WO2022008553A1 - Processing a series of bits - Google Patents

Processing a series of bits Download PDF

Info

Publication number
WO2022008553A1
WO2022008553A1 PCT/EP2021/068737 EP2021068737W WO2022008553A1 WO 2022008553 A1 WO2022008553 A1 WO 2022008553A1 EP 2021068737 W EP2021068737 W EP 2021068737W WO 2022008553 A1 WO2022008553 A1 WO 2022008553A1
Authority
WO
WIPO (PCT)
Prior art keywords
bits
series
word
size
randomness
Prior art date
Application number
PCT/EP2021/068737
Other languages
French (fr)
Inventor
Gemma VALL-LLOSERA
Elisabet ARVIDSSON
Jonas ALMLOF
Ahsan Javed AWAN
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Publication of WO2022008553A1 publication Critical patent/WO2022008553A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/26Testing cryptographic entity, e.g. testing integrity of encryption key or encryption algorithm

Definitions

  • Examples of the present disclosure relate to methods and apparatuses for processing a series of bits generated at a computing device. Examples of the present disclosure also relate to methods and apparatuses for testing one or more computing devices.
  • a random number, or a random symbol is a mathematical object that cannot be predicted more successfully than by random chance.
  • One example of a random chance is the outcome of flipping a coin.
  • Another example of a random chance is the time at which a radioactive decay of a nucleus occurs. Random numbers have uses in several applications, such as Monte Carlo calculations, statistics, and cryptography.
  • Cryptography is a technique that may be used to secure communication between two parties in the presence of a third party.
  • an encryption process converts an original representation of data into an alternative form that only authorized parties are able to decipher back to the original form from which the original information may be accessed. It will be appreciated that in order to protect confidentiality and integrity of sensitive data, data may be transmitted via an encrypted communication platform to ensure that the data does not traverse a network in plaintext.
  • Asymmetric cryptography is a cryptosystem based on both public and private keys, which secure a communication channel between two parties. Generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions.
  • Two examples of asymmetric cryptographic algorithms are the RSA cryptosystem, and the Diffie-Hellman key exchange.
  • the RSA algorithm is based on the difficulty of factoring a large number N that is a product of two (large) prime numbers p and q.
  • the Diffie-Hellman key exchange is a method to exchange a secret key that is based on the difficultly of computing g ab (mod p) from the known values g a (mod p) and g b (mod p) where p is a prime number and g is a primitive root for F*p.
  • Both the RSA algorithm, and the Diffie-Hellman key exchange rely on random numbers to generate the keys. Random numbers are required when generating the two prime numbers p and q for the RSA algorithm, and random numbers are used when two parties select their secret integers a and b for Diffie-Hellman key exchange.
  • BB84 quantum-safe cryptography as well as quantum key distribution (QKD) are being researched.
  • One protocol of quantum key distribution, BB84 again relies on random numbers.
  • the BB84 protocol defines that one party, Alice, prepares a photon with a random polarization.
  • a second party, Bob measures the polarization of the photon and chooses which base he will randomly use for the measurement. If the preparation and the measurement are not random, the security of the protocol cannot be guaranteed.
  • the majority of the tests listed above check one or more statistical properties of the random numbers produced by a random number generator.
  • the frequency (monobit) test tests the number of incidences of the 0s and 1s present in a bit stream.
  • Other tests may check properties such as bias, or serial autocorrelation.
  • Compilation tests may be used to test the source of the random numbers itself, such as the Diehard test for pseudo-random number generators, or for generators based on hardware processes such as ENT.
  • One aspect of this disclosure provides a method for processing a series of bits generated at a computing device.
  • the method comprises determining a first word size.
  • the method also comprises determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determining a measure of randomness of the series of bits based on the determined numbers of incidences.
  • Another aspect of this disclosure provides a method of processing a series of bits generated at a computing device.
  • the method comprises determining a plurality of different first word sizes.
  • the method also comprises for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
  • a further aspect of this disclosure provides a method for testing one or more computing devices. The method comprises generating a plurality of series of bits at the one or more computing devices.
  • the method also comprises, for each of the plurality of series of bits, determining a first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determining a measure of randomness of the series of bits based on the determined numbers of incidences.
  • the method also comprises, based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method.
  • a still further aspect of this disclosure provides a method for testing one or more computing devices.
  • the method comprises generating a plurality of series of bits at the one or more computing devices.
  • the method also comprises, for each of the plurality of series of bits, determining a plurality of different first word sizes, for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determining the measure of randomness based on the determined numbers of incidences for the first word sizes.
  • the method also comprises, based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method.
  • An additional aspect of this disclosure provides an apparatus for processing a series of bits generated at a computing device.
  • the apparatus comprises a processor and a memory.
  • the memory contains instructions executable by the processor such that the apparatus is operable to determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences.
  • a further aspect of this disclosure provides an apparatus for processing a series of bits generated at a computing device.
  • the apparatus comprises a processor and a memory.
  • the memory contains instructions executable by the processor such that the apparatus is operable to determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
  • a still further aspect of this disclosure provides an apparatus for testing one or more computing devices.
  • the apparatus comprises a processor and a memory.
  • the memory contains instructions executable by the processor such that the apparatus is operable to generate a plurality of series of bits at the one or more computing devices, and for each of the plurality of series of bits, determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, determine a measure of randomness of the series of bits based on the determined numbers of incidences, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
  • a still further aspect of this disclosure provides an apparatus for testing one or more computing devices.
  • the apparatus comprises a processor and a memory.
  • the memory contains instructions executable by the processor such that the apparatus is operable to generate a plurality of series of bits at the one or more computing devices, and for each of the plurality of series of bits, determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine the measure of randomness based on the determined numbers of incidences for the first word sizes, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
  • An additional aspect of this disclosure provides an apparatus for processing a series of bits generated at a computing device.
  • the apparatus is configured to determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences.
  • a further aspect of this disclosure provides an apparatus for processing a series of bits generated at a computing device.
  • the apparatus is configured to determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
  • a still further aspect of this disclosure provides an apparatus for testing one or more computing devices.
  • the apparatus is configured to generate a plurality of series of bits at the one or more computing devices, and, for each of the plurality of series of bits, determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, determine a measure of randomness of the series of bits based on the determined numbers of incidences, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
  • a still further aspect of this disclosure provides an apparatus for testing one or more computing devices.
  • the apparatus is configured to generate a plurality of series of bits at the one or more computing devices, and, for each of the plurality of series of bits, determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine the measure of randomness based on the determined numbers of incidences for the first word sizes, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
  • Figure 1 is a flow chart of an example of a method for processing a series of bits generated at a computing device
  • Figure 2 is a flow chart of another example of a method for processing a series of bits generated at a computing device;
  • Figure 3 is a flow chart of an example of a method for testing one or more computing devices;
  • Figure 4 is a flow chart of another example of a method for testing one or more computing devices
  • Figure 5 is a schematic of an example of apparatus for processing a series of bits generated at a computing device
  • Figure 6 is a schematic of another example of apparatus for processing a series of bits generated at a computing device
  • Figure 7 is a schematic of an example of apparatus for testing one or more computing devices.
  • Figure 8 is a schematic of another example of apparatus for testing one or more computing devices.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • a perfectly random series of bits should be in compressible (in the same way that a perfectly random sequence should be incompressible). It will be appreciated that, equivalently, if a random series is to be divided into a series of words (where each word is of a certain word size), the source entropy (as a function of the expected probabilities for a value of a word taken from a perfectly random series of bits) per word in a perfectly random series of bits should be equal to 1 , regardless of how the words are formed. In view of this, it will be appreciated that a measure of randomness of a series of bits may be determined based on the incompressibility of that series of bits. It will be appreciated that methods described herein take advantage of this incompressibility of a random series of bits in order to determine a measure of randomness of a series of bits.
  • Figure 1 is a flow chart of an example of a method 100 for processing a series of bits generated at a computing device.
  • the series of bits may comprise a series of random and/or pseudorandom bits.
  • the computing device may comprise a quantum computing device.
  • the method 100 comprises, in step 102, determining a first word size.
  • the first word size is equal to one or more bits.
  • the use of a first word size in the methods described herein that comprises a larger number of bits may indicate that a series of bits is in fact more compressible than would be indicated by the use of a first word size that comprises a smaller number of bits (for example, a first word size equal to one bit) in the methods described herein.
  • the use of a small first word size in the methods described herein may illustrate that on a smaller scale, a series of bits may appear to be relatively incompressible, whereas the use of a larger first word size may show that on a larger scale, a series of bits may appear to be more compressible than the compressibility highlighted by the use of a smaller first word size.
  • An example of incompressibility of a series of bits for a small word, but compressibility of the series of bits for a large word, is now provided. The series of bits “1010101001” cannot be compressed when considering a word of a size equal to one bit (where the value of the word may comprise either “0”, or “1”).
  • Step 104 of the method 100 comprises determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size.
  • the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size may comprise forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size, and determining a respective number of incidences in the sequential words of each possible value of a sequential word.
  • the step of determining a respective number of incidences in the sequential words of each possible value of a sequential word would comprise determining that the value “01” occurs twice, the value “10” occurs once, the value “11” occurs once and the value “00” occurs once.
  • the words formed from the series of bits may not be sequential. For example, the formed words may overlap with one another.
  • Step 106 of the method 100 comprises determining a measure of randomness of the series of bits based on the determined numbers of incidences.
  • the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits. It will be appreciated that, according to this embodiment, a measure of randomness of the series of bits may be determined based on said comparisons.
  • a word of the first word size may take the value of “00”, “01”, “10” or “11”.
  • each of these values of a word of the first word size should be equally probable within the series of bits, and that this probability will be equal to 0.25.
  • an expected number of instances of each possible value of a word of the first word size for a random series of bits may in some examples be calculated based on the probability of occurrence of the value, and the length of the series of bits. In this example, the expected number of instances of the value “00” would be calculated to be equal to the probability of the occurrence of the value (in this case, 0.25), and the length of the series of bits (in this case, 10 bits, or 5 words of that word size).
  • a word of this word size may either take the value of “0”, or of “1”, with equal probability.
  • the probability of either values of the word occurring within a word within the series of bits will be equal to 0.5.
  • a word of this word size may take the value of “00”, “01”, “10” or “11” with equal probability.
  • the probability of each of these values of the word occurring within a word within the series of bits will be equal to 0.25.
  • a word of this word size may take the value of “000”, “001”, “010”, “011”, “100”, “101”, “110”, or “111” with equal probability.
  • the probability of each of these values of the word occurring within a word within the series of bits will be equal to 0.125.
  • the probability of each possible value of the word occurring will be equal to 1/2 n . It will however be appreciated that, in practice, there will be some statistical fluctuations which may need to be taken into account. Therefore, in other words, the expected number of instances of a value (of a word) in the series of bits may be related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
  • the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may comprise determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and the step of determining a measure of randomness of the series of bits based on said comparisons may comprise determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range.
  • the comparisons of the determined number of instances, and the expected number of instances may indicate that the series of bits deviate less than what would be expected for a truly random and/or pseudorandom distribution.
  • a situation may arise when a malicious party attempts to mimic a random distribution in the series of bits.
  • the difference for one or more of the possible word values may fall outside the predetermined non-zero range.
  • the determined measure of randomness may indicate that the series of bits is “not random” or “insufficiently random”.
  • the comparisons of the determined number of instances, and the expected number of instances may indicate that the series of bits deviate less than what would be expected for a genuinely random distribution.
  • the difference for one or more of the possible word values may fall outside the predetermined non-zero range.
  • the determined measure of randomness may indicate that the series of bits is “not random” or “insufficiently random”. It will be appreciated that, in the situation in which all of the differences fall inside the pre determined non-zero range, the determined measure of randomness may indicate that the series of bits is “random” or “sufficiently random”.
  • the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise performing a two-sided statistical test based on the determined number of instances, to obtain a result, and based on the result of the two-sided statistical test, determining a measure of randomness of the series of bits.
  • the two-sided statistical test may comprise a chi-squared test.
  • a chi-squared test may be used to verify if an expected distribution is compatible with an observed distribution. Its probability density function may be written as follows: where k is the number of degrees of freedom, and G is a Gamma function.
  • the value p may then be denoted as the probability that a distribution was deemed not random, while in fact it was random (this may occur by chance due to statistical variance).
  • the degrees of freedom k will be equal to 2 n -1
  • c r/2 indicates the lower limit for the test statistic c 2 when we accept the hypothesis that the data is random
  • X I -P/2 indicates the higher limit for the test statistic c 2 when we accept the hypothesis that the data is random. If the value is lower than p/2 in this example, then we may reject that the data is random on the basis that the distribution (which in this example, is the series of bits) is too close to the expected probabilities described above. If the value if higher then 1 -p/2 in this example, then we may reject that the data is random on the basis that the distribution is not compatible with the expected distribution.
  • the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and performing the two-sided statistical test based on said comparisons. It will be appreciated that the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may be performed in a substantially similar manner as described above.
  • a two-sided statistical test may be used to determine whether a statistically significant difference exists between the expected number of instances of a value of a word, and an observed number of instances of a value of a word in a series of bits.
  • the result of a two-sided statistical test may be used to confirm whether this statistically significant difference is smaller than would be predicted for a random series of bits (in other words, there is not enough deviation in the observed number of instances), but may also be used to confirm whether this statistically significant difference is larger than would be predicted for a random series of bits (in other words, there is too much deviation in the observed number of instances).
  • the first situation in which there is not enough deviation in the observed number of instances, may arise when a malicious party attempts to mimic a random distribution in the series of bits.
  • the second situation in which there is too much deviation in the observed number of instances, may arise when the observed number of instances are deviating too greatly from what would be expected for a genuinely random distribution (for the reasons described above). It will be appreciated that the use of a two-sided statistical test may allow both this greater than expected deviation, and this less than expected deviation, to be tested for.
  • the step of, based on the result of the two-sided statistical test, determining a measure of randomness of the series of bits may comprise determining that the series of bits is “not random” or “insufficiently random”.
  • a two-sided statistical test (for example, a chi-squared test) may be used to determine whether a statistically significant difference exists between, for each possible value of a word of a size equal to a first word size, an expected number of instances of the value in the series of bits, and a determined number of instances of the value in the series of bits. Following this, it may then be determined whether the statistically significant difference is smaller than would be predicted for a random series of bits (in other words, that there is not enough deviation in the determined number of instances), and that therefore the series of bits is “not random” or “insufficiently random”.
  • the expected number of instances of the value in the series of bits may be formed as a predetermined sequence.
  • the predetermined sequence may comprise a sequence that represents an amount of deviation that would be expected to occur in a random series of bits.
  • the result of the two-sided statistical test may comprise a p-value corresponding to the series of bits.
  • a p-value may provide an indication of a measure of randomness of the series of bits. For example, a p-value exceeding a predetermined threshold may indicate that the series of bits can be considered “random” or “sufficiently random”, and a p-value failing to exceed a predetermined threshold may indicate that the series of bits can be considered “not random” or “insufficiently random”.
  • such a predetermined threshold may be varied depending on the degree of randomness that is required by the series of bits (for example, the degree of randomness required may vary depending on a further use of the series of bits, or a further use of the computing device that has generated the series of bits).
  • the predetermined threshold may be equal to 0.01.
  • the method may further comprises determining whether the measure of randomness meets a predetermined criterion, and in response to the measure of randomness meeting predetermined criterion, using the series of bits in a cryptographic method. In some embodiments, if the measure of randomness indicates that the series of bits is “random” or “sufficiently random”, the series of bits may be used in a cryptographic method. In another embodiment, if an obtained p-value indicates that indicates that the series of bits is “random” or “sufficiently random”, the series of bits may be used in a cryptographic method. It will be appreciated that the cryptographic method may comprise any suitable cryptographic method that relies on the use of random numbers, such as an asymmetric cryptographic method, an RSA algorithm, a Diffie- Hellman key exchange, or a quantum key distribution method.
  • the method 100 may further comprise determining one or more different second word sizes different to the first word size, and for each second word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the second word size. It will be appreciated that, according to this embodiment, the step of determining the measure of randomness of the series of bits comprises determining the measure of randomness based on the determined numbers of incidences for the first word size and the one or more second word sizes.
  • first word size in the methods described herein that comprises a larger number of bits may indicate that a series of bits is in fact more compressible than would be indicated by the use of a first word size that comprises a smaller number of bits (for example, a first word size equal to one bit) in the methods described herein.
  • a small first word size in the methods described herein may illustrate that on a smaller scale, a series of bits may appear to be relatively incompressible, whereas the use of a larger first word size may show that on a larger scale, a series of bits may appear to be more compressible than the compressibility highlighted by the use of a smaller first word size.
  • the use of a larger first word size in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits.
  • the inclusion of these additional method steps may allow a more accurate measure of randomness to be determined for a series of bits.
  • Figure 2 is a flow chart of another example of a method 200 for processing a series of bits generated at a computing device.
  • the series of bits may comprise a series of random and/or pseudorandom bits.
  • the computing device may comprise a quantum computing device.
  • the method 200 comprises, in step 202, determining a plurality of different first word sizes.
  • the first word sizes are equal to one or more bits.
  • the use of a plurality of first word sizes in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits, as a larger word size as used in the methods described herein may highlight a degree of compressibility in the series of bits that may not be highlighted by the use of a smaller word size in the respective method.
  • the total number of the plurality of different first word sizes may be equal to a predetermined number. In some embodiments, this predetermined number may be based on the size of the series of bits. For example, the larger the series of bits, the larger total number of the plurality of different first word sizes that may be desired. This may allow any large scale compressibility in the series of bits to then be identified following the execution of the method 200.
  • Step 204 of the method 200 comprises, for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size.
  • Step 206 of the method 200 comprises determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
  • the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and determining a measure of randomness of the series of bits based on said comparisons.
  • the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits for each possible value of a word of a size equal to the first word size may be performed in a substantially similar manner as described above.
  • the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may comprise determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and the step of determining a measure of randomness of the series of bits based on said comparisons may comprise determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range.
  • these steps may also be implemented in a manner that is substantially similar to the process that is described above.
  • step of determining a measure of randomness of the series of bits based on said comparisons may be performed in a substantially similar manner as described above.
  • the expected number of instances of the value in the series of bits may be related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
  • the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes may comprise for each first word size, performing a two-sided statistical test based on the respective determined number of instances, to obtain a result, and based on the results of the two-sided statistical tests, determining a measure of randomness of the series of bits.
  • the two-sided statistical test may comprise a chi-squared test.
  • the step of performing a two-sided statistical test based on the respective determined number of instances, to obtain a result may be performed in substantially the same manner as described above.
  • the results of the two-sided statistical tests comprise p-values corresponding to the series of bits.
  • the step of performing the two-sided statistical test may comprise, for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and performing the two-sided statistical test based on said comparisons.
  • the measure of randomness is determined from the result of more than one two-sided statistical test, a more accurate measure of randomness for the series of bits may be obtained. In some embodiments, if one or more of the obtained results indicate that the series of bits should be considered “not random” or “insufficiently random”, the measure of randomness of the series of bits may be determined to be “not random” or insufficiently random”.
  • a two-sided statistical test (for example, a chi-squared test) may be used to determine whether a statistically significant difference exists between, for each first word size, and following this, for each possible value of a word of a size equal to the first word size, an expected number of instances of the value in the series of bits, and a determined number of instances of the value in the series of bits. Following this, it may then be determined whether the statistically significant difference is smaller than would be predicted for a random series of bits (in other words, that there is not enough deviation in the determined number of instances), and that therefore the series of bits is “not random” or “insufficiently random”.
  • the expected number of instances of the value in the series of bits may be formed as a predetermined sequence.
  • the predetermined sequence may comprise a sequence that represents an amount of deviation that would be expected to occur in a random series of bits.
  • a table containing the p-values corresponding to a plurality of different word sizes that were obtained as a result of the execution an embodiment of the method 200 on 3 respective series of bits generated by the 3 different random number generators (the QPU of a D-Wave quantum annealing machine, the LRNG /dev/urandom generator and the Python library NumPy’s function randint) is now presented.
  • the presented p-values represent a probability that the series of bits as generated by the relevant random number generator represents a random series of bits:
  • the threshold for the obtained p-value which the series of bits was determined to be sufficiently random was >0.01. It can be seen in this illustrated example that the series of bits generated by the QPU of a D-Wave quantum annealing machine was not found to represent a random series of bits as a result of the execution of an embodiment of the method 200 (as the obtained p-values always fail to exceed the value 0.01).
  • the series of bits generated by the Python library NumPy’s function randint was found to represent a random series of bits as a result of the execution of an embodiment of the method 200 (as the obtained p-values always exceed the value 0.01).
  • the p-values obtained for the series of bits by the LRNG /dev/urandom generator for smaller word sizes (in this illustrated example, word sizes between 1 and 8 bits) indicate that the series of bits does represent a random and/or pseudorandom series of bits.
  • the larger word sizes in this case, word sizes between 9 and 12 bits
  • the series of bits does not represent a random and/or pseudorandom series of bits.
  • a table containing the p-values corresponding to the 15 aforementioned NIST tests described above on 3 respective series of bits generated by the 3 different random number generators (the QPU of a D-Wave quantum annealing machine, the LRNG /dev/urandom generator and the Python library NumPy’s function randint) is shown below:
  • the presented p-values represent a probability that the series of bits as generated by the relevant random number generator represents a random series of bits:
  • each of the 15 NIST tests would have indicated that the series of bits does represent a random and/or pseudorandom series of bits.
  • the use of a larger word size in a method according to the method 200 described above may allow the series of bits to be more accurately identified to not represent a random and/or pseudorandom series.
  • the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size may comprise, for each first word size forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size, and determining a respective number of incidences in the sequential words of each possible value of a sequential word. It will be appreciated that these steps may be performed in a substantially similar manner as described above.
  • the method may further comprises determining whether the measure of randomness meets a predetermined criterion, and in response to the measure of randomness meeting predetermined criterion, using the series of bits in a cryptographic method. In some embodiments, if the measure of randomness indicates that the series of bits is “random” or “sufficiently random”, the series of bits may be used in a cryptographic method. In another embodiment, if an obtained p-value indicates that indicates that the series of bits is “random” or “sufficiently random”, the series of bits may be used in a cryptographic method. It will be appreciated that the cryptographic method may comprise any suitable cryptographic method that relies on the use of random numbers, such as an asymmetric cryptographic method, an RSA algorithm, a Diffie- Hellman key exchange, or a quantum key distribution method.
  • Figure 3 is a flow chart of an example of a method 300 for testing one or more computing devices.
  • one or more of the computing devices may comprise a quantum computing device.
  • the method 300 comprises, in step 302, generating a plurality of series of bits at the one or more computing devices.
  • one or more of the plurality of series of bits may comprise a random and/or pseudorandom series of bits. It will be appreciated that the method 300 comprises executing steps 304-308 for each of the plurality series of bits.
  • Step 304 of the method 300 comprises determining a first word size.
  • the first word size may be equal to one or more bits.
  • the use of a plurality of first word sizes in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits, as a larger word size as used in the methods described herein may highlight a degree of compressibility in the series of bits that may not be highlighted by the use of a smaller word size in the respective method.
  • the total number of the plurality of different first word sizes may be equal to a predetermined number. In some embodiments, this predetermined number may be based on the size of the series of bits. For example, the larger the series of bits, the larger total number of the plurality of different first word sizes that may be desired. This may allow any large scale compressibility in the series of bits to then be identified following the execution of the method 300.
  • Step 306 of the method 300 comprises determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size.
  • Step 308 of the method 300 comprises determining a measure of randomness of the series of bits based on the determined numbers of incidences.
  • the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits and determining a measure of randomness of the series of bits based on said comparisons.
  • the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size may comprise, for each first word size forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size, and determining a respective number of incidences in the sequential words of each possible value of a sequential word. It will be appreciated that these steps may be performed in a substantially similar manner as described above. It will be appreciated that the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits for each possible value of a word of a size equal to the first word size may be performed in a substantially similar manner as described above.
  • the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may comprise determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and the step of determining a measure of randomness of the series of bits based on said comparisons may comprise determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range.
  • these steps may also be implemented in a manner that is substantially similar to the process that is described above.
  • step of determining a measure of randomness of the series of bits based on said comparisons may be performed in a substantially similar manner as described above.
  • the expected number of instances of the value in the series of bits may be related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
  • the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes may comprise performing a two-sided statistical test based on the respective determined number of instances, to obtain a result, and based on the results of the two-sided statistical tests, determining a measure of randomness of the series of bits.
  • the two-sided statistical test may comprise a chi-squared test.
  • the step of performing a two-sided statistical test based on the respective determined number of instances, to obtain a result may be performed in substantially the same manner as described above.
  • the obtained result comprises a p-value corresponding to the series of bits.
  • the step of performing the two-sided statistical test may comprise, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and performing the two- sided statistical test based on said comparisons.
  • the measure of randomness is determined from the result of more than one two-sided statistical test, a more accurate measure of randomness for the series of bits may be obtained. In some embodiments, if one or more of the obtained results indicate that the series of bits should be considered “not random” or “insufficiently random”, the measure of randomness of the series of bits may be determined to be “not random” or insufficiently random”.
  • a two-sided statistical test (for example, a chi-squared test) may be used to determine whether a statistically significant difference exists between, for each possible value of a word of a size equal to the first word size, an expected number of instances of the value in the series of bits, and a determined number of instances of the value in the series of bits. Following this, it may then be determined whether the statistically significant difference is smaller than would be predicted for a random series of bits (in other words, that there is not enough deviation in the determined number of instances), and that therefore the series of bits is “not random” or “insufficiently random”.
  • the expected number of instances of the value in the series of bits may be formed as a predetermined sequence. It will be appreciated that the predetermined sequence may comprise a sequence that represents an amount of deviation that would be expected to occur in a random series of bits.
  • Step 310 of the method 300 comprises, based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method.
  • the step of selecting one of the computing devices for use in a cryptographic method may comprise determining if any of the determined measures of randomness meet a predetermined criterion. For example, in some embodiments, one or more computing devices corresponding to the series of bits with the highest determined measures of randomness may be selected for use in a cryptographic method. In another example, in some embodiments, the one or more computing devices corresponding to the series of bits with the largest determined p-values may be selected for use in a cryptographic method.
  • the cryptographic method may comprise any suitable cryptographic method that relies on the use of random numbers, such as an asymmetric cryptographic method, an RSA algorithm, a Diffie-Hellman key exchange, or a quantum key distribution method.
  • the method 300 may further comprise, for each of the plurality of series of bits, determining one or more different second word sizes different to the first word size, and for each second word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the second word size, and wherein the step of determining the measure of randomness of the series of bits may comprise determining the measure of randomness based on the determined numbers of incidences for the first word size and the one or more second word sizes.
  • first word size in the methods described herein that comprises a larger number of bits may indicate that a series of bits is in fact more compressible than would be indicated by the use of a first word size that comprises a smaller number of bits (for example, a first word size equal to one bit) in the methods described herein.
  • a small first word size in the methods described herein may illustrate that on a smaller scale, a series of bits may appear to be relatively incompressible, whereas the use of a larger first word size may show that on a larger scale, a series of bits may appear to be more compressible than the compressibility highlighted by the use of a smaller first word size.
  • the use of a larger first word size in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits.
  • the inclusion of these additional method steps may allow a more accurate measure of randomness to be determined for a series of bits.
  • Figure 4 is a flow chart of another example of a method 400 for testing one or more computing devices.
  • one or more of the computing devices may comprise a quantum computing device.
  • the method 400 comprises, in step 402, generating a plurality of series of bits at the one or more computing devices.
  • one or more of the plurality of series of bits may comprise a random and/or pseudorandom series of bits. It will be appreciated that the method 400 comprises executing steps 404-408 for each of the plurality series of bits.
  • Step 404 of the method 400 comprises determining a plurality of different first word sizes.
  • the first word sizes are equal to one or more bits.
  • the use of a plurality of first word sizes in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits, as a larger word size as used in the methods described herein may highlight a degree of compressibility in the series of bits that may not be highlighted by the use of a smaller word size in the respective method.
  • the total number of the plurality of different first word sizes may be equal to a predetermined number. In some embodiments, this predetermined number may be based on the size of the series of bits. For example, the larger the series of bits, the larger total number of the plurality of different first word sizes that may be desired. This may allow any large scale compressibility in the series of bits to then be identified following the execution of the method 400.
  • Step 406 of the method 400 comprises, for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size.
  • Step 408 of the method 400 comprises determining the measure of randomness based on the determined numbers of incidences for the first word sizes.
  • the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and determining a measure of randomness of the series of bits based on said comparisons. It will be appreciated that the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits for each possible value of a word of a size equal to the first word size may be performed in a substantially similar manner as described above.
  • the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may comprise determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and the step of determining a measure of randomness of the series of bits based on said comparisons may comprise determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range.
  • these steps may also be implemented in a manner that is substantially similar to the process that is described above.
  • step of determining a measure of randomness of the series of bits based on said comparisons may be performed in a substantially similar manner as described above.
  • the expected number of instances of the value in the series of bits may be related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
  • the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes may comprise for each first word size, performing a two-sided statistical test based on the respective determined number of instances, to obtain a result, and based on the results of the two-sided statistical tests, determining a measure of randomness of the series of bits.
  • the two-sided statistical test may comprise a chi-squared test.
  • the step of performing a two-sided statistical test based on the respective determined number of instances, to obtain a result may be performed in substantially the same manner as described above.
  • the results of the two-sided statistical tests comprise p-values corresponding to the series of bits.
  • the step of performing the two-sided statistical test may comprise, for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and performing the two-sided statistical test based on said comparisons.
  • the measure of randomness is determined from the result of more than one two-sided statistical test, a more accurate measure of randomness for the series of bits may be obtained. In some embodiments, if one or more of the obtained results indicate that the series of bits should be considered “not random” or “insufficiently random”, the measure of randomness of the series of bits may be determined to be “not random” or insufficiently random”.
  • a two-sided statistical test (for example, a chi-squared test) may be used to determine whether a statistically significant difference exists between, for each possible value of a word of a size equal to the first word size, an expected number of instances of the value in the series of bits, and a determined number of instances of the value in the series of bits. Following this, it may then be determined whether the statistically significant difference is smaller than would be predicted for a random series of bits (in other words, that there is not enough deviation in the determined number of instances), and that therefore the series of bits is “not random” or “insufficiently random”.
  • the expected number of instances of the value in the series of bits may be formed as a predetermined sequence. It will be appreciated that the predetermined sequence may comprise a sequence that represents an amount of deviation that would be expected to occur in a random series of bits.
  • the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size may comprise, for each first word size forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size, and determining a respective number of incidences in the sequential words of each possible value of a sequential word. It will be appreciated that these steps may be performed in a substantially similar manner as described above.
  • Step 410 of the method 400 comprises, based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method.
  • the step of selecting one of the computing devices for use in a cryptographic method may comprise determining if any of the determined measures of randomness meet a predetermined criterion. For example, in some embodiments, one or more computing devices corresponding to the series of bits with the highest determined measures of randomness may be selected for use in a cryptographic method. In another example, in some embodiments, the one or more computing devices corresponding to the series of bits with the largest determined p-values may be selected for use in a cryptographic method.
  • the cryptographic method may comprise any suitable cryptographic method that relies on the use of random numbers, such as an asymmetric cryptographic method, an RSA algorithm, a Diffie-Hellman key exchange, or a quantum key distribution method.
  • FIG. 5 is a schematic of an example of apparatus 500 for processing a series of bits generated at a computing device.
  • the apparatus 500 comprises processing circuitry 502 (e.g. one or more processors) and a memory 504 in communication with the processing circuitry 502.
  • the memory 504 contains instructions executable by the processing circuitry 502.
  • the memory 504 contains instructions executable by the processing circuitry 502 such that the apparatus 500 is operable to determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences
  • the memory 504 contains instructions executable by the processing circuitry 502 such that the apparatus 500 is operable to carry out the method 100 shown in Figure 1 and/or described above.
  • Figure 6 is a schematic of an example of apparatus 600 for processing a series of bits generated at a computing device.
  • the apparatus 600 comprises processing circuitry 602 (e.g. one or more processors) and a memory 604 in communication with the processing circuitry 602.
  • the memory 604 contains instructions executable by the processing circuitry 602.
  • the memory 604 contains instructions executable by the processing circuitry 602 such that the apparatus 600 is operable to determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
  • the memory 604 contains instructions executable by the processing circuitry 602 such that the apparatus 600 is operable to carry out the method 200 shown in Figure 2 and/or described above.
  • FIG. 7 is a schematic of an example of apparatus 700 for testing one or more computing devices.
  • the apparatus 700 comprises processing circuitry 702 (e.g. one or more processors) and a memory 704 in communication with the processing circuitry 702.
  • the memory 704 contains instructions executable by the processing circuitry 702.
  • the memory 704 contains instructions executable by the processing circuitry 702 such that the apparatus 700 is operable generate a plurality of series of bits at the one or more computing devices, and for each of the plurality of series of bits, determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, determine a measure of randomness of the series of bits based on the determined numbers of incidences, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
  • the memory 704 contains instructions executable by the processing circuitry 702 such that the apparatus 700 is operable to carry out the method 300 shown in Figure 3 and/or described above.
  • FIG 8 is a schematic of an example of apparatus 800 for testing one or more computing devices.
  • the apparatus 800 comprises processing circuitry 802 (e.g. one or more processors) and a memory 804 in communication with the processing circuitry 802.
  • the memory 804 contains instructions executable by the processing circuitry 802.
  • the memory 804 contains instructions executable by the processing circuitry 802 such that the apparatus 800 is operable to generate a plurality of series of bits at the one or more computing devices, and, for each of the plurality of series of bits, determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine the measure of randomness based on the determined numbers of incidences for the first word sizes, and, based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
  • the memory 804 contains instructions executable by the processing circuitry 802 such that the apparatus 800 is operable to carry out the method 400 shown in Figure 4 and/or described above.
  • the above-mentioned examples illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative examples without departing from the scope of the appended statements.
  • the word “comprising” does not exclude the presence of elements or steps other than those listed in a claim or embodiment, “a” or “an” does not exclude a plurality, and a single processor or other unit may fulfil the functions of several units recited in the statements below. Where the terms, “first”, “second” etc are used they are to be understood merely as labels for the convenient identification of a particular feature.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computational Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

A method for processing a series of bits generated at a computing device is disclosed. The method comprises determining a first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determining a measure of randomness of the series of bits based on the determined numbers of incidences.

Description

PROCESSING A SERIES OF BITS
Technical Field
Examples of the present disclosure relate to methods and apparatuses for processing a series of bits generated at a computing device. Examples of the present disclosure also relate to methods and apparatuses for testing one or more computing devices.
Background
A random number, or a random symbol, is a mathematical object that cannot be predicted more successfully than by random chance. One example of a random chance is the outcome of flipping a coin. Another example of a random chance is the time at which a radioactive decay of a nucleus occurs. Random numbers have uses in several applications, such as Monte Carlo calculations, statistics, and cryptography.
Cryptography is a technique that may be used to secure communication between two parties in the presence of a third party. In cryptography, an encryption process converts an original representation of data into an alternative form that only authorized parties are able to decipher back to the original form from which the original information may be accessed. It will be appreciated that in order to protect confidentiality and integrity of sensitive data, data may be transmitted via an encrypted communication platform to ensure that the data does not traverse a network in plaintext.
It will be appreciated that many protocols for encryption make use of random numbers. One example of this is asymmetric cryptography (or public key cryptography). Asymmetric cryptography is a cryptosystem based on both public and private keys, which secure a communication channel between two parties. Generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Two examples of asymmetric cryptographic algorithms are the RSA cryptosystem, and the Diffie-Hellman key exchange. The RSA algorithm is based on the difficulty of factoring a large number N that is a product of two (large) prime numbers p and q. The Diffie-Hellman key exchange is a method to exchange a secret key that is based on the difficultly of computing gab(mod p) from the known values ga(mod p) and gb(mod p) where p is a prime number and g is a primitive root for F*p. Both the RSA algorithm, and the Diffie-Hellman key exchange rely on random numbers to generate the keys. Random numbers are required when generating the two prime numbers p and q for the RSA algorithm, and random numbers are used when two parties select their secret integers a and b for Diffie-Hellman key exchange.
As mentioned above, the underlying mathematical problems of the RSA algorithm and the Diffie-Hellman key exchange (as well as the Elliptic Curve Diffie-Hellman key exchange) are based on problems that are hard to solve on a classical computer. However, these problems have theoretically been shown to be easy to solve, given a large enough quantum computer. With the onset of quantum computers, asymmetric cryptography algorithms could be at a risk of being broken.
In view of this, quantum-safe cryptography as well as quantum key distribution (QKD) are being researched. One protocol of quantum key distribution, BB84, again relies on random numbers. The BB84 protocol defines that one party, Alice, prepares a photon with a random polarization. A second party, Bob, then measures the polarization of the photon and chooses which base he will randomly use for the measurement. If the preparation and the measurement are not random, the security of the protocol cannot be guaranteed.
In view of this, before deploying a random number generator, it is important that the random numbers that are produced by the random number generator have been verified to be random enough. There are a number of different statistical tests that can be used to test the randomness of the random numbers produced by a random number generator. Typically, these tests detect patterns, or absence of such. Since there are many different randomness tests that target different aspects of randomness, there is no complete set of randomness tests. However, theNational Institute of Standards and Technology (NIST) has published a test suite with 15 different randomness tests, where each test focuses on different areas where non-randomness could exist. The different tests they recommend are listed below:
1. The Frequency (Monobit) Test
2. Frequency Test within a Block
3. The Runs Test
4. Tests for the Longest-Run-of-Ones in a Block
5. The Binary Matrix Rank Test
6. The Discrete Fourier Transform (Spectral) Test 7. The Non-overlapping Template Matching Test
8. The Overlapping Template Matching Test
9. Maurer’s "Universal Statistical" Test
10. The Linear Complexity Test
11. The Serial Test
12. The Approximate Entropy Test
13. The Cumulative Sums (Cusums) Test
14. The Random Excursions Test
15. The Random Excursions Variant Test
The majority of the tests listed above check one or more statistical properties of the random numbers produced by a random number generator. For example, the frequency (monobit) test tests the number of incidences of the 0s and 1s present in a bit stream. Other tests may check properties such as bias, or serial autocorrelation. Compilation tests may be used to test the source of the random numbers itself, such as the Diehard test for pseudo-random number generators, or for generators based on hardware processes such as ENT.
Summary
One aspect of this disclosure provides a method for processing a series of bits generated at a computing device. The method comprises determining a first word size. The method also comprises determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determining a measure of randomness of the series of bits based on the determined numbers of incidences.
Another aspect of this disclosure provides a method of processing a series of bits generated at a computing device. The method comprises determining a plurality of different first word sizes. The method also comprises for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes. A further aspect of this disclosure provides a method for testing one or more computing devices. The method comprises generating a plurality of series of bits at the one or more computing devices. The method also comprises, for each of the plurality of series of bits, determining a first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determining a measure of randomness of the series of bits based on the determined numbers of incidences. The method also comprises, based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method.
A still further aspect of this disclosure provides a method for testing one or more computing devices. The method comprises generating a plurality of series of bits at the one or more computing devices. The method also comprises, for each of the plurality of series of bits, determining a plurality of different first word sizes, for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determining the measure of randomness based on the determined numbers of incidences for the first word sizes. The method also comprises, based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method.
An additional aspect of this disclosure provides an apparatus for processing a series of bits generated at a computing device. The apparatus comprises a processor and a memory. The memory contains instructions executable by the processor such that the apparatus is operable to determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences.
A further aspect of this disclosure provides an apparatus for processing a series of bits generated at a computing device. The apparatus comprises a processor and a memory. The memory contains instructions executable by the processor such that the apparatus is operable to determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
A still further aspect of this disclosure provides an apparatus for testing one or more computing devices. The apparatus comprises a processor and a memory. The memory contains instructions executable by the processor such that the apparatus is operable to generate a plurality of series of bits at the one or more computing devices, and for each of the plurality of series of bits, determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, determine a measure of randomness of the series of bits based on the determined numbers of incidences, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
A still further aspect of this disclosure provides an apparatus for testing one or more computing devices. The apparatus comprises a processor and a memory. The memory contains instructions executable by the processor such that the apparatus is operable to generate a plurality of series of bits at the one or more computing devices, and for each of the plurality of series of bits, determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine the measure of randomness based on the determined numbers of incidences for the first word sizes, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
An additional aspect of this disclosure provides an apparatus for processing a series of bits generated at a computing device. The apparatus is configured to determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences.
A further aspect of this disclosure provides an apparatus for processing a series of bits generated at a computing device. The apparatus is configured to determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
A still further aspect of this disclosure provides an apparatus for testing one or more computing devices. The apparatus is configured to generate a plurality of series of bits at the one or more computing devices, and, for each of the plurality of series of bits, determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, determine a measure of randomness of the series of bits based on the determined numbers of incidences, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
A still further aspect of this disclosure provides an apparatus for testing one or more computing devices. The apparatus is configured to generate a plurality of series of bits at the one or more computing devices, and, for each of the plurality of series of bits, determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine the measure of randomness based on the determined numbers of incidences for the first word sizes, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
Brief Description of the Drawings
For a better understanding of examples of the present disclosure, and to show more clearly how the examples may be carried into effect, reference will now be made, by way of example only, to the following drawings in which:
Figure 1 is a flow chart of an example of a method for processing a series of bits generated at a computing device;
Figure 2 is a flow chart of another example of a method for processing a series of bits generated at a computing device; Figure 3 is a flow chart of an example of a method for testing one or more computing devices;
Figure 4 is a flow chart of another example of a method for testing one or more computing devices;
Figure 5 is a schematic of an example of apparatus for processing a series of bits generated at a computing device;
Figure 6 is a schematic of another example of apparatus for processing a series of bits generated at a computing device;
Figure 7 is a schematic of an example of apparatus for testing one or more computing devices; and
Figure 8 is a schematic of another example of apparatus for testing one or more computing devices.
Detailed Description
The following sets forth specific details, such as particular embodiments or examples for purposes of explanation and not limitation. It will be appreciated by one skilled in the art that other examples may be employed apart from these specific details. In some instances, detailed descriptions of well-known methods, nodes, interfaces, circuits, and devices are omitted so as not obscure the description with unnecessary detail. Those skilled in the art will appreciate that the functions described may be implemented in one or more nodes using hardware circuitry (e.g., analog and/or discrete logic gates interconnected to perform a specialized function, ASICs, PLAs, etc.) and/or using software programs and data in conjunction with one or more digital microprocessors or general purpose computers. Nodes that communicate using the air interface also have suitable radio communications circuitry. Moreover, where appropriate the technology can additionally be considered to be embodied entirely within any form of computer- readable memory, such as solid-state memory, magnetic disk, or optical disk containing an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein. Hardware implementation may include or encompass, without limitation, digital signal processor (DSP) hardware, a reduced instruction set processor, hardware (e.g., digital or analogue) circuitry including but not limited to application specific integrated circuit(s) (ASIC) and/or field programmable gate array(s) (FPGA(s)), and (where appropriate) state machines capable of performing such functions.
In view of this, it will be appreciated that a perfectly random series of bits should be in compressible (in the same way that a perfectly random sequence should be incompressible). It will be appreciated that, equivalently, if a random series is to be divided into a series of words (where each word is of a certain word size), the source entropy (as a function of the expected probabilities for a value of a word taken from a perfectly random series of bits) per word in a perfectly random series of bits should be equal to 1 , regardless of how the words are formed. In view of this, it will be appreciated that a measure of randomness of a series of bits may be determined based on the incompressibility of that series of bits. It will be appreciated that methods described herein take advantage of this incompressibility of a random series of bits in order to determine a measure of randomness of a series of bits.
Figure 1 is a flow chart of an example of a method 100 for processing a series of bits generated at a computing device. In some embodiments, the series of bits may comprise a series of random and/or pseudorandom bits. In some embodiments, the computing device may comprise a quantum computing device.
The method 100 comprises, in step 102, determining a first word size. In some embodiments, the first word size is equal to one or more bits. As will be discussed in greater detail below, the use of a first word size in the methods described herein that comprises a larger number of bits may indicate that a series of bits is in fact more compressible than would be indicated by the use of a first word size that comprises a smaller number of bits (for example, a first word size equal to one bit) in the methods described herein. In other words, the use of a small first word size in the methods described herein may illustrate that on a smaller scale, a series of bits may appear to be relatively incompressible, whereas the use of a larger first word size may show that on a larger scale, a series of bits may appear to be more compressible than the compressibility highlighted by the use of a smaller first word size. An example of incompressibility of a series of bits for a small word, but compressibility of the series of bits for a large word, is now provided. The series of bits “1010101001” cannot be compressed when considering a word of a size equal to one bit (where the value of the word may comprise either “0”, or “1”). However, for a word of a size equal to two bits (where the value of the word may comprise either “00”, “01” “10” or “11”), and letting the word value “10” be represented as “0”, and the value “01” be represented as “1”, the series of bits may now be encoded as “00001”. Thus, a series of bits that appeared to be incompressible for a small word size can be shown to be compressible for a larger word size. Examples of this disclosure may use this observation and use larger word sizes (e.g. two or more bits), and/or multiple different word sizes, to determine a measure of randomness of a series of bits.
Step 104 of the method 100 comprises determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size. In some embodiments, the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size may comprise forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size, and determining a respective number of incidences in the sequential words of each possible value of a sequential word. For example, in a series of bits comprising the bit values “0101101100”, and where the first word size is equal to 2 bits, forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size would comprise forming the 5 sequential words “01”, “01”, “ ” “ ” anc| “go”. For a first word size is equal to 2 bits, the possible values of the word comprise the values “01”, “10”, “11” and “00”. Thus, in this example, the step of determining a respective number of incidences in the sequential words of each possible value of a sequential word would comprise determining that the value “01” occurs twice, the value “10” occurs once, the value “11” occurs once and the value “00” occurs once. It will be appreciated that, in some embodiments, the words formed from the series of bits may not be sequential. For example, the formed words may overlap with one another.
Step 106 of the method 100 comprises determining a measure of randomness of the series of bits based on the determined numbers of incidences. In some embodiments, the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits. It will be appreciated that, according to this embodiment, a measure of randomness of the series of bits may be determined based on said comparisons. For example, again referring to the series of bits comprising the bit values “0101101100”, and where the first word size is equal to 2 bits, a word of the first word size may take the value of “00”, “01”, “10” or “11”. In a random series of bits, it will be appreciated that each of these values of a word of the first word size should be equally probable within the series of bits, and that this probability will be equal to 0.25. It will be appreciated that, an expected number of instances of each possible value of a word of the first word size for a random series of bits may in some examples be calculated based on the probability of occurrence of the value, and the length of the series of bits. In this example, the expected number of instances of the value “00” would be calculated to be equal to the probability of the occurrence of the value (in this case, 0.25), and the length of the series of bits (in this case, 10 bits, or 5 words of that word size).
As discussed above, it will be appreciated that a perfectly random series of bits should be incompressible, and that if a random series were to be divided into a series of words (where each word is of a certain word size), the source entropy per word in a perfectly random series of bits should be equal to 1 (regardless of how the words are formed). In order to achieve maximum entropy in series of bits, this would require that each word should be equally probable within the series of bits.
For example, considering a word size equal to 1 bit, a word of this word size may either take the value of “0”, or of “1”, with equal probability. Thus, in a random series of bits, the probability of either values of the word occurring within a word within the series of bits will be equal to 0.5. In another example, considering a word size equal to 2 bits, a word of this word size may take the value of “00”, “01”, “10” or “11” with equal probability. Thus, in a random series of bits, the probability of each of these values of the word occurring within a word within the series of bits will be equal to 0.25. In another example, considering a word size equal to 3 bits, a word of this word size may take the value of “000”, “001”, “010”, “011”, “100”, “101”, “110”, or “111” with equal probability. Thus, in a random series of bits, the probability of each of these values of the word occurring within a word within the series of bits will be equal to 0.125. Hence, for a truly random series of bits, taking a word from this series of bits where the word size is equal to n bits, the probability of each possible value of the word occurring will be equal to 1/2n. It will however be appreciated that, in practice, there will be some statistical fluctuations which may need to be taken into account. Therefore, in other words, the expected number of instances of a value (of a word) in the series of bits may be related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
For example, referring to the series of bits comprising the 10 bit values “0101101100”, and where the word size is equal to 1 bit, the expected number of incidences of the value “0” would be equal to 10 x 0.5 = 5. Similarly, the expected number of incidences of the value “1” would be equal to 10 x 0.5 = 5.
In some embodiments, the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may comprise determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and the step of determining a measure of randomness of the series of bits based on said comparisons may comprise determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range.
For example, the comparisons of the determined number of instances, and the expected number of instances, may indicate that the series of bits deviate less than what would be expected for a truly random and/or pseudorandom distribution. Such a situation may arise when a malicious party attempts to mimic a random distribution in the series of bits. In such a situation, the difference for one or more of the possible word values may fall outside the predetermined non-zero range. It will be appreciated that, in this example, the determined measure of randomness may indicate that the series of bits is “not random” or “insufficiently random”. In another example, the comparisons of the determined number of instances, and the expected number of instances, may indicate that the series of bits deviate less than what would be expected for a genuinely random distribution. It will be appreciated that, where the series of bits deviate less than what would be expected for a genuinely random distribution, a sequential word in the series of bit may become predictable. For example, considering a series of bits “000001010011100101110111”, and a word size equal to 3 bits, in a situation in which the series of bits deviate less than what would be expected for a genuinely random distribution, and 7 different values of the word have occurred sequentially in the series of bits, then occurrence of the value “111” following these 7 values can be predicted with certainty. In this situation, the 8th word, “111”, could be removed from the series of bits, and no information would be lost, thus, allowing the series of bits to become compressible, and the series of bits becomes predictable. In such a situation, the difference for one or more of the possible word values may fall outside the predetermined non-zero range. It will be appreciated that, in this example, the determined measure of randomness may indicate that the series of bits is “not random” or “insufficiently random”. It will be appreciated that, in the situation in which all of the differences fall inside the pre determined non-zero range, the determined measure of randomness may indicate that the series of bits is “random” or “sufficiently random”.
It will also be appreciated that, in some embodiments, the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise performing a two-sided statistical test based on the determined number of instances, to obtain a result, and based on the result of the two-sided statistical test, determining a measure of randomness of the series of bits. In some embodiments, the two-sided statistical test may comprise a chi-squared test.
It will be appreciated that the skilled person will understand that a chi-squared test may be used to verify if an expected distribution is compatible with an observed distribution. Its probability density function may be written as follows:
Figure imgf000013_0001
where k is the number of degrees of freedom, and G is a Gamma function.
For a discrete uniform distribution, the chi-squared (X2) statistic may be computed as:
Figure imgf000013_0002
where vt is the number of observations in bin i, N is the total number of observations and, in this example, m = 2n is the number of possible values of a word of word size equal to n. As mentioned above, the assumed probability of each of these values occurring in a word (of a word size equal to n) taken from random series of bits will be equal to 1/2n. The test statistic may then be compared with the cumulative distribution function.
Figure imgf000014_0001
Following this, the value p may then be denoted as the probability that a distribution was deemed not random, while in fact it was random (this may occur by chance due to statistical variance).
In this example, a lower critical bound c2 /2 may be defined as the value of the test statistic c2 when the probability P(k,x £ c2) = p/2. An upper critical bound c -r/2 may be defined as the value of the test statistic c2 when the probability P(k,x £ c 2) = 1 -p/2.
In this example, the degrees of freedom k will be equal to 2n -1, cr/2 indicates the lower limit for the test statistic c2 when we accept the hypothesis that the data is random, and XI-P/2 indicates the higher limit for the test statistic c2 when we accept the hypothesis that the data is random. If the value is lower than p/2 in this example, then we may reject that the data is random on the basis that the distribution (which in this example, is the series of bits) is too close to the expected probabilities described above. If the value if higher then 1 -p/2 in this example, then we may reject that the data is random on the basis that the distribution is not compatible with the expected distribution.
In some embodiments, the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and performing the two-sided statistical test based on said comparisons. It will be appreciated that the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may be performed in a substantially similar manner as described above.
It will be appreciated that a two-sided statistical test may be used to determine whether a statistically significant difference exists between the expected number of instances of a value of a word, and an observed number of instances of a value of a word in a series of bits. In some embodiments, the result of a two-sided statistical test may be used to confirm whether this statistically significant difference is smaller than would be predicted for a random series of bits (in other words, there is not enough deviation in the observed number of instances), but may also be used to confirm whether this statistically significant difference is larger than would be predicted for a random series of bits (in other words, there is too much deviation in the observed number of instances). It will be appreciated that the first situation, in which there is not enough deviation in the observed number of instances, may arise when a malicious party attempts to mimic a random distribution in the series of bits. Additionally, the second situation, in which there is too much deviation in the observed number of instances, may arise when the observed number of instances are deviating too greatly from what would be expected for a genuinely random distribution (for the reasons described above). It will be appreciated that the use of a two-sided statistical test may allow both this greater than expected deviation, and this less than expected deviation, to be tested for.
In some examples, where the result of the two-sided statistical test indicates that there is either insufficient deviation in the random series of bits, or too much deviation in the random series of bits, the step of, based on the result of the two-sided statistical test, determining a measure of randomness of the series of bits, may comprise determining that the series of bits is “not random” or “insufficiently random”.
That is, it will be appreciated that a two-sided statistical test (for example, a chi-squared test) may be used to determine whether a statistically significant difference exists between, for each possible value of a word of a size equal to a first word size, an expected number of instances of the value in the series of bits, and a determined number of instances of the value in the series of bits. Following this, it may then be determined whether the statistically significant difference is smaller than would be predicted for a random series of bits (in other words, that there is not enough deviation in the determined number of instances), and that therefore the series of bits is “not random” or “insufficiently random”.
It will be appreciated that the expected number of instances of the value in the series of bits may be formed as a predetermined sequence. It will be appreciated that the predetermined sequence may comprise a sequence that represents an amount of deviation that would be expected to occur in a random series of bits. In some embodiments, the result of the two-sided statistical test may comprise a p-value corresponding to the series of bits. It will be appreciated that a p-value may provide an indication of a measure of randomness of the series of bits. For example, a p-value exceeding a predetermined threshold may indicate that the series of bits can be considered “random” or “sufficiently random”, and a p-value failing to exceed a predetermined threshold may indicate that the series of bits can be considered “not random” or “insufficiently random”. It will be appreciated that such a predetermined threshold may be varied depending on the degree of randomness that is required by the series of bits (for example, the degree of randomness required may vary depending on a further use of the series of bits, or a further use of the computing device that has generated the series of bits). For example, the predetermined threshold may be equal to 0.01.
In some embodiments, the method may further comprises determining whether the measure of randomness meets a predetermined criterion, and in response to the measure of randomness meeting predetermined criterion, using the series of bits in a cryptographic method. In some embodiments, if the measure of randomness indicates that the series of bits is “random” or “sufficiently random”, the series of bits may be used in a cryptographic method. In another embodiment, if an obtained p-value indicates that indicates that the series of bits is “random” or “sufficiently random”, the series of bits may be used in a cryptographic method. It will be appreciated that the cryptographic method may comprise any suitable cryptographic method that relies on the use of random numbers, such as an asymmetric cryptographic method, an RSA algorithm, a Diffie- Hellman key exchange, or a quantum key distribution method.
It will be appreciated that, in some embodiments, the method 100 may further comprise determining one or more different second word sizes different to the first word size, and for each second word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the second word size. It will be appreciated that, according to this embodiment, the step of determining the measure of randomness of the series of bits comprises determining the measure of randomness based on the determined numbers of incidences for the first word size and the one or more second word sizes. As mentioned above, the use of a first word size in the methods described herein that comprises a larger number of bits may indicate that a series of bits is in fact more compressible than would be indicated by the use of a first word size that comprises a smaller number of bits (for example, a first word size equal to one bit) in the methods described herein. In other words, the use of a small first word size in the methods described herein may illustrate that on a smaller scale, a series of bits may appear to be relatively incompressible, whereas the use of a larger first word size may show that on a larger scale, a series of bits may appear to be more compressible than the compressibility highlighted by the use of a smaller first word size. In other words, the use of a larger first word size in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits. Thus, the inclusion of these additional method steps may allow a more accurate measure of randomness to be determined for a series of bits.
Figure 2 is a flow chart of another example of a method 200 for processing a series of bits generated at a computing device. In some embodiments, the series of bits may comprise a series of random and/or pseudorandom bits. In some embodiments, the computing device may comprise a quantum computing device.
The method 200 comprises, in step 202, determining a plurality of different first word sizes. In some embodiments, the first word sizes are equal to one or more bits. As previously discussed, the use of a plurality of first word sizes in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits, as a larger word size as used in the methods described herein may highlight a degree of compressibility in the series of bits that may not be highlighted by the use of a smaller word size in the respective method. In some embodiments, the total number of the plurality of different first word sizes may be equal to a predetermined number. In some embodiments, this predetermined number may be based on the size of the series of bits. For example, the larger the series of bits, the larger total number of the plurality of different first word sizes that may be desired. This may allow any large scale compressibility in the series of bits to then be identified following the execution of the method 200.
Step 204 of the method 200 comprises, for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size.
Step 206 of the method 200 comprises determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes. In some embodiments, the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and determining a measure of randomness of the series of bits based on said comparisons. It will be appreciated that the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits for each possible value of a word of a size equal to the first word size may be performed in a substantially similar manner as described above.
For example, in some embodiments, the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may comprise determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and the step of determining a measure of randomness of the series of bits based on said comparisons may comprise determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range. Similarly these steps may also be implemented in a manner that is substantially similar to the process that is described above.
It will also be appreciated that the step of determining a measure of randomness of the series of bits based on said comparisons may be performed in a substantially similar manner as described above.
In some embodiments, the expected number of instances of the value in the series of bits may be related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
In some embodiments, the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes may comprise for each first word size, performing a two-sided statistical test based on the respective determined number of instances, to obtain a result, and based on the results of the two-sided statistical tests, determining a measure of randomness of the series of bits. In some embodiments, the two-sided statistical test may comprise a chi-squared test.
It will be appreciated that the step of performing a two-sided statistical test based on the respective determined number of instances, to obtain a result, may be performed in substantially the same manner as described above. For example, in some embodiments, the results of the two-sided statistical tests comprise p-values corresponding to the series of bits. Additionally or alternatively, the step of performing the two-sided statistical test may comprise, for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and performing the two-sided statistical test based on said comparisons.
It will be appreciated that, as the measure of randomness is determined from the result of more than one two-sided statistical test, a more accurate measure of randomness for the series of bits may be obtained. In some embodiments, if one or more of the obtained results indicate that the series of bits should be considered “not random” or “insufficiently random”, the measure of randomness of the series of bits may be determined to be “not random” or insufficiently random”.
That is, it will be appreciated that a two-sided statistical test (for example, a chi-squared test) may be used to determine whether a statistically significant difference exists between, for each first word size, and following this, for each possible value of a word of a size equal to the first word size, an expected number of instances of the value in the series of bits, and a determined number of instances of the value in the series of bits. Following this, it may then be determined whether the statistically significant difference is smaller than would be predicted for a random series of bits (in other words, that there is not enough deviation in the determined number of instances), and that therefore the series of bits is “not random” or “insufficiently random”.
It will be appreciated that the expected number of instances of the value in the series of bits may be formed as a predetermined sequence. It will be appreciated that the predetermined sequence may comprise a sequence that represents an amount of deviation that would be expected to occur in a random series of bits. A table containing the p-values corresponding to a plurality of different word sizes that were obtained as a result of the execution an embodiment of the method 200 on 3 respective series of bits generated by the 3 different random number generators (the QPU of a D-Wave quantum annealing machine, the LRNG /dev/urandom generator and the Python library NumPy’s function randint) is now presented. In this table, the presented p-values represent a probability that the series of bits as generated by the relevant random number generator represents a random series of bits:
Figure imgf000020_0001
In this illustrated example, the threshold for the obtained p-value which the series of bits was determined to be sufficiently random was >0.01. It can be seen in this illustrated example that the series of bits generated by the QPU of a D-Wave quantum annealing machine was not found to represent a random series of bits as a result of the execution of an embodiment of the method 200 (as the obtained p-values always fail to exceed the value 0.01). Additionally, it can be seen that the series of bits generated by the Python library NumPy’s function randint was found to represent a random series of bits as a result of the execution of an embodiment of the method 200 (as the obtained p-values always exceed the value 0.01). Referring now to the p-values obtained for the series of bits by the LRNG /dev/urandom generator, for smaller word sizes (in this illustrated example, word sizes between 1 and 8 bits) indicate that the series of bits does represent a random and/or pseudorandom series of bits. However, the larger word sizes (in this case, word sizes between 9 and 12 bits) indicate that the series of bits does not represent a random and/or pseudorandom series of bits. This is an example of the large scale compressibility of a series of bits that may not be identified without the use of a larger word size in a method according to the method 200 described above. As a result, the series of bits has been more accurately identified to not represent a random and/or pseudorandom series.
A table containing the p-values corresponding to the 15 aforementioned NIST tests described above on 3 respective series of bits generated by the 3 different random number generators (the QPU of a D-Wave quantum annealing machine, the LRNG /dev/urandom generator and the Python library NumPy’s function randint) is shown below: In this table, the presented p-values represent a probability that the series of bits as generated by the relevant random number generator represents a random series of bits:
Figure imgf000021_0001
Referring again to the series of bits corresponding to the LRNG /dev/urandom generator, each of the 15 NIST tests would have indicated that the series of bits does represent a random and/or pseudorandom series of bits. Again, the use of a larger word size in a method according to the method 200 described above may allow the series of bits to be more accurately identified to not represent a random and/or pseudorandom series.
In some embodiments, the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size may comprise, for each first word size forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size, and determining a respective number of incidences in the sequential words of each possible value of a sequential word. It will be appreciated that these steps may be performed in a substantially similar manner as described above.
In some embodiments, the method may further comprises determining whether the measure of randomness meets a predetermined criterion, and in response to the measure of randomness meeting predetermined criterion, using the series of bits in a cryptographic method. In some embodiments, if the measure of randomness indicates that the series of bits is “random” or “sufficiently random”, the series of bits may be used in a cryptographic method. In another embodiment, if an obtained p-value indicates that indicates that the series of bits is “random” or “sufficiently random”, the series of bits may be used in a cryptographic method. It will be appreciated that the cryptographic method may comprise any suitable cryptographic method that relies on the use of random numbers, such as an asymmetric cryptographic method, an RSA algorithm, a Diffie- Hellman key exchange, or a quantum key distribution method.
Figure 3 is a flow chart of an example of a method 300 for testing one or more computing devices. In some embodiments, one or more of the computing devices may comprise a quantum computing device.
The method 300 comprises, in step 302, generating a plurality of series of bits at the one or more computing devices. In some embodiments, one or more of the plurality of series of bits may comprise a random and/or pseudorandom series of bits. It will be appreciated that the method 300 comprises executing steps 304-308 for each of the plurality series of bits.
Step 304 of the method 300 comprises determining a first word size. In some embodiments, the first word size may be equal to one or more bits. As previously discussed, the use of a plurality of first word sizes in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits, as a larger word size as used in the methods described herein may highlight a degree of compressibility in the series of bits that may not be highlighted by the use of a smaller word size in the respective method. In some embodiments, the total number of the plurality of different first word sizes may be equal to a predetermined number. In some embodiments, this predetermined number may be based on the size of the series of bits. For example, the larger the series of bits, the larger total number of the plurality of different first word sizes that may be desired. This may allow any large scale compressibility in the series of bits to then be identified following the execution of the method 300.
Step 306 of the method 300 comprises determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size.
Step 308 of the method 300 comprises determining a measure of randomness of the series of bits based on the determined numbers of incidences. In some embodiments, the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits and determining a measure of randomness of the series of bits based on said comparisons.
In some embodiments, the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size may comprise, for each first word size forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size, and determining a respective number of incidences in the sequential words of each possible value of a sequential word. It will be appreciated that these steps may be performed in a substantially similar manner as described above. It will be appreciated that the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits for each possible value of a word of a size equal to the first word size may be performed in a substantially similar manner as described above.
For example, in some embodiments, the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may comprise determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and the step of determining a measure of randomness of the series of bits based on said comparisons may comprise determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range. Similarly these steps may also be implemented in a manner that is substantially similar to the process that is described above.
It will also be appreciated that the step of determining a measure of randomness of the series of bits based on said comparisons may be performed in a substantially similar manner as described above.
In some embodiments, the expected number of instances of the value in the series of bits may be related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
In some embodiments, the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes may comprise performing a two-sided statistical test based on the respective determined number of instances, to obtain a result, and based on the results of the two-sided statistical tests, determining a measure of randomness of the series of bits. In some embodiments, the two-sided statistical test may comprise a chi-squared test.
It will be appreciated that the step of performing a two-sided statistical test based on the respective determined number of instances, to obtain a result, may be performed in substantially the same manner as described above. For example, in some embodiments, the obtained result comprises a p-value corresponding to the series of bits. Additionally or alternatively, the step of performing the two-sided statistical test may comprise, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and performing the two- sided statistical test based on said comparisons.
It will be appreciated that, as the measure of randomness is determined from the result of more than one two-sided statistical test, a more accurate measure of randomness for the series of bits may be obtained. In some embodiments, if one or more of the obtained results indicate that the series of bits should be considered “not random” or “insufficiently random”, the measure of randomness of the series of bits may be determined to be “not random” or insufficiently random”.
That is, it will be appreciated that a two-sided statistical test (for example, a chi-squared test) may be used to determine whether a statistically significant difference exists between, for each possible value of a word of a size equal to the first word size, an expected number of instances of the value in the series of bits, and a determined number of instances of the value in the series of bits. Following this, it may then be determined whether the statistically significant difference is smaller than would be predicted for a random series of bits (in other words, that there is not enough deviation in the determined number of instances), and that therefore the series of bits is “not random” or “insufficiently random”.
It will be appreciated that the expected number of instances of the value in the series of bits may be formed as a predetermined sequence. It will be appreciated that the predetermined sequence may comprise a sequence that represents an amount of deviation that would be expected to occur in a random series of bits.
Step 310 of the method 300 comprises, based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method. In some embodiments, the step of selecting one of the computing devices for use in a cryptographic method may comprise determining if any of the determined measures of randomness meet a predetermined criterion. For example, in some embodiments, one or more computing devices corresponding to the series of bits with the highest determined measures of randomness may be selected for use in a cryptographic method. In another example, in some embodiments, the one or more computing devices corresponding to the series of bits with the largest determined p-values may be selected for use in a cryptographic method. It will be appreciated that the cryptographic method may comprise any suitable cryptographic method that relies on the use of random numbers, such as an asymmetric cryptographic method, an RSA algorithm, a Diffie-Hellman key exchange, or a quantum key distribution method.
It will be appreciated that, in some embodiments, the method 300 may further comprise, for each of the plurality of series of bits, determining one or more different second word sizes different to the first word size, and for each second word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the second word size, and wherein the step of determining the measure of randomness of the series of bits may comprise determining the measure of randomness based on the determined numbers of incidences for the first word size and the one or more second word sizes. As mentioned above, the use of a first word size in the methods described herein that comprises a larger number of bits may indicate that a series of bits is in fact more compressible than would be indicated by the use of a first word size that comprises a smaller number of bits (for example, a first word size equal to one bit) in the methods described herein. In other words, the use of a small first word size in the methods described herein may illustrate that on a smaller scale, a series of bits may appear to be relatively incompressible, whereas the use of a larger first word size may show that on a larger scale, a series of bits may appear to be more compressible than the compressibility highlighted by the use of a smaller first word size. In other words, the use of a larger first word size in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits. Thus, the inclusion of these additional method steps may allow a more accurate measure of randomness to be determined for a series of bits.
Figure 4 is a flow chart of another example of a method 400 for testing one or more computing devices. In some embodiments, one or more of the computing devices may comprise a quantum computing device.
The method 400 comprises, in step 402, generating a plurality of series of bits at the one or more computing devices. In some embodiments, one or more of the plurality of series of bits may comprise a random and/or pseudorandom series of bits. It will be appreciated that the method 400 comprises executing steps 404-408 for each of the plurality series of bits.
Step 404 of the method 400 comprises determining a plurality of different first word sizes. In some embodiments, the first word sizes are equal to one or more bits. As previously discussed, the use of a plurality of first word sizes in the methods described herein may allow a more accurate measure of randomness to be determined for a series of bits, as a larger word size as used in the methods described herein may highlight a degree of compressibility in the series of bits that may not be highlighted by the use of a smaller word size in the respective method. In some embodiments, the total number of the plurality of different first word sizes may be equal to a predetermined number. In some embodiments, this predetermined number may be based on the size of the series of bits. For example, the larger the series of bits, the larger total number of the plurality of different first word sizes that may be desired. This may allow any large scale compressibility in the series of bits to then be identified following the execution of the method 400.
Step 406 of the method 400 comprises, for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size.
Step 408 of the method 400 comprises determining the measure of randomness based on the determined numbers of incidences for the first word sizes.
In some embodiments, the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences may comprise for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and determining a measure of randomness of the series of bits based on said comparisons. It will be appreciated that the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits for each possible value of a word of a size equal to the first word size may be performed in a substantially similar manner as described above. For example, in some embodiments, the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits may comprise determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and the step of determining a measure of randomness of the series of bits based on said comparisons may comprise determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range. Similarly these steps may also be implemented in a manner that is substantially similar to the process that is described above.
It will also be appreciated that the step of determining a measure of randomness of the series of bits based on said comparisons may be performed in a substantially similar manner as described above.
In some embodiments, the expected number of instances of the value in the series of bits may be related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
In some embodiments, the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes may comprise for each first word size, performing a two-sided statistical test based on the respective determined number of instances, to obtain a result, and based on the results of the two-sided statistical tests, determining a measure of randomness of the series of bits. In some embodiments, the two-sided statistical test may comprise a chi-squared test.
It will be appreciated that the step of performing a two-sided statistical test based on the respective determined number of instances, to obtain a result, may be performed in substantially the same manner as described above. For example, in some embodiments, the results of the two-sided statistical tests comprise p-values corresponding to the series of bits. Additionally or alternatively, the step of performing the two-sided statistical test may comprise, for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits, and performing the two-sided statistical test based on said comparisons.
It will be appreciated that, as the measure of randomness is determined from the result of more than one two-sided statistical test, a more accurate measure of randomness for the series of bits may be obtained. In some embodiments, if one or more of the obtained results indicate that the series of bits should be considered “not random” or “insufficiently random”, the measure of randomness of the series of bits may be determined to be “not random” or insufficiently random”.
That is, it will be appreciated that a two-sided statistical test (for example, a chi-squared test) may be used to determine whether a statistically significant difference exists between, for each possible value of a word of a size equal to the first word size, an expected number of instances of the value in the series of bits, and a determined number of instances of the value in the series of bits. Following this, it may then be determined whether the statistically significant difference is smaller than would be predicted for a random series of bits (in other words, that there is not enough deviation in the determined number of instances), and that therefore the series of bits is “not random” or “insufficiently random”.
It will be appreciated that the expected number of instances of the value in the series of bits may be formed as a predetermined sequence. It will be appreciated that the predetermined sequence may comprise a sequence that represents an amount of deviation that would be expected to occur in a random series of bits.
In some embodiments, the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size may comprise, for each first word size forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size, and determining a respective number of incidences in the sequential words of each possible value of a sequential word. It will be appreciated that these steps may be performed in a substantially similar manner as described above.
Step 410 of the method 400 comprises, based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method. In some embodiments, the step of selecting one of the computing devices for use in a cryptographic method may comprise determining if any of the determined measures of randomness meet a predetermined criterion. For example, in some embodiments, one or more computing devices corresponding to the series of bits with the highest determined measures of randomness may be selected for use in a cryptographic method. In another example, in some embodiments, the one or more computing devices corresponding to the series of bits with the largest determined p-values may be selected for use in a cryptographic method. It will be appreciated that the cryptographic method may comprise any suitable cryptographic method that relies on the use of random numbers, such as an asymmetric cryptographic method, an RSA algorithm, a Diffie-Hellman key exchange, or a quantum key distribution method.
Figure 5 is a schematic of an example of apparatus 500 for processing a series of bits generated at a computing device. The apparatus 500 comprises processing circuitry 502 (e.g. one or more processors) and a memory 504 in communication with the processing circuitry 502. The memory 504 contains instructions executable by the processing circuitry 502. In one embodiment, the memory 504 contains instructions executable by the processing circuitry 502 such that the apparatus 500 is operable to determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences In some examples, the memory 504 contains instructions executable by the processing circuitry 502 such that the apparatus 500 is operable to carry out the method 100 shown in Figure 1 and/or described above.
Figure 6 is a schematic of an example of apparatus 600 for processing a series of bits generated at a computing device. The apparatus 600 comprises processing circuitry 602 (e.g. one or more processors) and a memory 604 in communication with the processing circuitry 602. The memory 604 contains instructions executable by the processing circuitry 602. In one embodiment, the memory 604 contains instructions executable by the processing circuitry 602 such that the apparatus 600 is operable to determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes. In some examples, the memory 604 contains instructions executable by the processing circuitry 602 such that the apparatus 600 is operable to carry out the method 200 shown in Figure 2 and/or described above.
Figure 7 is a schematic of an example of apparatus 700 for testing one or more computing devices. The apparatus 700 comprises processing circuitry 702 (e.g. one or more processors) and a memory 704 in communication with the processing circuitry 702. The memory 704 contains instructions executable by the processing circuitry 702. In one embodiment, the memory 704 contains instructions executable by the processing circuitry 702 such that the apparatus 700 is operable generate a plurality of series of bits at the one or more computing devices, and for each of the plurality of series of bits, determine a first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, determine a measure of randomness of the series of bits based on the determined numbers of incidences, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method. In some examples, the memory 704 contains instructions executable by the processing circuitry 702 such that the apparatus 700 is operable to carry out the method 300 shown in Figure 3 and/or described above.
Figure 8 is a schematic of an example of apparatus 800 for testing one or more computing devices. The apparatus 800 comprises processing circuitry 802 (e.g. one or more processors) and a memory 804 in communication with the processing circuitry 802. The memory 804 contains instructions executable by the processing circuitry 802. In one embodiment, the memory 804 contains instructions executable by the processing circuitry 802 such that the apparatus 800 is operable to generate a plurality of series of bits at the one or more computing devices, and, for each of the plurality of series of bits, determine a plurality of different first word sizes, for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and determine the measure of randomness based on the determined numbers of incidences for the first word sizes, and, based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method. In some examples, the memory 804 contains instructions executable by the processing circuitry 802 such that the apparatus 800 is operable to carry out the method 400 shown in Figure 4 and/or described above. It should be noted that the above-mentioned examples illustrate rather than limit the invention, and that those skilled in the art will be able to design many alternative examples without departing from the scope of the appended statements. The word “comprising” does not exclude the presence of elements or steps other than those listed in a claim or embodiment, “a” or “an” does not exclude a plurality, and a single processor or other unit may fulfil the functions of several units recited in the statements below. Where the terms, “first”, “second” etc are used they are to be understood merely as labels for the convenient identification of a particular feature. In particular, they are not to be interpreted as describing the first or the second feature of a plurality of such features (i.e. the first or second of such features to occur in time or space) unless explicitly stated otherwise. Steps in the methods disclosed herein may be carried out in any order unless expressly otherwise stated. Any reference signs in the statements shall not be construed so as to limit their scope.

Claims

1. A method for processing a series of bits generated at a computing device, the method comprising: determining a first word size; determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; determining a measure of randomness of the series of bits based on the determined numbers of incidences.
2. A method according to claim 1 , wherein the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences comprises: for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits; and determining a measure of randomness of the series of bits based on said comparisons.
3. A method according to claim 2, wherein the expected number of instances of the value in the series of bits is related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
4. A method according to claim 2 or 3, wherein the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits comprises: determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and wherein the step of determining a measure of randomness of the series of bits based on said comparisons comprises: determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range.
5. A method according to claim 1 , wherein the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences comprises: performing a two-sided statistical test based on the determined number of instances, to obtain a result; and based on the result of the two-sided statistical test, determining a measure of randomness of the series of bits.
6. The method according to claim 5, wherein the two-sided statistical test comprises a chi-squared test.
7. A method according to claim 5 or 6, wherein the step of performing the two-sided statistical test comprises: for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits; and performing the two-sided statistical test based on said comparisons.
8. A method according to any of claims 5 to 7, wherein the result of the two-sided statistical test comprises a p-value corresponding to the series of bits.
9. A method according to any preceding claim, wherein the first word size is equal to one or more bits.
10. A method according to any preceding claim, wherein the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size comprises: forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size; and determining a respective number of incidences in the sequential words of each possible value of a sequential word.
11. A method according to any preceding claim, wherein the series of bits comprises a series of random and/or pseudorandom bits.
12. A method according to any preceding claim, the method further comprising: determining whether the measure of randomness meets a predetermined criterion; and in response to the measure of randomness meeting predetermined criterion, using the series of bits in a cryptographic method.
13. A method according to any preceding claim, wherein the computing device comprises a quantum computing device.
14. A method according to any preceding claim, the method comprising: determining one or more different second word sizes different to the first word size; and: for each second word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the second word size, and: wherein the step of determining the measure of randomness of the series of bits comprises: determining the measure of randomness based on the determined numbers of incidences for the first word size and the one or more second word sizes.
15. A method of processing a series of bits generated at a computing device, the method comprising: determining a plurality of different first word sizes; for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; and determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
16. A method according to claim 15, wherein the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences comprises: for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits; and determining a measure of randomness of the series of bits based on said comparisons.
17. A method according to claim 16, wherein the expected number of instances of the value in the series of bits is related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
18. A method according to claim 16 or 17, wherein the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits comprises: determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and wherein the step of determining a measure of randomness of the series of bits based on said comparisons comprises: determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range.
19. A method according to claim 15, wherein the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes comprises: for each first word size, performing a two-sided statistical test based on the respective determined number of instances, to obtain a result; and based on the results of the two-sided statistical tests, determining a measure of randomness of the series of bits.
20. The method according to claim 19, wherein the two-sided statistical test comprises a chi-squared test.
21. A method according claim 19 or 20, wherein the step of performing the two-sided statistical test comprises, for each first word size: for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits; and performing the two-sided statistical test based on said comparisons.
22. A method according to any of claims 19 to 21, wherein the results of the two- sided statistical tests comprise p-values corresponding to the series of bits.
23. A method according to any of claims 15 to 22, wherein the first word sizes are equal to one or more bits.
24. A method according to any of claims 15 to 23, wherein the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size comprises, for each first word size: forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size; and determining a respective number of incidences in the sequential words of each possible value of a sequential word.
25. A method according to any of claims 15 to 24, wherein the series of bits comprises a series of random and/or pseudorandom bits.
26. A method according to any of claims 15-25, the method further comprising: determining whether the measure of randomness meets a predetermined criterion; and in response to the measure of randomness meeting predetermined criterion, using the series of bits in a cryptographic method.
27. A method according to any of claims 15-26, wherein the computing device comprises a quantum computing device.
28. A method for testing one or more computing devices, the method comprising: generating a plurality of series of bits at the one or more computing devices; and for each of the plurality of series of bits: determining a first word size; determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; determining a measure of randomness of the series of bits based on the determined numbers of incidences, and based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method.
29. A method according to claim 28, wherein the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences comprises: for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits; and determining a measure of randomness of the series of bits based on said comparisons.
30. A method according to claim 29, wherein the expected number of instances of the value in the series of bits is related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
31. A method according to claim 29 or 30, wherein the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits comprises: determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and wherein the step of determining a measure of randomness of the series of bits based on said comparisons comprises: determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range.
32. A method according to claims 28, wherein the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences comprises: performing a two-sided statistical test based on the determined number of instances, to obtain a result; and based on the obtained result, determining a measure of randomness of the series of bits.
33. The method according to claim 32, wherein the two-sided statistical test comprises a chi-squared test.
34. A method according to claim 32 or 33, wherein the step of performing the two- sided statistical test comprises: for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits; and performing the two-sided statistical test based on said comparisons
35. A method according to any of claim 32 to 34, wherein the obtained result comprises a p-value corresponding to the series of bits.
36. A method according to any of claims claim 28-35, wherein at least one of the one or more computing devices comprises a quantum computing device.
37. A method according to any of claims 28 to 36, wherein the step of selecting one of the computing devices for use in a cryptographic method comprises determining if any of the determined measures of randomness meet a predetermined criterion.
38. A method according to any of claims 28 to 37, wherein the first word size is equal to one or more bits.
39. A method according to any of claims 28 to 38, wherein the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size comprises: forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the first word size; and determining a respective number of incidences in the sequential words of each possible value of a sequential word.
40. A method according to any of claims 28 to 39, wherein the one or more of the plurality of series of bits comprises a series of random and/or pseudorandom bits.
41. A method according to any of claims 28 to 40, the method comprising: for each of the plurality of series of bits: determining one or more different second word sizes different to the first word size; and: for each second word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the second word size, and: wherein the step of determining the measure of randomness of the series of bits comprises: determining the measure of randomness based on the determined numbers of incidences for the first word size and the one or more second word sizes.
42. A method for testing one or more computing devices, the method comprising: generating a plurality of series of bits at the one or more computing devices; and for each of the plurality of series of bits: determining a plurality of different first word sizes; for each first word size, determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; and determining the measure of randomness based on the determined numbers of incidences for the first word sizes, and based on the determined measures of randomness obtained for each of the plurality of series of bits, selecting one of the computing devices for use in a cryptographic method.
43. A method according to claim 42, wherein the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences comprises: for each first word size, for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits; and determining a measure of randomness of the series of bits based on said comparisons.
44. A method according to claim 43, wherein the expected number of instances of the value in the series of bits is related to the reciprocal of the total number of possible values of a word of a size equal to the first word size.
45. A method according to claim 42 or 43, wherein the step of comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits comprises: determining whether a difference between the determined number of instances of the value and the expected number of instances of the value falls within a predetermined non-zero range, and wherein the step of determining a measure of randomness of the series of bits based on said comparisons comprises: determining a measure of randomness of the series of bits based on, for each possible value of a word of a size equal to the first word size, whether the difference falls within the predetermined non-zero range.
46. A method according to claim 42, wherein the step of determining a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes comprises: for each first word size: performing a two-sided statistical test based on the respective determined number of instances, to obtain a result; and based on the results of the two-sided statistical tests, determining a measure of randomness of the series of bits.
47. The method according to claim 46, wherein the two-sided statistical test comprises a chi-squared test.
48. A method according to claim 46 or 47, wherein the step of performing the two- sided statistical test comprises: for each possible value of a word of a size equal to the first word size, comparing the determined number of instances of the value in the series of bits to an expected number of instances of the value in the series of bits; and performing the two-sided statistical test based on said comparisons.
49. A method according to any of claims 46 to 48, wherein the result of the two-sided statistical test comprises a p-value corresponding to the series of bits.
50. A method according to any of claims 42 to 49, wherein the first word sizes are equal to one or more bits.
51. A method according to any of claims 42 to 50, wherein at least one of the one or more computing devices comprises a quantum computing device.
52. A method according to any of claims 42 or 51 , wherein the step of selecting one of the computing devices for use in a cryptographic method comprises determining if any of the determined measures of randomness meet a predetermined criterion.
53. A method according to any of claims 42 to 52, wherein the step of determining a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size, and the one or more second word sizes comprises, for each word size: forming a plurality of sequential words from the series of bits, wherein each sequential word is of a size equal to the respective word size; and determining a respective number of incidences in the sequential words of each possible value of a sequential word.
54. A method according to any of claims 42 to 53, wherein the one or more of the plurality of series of bits comprises a series of random and/or pseudorandom bits.
55. A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out a method according to any of claims 1 to 42.
56. A carrier containing a computer program according to claim 55, wherein the carrier comprises one of an electronic signal, optical signal, radio signal or computer readable storage medium.
57. A computer program product comprising non transitory computer readable media having stored thereon a computer program according to claim 55.
58 Apparatus for processing a series of bits generated at a computing device, the apparatus comprising a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to: determine a first word size; determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; determine a measure of randomness of the series of bits based on the determined numbers of incidences.
59. The apparatus of claim 58, wherein the memory contains instructions executable by the processor such that the apparatus is operable to perform the method of any of claims 2 to 14.
60. Apparatus for processing a series of bits generated at a computing device, the apparatus comprising a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to: determine a plurality of different first word sizes; for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; and determine a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
61. The apparatus of claim 60, wherein the memory contains instructions executable by the processor such that the apparatus is operable to perform the method of any of claims 16 to 27.
62. Apparatus for testing one or more computing devices, the apparatus comprising a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to: generate a plurality of series of bits at the one or more computing devices; and for each of the plurality of series of bits: determine a first word size; determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; determine a measure of randomness of the series of bits based on the determined numbers of incidences, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
63. The apparatus of claim 62, wherein the memory contains instructions executable by the processor such that the apparatus is operable to perform the method of any of claims 29 to 41.
64. Apparatus for testing one or more computing devices, the apparatus comprising a processor and a memory, the memory containing instructions executable by the processor such that the apparatus is operable to: generate a plurality of series of bits at the one or more computing devices; and for each of the plurality of series of bits: determine a plurality of different first word sizes; for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; and determine the measure of randomness based on the determined numbers of incidences for the first word sizes, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
65. The apparatus of claim 64, wherein the memory contains instructions executable by the processor such that the apparatus is operable to perform the method of any of claims 43 to 54.
66. Apparatus for processing a series of bits generated at a computing device, the apparatus configured to: determine a first word size; determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; determine a measure of randomness of the series of bits based on the determined numbers of incidences.
67. Apparatus for processing a series of bits generated at a computing device, the apparatus configured to: determine a plurality of different first word sizes; for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; and determine a measure of randomness of the series of bits based on the determined numbers of incidences for the first word sizes.
68. Apparatus for testing one or more computing devices, the apparatus configured to: generate a plurality of series of bits at the one or more computing devices; and for each of the plurality of series of bits: determine a first word size; determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; determine a measure of randomness of the series of bits based on the determined numbers of incidences, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
69. Apparatus for testing one or more computing devices, the apparatus configured to: generate a plurality of series of bits at the one or more computing devices; and for each of the plurality of series of bits: determine a plurality of different first word sizes; for each first word size, determine a respective number of incidences in the series of bits of each possible value for a word of a size equal to the first word size; and determine the measure of randomness based on the determined numbers of incidences for the first word sizes, and based on the determined measures of randomness obtained for each of the plurality of series of bits, select one of the computing devices for use in a cryptographic method.
PCT/EP2021/068737 2020-07-09 2021-07-07 Processing a series of bits WO2022008553A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202063049743P 2020-07-09 2020-07-09
US63/049,743 2020-07-09

Publications (1)

Publication Number Publication Date
WO2022008553A1 true WO2022008553A1 (en) 2022-01-13

Family

ID=76942998

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2021/068737 WO2022008553A1 (en) 2020-07-09 2021-07-07 Processing a series of bits

Country Status (1)

Country Link
WO (1) WO2022008553A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6195433B1 (en) * 1998-05-08 2001-02-27 Certicom Corp. Private key validity and validation
US20160170856A1 (en) * 2013-07-26 2016-06-16 Ictk Co., Ltd. Apparatus and method for testing randomness

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6195433B1 (en) * 1998-05-08 2001-02-27 Certicom Corp. Private key validity and validation
US20160170856A1 (en) * 2013-07-26 2016-06-16 Ictk Co., Ltd. Apparatus and method for testing randomness

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BALASCH JOSEP ET AL: "Design and testing methodologies for true random number generators towards industry certification", 2018 IEEE 23RD EUROPEAN TEST SYMPOSIUM (ETS), IEEE, 28 May 2018 (2018-05-28), pages 1 - 10, XP033368631, DOI: 10.1109/ETS.2018.8400697 *
GUSTAFSON H M ET AL: "Randomness measures related to subset occurrence", 3 July 1995, CRYPTOGRAPHY : POLICY AND ALGORITHMS ;PROCEEDINGS OF THE INTERNATIONAL CONFERENCE, SPRINGER, DE, PAGE(S) 132 - 143, ISBN: 978-3-540-60759-5, XP019192487 *
T-W CHIU: "Shift-register sequence random number generators on the hypercube conurrent computers", HYPERCUBE CONCURRENT COMPUTERS AND APPLICATIONS, ACM, 2 PENN PLAZA, SUITE 701 NEW YORK NY 10121-0701 USA, 3 January 1989 (1989-01-03), pages 1421 - 1429, XP058173752, ISBN: 978-0-89791-278-5, DOI: 10.1145/63047.63098 *

Similar Documents

Publication Publication Date Title
Faraoun Chaos-Based Key Stream Generator Based on Multiple Maps Combinations and its Application to Images Encryption.
AU2014253868A1 (en) System and methods for encrypting data
Ahmad et al. Chaos based mixed keystream generation for voice data encryption
US20140112469A1 (en) Novel encryption processes based upon irrational numbers and devices to accomplish the same
Sokouti et al. Medical image encryption: an application for improved padding based GGH encryption algorithm
Winarno et al. Combined interleaved pattern to improve confusion-diffusion image encryption based on hyperchaotic system
Vybornova Password-based key derivation function as one of Blum-Blum-Shub pseudo-random generator applications
Mondal et al. A nobel chaos based secure image encryption algorithm
Fu et al. A new medical image encryption algorithm using multiple 1-D chaotic maps
Mironowicz et al. Robustness of quantum-randomness expansion protocols in the presence of noise
Kane On the use of continued fractions for stream ciphers
Reyad et al. Pseudo-random sequence generation from elliptic curves over a finite field of characteristic 2
WO2022008553A1 (en) Processing a series of bits
Mogos Quantum random number generator vs. random number generator
Sathya et al. Security analyses of random number generation with image encryption using improved chaotic map
Younes et al. CeTrivium: A Stream Cipher Based on Cellular Automata for Securing Real-TimeMultimedia Transmission.
Fu et al. Medical image protection using hyperchaos-based encryption
Arroyo et al. An Improved Affine Cipher using Blum Blum Shub Algorithm
Abumuala et al. A new method for generating cryptographically strong sequences of pseudo random bits for stream cipher
Kaas-Mason et al. Comparison of Pseudo, Chaotic and Quantum Random Number Generators and their use in Cyber Security
Neacșu The Effectiveness of the Statistical Testing of Randomness in a Complete Cryptographic System
Nair et al. Image encryption using logistic and rectangular chaotic maps
Shnishah et al. Encryption of text file using a user controlled automatically-generated key
Jasim et al. A new trend of pseudo random number generation using qkd
Farajallah SURVEY PAPER: PSEUDO RANDOM NUMBER GENERATORS AND SECURITY TESTS.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21742363

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21742363

Country of ref document: EP

Kind code of ref document: A1