WO2021181343A1 - System and methods for generating random numbers across multiple entropy sources - Google Patents

System and methods for generating random numbers across multiple entropy sources Download PDF

Info

Publication number
WO2021181343A1
WO2021181343A1 PCT/IB2021/052061 IB2021052061W WO2021181343A1 WO 2021181343 A1 WO2021181343 A1 WO 2021181343A1 IB 2021052061 W IB2021052061 W IB 2021052061W WO 2021181343 A1 WO2021181343 A1 WO 2021181343A1
Authority
WO
WIPO (PCT)
Prior art keywords
seed
partial
devices
entropy sources
generate
Prior art date
Application number
PCT/IB2021/052061
Other languages
French (fr)
Inventor
Dipnarayan Guha
Benjamin Lloyd
Original Assignee
Bq Media Lab Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bq Media Lab Ag filed Critical Bq Media Lab Ag
Publication of WO2021181343A1 publication Critical patent/WO2021181343A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators

Definitions

  • FIG. 4 is a logic diagram regarding the random value generation, in accordance with some embodiments.
  • Type of data requested to be computedby the application 106 may include a transaction with a peer, storing sensitive data offline on a personalized device, etc.
  • a device 102a receives 202 a selection of an application 106 to execute and input data for the application 106.
  • the device 102a executes the application 106 which receives the input data from the user.
  • the application 106 uses one or more random values.
  • the coding module 104 generates 212 one or more random values using the combined random seed, and provides 214 the one or more random values to the application 106.
  • the application 106 generates an output for the user using the one ormore random values which is presented to the user by the device 102a.
  • the coding module 104 may be separate from the device 102athat executes the application 106.
  • the coding module 104 may execute on a different device 102 and provide random values as a service to the application 106 executing on the device 102a via the network.
  • the method 200 may be repeated, depending on the discovered networked device peers’ consensus in establishing the partial seed generation session, or in any other way set.
  • the coding module 104 can be implemented in multiple levels with any degree of depth needed in a structured hierarchical topology, or replicated multiple times in the same level for a connected peer topology.
  • the recipient gets this data descriptor value and is able to use it to map to the actual partial seed value stored on the transmitting device. This is possible due to concurrent programming and virtualization between the peers, where shared memory locations are accessible between the peers - and thus, the actual data does not need to be transmitted physically acrossthe network. This also applies to logically linked devices (which are logically connected in a topology but not directly in a physical sense).
  • FIG. 4 is a logic diagram 400 regarding the random value generation.
  • the random number solution discussed herein may enable run-time encryption, thereby creating a trusted execution environment in a user device, isolating the device hardware, operating system, computing resources and applications, in turn securing the logical computing and communications model in a network of which the node comprises a part.
  • Partial seeds PX1 through PXn are generated, each by a different device 102, and then combined to generate a combined random seed.
  • the combined random seed is used to generate a random number output that is cryptographically strong and statistically independent.
  • an entropy generator x For each device 102 that generates a partial seed px 1 through pxn, an entropy generator x generates a raw partial seed rx.
  • One or more of a modulating polynomial function fx, algebraic operator gx, and user input data hx are applied to the raw partial seed rx.
  • One of more of the modulating polynomial function fx, algebraic operator gx, and user input data hx may be randomly selected, as well as the values used by these operations. The functions maybe applied in different orders.
  • the partial seeds pxl through pxn are combined to generate a combined random seed, and the combined random seed is used to generate the random number output.
  • the output of the modulated version of Gx 1 is Ml .
  • Game G1 has a winning condition W 1 , which when triggered with constitute a win for user Al.
  • the ouput Ml is shared with them by device D 1 to compute the winning condition W 1.
  • Each peer device Dj decodes and references the game G1 and input hxl on-the-fly.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A group of devices are used to generate random values. A first device provides a request for a partial seed from each second device of a set of second devices. Each partial seed is generated by a respective second device using one or more entropy sources available to the second device. The first device receives the partial seeds from the second set of devices. The first device generates a combined random seed by combining the partial seeds from the set of second devices using a randomly selected first operator function. The first device generates one or more random values using the combined random seed.

Description

SYSTEM AND METHODS FOR GENERATING RANDOM NUMBERS ACROSS
MULTIPLE ENTROPY SOURCES
FIELD OF THE INVENTION
[0001] The invention relates to generating random numbers across multiple entropy sources.
BACKGROUND
[0002] Random number generators (RNGs) are used by computing devices to provide functionalities for applications. For example, games that execute on devices often use randomization to determine winning conditions or other states of the games. Random number generators (RNGs) can be classified into deterministic and non-deterministic classes. Deterministic RNGS are also called Pseudo Random Number Generators (PRNGs). This class of RNGs uses cryptographic algorithms and associated keying material to generate pseudorandom bits from an initial value, called a seed thatprovides entropy (i.e., randomness) to the process. Depending on the implemented PRNG design or the environment, additional entropy may never be introduced again, although such additional entropy is recommended. Non-deterministic RNGs are also called True Random Number Generators (TRNGs). This class of RNGs uses some unpredictable physical source that is outside human control to introduce new entropy for every bit output by the TRNG. The unpredictable source is known as an entropy source.
SUMMARY
[0003] Embodiments relate to random number generation across multiple entropy sources. Some embodiments include a method. A first device provides a request for a partial seed from each second device of a set of second devices. Each partial seed is generated by a respective second device using one or more entropy sources available to the second device. The first device receives the partial seeds from the second set of devices. The first device generates a combined random seed by combining the partial seeds from the set of second devices using a randomly selected first operator function.
[0004] Some embodiments include a first device. The first device includes a memory storing instructions and one or more processors coupled with the memory and to execute the instructions. The instructions when executed cause the one or more processors to: provide a request for a partial seed from each second device of a set of second devices; receive the partial seeds from the set of second devices, each partial seed being generated by a respective second device using one or more entropy sources available to the second device; generate a combined random seed by combining the partial seeds from the set of second devices using a randomly selected first operator function; and generate one or more random values using the combined random seed.
[0005] Some embodiments include a non-transitory computer readable medium comprising stored instructions, which when executed by a processor, cause the processor to: provide a request for a partial seed from each second device of a set of second devices; receive the partial seeds from the set of second devices, each partial seed being generated by a respective second device using one or more entropy sources available to the second device; generate a combined random seed by combining the partial seeds from the set of second devices using a randomly selected first operator function; and generate one or more random values using the combined random seed.
BRIEF DESCRIPTION OF THE DRAWINGS [0006] The disclosure will be understood more fully from the detailed description given below and from the accompanying figures of embodiments of the disclosure. The figures are used to provide knowledge and understanding of embodiments of the disclosure and do not limit the scope of the disclosure to these specific embodiments. Furthermore, the figures are not necessarily drawn to scale.
[0007] Figure (FIG.) 1 shows an example of a system, in accordance with some embodiments.
[0008] FIG. 2 shows a flow chart of a method for generating a random value, in accordance with some embodiments.
[0009] FIG. 3 is a schematic diagram of generation of a random value by a system, in accordance with some embodiments.
[0010] FIG. 4 is a logic diagram regarding the random value generation, in accordance with some embodiments.
[0011] FIG. 5 is a diagram that shows an example random number generation, in accordance with some embodiments.
[0012] FIG. 6 is an abstract diagram of an example computer system in which embodiments of the present disclosure may operate.
DETAILED DESCRIPTION
[0013] Aspects of the present disclosure relate to random number generation across multiple entropy sources. Toolkits for generating random values commonly used in industrial applications are special purpose and have different computing environment requirements. For example, source code for a desktop machine may run on mobile phones, and thus cannot be used to generate random numbers in real-time to play games on the mobile phones. RNGs for industrial applications are single-application and single-device oriented. These RNGs cannot be used in different (even related) contexts of different industrial applications.
[0014] This disclosure relates to generating random numbers across multiple entropy sources on networked or logically linked devices. For example, a system includes a distributed computing environment with networked peer devices. Partial seeds for random number generation are generated collaboratively from a (e.g., random) set of the network peer devices. For each network peer device, the partial seed is driven one or more entropy sources available to the device, such as entropy generated by its internal system (e.g., hardware, firmware, software and operating systems) or external conditions (e.g., ambient temperature, humidity, etc.). The partial seeds from the networked peer devices are combined into a combined random seed using one or more randomly selected operator functions.
[0015] As a result, a reliable high grade RNG-as-a-Service solution is provided for industrial applications. Because of the high degrees of randomization, the absence of a master seed and the unpredictability of the modulating functions, the random values generated can securely and privately enable electronic data communication via real-time, session-based authentication on-th e-fly between peers, as well as securely enable electronic data storage. Highly coordinated attacks would not be able to work around this unpredictability, even with the deployment of special-purpose computing infrastructure (e.g. GPUs or quantum computers).
[0016] FIG. 1 shows an example of a system 100. The system 100 may be a distributed computing environment that includes multiple devices, such as devices 102a, 102b, 102c,
102d, 102e, 102f, and 102g (individually referred to as device 102). As shown for the device 102a, each of the devices 102 may include a coding module 104 and one or more applications(s) 106. The coding module 104 executes a functional computation model that provides for random value generation, such as to fulfill requests from the one or more applications 106. The devices 102 are connected to each other via a network, which may include the Internet. Each of the devices 102 operate as a node to the distributed computing network, either individually or jointly as a group.
[0017] The devices 102 are connected to each other in a peer-to-peer (p2p) topology.
The coding modules 104 of the devices 102 generate partial seeds at any given point in time when a data computation request is circulated among them from any of the devices 102 in the topology. The coding module 104 of a device 102 then combines the partial seeds to generate a combined random seed. The combination may be performed in in real-time in a random manner. For example, the combination may be implemented using different operator functions chosen at random in real-time to generate the combined random seed that is used as the basis of random number generation. The coding module 104 may execute a set of operator functions iteratively (e.g., creating a depth of coding levels). The operator functions may be selected randomly from a combination of polynomials whose degrees and coefficients vary in real-time with the partial seeds. The polynomials may be sourced in real-time from one or more of the devices 102. The partial seeds can be combined to any depth of levels in real-time as may be desired to determine the combined random seed.
[0018] The coding module 104 of the devices 102 may generate partial seeds using one or more of the entropy sources available to the device. The entropy sources maybe an internal condition of the device 102 or an environmental condition detected by the device 102. Each entropy source may provide a parameter used to generate the partial seed. Different types of parameters may be chosen for use for different devices. A partial seed may be generated using one or more of the parameters. The parameters may be chosen at random or using some other technique. The parameters can include, but is not limited to, the following:
1. ISA (Instruction Set Architecture) of the underlying device hardware (e.g. processor type).
2. Type of operating system running on the device (e.g. iOS, Android, Windows,
Mac, etc.)
3. Interconnect voltages at an instantaneous time on the device chipsets.
4. Measure of jitter and capacitative noise in the interconnects of the device chipset layouts.
5. CPU temperature of the device.
6. Conditions of the dynamic memory, such as the % of dynamic memory used by the device at that given time of observation. The conditions may include the condition of the memory blocks (e.g., memory address locations that show how much memory has been consumed and how much is left) and the level of data storage in the memory blocks.
7. Virtual memory page status at an instantaneous time of connection to the peer network. 8. Ambient device conditions such as temperature, humidity, etc. at an instantaneous time. Ambient conditions at two times may be used, such as when the user selects the type of data computation in the application 106 and inputs the data into the application 106.
9. Type of data requested to be computedby the application 106. For example, the type of data may include a transaction with a peer, storing sensitive data offline on a personalized device, etc.
10. User inputs in different formats to each device over a specific time interval, both at the time of data computation request, as well as at the time when the data computation has started execution.
11. The data entered by a user as input to the data computation of the application 106. For example, the entered data may include an amount to be transacted, personal data to be shared, etc.
12. Computation conditions of the user device(s) on which the user selects the type of data computation in the application 106 and inputs the data in the application 106.
13. Randomly generated software code blocks that modulate a data descriptor pair including the type of data computation selected in the application 106 and the inputted data into the application 106.
[0019] All types of operating systems and instruction set architectures (ISAs) are supported in the entropy generation process across devices collaboratively, with specific components of such operating systems (e.g. interrupt schedules) and ISAs (e.g. accumulator logic) being chosen at random in real-time. The random number generation may use different types of entropy generators (e.g. quantum systems) at random in real-time to generate the partial seeds and combined random seeds.
[0020] The devices 102 discover each other as peers and are able to determine each device’s conditions of computation and storage at the time of discovery. Looking at the time interval of seed generation and combination, no device 102 is able to predict the conditions at the time of a computation request of the other devices 102, or at the time when the computation is complete. Even though there is opacity in the device conditions of other devices with respect to seed generation, each seed is combined correctly and bears no traceability to the causes of that particular seed being generated. This may be achieved using polynomial functions generated by the coding module 104 that are exchanged between the devices 102 that collect by reference each device’s real-time intrinsic statistics at the time of discovery in terms of computation capacity, computation willingness and computation ability and which help establish the status of the generated partial seeds and their correct referencing by the relevant devices for correct combination.
[0021] The codingmodule 104 maybe implemented using different elements of hardware, firmware, and software. In one example, the coding module 104 one or more processors and a non-transitory computer readable medium that stores program code. The program code when executed by the one or more processors causes the one or more processors to perform the functionality discussed herein for the codingmodule 104. The coding module 104 imparts intelligence to the devices 102 that it runs on, enabling the creation of a smart computing ecosystem.
[0022] FIG. 2 shows a flow chart of a method 200 for generating a random value, in accordance with some embodiments. A codingmodule 104 of a device 102 combines the individual partial seeds generated by devices 102 to generate a combined random seed. The method 200 may include additional or fewer steps, and steps may be performed in different orders.
[0023] A device 102a receives 202 a selection of an application 106 to execute and input data for the application 106. The device 102aexecutes the application 106 which receives the input data from the user. The application 106 uses one or more random values.
[0024] The codingmodule 104 of the device 102a provides 204 a request for a partial seed to a set of devices 102. For example, the coding module 104 receives a request from the application 106 and in response, generates a data computation request and provides the data computation request to the set of devices 102. The set of devices 102 may be discovered by the device 102 based location, such as by being in the vicinity (e.g., a wireless communicable range) of the device 102a. The device 102a may discover the set of devices 102 automatically and connect with the set of devices 102, resulting in the topology as shown in Figure 1. Once connected, the data computation request is circulated among the set of devices 102.
[0025] Each device 102 of the set of devices 102 generates 206 a partial seed using one or more available entropy sources, and provides 208 the partial seed to the coding module 104 of the device 102a. For example, a coding module 104 in each of the set of devices 104 may receive the data computation request, generate a partial seed, and return the partial seed to the requesting device 102a. A raw partial seed may be generated using one or more entropy sources available to the device 102. The raw partial seed maybe modulated by one or more operator functions to generate the partial seed. The operator functions may be chosen at random, such as using an entropy source available to the device 102. For example, an operator function may be chosen based on device conditions and the type of application selected to be run by the user. The operator function may be a polynomial function with coefficients randomly assigned by device conditions. The device 102a may also generate a partial seed in connection with the peer devices 102. In some embodiments, the operator functions are derived from polynomial degrees and coefficients, together with a combination of user input data and the device's intrinsic and ambient conditions.
[0026] The coding module 104 generates 210 a combined random seed by combining the partial seeds from the set of devices 102 using a randomly selected operator function. The combination may be implemented using one or more different operator functions. The operator functions, which are mathematical operators, may be chosen at random in real-time to generate the combined random seed that is used as a basis of random value generation.
The mathematical operators may be randomly selected using one or more entropy sources available to the device 102a. In some embodiments, an operator function set (typically polynomials) is chosen at random on-the-fly, and the degrees and coefficients of such polynomials is derived in real-time from the value of the partial seeds that are generated on- the-fly. Also, users can introduce their own polynomial functions if they want to or choose a library of polynomial functions as an entropy source. In one example, the polynomial function is a second-degree polynomial. Its degree (2) is determined at random once two devices are chosen to generate partial seeds automatically by the coding module 104. Then the two coefficients of this degree 2 polynomial are derived from those two partial seeds at random. The elementary arithmetic operators in the polynomial between the two coefficients are again selected at random (it could be a +. -, * or /). In some embodiments, the coding module 104 may automatically set an arbitrary number (n) of the polynomial degree, where n is a very large number. To generate this polynomial from partial seeds and then to decode it is mathematically very complex. In some embodiments, the the coefficients may be generated by partial seeds fromn separate devices 102, or it could be a combination of some m devices (m is less than n) and a number of multiple iterations on those m devices.
[0027] The coding module 104 generates 212 one or more random values using the combined random seed, and provides 214 the one or more random values to the application 106. The application 106 generates an output for the user using the one ormore random values which is presented to the user by the device 102a. In some embodiments, the coding module 104 may be separate from the device 102athat executes the application 106. For example, the coding module 104 may execute on a different device 102 and provide random values as a service to the application 106 executing on the device 102a via the network. [0028] The method 200 may be repeated, depending on the discovered networked device peers’ consensus in establishing the partial seed generation session, or in any other way set. The coding module 104 can be implemented in multiple levels with any degree of depth needed in a structured hierarchical topology, or replicated multiple times in the same level for a connected peer topology.
[0029] In some embodiments, entropy source data regarding the underlying conditions of one or more entropy sources used to generate the partial seed is not transmitted from any node to its peer over the peer-to-peer networks or any of their associated physical channels. All entropy source data is referenced on individual peer devices through corresponding data descriptors in the form of memory addresses. High levels of data descriptor nesting are enabled to support massively large numbers of nodes, their chosen data computation functions and data to be computed therein. In some embodiments, the seed may also not be transmitted, instead, a data descriptor (pointer, which is the memory location of the partial seed value on that device) is transmitted. The recipient gets this data descriptor value and is able to use it to map to the actual partial seed value stored on the transmitting device. This is possible due to concurrent programming and virtualization between the peers, where shared memory locations are accessible between the peers - and thus, the actual data does not need to be transmitted physically acrossthe network. This also applies to logically linked devices (which are logically connected in a topology but not directly in a physical sense).
[0030] In some embodiments, the random number generation my include run-time encryption. Specific functionalities that can support security and encryption may be located at the hardware system and device level, ensuring a trusted execution environment being present for seed generation across multiple devices in a collaborative computational model. [0031] FIG. 3 is schematic diagram of generation of a random value by a system. The device 102a receives the application type selection and input data from a user. The coding module 104 receives random seeds 1 through 6, each from a different device, to generate a combined random seed. The combined random seed is used to generate a random number X, which the coding module 104 provides to the device 102a.
[0032] The functional computation model may work on the basis of modulating data descriptors to multiple encoding levels of depth using randomization modules, initiating peer discovery by invoking device-specific condition checks to determine willingness of participation in a specific computing session, splicing the requested computation automatically to the discovered peers for parallel execution, referencing the spliced computation and computed data therein and referencing the individual computed data descriptors to the initiating peer for final identification of requested computation status. For each requested computation session, there are unique sets of data descriptors, their modulating functions and peer discovery invoking functions specific to the initiating user, chosen data computation function and input data set.
[0033] FIG. 4 is a logic diagram 400 regarding the random value generation. The random number solution discussed herein may enable run-time encryption, thereby creating a trusted execution environment in a user device, isolating the device hardware, operating system, computing resources and applications, in turn securing the logical computing and communications model in a network of which the node comprises a part.
[0034] FIG. 5 is a diagram 500 that shows an example random number generation.
Partial seeds PX1 through PXn are generated, each by a different device 102, and then combined to generate a combined random seed. The combined random seed is used to generate a random number output that is cryptographically strong and statistically independent. For each device 102 that generates a partial seed px 1 through pxn, an entropy generator x generates a raw partial seed rx. One or more of a modulating polynomial function fx, algebraic operator gx, and user input data hx are applied to the raw partial seed rx. One of more of the modulating polynomial function fx, algebraic operator gx, and user input data hx may be randomly selected, as well as the values used by these operations. The functions maybe applied in different orders. The partial seeds pxl through pxn are combined to generate a combined random seed, and the combined random seed is used to generate the random number output.
[0035] In one example, a user A1 chooses to play a game G1 on a device D1 at any given point in time, and enters an input hxl to start and commence the playing of the game G1. [0036] G1 has a general identifier in Dl’s operating system that is denotedby xl. This identifier could be Gl’s memory location address, Gl’s game code identifier or a reference to Gl’s dynamic memory link. Similarly, input hxl has a general identifier in Dl’s operating system that is denoted by y 1. These identifiers may be used as entropy generators x 1 to generate the partial random seed rxl .
[0037] A descriptor function includes the set (x 1 , y 1 } . Gx 1 is an identifier of this descriptor function.
[0038] Gx 1 is modulated to several levels by a randomization modulating polynomial function fxl invoked in the coding module 104, which may include the following randomizing components: [0039] Function R1 := a randomization function dependent on D 1 ’ s external environment (e.g. temperature and humidity)
[0040] Function R2 := a randomization function dependent onDFs internal devices- specific conditions, such as at the instant hxl is inputted by the user (e.g. CPU temperature, dynamic memory utilization)
[0041] Function R3 := a randomization algorithm and mathematical function chosen at random based on the user’s choice of playing game G1 on his device D1 [0042] Function R4 := a randomization algorithm and mathematical function chosen at random based on the user’s input II to commence the playing of the game G1 on his device D1
[0043] The output of the modulated version of Gx 1 is Ml .
[0044] Device D1 has a set of peer devices Dj that it discovers once user A1 provides the input hx 1 in game G1.
[0045] Game G1 has a winning condition W 1 , which when triggered with constitute a win for user Al.
[0046] W1 is a mathematical function that is computed collaboratively in real-time using any number of D1 ’s peer devices Dj on those device systems, depending on a particular device among Dj demonstrating willingness to participate in this gaming session and making its computing resources available for the computation of the winning condition W 1.
[0047] Once the willing peer devices Dj are discovered, the ouput Ml is shared with them by device D 1 to compute the winning condition W 1. Each peer device Dj decodes and references the game G1 and input hxl on-the-fly.
[0048] Once the wining condition W1 is computed collaboratively, a win/lose condition is displayed to user Al on the device Dl. The result of the game computation is made available to Dl by its peer set of devices Dj on which W1 was computed collaboratively via reference to output Ml .
[0049] The random number generation by the coding module 104 enables the following functions:
(a) Enabling peer discovery and peer willingness to participate in the gaming session.
(b) Modulating the game input to multiple levels and enabling the game outcome through collaborative, real-time computing on the user’s device peers.
(c) Enabling faster and secure gamingby not revealing the user’s selected game and input at any point in time to any individual device peer. The game outcome can only be done collaboratively and that too through mathematical comparisons with a descriptor modulated output. At no time is the actual game or the data inputted by a user is publicly visible. Only the authenticated peers know which game is being played by the user in that session but they do not know what data has been entered by the user on an individual basis.
(d) At no time is any physical data transferred over the p2p network, which enables greater bandwidth and accommodating games in a small memory footprint.
(e) Enabling the correctness of the game outcome computation
(f) Enabling the integrity of the game data sets, especially when a game is played collaboratively across multiple sites by multiple groups of people.
(g) Enable individual users to sign with their own digital signatures while gaming with each other and enabling fast authentication, processing and gaming experience with one another.
(h) Enable support of multiple levels of authentication between large numbers of gaming devices through nesting of individual digital signature descriptors in a computation- efficient manner.
(i) Determination of game outcomes, authentication of users and the data sets used in the computation process can all be verified through the coding module logs, leading to better fairness of perception in the game outcome process that is invoked through the coding module. In this way, the game outcome process is kept fair for all
(j) Enable high security for a gaming user by making prediction of a chosen private key very difficult. The private key is encoded on multiple levels based on random numbers generated via different randomly chosen algorithms that are in turn derived from random parameters intrinsic to the device and are never exposed.
(k) Enable non-admissibility of malevolent devices through code obfuscation. [0050] Resultant of the mathematical methods applied to data during the modulation process, the resulting modulated data is not the original file and contains no original data.
The new modulated data is a set of instructions for recompiling the original data by the set of receiving devices, of which only the set of receiving devices working collectively is capable of reconstructing the said data due to the conditions under which data reconstruction is enabled. The modulated data is different from the original data but can be referenced backwards and mapped back to the original block data.
[0051] While it is possible to encrypt data with cryptographic functions secured by a keyset, the coding module 104 may remove the data and replaces it with a data construction, which is only decipherable and relevant at its destination under specific device conditions. Thus, even if data is intercepted wrongly, or a malevolent peer joins an ongoing computing and communications session, only the randomly arranged descriptors can be read, from where retrieving the original data would be computationally very difficult. This also provides another benefit to securing privacy of data between communicating peers, as well as the storage of data by an entity in a secure, non-invasive manner.
[0052] The coding module 104 enables continuity of network access and seamless communication experience to session participants. In general deployments of peer-to-peer networks, usually an overlay network serves to connect and communicate with peers that map logically to underlying physical, transport and network layers. For any failures at the underlying layers, the network access and communications experience would be interrupted and cause problems to participants, especially if many of them are participating in collaborative information retrieval and processing. As such, the coding module 104 supports a self-discovery and sustained connection modes between peers once it is established, and that communications takes place between such peers over the logical network established, regardless of whether the underlying network conditions have altered in any manner. This ensures that network access and communications experience is always continuous regardless of any Quality-of-Service (QoS) alterations in the underlying networks.
[0053] FIG. 6 is a block diagram of a computer 600, in accordance with some embodiments. The computer 600 is an example of computing device including circuitry that implements a device 102. Illustrated are at least one processor 602 coupled to a chipset 604. The chipset 604 includes a memory controller hub 620 and an input/output (I/O) controller hub 622. A memory 606 and a graphics adapter 612 are coupled to the memory controller hub 620, and a display device 618 is coupled to the graphics adapter 612. A storage device 608, keyboard 610, pointing device 614, and network adapter 616 are coupled to the I/O controller hub 622. The computer 600 may include various types of input or output devices. Other embodiments of the computer 600 have different architectures. For example, the memory 606 is directly coupled to the processor 602 in some embodiments.
[0054] The storage device 608 includes one or more non-transitory computer-readable storage media such as a hard drive, compact disk read-only memory (CD-ROM), DVD, or a solid-state memory device. The memory 606 holds program code (comprised of one or more instructions) and data used by the processor 602. The program code may correspond to the processing aspects described with reference to FIGS. 1 through 5.
[0055] The pointing device 614 is used in combination with the keyboard 610 to input data into the computer system 600. The graphics adapter 612 displays images and other information on the display device 618 In some embodiments, the display device 618 includes a touch screen capability for receiving user input and selections. The network adapter 616 couples the computer system 600 to a network. Some embodiments of the computer 600 have different and/or other components than those shown in FIG. 6
[0056] Circuitry may include one or more processors that execute program code stored in a non-transitory computer readable medium, the program code when executed by the one or more processors configures the one or more processors to implement an audio system or modules of the audio system. Other examples of circuitry that implements an audio system or modules of the audio system may include an integrated circuit, such as an application- specific integrated circuit (ASIC), field-programmable gate array (FPGA), or other types of computer circuits.
[0057] Example benefits and advantages of the disclosed configurations include dynamic audio enhancement due to the enhanced audio system adapting to a device and associated audio rendering system as well as other relevant information made available by the device OS, such as use-case information (e.g, indicating that the audio signal is used for music playback rather than for gaming). The enhanced audio system may either be integrated into a device (e.g., using a software development kit) or stored on a remote server to be accessible on-demand. In this way, a device need not devote storage or processing resources to maintenance of an audio enhancement system that is specific to its audio rendering system or audio rendering configuration. In some embodiments, the enhanced audio system enables varying levels of querying for rendering system information such that effective audio enhancement can be applied across varying levels of available device-specific rendering information.
[0058] Throughout this specification, plural instances may implement components, operations, or structures described as a single instance. Although individual operations of one or more methods are illustrated and described as separate operations, one or more of the individual operations may be performed concurrently, and nothing requires that the operations be performed in the orderillustrated. Structures and functionality presented as separate components in example configurations may be implemented as a combined structure or component. Similarly, structures and functionality presented as a single component may be implemented as separate components. These and other variations, modifications, additions, and improvements fall within the scope of the subject matter herein.
[0059] Certain embodiments are described herein as including logic or a number of components, modules, or mechanisms. Modules may constitute either software modules (e.g., code embodied on a machine-readable medium or in a transmission signal) or hardware modules. A hardware module is tangible unit capable of performing certain operations and may be configured or arranged in a certain manner. In example embodiments, one or more computer systems (e.g., a standalone, client or server computer system) or one or more hardware modules of a computer system (e.g., a processor or a group of processors) may be configured by software (e.g., an application or application portion) as a hardware module that operates to perform certain operations as described herein.
[0060] The various operations of example methods described herein may be performed, at least partially, by one or more processors that are temporarily configured (e.g., by software) or permanently configured to perform the relevant operations. Whether temporarily or permanently configured, such processors may constitute processor- implemented modules that operate to perform one or more operations or functions. The modules referred to herein may, in some example embodiments, comprise processor- implemented modules.
[0061] Similarly, the methods described herein may be at least partially processor- implemented. For example, at least some of the operations of a method may be performed by one or more processors or processor-implemented hardware modules. The performance of certain of the operations may be distributed among the one or more processors, not only residing within a single machine, but deployed across a number of machines. In some example embodiments, the processor or processors may be located in a single location (e.g., within a home environment, an office environment or as a server farm), while in other embodiments the processors may be distributed across a number of locations.
[0062] Unless specifically stated otherwise, discussions herein using words such as “processing,” “computing,” “calculating,” “determining,” “presenting,” “displaying,” or the like may refer to actions or processes of a machine (e.g., a computer) that manipulates or transforms data represented as physical (e.g., electronic, magnetic, or optical) quantities within one or more memories (e.g., volatile memory, non-volatile memory, or a combination thereof), registers, or other machine components that receive, store, transmit, or display information.
[0063] As used herein any reference to “one embodiment” or “an embodiment” means that a particular element, feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment. [0064] Some embodiments may be described using the expression “coupled” and “connected” along with their derivatives. It should be understood that these terms are not intended as synonyms for each other. For example, some embodiments may be described using the term “connected” to indicate that two or more elements are in direct physical or electrical contact with each other. In another example, some embodiments may be described using the term “coupled” to indicate that two or more elements are in direct physical or electrical contact. The term “coupled,” however, may also mean that two or more elements are not in direct contact with each other, but yet still co-operate or interact with each other. The embodiments are not limited in this context.
[0065] As used herein, the terms “comprises,” “comprising,” “includes,” “including,” “has,” “having” or any other variation thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, article, or apparatusthat comprises a list of elements is not necessarily limited to only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Further, unless expressly stated to the contrary, “or” refers to an inclusive or and not to an exclusive or. For example, a condition A or B is satisfied by any one of the following: A is true (or present) and B is false (or not present), A is false (or not present) and B is true (or present), and both A and B are true (or present).
[0066] In addition, use of the “a” or “an” are employed to describe elements and components of the embodiments herein. This is done merely for convenience and to give a general sense of the invention. This description should be read to include one or at least one and the singular also includes the plural unless it is obvious that it is meant otherwise.
[0067] Some portions of this description describe the embodiments in terms of algorithms and symbolic representations of operations on information. These algorithmic descriptions and representations are commonly used by those skilled in the data processing arts to convey the substance of their work effectively to others skilled in the art. These operations, while described functionally, computationally, or logically, are understood to be implemented by computer programs or equivalent electrical circuits, microcode, or the like. Furthermore, it has also proven convenient at times, to refer to these arrangements of operations as modules, without loss of generality. The described operations and their associated modules may be embodied in software, firmware, hardware, or any combinations thereof.
[0068] Any of the steps, operations, or processes described herein may be performed or implemented with one or more hardware or software modules, alone or in combination with other devices. In one embodiment, a software module is implemented with a computer program product comprising a computer-readable medium containing computer program code, which can be executed by a computer processor for performing any or all the steps, operations, or processes described.
[0069] Embodiments may also relate to an apparatus for performing the operations herein. This apparatus may be specially constructed for the required purposes, and/or it may comprise a general-purpose computing device selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a non-transitory, tangible computer readable storage medium, or any type of media suitable for storing electronic instructions, which may be coupled to a computer system bus.
Furthermore, any computing systems referred to in the specification may include a single processor or may be architectures employing multiple processor designs for increased computing capability.
[0070] Embodiments may also relate to a product that is produced by a computing process described herein. Such a product may comprise information resulting from a computing process, where the information is stored on a non-transitory, tangible computer readable storage medium and may include any embodiment of a computer program product or other data combination described herein.
[0071] Eipon readingthis disclosure, those of skill in the art will appreciate still additional alternative structural and functional designs for a system and a process for audio content decorrelation through the disclosed principles herein. Thus, while particular embodiments and applications have been illustrated and described, it is to be understood that the disclosed embodiments are not limited to the precise construction and components disclosed herein. Various modifications, changes and variations, which will be apparent to those skilled in the art, may be made in the arrangement, operation and details of the method and apparatus disclosed herein without departing from the spirit and scope defined in the appended claims. [0072] Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the patent rights. It is therefore intended that the scope of the patent rights be limited not by this detailed description, but rather by any claims that issue on an application based hereon. Accordingly, the disclosure of the embodiments is intended to be illustrative, but not limiting, of the scope of the patent rights, which is set forth in the following claims.

Claims

What is claimed is:
1. A method, comprising: providing, by a first device, a request for a partial seed from each second device of a set of second devices; receiving, by the first device, the partial seeds from the set of second devices, each partial seed being generated by a respective second device using one or more entropy sources available to the second device; generating, by the first device, a combined random seed by combining the partial seeds from the set of second devices using a randomly selected first operator function; and generating, by the first device, one or more random values using the combined random seed.
2. The method of claim 1, wherein the one or more entropy sources used by the second device to generate the partial seed is randomly selected by the second device.
3. The method of claim 1 , wherein each partial seed is generated by generating a raw partial seed using the one or more entropy sources and modulating the raw partial seed using a second operator function selected using the one or more entropy sources.
4. The method of claim 3, wherein the second operator function includes a polynomial function including a plurality of coefficients selected using the one or more entropy sources.
5. The method of claim 1 , wherein the one or more entropy sources used by the second device to generate the partial seed includes an environmental condition detected by the second device.
6. The method of claim 1, wherein the one or more entropy sources used by the second device to generate the partial seed includes a device condition of the second device.
7. The method of claim 1, wherein the one or more entropy sources used by the second device to generate the partial seed includes an application executing on the first device and a user input to the application.
8. The method of claim 1, further comprising, by the first device: discovering the set of second device using wireless communications; and connecting with the set of second devices.
9. A first device, comprising: a memory storing instructions; and one or more processors, coupled with the memory and to execute the instructions, the instructions when executed cause the one or more processors to: provide a request for a partial seed from each second device of a set of second devices; receive the partial seeds from the set of second devices, each partial seed being generated by a respective second device using one or more entropy sources available to the second device; generate a combined random seed by combining the partial seeds from the set of second devices using a randomly selected first operator function; and generate one or more random values using the combined random seed.
10. The first device of claim 9, wherein the one or more entropy sources used by the second device to generate the partial seed is randomly selected by the second device.
11. The first device of claim 9, wherein each partial seed is generated by generating a raw partial seed using the one or more entropy sources and modulating the raw partial seed using a second operator function selected using the one or more entropy sources.
12. The first device of claim 11, wherein second operator function includes a polynomial function including a plurality of coefficients selected using the one or more entropy sources.
13. The first device of claim 9, wherein the one or more entropy sources used by the second device to generate the partial seed includes an environmental condition detected by the second device
14. The first device of claim 9, wherein the one or more entropy sources used by the second device to generate the partial seed include a device condition of the second device.
15. The first device of claim 9, wherein the one or more entropy sources used by the second device to generate the partial seed includes an application executing on the first device and a user input to the application.
16. The first device of claim 9, wherein the instructions when executed further cause the one or more processors to: discover the set of second device using wireless communications; and connect with the set of second devices.
18. A non-transitory computer readable medium comprising stored instructions, which when executed by a processor, cause the processor to: provide a request for a partial seed from each second device of a set of second devices; receive the partial seeds from the set of second devices, each partial seed being generated by a respective second device using one or more entropy sources available to the second device; generate a combined random seed by combining the partial seeds from the set of second devices using a randomly selected first operator function; and generate one or more random values using the combined random seed.
19. The computer readable medium of claim 18, wherein the one or more entropy sources used by the second device to generate the partial seed is randomly selected by the second device.
20. The first device of claim 18, wherein each partial seed is generated by generating a raw partial seed using the one or more entropy sources and modulating the raw partial seed using a second operator function selected using the one or more entropy sources.
PCT/IB2021/052061 2020-03-11 2021-03-11 System and methods for generating random numbers across multiple entropy sources WO2021181343A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202062988364P 2020-03-11 2020-03-11
US62/988,364 2020-03-11

Publications (1)

Publication Number Publication Date
WO2021181343A1 true WO2021181343A1 (en) 2021-09-16

Family

ID=74884993

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2021/052061 WO2021181343A1 (en) 2020-03-11 2021-03-11 System and methods for generating random numbers across multiple entropy sources

Country Status (1)

Country Link
WO (1) WO2021181343A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100285865A1 (en) * 2009-05-11 2010-11-11 Enzminger Joseph R Method, apparatus, and program product for distributing random number generation on a gaming network
US20140372767A1 (en) * 2013-06-13 2014-12-18 International Business Machines Corporation Pooling entropy to facilitate mobile device-based true random number generation
US20200145236A1 (en) * 2017-06-22 2020-05-07 Telefonaktiebolaget Lm Ericsson (Publ) A Method for Generating Operating Entropy

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100285865A1 (en) * 2009-05-11 2010-11-11 Enzminger Joseph R Method, apparatus, and program product for distributing random number generation on a gaming network
US20140372767A1 (en) * 2013-06-13 2014-12-18 International Business Machines Corporation Pooling entropy to facilitate mobile device-based true random number generation
US20200145236A1 (en) * 2017-06-22 2020-05-07 Telefonaktiebolaget Lm Ericsson (Publ) A Method for Generating Operating Entropy

Similar Documents

Publication Publication Date Title
US11750591B2 (en) Key attestation statement generation providing device anonymity
Zhou et al. Security and privacy for the industrial internet of things: An overview of approaches to safeguarding endpoints
Mood et al. Reuse it or lose it: More efficient secure computation through reuse of encrypted values
US20230379133A1 (en) Multiplicative masking for cryptographic operations
US20100185861A1 (en) Anonymous key issuing for attribute-based encryption
JP6985385B2 (en) Secure services hosted within a virtual security environment
EP4208808A1 (en) Privacy preserving machine learning using secure multi-party computation
US20170371950A1 (en) Method for the management of virtual objects corresponding to real objects, corresponding system and computer program product
JP2016526851A (en) System for sharing encryption keys
Mashhadi et al. Provably secure verifiable multi‐stage secret sharing scheme based on monotone span program
Ramesh Storing iot data securely in a private ethereum blockchain
CN113839770A (en) High throughput post-quantum AES-GCM engine for TLS packet encryption and decryption
Zhang et al. ROS‐Ethereum: A Convenient Tool to Bridge ROS and Blockchain (Ethereum)
Koch et al. KRAKEN: a privacy-preserving data market for authentic data
Talviste Applying secure multi-party computation in practice
CN107360252B (en) Data security access method authorized by heterogeneous cloud domain
US10333699B1 (en) Generating a pseudorandom number based on a portion of shares used in a cryptographic operation
WO2021181343A1 (en) System and methods for generating random numbers across multiple entropy sources
CN116192379A (en) Key segment storage method, device, computer equipment and storage medium
CN113094735A (en) Method for training privacy model
TW202112098A (en) Digital signature method with hierarchical mechanism and hardware wallet device suitable therefore
Boyle Recent Advances in Function and Homomorphic Secret Sharing: (Invited Talk)
Paju Distributed EaaS simulation using TEEs: A case study in the implementation and practical application of an embedded computer cluster
US20240039715A1 (en) Providing communications that are secure from quantum computer models
US20240039692A1 (en) Private vertical federated learning

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21712577

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25.11.2022)

122 Ep: pct application non-entry in european phase

Ref document number: 21712577

Country of ref document: EP

Kind code of ref document: A1