Electrical computers: arithmetic processing and calculating – Electrical digital calculating computer – Particular function performed
Reexamination Certificate
1999-02-19
2002-06-18
Ngo, Chuong Dinh (Department: 2121)
Electrical computers: arithmetic processing and calculating
Electrical digital calculating computer
Particular function performed
C708S252000
Reexamination Certificate
active
06408317
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to random number generation. More particularly, this invention relates to improving the unpredictability of raw random number streams.
2. Background
In many fields of endeavor it is desirable to have a stream of random numbers. For example, related, co-pending, U.S. patent application Ser. No. 09 /156,774, filed Sep. 18, 1998, titled “Cipher Mixer With Random Number Generator”, discloses improving the security of block ciphers using cipher concatenation in combination with a random number generator.
Generally, it is preferred that true random number generators be used, however, true random number generation may not always be available.
The disadvantages of purely algorithmic methods to produce sequences of supposedly random numbers are well known. It is well known that most purely algorithmic methods to random number generation produce so-called pseudo random numbers. While these sequences may be very difficult to predict, it is sometimes possible to do so. Accordingly, it is desirable to provide a true or real random sequence. True random sequence generators have the property that the generator's sequences cannot be reproduced.
Bruce Schneier, “Applied Cryptography” Second Edition, 1996, which is incorporated herein by reference, provides a useful discussion on Real Random-Sequence Generators at pgs. 421-428. See also
Network Working Group Request for Comments
1750, December, 1994, the contents of which are incorporated herein by reference.
When sequences of numbers are pseudo-random, they may become predictable, thereby diminishing their value, especially in the areas of cryptography.
SUMMARY OF THE INVENTION
This invention solves the above and other problems by providing improved unpredictability of raw random number streams.
In order to improve the unpredictability of a raw random stream, and thereby to make the stream suitable for cryptographic purposes, it is conditioned by condensing by a compression factor, N, distilling the entropy in the process. The conditioner consists of two independent processes described below. The output of these is combined by XOR to produce final conditioned stream.
The first process calculates checksums from the input stream, by adding input bits and outputting the low-order bit of the sum (and then resetting the sum to zero) every N input bits, where N is the compression factor. For example, N may be five (5). This process is synchronous with the input stream, that is, it occurs for every input bit, The output bit is shifted into a checksum accumulator register w bits wide, for example, eight bits wide (i.e., typically, w=8). So every five (5) raw input bits will produce one output bit. The output bits are shifted into the accumulator register. In general, it takes w×N raw input bits to fill the accumulator. Thus, in preferred embodiments, it takes forty (w×N=8×5=40) raw input bits to fill the accumulator. The process of determining the checksum produces a perfect uniform distribution of the output if the input has perfect distribution (that is, the entropy is not decreased.) Further, the checksum process greatly reduces any bias in the input stream.
The second process uses a w-bit wide shift register with feedback from some of its bits. Preferably the shift register is eight (8) bits wide (w=8) and the feedback is from bits two and four. Whenever the input stream (the same one fed to the checksum accumulator) toggles (from zero to one or vice versa), the bit causing the transition is combined with bits from the shift register (preferably XOR-ed with bits two and four), the register is shifted left (losing the high order bit) and the result of XOR is placed in the low-order bit zero.
The shift register is used (its contents are combined, preferably XOR-ed, with the contents of the checksum accumulator) every w×N (=8×5=40) raw input bits. The shift register may cycle between zero and to w×N times (40 times, for w=8, N=5), depending on number of transitions in the input stream.
Thus, in one aspect, this invention is a device which takes as input an input bit stream and which produces as output an output bit stream. The device has a linear feedback shift register (LFSR), a condenser and a combining mechanism. The LFSR is triggered by the input bit stream and modifies its internal state based upon the input bit stream. In some embodiments, the LFSR is triggered by the input bit stream and modifies its internal state whenever the input bit stream toggles. The condenser operates on the input bit stream independently and asynchronously from the LFSR and produces a condensed value of the input bit stream. The combining mechanism combines the value of the LFSR and the condensed value produced by the condenser to produce the output bit stream. Preferably, the input bit stream is produced by a random number generator.
In some embodiments, the LFSR is triggered by the input bit stream if and only if the current bit value of the input bit stream differs from the immediately previous bit value of the input bit stream.
In some embodiments, the condenser comprises a checksum register; a checksum accumulator register; and an adder for adding bits from the input bits stream to the checksum register, and a low-order bit of the checksum register is shifted into the checksum accumulator register every N bits, where N is a compression factor of the condenser, and the condensed value produced by the condenser is the value in the checksum accumulator register. Preferably, the checksum accumulator register is eight bits wide and wherein the value of N is five.
In some preferred embodiments, the combining mechanism is an exclusive-or mechanism.
In another aspect, this invention is a method for producing an output bit stream from an input bit stream. The method comprises, independently and asynchronously:
(a) changing an internal state of the LFSR based on a current bit value of the input bit stream and a previous bit value of the input bit stream;
(b) condensing the input bit stream by a compression factor to produce a condensed value.
The internal state of the LFSR and the condensed value are combined to produce the output bit stream.
In some preferred embodiments, the input bit stream is produced by a random number generator.
In some embodiments, the internal state of the LFSR is modified if and only if the current bit value of the input bit stream differs from the immediately previous bit value of the input bit stream.
In some embodiments, the condensing of the input bit stream comprises: adding bits from the input bit stream to a checksum register, and outputting a low-order bit of the checksum register to a checksum accumulator register every N bits of the input bit stream, where N is the compression factor. The condensed value produced by the condenser is the value in the checksum accumulator register. Preferably, the checksum accumulator register is eight bits wide and wherein the value of N is five.
In preferred embodiments, the internal state of the LFSR and the condensed value are combined by performing an exclusive-or of the modified bit sequence and the condensed value.
REFERENCES:
patent: 4262358 (1981-04-01), Marino, Jr.
patent: 4852023 (1989-07-01), Lee et al.
patent: 5285497 (1994-02-01), Thatcher, Jr.
patent: 5566099 (1996-10-01), Shimada
patent: 5784427 (1998-07-01), Bennett
patent: 6061818 (2000-05-01), Touba et al.
patent: 6148053 (2000-11-01), Ozluturk
Bruce Schneier, Real Random-Sequence Generators, Applied Cryptography, Second Edition, 1996, pp. 421-428.
D. Eastlake et al., Randomness Recommendations for Security, Network Working Group Request for Comments: 1750, Dec. 1994, pp. 1-30.
Integrated Device Technology Inc.
Ngo Chuong Dinh
Pillsbury Madison & Sutro
LandOfFree
Random number conditioner does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Random number conditioner, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Random number conditioner will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2915196