WO2010149142A1 - Système permettant de produire sur des ordinateurs en mode normal des listes de bits randomisées de longueur quelconque - Google Patents

Système permettant de produire sur des ordinateurs en mode normal des listes de bits randomisées de longueur quelconque Download PDF

Info

Publication number
WO2010149142A1
WO2010149142A1 PCT/DE2010/000713 DE2010000713W WO2010149142A1 WO 2010149142 A1 WO2010149142 A1 WO 2010149142A1 DE 2010000713 W DE2010000713 W DE 2010000713W WO 2010149142 A1 WO2010149142 A1 WO 2010149142A1
Authority
WO
WIPO (PCT)
Prior art keywords
values
stock
length
key
random
Prior art date
Application number
PCT/DE2010/000713
Other languages
German (de)
English (en)
Inventor
Robert Niggl
Original Assignee
Robert Niggl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from DE102009029749A external-priority patent/DE102009029749A1/de
Application filed by Robert Niggl filed Critical Robert Niggl
Publication of WO2010149142A1 publication Critical patent/WO2010149142A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise

Definitions

  • the present invention is concerned with a system for generating arbitrarily long randomized bit lists on computers in normal operation, as they are needed for secure encryption by ONE-TIME-PAD (OTP) method.
  • OTP ONE-TIME-PAD
  • the key is a one-time key and must be as long as plain text.
  • the present invention is primarily intended for "normal operation" computer systems, ie it relies solely on standard random generators and certain events which always and suitably occur during normal operation of a computer system Normal operation if it is not profoundly manipulated
  • the present invention can therefore be used immediately in practice.
  • the quantum mechanical methods and the present invention would complement each other very well. If the key generation is designed to be redundant, i. If keys are generated independently via two devices, one key can be securely encrypted with the other and thus a super key can be generated. A device could then still fail or be disturbed.
  • the system with any standard random number generator and a dynamic memory is characterized in that a bitmap is generated by reinitializing the random number generator piecewise in a bitmap module based on an arbitrary random number generator and based on suitably accumulated stock values in such a way that for each reinitialization step at least one randomly determined and then securely encrypted value from the collected stock of values is used, the At least part of the value stock is obtained by collecting address values of dynamically allocated objects, ie by evaluating certain address values of the dynamic memory area of the computer system and the time of collection or of a time associated with the allocation of the respective object.
  • the secure encryption is "information destroying", that is the encrypted plaintext (cipher) carries no information in the sense that, mathematically justified, no information can be obtained about the cipher alone.
  • one-time-pad (OTP) methods are information-destructive, because every bit of the plaintext K is associated with a random bit and is used only for this combination. The key must therefore be generated randomly for K (one-time key) and must be at least as long as K.
  • bit addition Since the bit addition has the properties of an "abelian group", you can, for example, calculate "as with integers". Bit addition in algebra is also known as "addition in the smallest field (
  • bit addition has also been carried out briefly and the characteristics relevant for the enciphering have been proven. It will be a practical one Instead of the + character, the A character is used for the corresponding bit operator, which is available in many programming languages.
  • the right side then delivers
  • K K ⁇ E, which is added component by component. If O is a bitmap of the same length with all zeros, then:
  • the inventive method is now based on a value store, which is obtained by collecting address values of allocated objects.
  • the triggering event is thus the allocation of an object in the dynamic memory by a program that is executed on the computer system.
  • a stock value is arbitrarily determined by expanding at least two pieces of information for generation. These are the address value of an object dynamically generated in the system according to the invention and the collection time or a time associated with the allocation, as shown in FIG. 1.
  • FIG. 1 the architecture of the system according to the invention is shown.
  • FIG. 1 shows how application programs running on the computer system generate a value store directly or indirectly via the new bit list module by collecting address values, which is then used later by the bit list module for the list generation. It is also recorded that the bitmap module itself (as an application program) is used to obtain the stock value.
  • Collecting can be easily implemented by, for example, writing a timer-controlled monitor program that constructs itself objects. Such a program would thus put itself in the "background operation" of the computer system.
  • a random generator is used to randomize both the timer setting and the object construction via subobjects, the collecting of the address values provides optimal starting values for the generation of the stored value from the address value x and the respective collection time t can be easily construct a value that is unpredictable from the outside in normal operation, for example, that with t as the initialization size for the standard random number generator generates a key and then x is encrypted with this key secure.
  • the collection of address values can therefore generate an arbitrarily large stock of values that can not be predicted from outside without massive manipulation of normal operation. Any value stock is possible and unlikely, without any reasonable additional assumptions, a kind of "white noise" that normal operation generates.
  • the present invention introduces a system that uses a computer-based randomization method which can deliver arbitrarily long bit lists in high randomization quality.
  • the method relies on standard random number generators and on inventory values obtained by collecting (and evaluating) certain events that provide address values.
  • This document describes a method for generating arbitrarily long randomized bit lists based on random number generators for bitlists.
  • An (elementary) random generator Z is described below as a tuple (f, g, m)
  • bit number (Z): m (read: bit number of Z)
  • list (X): list ((X u ..., XM-I)) XM for M> 1
  • a vector B (B 1 , ..., B n ), n> 0, is generated step by step by means of Bytelisten B 1 , which together give a sufficiently long total list, ie
  • B: (B 1 , ..., B n , b) Expand Il B by b
  • the stock values are generated on the computer system-technically conditioned and without connection with any technical data so that they are not externally foreseeable.
  • each sub-list of a subsequent step is randomly and randomly randomized, because:
  • step i + 1 the selected stock values are encrypted securely and independently. • It is virtually impossible to simulate the set of possible outcomes over the set of possible input values.
  • the first three rules can be read directly from the definition of ⁇ .
  • the so-defined encryption method is symmetrical, i. the encryption function / and the decryption function g use the same key y, i. it always applies:
  • Each file is a sequence of bytes, ie bit sequences of length 8. 3 generation of random numbers
  • Y is the set of bitlists of length n and if the key yE Y is calculated using a function F: X ⁇ Y, an attacker - if he knows F - only has to search through more F (X) by going through the x EX and the F (x) is calculated.
  • the search space X can obviously easily be screened with a notebook 23 .
  • the method presented here is a hybrid method that combines certain arithmetic techniques with technical elements to simulate ZZF in a quality sufficient for cryptographic application:
  • the starting value range is so large that it can not be scanned.
  • the task of the key generation can now be formulated as follows:
  • Recursive ZZG are calculated condition-based in a primitive recursive manner from a starting state, with each newly calculated number changing the current state.
  • the start state can be specified by specifying initial data in an initialization step. In this sense, a recursive ZZG is describable over
  • a high quality recursive ZZG such as e.g. MT19937 can not be used without further constraints for key generation, i.
  • MT19937 a high quality recursive ZZG
  • further demands are to be made:
  • Claim 3 is comparatively easy to fulfill by producing the output sequence centrally on a computer system located in a secure area.
  • Claim 1 throws us back to our initial problem, especially in combination with requirement 2.
  • this problem can be somewhat mitigated by calculating an output sequence of length m + n with a random m in the order of 10 ° in a warm-up phase and then only the last n numbers of the sequence are used.
  • the stocking process is of sufficient quality, i. provides values that can neither be predicted nor simulated externally (for the purpose of screening).
  • n t of the sections are within sufficient limits (eg 10 2 ⁇ Ti 1 ⁇ 10 5 ).
  • the ONE-TIME-PAD (OTP) encryption step in the calculation of x 1 can even be omitted if the stocking process is perfect, ie has no statistical abnormalities (see below). However, the encryption step also provides the output sequence with practically sufficient quality if the stocking process excludes deviating statistical hypotheses or if such hypotheses must be based on extreme additional assumptions 4 .
  • the value store is obtained on a computer system in normal operation by suitably evaluating certain operating events, i. We use technical features of a computer system in normal operation that can not be observed or predicted from the outside and evaluate it appropriately.
  • An operational event is basically a pair ⁇ time value ⁇ .
  • Allocation Event The allocation of memory in the dynamic memory area through a background process of the computer system controlled by timers, which in turn are set randomly (e.g., via a modulo calculation to the current timestamp).
  • the operational events can be designed to be unpredictable from the outside. This is especially true in a garbage collector system environment, e.g. in that the background process accumulates character buffers of randomly determined length in a table and gradually overwrites that table.
  • the stocking process ⁇ manages a record from «JGD 1 (stock data record), which can serve as an initial data record for MT19937 (see above).
  • This reserve data set is initialized appropriately and then continuously changed by AES encryption 0 .
  • an AES key r is generated via g without reinitialization - i. E. a key in length that AES demands - and then encrypted with r AES-.
  • a hash value is derived from the allocation event and g is reinitialized with this value.
  • Each stock request is treated like a stock update.
  • the supply set is doubly encrypted: First it is encrypted as described above AES- and then it is OTP-encrypted, whereby this key is generated via MT19937 (suitable warmed up) (without reinitialization).
  • the stock value w is continuously transformed via the background process as well as with each request. More precisely, the data record is initialized as an event (timestamp) and then cumulatively changed under event control! The stock process thus represents, as it were, typically a noise of the operating process.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un système qui fonctionne selon un procédé de randomisation assisté par ordinateur et qui peut fournir des listes de bits de longueur quelconque à un haut niveau de qualité de randomisation. Ledit procédé utilise des générateurs aléatoires normalisés et des valeurs de réserve qui ont été acquises par la collecte (et l’évaluation) d’événements déterminés qui fournissent des valeurs d’adresse. En mode normal d’un système informatique, il est ainsi possible de produire une réserve de valeurs de taille quelconque qui ne peut être pronostiquée extérieurement, c'est-à-dire que toute réserve est possible et également probable sans hypothèse supplémentaire (en quelque sorte un « bruit blanc » du mode normal). En utilisant une telle réserve de valeurs et un générateur aléatoire normalisé, il est possible de produire unitairement des listes de bits de longueur quelconque au moyen d’un processus d’itération par réinitialisation, chaque étape de réinitialisation utilisant au moins une valeur de réserve sélectionnée de manière aléatoire et verrouillée de façon fiable.
PCT/DE2010/000713 2009-06-22 2010-06-22 Système permettant de produire sur des ordinateurs en mode normal des listes de bits randomisées de longueur quelconque WO2010149142A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102009029749A DE102009029749A1 (de) 2008-02-29 2009-06-22 System zur Erzeugung beliebig langer randomisierter Bitlisten auf Rechnern im Normalbetrieb
DE102009029749.9 2009-06-22

Publications (1)

Publication Number Publication Date
WO2010149142A1 true WO2010149142A1 (fr) 2010-12-29

Family

ID=42751528

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DE2010/000713 WO2010149142A1 (fr) 2009-06-22 2010-06-22 Système permettant de produire sur des ordinateurs en mode normal des listes de bits randomisées de longueur quelconque

Country Status (1)

Country Link
WO (1) WO2010149142A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778069A (en) * 1996-04-10 1998-07-07 Microsoft Corporation Non-biased pseudo random number generator
US20040162864A1 (en) * 2002-07-08 2004-08-19 Globespan Virata Inc. System and method for generating pseudo-random numbers
EP1840731A2 (fr) * 2006-03-31 2007-10-03 Sap Ag Système et procédé pour générer des nombres pseudo-aléatoires
WO2007148244A1 (fr) * 2006-06-20 2007-12-27 Nxp B.V. Système générateur de nombres aléatoires et procédé de génération de nombres aléatoires

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778069A (en) * 1996-04-10 1998-07-07 Microsoft Corporation Non-biased pseudo random number generator
US20040162864A1 (en) * 2002-07-08 2004-08-19 Globespan Virata Inc. System and method for generating pseudo-random numbers
EP1840731A2 (fr) * 2006-03-31 2007-10-03 Sap Ag Système et procédé pour générer des nombres pseudo-aléatoires
WO2007148244A1 (fr) * 2006-06-20 2007-12-27 Nxp B.V. Système générateur de nombres aléatoires et procédé de génération de nombres aléatoires

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
GUTMANN P: "Software Generation of Practically Strong Random Numbers", INTERNET CITATION, 29 January 1998 (1998-01-29), XP002172158, Retrieved from the Internet <URL:http://www.usenix.org/publications/library/proceedings/sec98/full_papers/gutmann/gutmann.pdf> [retrieved on 20010716] *
KELSEY J ET AL: "YARROW-160: NOTES ON THE DESIGN AND ANALYSIS OF THE YARROW CRYPTOGRAPHIC PSEUDORANDOM NUMBER GENERATOR", SELECTED AREAS IN CRYPTOGRAPHY. ANNUAL INTERNATIONAL WORKSHOP, XX, XX, 1 August 1999 (1999-08-01), pages 13 - 33, XP001012490 *

Similar Documents

Publication Publication Date Title
DE102005012098B4 (de) Datenchiffrierprozessor sowie AES-Chiffriersystem und AES-Chiffrierverfahren
DE69929251T2 (de) Verschlüsselungssystem mit einem schlüssel veränderlicher länge
DE102019208032A1 (de) Verfahren und system für fehlertolerante und sichere mehrparteienberechnung mit spdz
DE69937007T2 (de) Verfahren und vorrichtung zur verschlüsselung und entschlüsselung von daten
DE60025401T2 (de) Erzeugung eines mathematischen eingeschränkten schlüssels unter verwendung einer einwegfunktion
DE69911815T2 (de) Selbstkorrigierendes zufallsverschlüsselungssystem und -verfahren
EP1777913A1 (fr) Procédé pour le chiffrement/déchiffrement de paquets de données d&#39;un flux de paquets
DE102009050493A1 (de) Blockdatenverschlüsselungsverfahren
DE102009000869A1 (de) Verfahren und Vorrichtung zur manipulationssicheren Übertragung von Daten
DE10129285A1 (de) Verschlüsselungsverfahren mit beliebig wählbaren Enmalschlüsseln
DE102013213354A1 (de) Zufallsbitstromgenerator mit garantierter mindestperiode
EP3552344B1 (fr) Structure de chaîne de blocs à chaînage bidirectionnel
DE60038042T2 (de) Einserkomplement-verschlüsselungskombinator
DE102015001847A1 (de) Einmalverschlüsselung von Zählerdaten
DE102009029749A1 (de) System zur Erzeugung beliebig langer randomisierter Bitlisten auf Rechnern im Normalbetrieb
DE602004003675T2 (de) Sicherheitsgegenmassnahmen gegen Angriffe durch Stromverbrauchsanalysen
AT511842A4 (de) Verfahren zum schreiben und lesen von daten
WO2010149142A1 (fr) Système permettant de produire sur des ordinateurs en mode normal des listes de bits randomisées de longueur quelconque
DE102006037016B4 (de) Pseudo-Zufallszahlengenerator für eine Chipkarte
EP3174239B1 (fr) Procédé de codage et générateur de nombres pseudo-aléatoires
EP2288073B1 (fr) Dispositif destiné au codage de données
EP3734486B1 (fr) Procédé exécuté par ordinateur permettant de remplacer une chaîne de données
DE602004004135T2 (de) Verfahren zur verschlüsselung/entschlüng einer nachricht sowie dazugehörige vorrichtung
DE102022004784A1 (de) Verfahren zum Verschlüsseln und Entschlüsseln eines Datenstroms mit einer zufälligen Blockgröße in einem Kommunikationssystem
EP1569089A2 (fr) Procédé de génération de nombres aléatoires dans un support de données portable

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10739843

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 1120100026815

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10739843

Country of ref document: EP

Kind code of ref document: A1