-29), XP002172158, Retrieved from the Internet <URL:http://www.usenix.org/publications/library/proceedings/sec98/full_papers/gutmann/gutmann.pdf> [retrieved on 20010716] * |
KELSEY J ET AL: "YARROW-160: NOTES ON THE DESIGN AND ANALYSIS OF THE YARROW CRYPTOGRAPHIC PSEUDORANDOM NUMBER GENERATOR", SELECTED AREAS IN CRYPTOGRAPHY. ANNUAL INTERNATIONAL WORKSHOP, XX, XX, 1 August 1999 (1999-08-01), pages 13 - 33, XP001012490 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE102005012098B4 (de) | Datenchiffrierprozessor sowie AES-Chiffriersystem und AES-Chiffrierverfahren | |
DE69929251T2 (de) | Verschlüsselungssystem mit einem schlüssel veränderlicher länge | |
DE102019208032A1 (de) | Verfahren und system für fehlertolerante und sichere mehrparteienberechnung mit spdz | |
DE69937007T2 (de) | Verfahren und vorrichtung zur verschlüsselung und entschlüsselung von daten | |
DE60025401T2 (de) | Erzeugung eines mathematischen eingeschränkten schlüssels unter verwendung einer einwegfunktion | |
DE69911815T2 (de) | Selbstkorrigierendes zufallsverschlüsselungssystem und -verfahren | |
EP1777913A1 (fr) | Procédé pour le chiffrement/déchiffrement de paquets de données d'un flux de paquets | |
DE102009050493A1 (de) | Blockdatenverschlüsselungsverfahren | |
DE102009000869A1 (de) | Verfahren und Vorrichtung zur manipulationssicheren Übertragung von Daten | |
DE10129285A1 (de) | Verschlüsselungsverfahren mit beliebig wählbaren Enmalschlüsseln | |
DE102013213354A1 (de) | Zufallsbitstromgenerator mit garantierter mindestperiode | |
EP3552344B1 (fr) | Structure de chaîne de blocs à chaînage bidirectionnel | |
DE60038042T2 (de) | Einserkomplement-verschlüsselungskombinator | |
DE102015001847A1 (de) | Einmalverschlüsselung von Zählerdaten | |
DE102009029749A1 (de) | System zur Erzeugung beliebig langer randomisierter Bitlisten auf Rechnern im Normalbetrieb | |
DE602004003675T2 (de) | Sicherheitsgegenmassnahmen gegen Angriffe durch Stromverbrauchsanalysen | |
AT511842A4 (de) | Verfahren zum schreiben und lesen von daten | |
WO2010149142A1 (fr) | Système permettant de produire sur des ordinateurs en mode normal des listes de bits randomisées de longueur quelconque | |
DE102006037016B4 (de) | Pseudo-Zufallszahlengenerator für eine Chipkarte | |
EP3174239B1 (fr) | Procédé de codage et générateur de nombres pseudo-aléatoires | |
EP2288073B1 (fr) | Dispositif destiné au codage de données | |
EP3734486B1 (fr) | Procédé exécuté par ordinateur permettant de remplacer une chaîne de données | |
DE602004004135T2 (de) | Verfahren zur verschlüsselung/entschlüng einer nachricht sowie dazugehörige vorrichtung | |
DE102022004784A1 (de) | Verfahren zum Verschlüsseln und Entschlüsseln eines Datenstroms mit einer zufälligen Blockgröße in einem Kommunikationssystem | |
EP1569089A2 (fr) | Procédé de génération de nombres aléatoires dans un support de données portable |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10739843 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1120100026815 Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10739843 Country of ref document: EP Kind code of ref document: A1 |