CN117742661A - Random number seed generation method and device - Google Patents

Random number seed generation method and device Download PDF

Info

Publication number
CN117742661A
CN117742661A CN202311549635.2A CN202311549635A CN117742661A CN 117742661 A CN117742661 A CN 117742661A CN 202311549635 A CN202311549635 A CN 202311549635A CN 117742661 A CN117742661 A CN 117742661A
Authority
CN
China
Prior art keywords
statistical
random
random number
statistical detection
detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311549635.2A
Other languages
Chinese (zh)
Inventor
刘兆静
杨维
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Core String Semiconductor Suzhou Co ltd
Original Assignee
Core String Semiconductor Suzhou Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Core String Semiconductor Suzhou Co ltd filed Critical Core String Semiconductor Suzhou Co ltd
Priority to CN202311549635.2A priority Critical patent/CN117742661A/en
Publication of CN117742661A publication Critical patent/CN117742661A/en
Pending legal-status Critical Current

Links

Landscapes

  • Complex Calculations (AREA)

Abstract

The invention discloses a random number seed generation method and a device, wherein the method comprises the following steps: receiving and recording the frequency of clock signals generated by an entropy source in a plurality of sampling periods to obtain a plurality of groups of random count values; when the statistical detection circuit is checked to be normal, an initial data sequence is obtained, the randomness characteristic bits of each group of random count values are respectively extracted, the initial data sequence is updated according to the randomness characteristic bits, and the updated data sequence is subjected to statistical detection to obtain a corresponding statistical detection result; and according to the statistical detection result, iterating until the statistical detection of the random characteristic bits of all the random count values is completed, and taking all the final data sequences passing the statistical detection as random number seeds. According to the invention, through repeated iterative generation and statistical detection of the random number data sequence, the characteristic bits with weak randomness strength can be filtered, so that the generated random number seeds have higher overall quality and stronger randomness and safety.

Description

Random number seed generation method and device
Technical Field
The present invention relates to the field of random number generation technologies, and in particular, to a method and an apparatus for generating a random number seed.
Background
In the field of information security, in order to achieve confidentiality of data and improve uniqueness of chips, a unique random number needs to be generated for each chip. The key to each chip generating unique random numbers is a random number seed, which is the input information of a random number generation algorithm and determines the randomness of a random number sequence.
At present, various methods for generating random number seeds exist, namely, transient noise in a hardware circuit, such as thermal noise of a transistor or a diode, but the circuit noise depending on hardware is easily influenced by external environment, the randomness is unstable, the randomness of the generated random number seeds is weak, and the quality of the random number seeds is poor; the second is that transient information in the working process of the chip, such as the operation state of the processor, the memory access time and the like, is collected, and the random number seeds are generated by the method, but the method is slow in speed of generating the random number seeds because a large amount of transient information needs to be collected, and the time for collecting the information is long, and in addition, the quantity of the collected information in unit time is limited, so that the quality and the safety of the generated random number seeds are poor, and the actual requirements are difficult to meet.
Disclosure of Invention
The invention aims to provide a random number seed generation method, which solves the problem that the prior art cannot ensure enough randomness in the process of generating random number seeds, so that the generated random number seeds have poor overall quality, and weaker randomness and safety.
One of the objects of the present invention is to provide a random number seed generation device.
In order to achieve one of the above objects, the present invention provides a random number seed generation method, including: receiving and recording the frequency of clock signals generated by an entropy source in a plurality of sampling periods to obtain a plurality of groups of random count values; when the statistical detection circuit is checked to be normal, an initial data sequence is obtained, the randomness characteristic bits of each group of random count values are respectively extracted, the initial data sequence is updated according to the randomness characteristic bits, and the updated data sequence is subjected to statistical detection to obtain a corresponding statistical detection result; and according to the statistical detection result, iterating until the statistical detection of the random characteristic bits of all the random count values is completed, and taking all the final data sequences passing the statistical detection as random number seeds.
As a further improvement of an embodiment of the present invention, the entropy source comprises a ring oscillator; the statistical test includes at least one of a poker test, a long run test, and a monobit test.
As a further improvement of an embodiment of the present invention, the random characteristic bit includes at least one bit; the random number seed includes 512 bits.
As a further improvement of an embodiment of the present invention, the "when checking that the statistical detection circuit is normal" specifically includes: generating fixed target sequence data by adopting a linear feedback shift register; respectively executing characteristic statistical calculation and statistical test on the target sequence data according to a preset statistical detection index to obtain a predicted statistical result and an actual statistical result corresponding to the statistical detection index; and determining whether the statistical detection circuit is normal or not according to the prediction statistical result and the actual statistical result.
As a further improvement of an embodiment of the present invention, the "performing feature statistical calculation and statistical test on the target sequence data according to a preset statistical detection index, respectively, to obtain a predicted statistical result and an actual statistical result corresponding to the statistical detection index" specifically includes: according to a preset statistical detection index, performing feature statistical calculation on the target sequence data to obtain the prediction statistical result; taking the target sequence data as input information of the statistical detection circuit, and carrying out statistical test on the target sequence data according to the preset statistical detection index to obtain the actual statistical result; the step of determining whether the statistical detection circuit is normal according to the predicted statistical result and the actual statistical result specifically comprises the following steps: judging whether the predicted statistical result is matched with the actual test result; if yes, judging that the statistical detection circuit is normal.
As a further improvement of an embodiment of the present invention, the "receiving and recording the frequency of the clock signal generated by the entropy source in a plurality of sampling periods, and obtaining a plurality of sets of random count values" specifically includes: acquiring initial configuration parameters of the statistical detection circuit; the initial configuration parameters comprise at least one of sampling period, sampling times and maximum retry times after generation failure of random number seeds; and according to the initial configuration parameters, the control counter respectively records and counts the number of the entropy source output pulses in a plurality of sampling periods to obtain a plurality of groups of random count values.
As a further improvement of an embodiment of the present invention, the "acquiring an initial data sequence" specifically includes: acquiring and connecting a plurality of initial values of a plurality of registers to obtain the initial data sequence; wherein the initial data sequence comprises a set of random bit data; the "extracting the random feature bits of each group of random count values" specifically includes: binarizing each group of random count values, extracting the lowest bit of each group of random count values, and obtaining the random characteristic bits.
As a further improvement of an embodiment of the present invention, the initial data sequence includes N data subsequences; each data subsequence comprises the same number of bits, and is sequentially stored in N registers with the same size from low order to high order according to the index sequence of the registers.
As a further refinement of an embodiment of the present invention, the initial data sequence comprises a first data subsequence; the random feature bits include a first random feature bit; the step of updating the initial data sequence according to the randomness feature bit and carrying out statistical detection on the updated data sequence to obtain a corresponding statistical detection result specifically comprises the following steps: controlling a first register storing the first data subsequence to move leftwards by one bit, and updating the first randomness characteristic bit to the lowest bit of the first register to obtain a first updated data subsequence; and based on a statistical detection method, executing a plurality of statistical index detection operations on the first updated data subsequence to obtain the statistical detection result.
As a further improvement of an embodiment of the present invention, the statistical test comprises a test corresponding to a first statistical test indicator; the statistical detection result comprises a first detection result; the random feature bits comprise a first random feature bit and a second random feature bit; the step of iterating until all the random feature bits of the random count value are statistically detected according to the statistical detection result, and taking all the final data sequences passing the statistical detection as random number seeds specifically comprises the following steps: judging whether the first detection result corresponding to the first statistical detection index meets a first preset condition or not; wherein the first preset condition corresponds to the first statistical detection index; if not, the initial configuration parameters of the statistical detection circuit are adjusted to be resampled; if yes, acquiring and updating a first updated data subsequence to a position corresponding to the initial data sequence to obtain a first initial data sequence; wherein, the first update data subsequence is: updating the first randomness characteristic bit to the result of the lowest bit of the initial data sequence; updating the first initial data sequence according to the second randomness characteristic bit, and carrying out statistical detection on the updated data sequence to obtain a corresponding statistical detection result; and according to the statistical detection result, iterating until the statistical detection of the random characteristic bits of all the random count values is completed, and taking all the final data sequences passing the statistical detection as random number seeds.
In order to achieve one of the above objects, the present invention also provides a random number seed generation device, comprising: the oscillator is used for generating the frequency of the clock signal by the entropy source and is internally arranged in the statistics detection circuit; the counter is used for recording and counting the number of output pulses of the entropy source in a plurality of sampling periods according to the frequency of the clock signal generated by the entropy source to obtain a plurality of groups of random number count values which are connected to the oscillator; a random number seed generation unit for extracting random characteristic bits of each group of random number count values; the method comprises the steps of updating an initial data sequence according to the randomness characteristic bits, and carrying out statistical detection on the updated data sequence to obtain a corresponding statistical detection result; the random feature bit statistical detection unit is used for iterating until all random count values are completed according to the statistical detection result, and connecting all final data sequences passing the statistical detection to the counter and the statistical detection unit by taking all final data sequences passing the statistical detection as random number seeds; and the statistical detection unit is used for carrying out statistical detection on the updated data sequence generated each time to obtain a statistical detection result, and is connected with the random number seed generation unit.
Compared with the prior art, the embodiment of the invention has at least one of the following beneficial effects:
the random number seed generation method is adopted, and enough random characteristic bits are obtained through extraction, so that the random strength of the final random number seed is enhanced, the probability of the random characteristic bits passing a statistical test is improved, and the generation time of the random number seed is reduced; in addition, through repeated iterative generation and repeated statistical detection on the random number data sequence, characteristic bits with weak randomness strength can be filtered, so that the generated random number seeds have high overall quality and high randomness and safety. In addition, the statistical test is completed while the random number seeds are generated, an external randomness detection device is not needed, and the method is convenient and quick and reduces the cost.
Drawings
FIG. 1 is a schematic diagram showing steps of a method for generating random number seeds according to an embodiment of the present invention.
Fig. 2 is a schematic diagram showing a refinement step of step S1 of the random number seed generation method according to an embodiment of the present invention.
Fig. 3 is a schematic diagram showing a refinement step of step S2 of the random number seed generation method according to an embodiment of the present invention.
Fig. 4 is a schematic diagram showing a refinement step of step S2 of the random number seed generation method according to an embodiment of the present invention.
FIG. 5 is a diagram showing a register file initial data sequence structure according to a preferred embodiment of a random number seed generation method according to an embodiment of the present invention.
Fig. 6 is a schematic diagram showing a refinement step of step S3 of the random number seed generation method according to an embodiment of the present invention.
FIG. 7 is a diagram showing a change in data sequence according to a preferred embodiment of the method for generating random number seeds according to an embodiment of the present invention.
Fig. 8 is a schematic circuit diagram of a preferred embodiment of a method for generating a random number seed according to an embodiment of the present invention.
Detailed Description
The present invention will be described in detail below with reference to specific embodiments shown in the drawings. These embodiments are not intended to limit the invention and structural, methodological, or functional modifications of these embodiments that may be made by one of ordinary skill in the art are included within the scope of the invention.
It should be noted that the term "comprises," "comprising," or any other variation thereof is intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The random number is widely applied in the fields of cryptography, model verification, chip hardware and the like, in the cryptography, the randomness of the random number is critical to the generation of a security key and an encryption algorithm, and the random number is generated through a random number seed, so that the generation of the random number seed with strong randomness and high quality has important practical significance.
Based on the above, the invention provides a random number seed generation method, as shown in fig. 1, which specifically includes the following steps:
step S1, receiving and recording the frequency of clock signals generated by an entropy source in a plurality of sampling periods to obtain a plurality of groups of random count values;
step S2, when the statistical detection circuit is checked to be normal, an initial data sequence is obtained, the randomness characteristic bits of each group of random count values are respectively extracted, the initial data sequence is updated according to the randomness characteristic bits, and statistical detection is carried out on the updated data sequence to obtain a corresponding statistical detection result;
and step S3, iterating until the random feature bit statistical detection of all the random count values is completed according to the statistical detection result, and taking all the final data sequences passing the statistical detection as random number seeds.
Therefore, the random strength of the random number seeds is enhanced by extracting enough random characteristic bits, the probability that the random number seeds pass through the statistical test is improved, the generation time of the random number seeds is reduced, and the generated random number seeds are high in overall quality, high in randomness and high in safety.
Preferably, the statistical detection circuit may comprise a TRNG (True Random Number Generator ) for generating a random number seed whose output random number seed is generated based on a physical random phenomenon or process, which has a fixed randomness.
Preferably, the entropy source may comprise a ring oscillator. The ring oscillator is a circuit component that includes a ring feedback path in which the signal is continuously cycled so that it can generate an oscillating signal. The ring oscillator may be used in random noise sources because the output of the ring oscillator is dependent on variations in signal delay and oscillation frequency in the ring path, and small variations in these factors may be affected by ambient temperature, voltage, cross talk and other noise. These variations can produce an oscillating signal that is very difficult to predict, and the frequency produced can vary over time.
The ring oscillator may include a first clock cycle; the statistical detection circuit may include a second clock cycle; the first clock cycle and the second clock cycle may be different. In particular, the first clock cycle may refer to the time required for an oscillating signal in the internal circuit of the ring oscillator from one complete cycle to the next, which is the inverse of the ring oscillation frequency; the second clock period may refer to a clock signal period running inside the statistical detection circuit, and is used for controlling the sampling and analysis process of the data. The sampling period in step S1 may be set to a fixed sampling period, preferably, may be set to a clock period of several statistical detection circuits, and the longer the sampling period, the more sampling results are obtained.
As shown in fig. 2, in one embodiment, for the "receiving and recording the frequency of the clock signal generated by the entropy source in a plurality of sampling periods" portion, the following steps may be specifically included:
step S11, obtaining initial configuration parameters of the statistical detection circuit;
and step S12, according to the initial configuration parameters, controlling a counter to record and count the number of the entropy source output pulses in a plurality of sampling periods respectively, and obtaining a plurality of groups of random count values.
Therefore, the random number generation process is controllable and repeatable, simple and easy to realize, and has higher speed and higher flexibility by defining the required initial configuration parameters, so that the overall performance of the random number generation circuit can be improved, and the degree of automation is high.
Wherein, in one embodiment, the initial configuration parameters may include a sampling period; in another embodiment, the initial configuration parameters may include a number of samples; in one embodiment, the initial configuration parameter may further include a maximum number of retries after the generation of the random number seed fails, that is, a maximum number of retries allowed by the statistical detection circuit after the generation of the random number seed fails. In a preferred embodiment, any two or three of the above embodiments may be used in combination.
In order to verify the connectivity and the functionality of the statistic detection circuit, the random number generation circuit can be subjected to self-checking, so that the random number generation function of the circuit is ensured to be normally realized in the subsequent application process. Based on this, in one embodiment, as shown in fig. 3, the "when checking that the statistical detection circuit is normal" section described in step S2 may specifically include the following steps:
step S211, generating fixed target sequence data by adopting a linear feedback shift register;
step S212, respectively executing characteristic statistical calculation and statistical test on the target sequence data according to a preset statistical detection index to obtain a predicted statistical result and an actual statistical result corresponding to the statistical detection index;
step S213, determining whether the statistic detection circuit is normal according to the prediction statistic result and the actual statistic result.
Therefore, the linear feedback shift register is adopted to verify whether the statistical detection circuit is normal, the hardware implementation is very simple, the verification method is simple and efficient, and the output sequence of the linear feedback shift register is strong in periodicity.
Wherein the linear feedback shift register (Linear Feedback Shift Register, LFSR for short) is a register-based sequence generator whose output sequence depends on the current state of the register and a specific set of feedback coefficients. The core components of the LFSR are a register and an exclusive-or gate, wherein the bits in the register are exclusive-ored with the feedback coefficient by the exclusive-or gate to determine the value of each bit in the next state, and by continuously shifting and updating the bits in the register, a pseudo-random sequence (i.e., the target sequence data) can be generated. Optionally, in order to increase the operation speed, the present invention may generate the target sequence data into a fixed sequence value, which may be self-adjusted according to the actual situation.
In addition, the prediction statistics in step S212 may be understood as a theoretical calculation result, and may be a reference standard or a target value; the actual statistics can be understood as: and the actual statistical result after the random number generating circuit tests the target sequence data is the output value of the circuit.
Further, in one embodiment, for step S212 and step S213, the present invention provides a refinement step, which may specifically include:
step S2121, performing feature statistical calculation on the target sequence data according to a preset statistical detection index to obtain the prediction statistical result;
step S2122, taking the target sequence data as input information of the statistics detection circuit, and performing statistics test on the target sequence data according to the preset statistics detection index to obtain the actual statistics result;
step S2131, judging whether the predicted statistical result is matched with the actual test result;
if yes, step S2132 is skipped, and the statistical detection circuit is determined to be normal.
Therefore, the method is simple and efficient, the self-checking of the random number generation circuit is realized, the fault or the falsification of the random number generation circuit is avoided and detected, the safety is improved, and the reliability of the statistical detection circuit and the quality of random number output can be effectively ensured.
Wherein, in a first embodiment, the statistical detection may comprise a poker detection; in a second embodiment, the statistical detection may include a long run detection; in a third embodiment, the statistical detection may comprise a monobit detection; in a preferred embodiment, any two of the above or the above three implementation methods may be used in combination, and the present invention is not particularly limited and may be selected by itself.
Specifically, in the invention, the statistical detection can be used for detecting whether the data sequence to be detected accords with the statistical characteristics of the true random sequence, so that the randomness and uniformity of the data sequence to be detected can be judged.
The poker detection is to divide the data sequence to be detected into equal-length data blocks (data subsequences), count the actual number of different number strings in each data block, check the actual number with the theoretical number, judge whether the actual number distribution accords with the theoretical expectation, and if so, indicate that the poker detection passes.
The long run detection can be used for counting the maximum length of the same number of the connecting lines in the data sequence to be detected, checking whether the distribution of the connecting lines accords with theoretical expectation, and if so, indicating that the long run detection passes.
The monobit detection can be used for counting the occurrence times of 0 and 1 in the data sequence to be detected, checking whether the proportion of 0 and 1 accords with the theoretical expected distribution condition, and if so, indicating that the monobit detection passes.
In addition, the detection method can correspond to a preset statistical detection index, and the statistical detection index meeting the condition can be set according to the actual requirement, so that the statistical detection method meeting the statistical detection index is correspondingly selected. For example, if the preset statistical detection index is set to detect the uniformity of the data sequence to be detected, the poker detection and/or monobit detection may be used.
In addition, steps S2121 to S2132, S211 to S213 may be derivative steps of step S2; step S11 may be disposed between step S211 to step S212, or may be disposed between step S2121 to step S2122; step S2121 and step S2122 may be permuted.
In the present invention, the random number generating circuit includes a plurality of registers, and the initial data sequence may be obtained by reading initial values of the registers, based on which, as shown in fig. 4, in an embodiment, the step S2 of "obtaining the initial data sequence" may specifically include:
step S221, obtaining and connecting a plurality of initial values of a plurality of registers to obtain the initial data sequence;
wherein the randomness characteristic bit includes at least one bit, and the randomness characteristic bit is preferably the lowest bit of the random count value (i.e., the rightmost one bit of the binary number corresponding to the random number count value) in order to improve randomness. Thus, the "extracting the randomness feature bits of each set of random count values respectively" section in step S2 may specifically include:
step S222, binarizing each group of random count values, extracting the lowest bit of the random count values, and obtaining the random feature bits.
Therefore, the least frequently-changed and most highly random least significant bits can be obtained, so that better statistical randomness can be obtained, and the success rate of subsequent statistical detection is improved.
Wherein the initial data sequence comprises a set of random bit data. The initial data sequence comprises N data subsequences; each data subsequence comprises the same number of bits, and is sequentially stored in N registers with the same size from low order to high order according to the index sequence of the registers.
Preferably, the initial data sequence may be stored in 16 32-bit registers, which may be configured as a 0 th register, a 1 st register, a … th register, and a 15 th register; the fixed data sequence generated by the linear feedback shift register LFSR can be used as the initial value of the initial data sequence, and the change condition of the storage value of each register can be respectively read and monitored by controlling the random number generating circuit.
Based on this, in one embodiment, N may take 16, and the initial data sequence may include 512 bits. The initial data sequence may include 16 data subsequences, one data subsequence for each register; the data subsequences are sequentially stored in 16 registers with the same size from low order to high order according to the index sequence of the registers. In other words, as shown in fig. 5, the 0 th register may store bits 0 to 31 of the initial data sequence, the 1 st register may store bits 32 to 63 of the initial data sequence, and so on, and the 15 th register may store bits 480 to 511 of the initial data sequence.
It should be noted that the random feature bit does not necessarily point to the lowest bit of the random count value, but may be other bits corresponding to the binary value of the random count value; of course, multiple bits are not rejected, such as the lower bit of the random count value (i.e., the rightmost two bits of the binary value) may be extracted. Specifically, the present invention can be adjusted according to the actual situation, and it is obvious that those skilled in the art can make adaptive modifications without departing from the concept of the present invention, and all modifications are included in the scope of the present invention.
Step S221 and step S222 may be understood as derivative steps of step S2, and there is no logical relationship between step S221 and step S222, and the execution order of the two may be exchanged, that is, step S222 may be disposed before step S221. In a preferred embodiment, the least significant bit corresponding to the random count value is extracted as the randomness feature bit.
Based thereon, the initial data sequence may include a first data subsequence; the random feature bits may include a first random feature bit. With continued reference to fig. 4, in an embodiment, the "update the initial data sequence according to the randomness feature bit and perform statistical detection on the updated data sequence" in step S2, the obtaining a corresponding statistical detection result "portion may specifically include:
step S223, a first register storing the first data subsequence is controlled to move one bit leftwards, and the first randomness characteristic bit is updated to the lowest bit of the first register, so that a first updated data subsequence is obtained;
step S224, based on a statistical detection method, performs a plurality of statistical index detection operations on the first updated data subsequence, so as to obtain the statistical detection result.
Therefore, the randomness characteristic bits are updated to the lowest bit of the initial data sequence through left shift, so that the randomness of the lowest bit can be fully exerted, the randomness strength of the data subsequence is improved, the effect of improving the randomness can be verified by combining with statistical detection, and the randomness performance of the random number seeds is improved.
It is emphasized that in step S223, the first data subsequence corresponds to the lower 32 bits of the initial data sequence, that is, the 0 th to 31 th bits, and the lower 32 bits of the initial data sequence are extracted as a 32-bit binary number as the first data subsequence, so the first register corresponds to the 0 th register shown in fig. 4. Controlling the first register to move one bit to the left corresponds to controlling all registers (0 th to 15 th registers) to move one bit to the left as a whole.
Further, as shown in fig. 6, in one embodiment, the statistical test may include a test corresponding to a first statistical test indicator; the statistical test result may include a first test result; the random feature bits may include a second random feature bit; for step S3, the present invention provides a refinement step, which may specifically include:
step S31, judging whether the first detection result corresponding to the first statistical detection index meets a first preset condition;
if not, jumping to step S32A, and adjusting the initial configuration parameters of the statistical detection circuit to resample;
if yes, step S32B is skipped, and a first updated data subsequence is obtained and updated to a position corresponding to the initial data sequence, so that a first initial data sequence is obtained;
step S32B1, updating the first initial data sequence according to the second randomness feature bit, and carrying out statistical detection on the updated data sequence to obtain a corresponding statistical detection result;
and step S32B2, iterating until the statistical detection of the random characteristic bits of all the random count values is completed according to the statistical detection result, and taking all the final data sequences passing the statistical detection as random number seeds.
Therefore, the randomness can be comprehensively checked from multiple dimensions by setting different statistical detection indexes for iterative updating, the randomness of the random number seeds is continuously improved, and the condition that the randomness is insufficient can be effectively detected by regarding the condition that the random number seeds do not meet the preset condition as an error reporting signal. The process can efficiently and automatically generate high-quality random number seeds, and the controllability and the safety of the whole random number generation process are enhanced.
Wherein the first preset condition corresponds to the first statistical detection index; the first updated data subsequence is a result of updating the first random feature bit to a lowest order of the initial data sequence. It is understood that the update of the random feature bit is continuously updated based on the initial data sequence updated by the previous random feature bit, so that the randomness of a plurality of random feature bits can be reserved, and the randomness strength is enhanced.
For example, referring to fig. 7, assuming that the initial data sequence is 000 … 000 total 512 bits, they are stored in the 0 th to 15 th registers, respectively; when the random count value obtained in the first sampling period is 3 and the lowest bit (namely, the random feature bit) of the binary number corresponding to the random count value is 1, controlling all registers storing the initial data sequence to be shifted left by 1 bit as a whole, and updating the lowest bit 1 to the 0 th bit of the 0 th register (namely, the first register), so as to obtain an updated 0 th register result of 00 … 001 (namely, corresponding to the first updated data subsequence); the first update data sub-sequence 00 … 001 (32 bits) is updated to the lower 32 bits of the initial data sequence, resulting in a first initial data sequence 000 … 001 (512 bits total). Wherein, the 31 st bit value 0 shifted out of the 0 st register is shifted to the 0 st bit of the 1 st register, the 31 st bit value of the 1 st register is shifted to the 0 st bit of the 2 nd register, and so on, the omitted part in the middle of the data sequence is 0.
Based on a preset statistical detection index, performing statistical test operation (such as poker detection, long run detection and monobit detection) on the first initial data sequence, when the statistical test result is successful, acquiring a random count value 4 obtained in a second sampling period, wherein the lowest bit (namely, a random feature bit) 0 of a binary number corresponding to the random count value is obtained, controlling all registers storing the first initial data sequence to shift left by 1 bit, and updating the lowest bit 0 to the 0 th bit of the 0 th register (namely, the first register), so as to obtain an updated result of 00 … 010 (namely, corresponding to a second updated data subsequence); the second update data sub-sequence 00 … 010 (32 bits) is updated to the lower 32 bits of the first initial data sequence resulting in a second initial data sequence 000 … 010 (512 bits total). Repeating the above operation, when the random number count value is 5, the third update data sub-sequence 00 … (32 bits) is updated to the lower 32 bits of the second initial data sequence, so as to obtain a third initial data sequence 000 … (512 bits in total), and so on, and finally the random number seed can be obtained.
In addition, in one implementation mode, the statistical detection can be used for carrying out statistical detection on the updated data subsequence, so that the detection time can be shortened, and the detection difficulty can be reduced; in another embodiment, the updated whole data sequence can be statistically detected, so that the randomness and the accuracy of the data sequence can be comprehensively detected; in a preferred embodiment, the above two embodiments may be used in combination, and the present invention is not particularly limited.
The various embodiments, examples or specific examples provided herein may be combined with one another to ultimately form a plurality of preferred embodiments.
For example, fig. 8 shows a schematic diagram of a structure of the statistic detection circuit in a preferred embodiment. The process of the preferred embodiment will be summarized below in connection with fig. 8.
Setting initial configuration parameters of a statistical detection circuit, wherein the initial configuration parameters comprise a sampling period, sampling times and maximum retry times after generation failure of a random number seed, and setting the initial configuration parameters through a register. In addition, the statistical detection circuit is controlled to enter a working mode according to the configuration parameters set by the register.
And generating fixed target sequence data by adopting a linear feedback shift register LFSR to finish verification of connectivity and functionality of the statistical detection circuit, and ensuring that the statistical detection circuit is normal. And when the statistics detection circuit is checked to be normal, the frequencies of clock signals generated by the ring oscillators in a plurality of sampling periods are respectively recorded and counted to obtain a plurality of groups of random number count values.
The method comprises the steps of obtaining initial values of 16 registers as initial data sequences, respectively extracting random characteristic bits of each group of random number count values, updating the initial data sequences according to the random characteristic bits to obtain first initial data sequences, carrying out statistical detection (such as poker detection, long run detection and monobit detection) on the updated first initial data sequences based on preset statistical detection indexes, judging and determining whether to carry out next iteration according to statistical test results of the first initial data sequences. And so on, finally obtaining the random number seeds. The updating of the initial data sequence and the statistical test times can be determined according to initial configuration parameters. Specifically, the number N of the generated random number count values is configured, N times of iterative updating and statistical detection are carried out on the initial data sequence according to the number N of the random number count values, and the data sequences of the 16 registers are simultaneously read after the N times of statistical detection are successfully completed to obtain a final data sequence which is used as a random number seed.
The invention also provides a random number seed generation device, which comprises: the oscillator is used for generating the frequency of the clock signal by the entropy source and is internally arranged in the statistics detection circuit;
the counter is used for recording and counting the number of output pulses of the entropy source in a plurality of sampling periods according to the frequency of the clock signal generated by the entropy source to obtain a plurality of groups of random number count values which are connected to the oscillator;
a random number seed generation unit for extracting random characteristic bits of each group of random number count values; the method comprises the steps of updating an initial data sequence according to the randomness characteristic bits, and carrying out statistical detection on the updated data sequence to obtain a corresponding statistical detection result; the random feature bit statistical detection unit is used for iterating until all random count values are completed according to the statistical detection result, and connecting all final data sequences passing the statistical detection to the counter and the statistical detection unit by taking all final data sequences passing the statistical detection as random number seeds;
and the statistical detection unit is used for carrying out statistical detection on the updated data sequence generated each time to obtain a statistical detection result, and is connected with the random number seed generation unit.
Thus, by combining an oscillator and statistical detection, random number seeds can be automatically generated, and the degree of automation is high; meanwhile, the statistical detection function is arranged in the hardware circuit, so that the randomness of the generated random number seeds is ensured, and other software means are not required to be sampled for secondary detection, so that the method is convenient and quick, and has strong reliability and good quality.
In summary, the present invention realizes self-test of the circuit by using the linear feedback shift register; after the self-checking is passed, the number of pulses sent by the oscillator in a plurality of sampling periods is received and recorded, and a plurality of groups of random count values are obtained through calculation; extracting random characteristic bits from each random count value, updating the random characteristic bits to an initial data sequence, carrying out statistical detection on the updated initial sequence, and taking the data sequence which is detected through the statistics as the basis of updating the next random characteristic bits; and iterating for a plurality of times until all random feature bits of the random count value are detected in a statistics mode, and taking all final data sequences passing the statistical detection as random number seeds. The method has strong controllability, and the characteristic bits with poor randomness can be filtered by iteratively executing the steps of extracting the randomness characteristic bits, updating the data sequence and counting the randomness of the detection data sequence, so that the generated random number seeds have higher overall quality, randomness and safety.
In addition, the statistical test (namely, the generation and the detection are simultaneously carried out) is completed when the random number seeds are generated, the secondary detection is carried out without an external randomness detection device or other software means, the cost is reduced, and the method is convenient, quick and high in reliability.
It should be understood that although the present disclosure describes embodiments, not every embodiment is provided with a separate embodiment, and that this description is for clarity only, and that the skilled artisan should recognize that the embodiments may be combined as appropriate to form other embodiments that will be understood by those skilled in the art.
The above list of detailed descriptions is only specific to practical embodiments of the present invention, and they are not intended to limit the scope of the present invention, and all equivalent embodiments or modifications that do not depart from the spirit of the present invention should be included in the scope of the present invention.

Claims (11)

1. A method for generating a random number seed, comprising:
receiving and recording the frequency of clock signals generated by an entropy source in a plurality of sampling periods to obtain a plurality of groups of random count values;
when the statistical detection circuit is checked to be normal, an initial data sequence is obtained, the randomness characteristic bits of each group of random count values are respectively extracted, the initial data sequence is updated according to the randomness characteristic bits, and the updated data sequence is subjected to statistical detection to obtain a corresponding statistical detection result;
and according to the statistical detection result, iterating until the statistical detection of the random characteristic bits of all the random count values is completed, and taking all the final data sequences passing the statistical detection as random number seeds.
2. The method of random number seed generation of claim 1, wherein the entropy source comprises a ring oscillator; the statistical test includes at least one of a poker test, a long run test, and a monobit test.
3. The random seed generation method of claim 1, wherein the random characteristic bits comprise at least one bit; the random number seed includes 512 bits.
4. The method for generating random number seeds according to claim 1, wherein said "when checking that the statistical detection circuit is normal" specifically comprises:
generating fixed target sequence data by adopting a linear feedback shift register;
respectively executing characteristic statistical calculation and statistical test on the target sequence data according to a preset statistical detection index to obtain a predicted statistical result and an actual statistical result corresponding to the statistical detection index;
and determining whether the statistical detection circuit is normal or not according to the prediction statistical result and the actual statistical result.
5. The method of generating random number seeds according to claim 4, wherein the step of performing feature statistical calculation and statistical test on the target sequence data according to a preset statistical detection index to obtain a predicted statistical result and an actual statistical result corresponding to the statistical detection index, respectively, specifically comprises:
according to a preset statistical detection index, performing feature statistical calculation on the target sequence data to obtain the prediction statistical result;
taking the target sequence data as input information of the statistical detection circuit, and carrying out statistical test on the target sequence data according to the preset statistical detection index to obtain the actual statistical result;
the step of determining whether the statistical detection circuit is normal according to the predicted statistical result and the actual statistical result specifically comprises the following steps:
judging whether the predicted statistical result is matched with the actual test result;
if yes, judging that the statistical detection circuit is normal.
6. The method for generating random number seeds according to claim 1, wherein said receiving and recording the frequency of the clock signal generated by the entropy source in the sampling periods, and obtaining the sets of random count values, specifically comprises:
acquiring initial configuration parameters of the statistical detection circuit; the initial configuration parameters comprise at least one of sampling period, sampling times and maximum retry times after generation failure of random number seeds;
and according to the initial configuration parameters, the control counter respectively records and counts the number of the entropy source output pulses in a plurality of sampling periods to obtain a plurality of groups of random count values.
7. The method for generating random number seeds according to claim 1, wherein said acquiring an initial data sequence specifically comprises:
acquiring and connecting a plurality of initial values of a plurality of registers to obtain the initial data sequence; wherein the initial data sequence comprises a set of random bit data;
the "extracting the random feature bits of each group of random count values" specifically includes:
binarizing each group of random count values, extracting the lowest bit of each group of random count values, and obtaining the random characteristic bits.
8. The random number seed generation method of claim 1, wherein the initial data sequence comprises N data subsequences; each data subsequence comprises the same number of bits, and is sequentially stored in N registers with the same size from low order to high order according to the index sequence of the registers.
9. The random number seed generation method of claim 1, wherein the initial data sequence comprises a first data subsequence; the random feature bits include a first random feature bit; the step of updating the initial data sequence according to the randomness feature bit and carrying out statistical detection on the updated data sequence to obtain a corresponding statistical detection result specifically comprises the following steps:
controlling a first register storing the first data subsequence to move leftwards by one bit, and updating the first randomness characteristic bit to the lowest bit of the first register to obtain a first updated data subsequence;
and based on a statistical detection method, executing a plurality of statistical index detection operations on the first updated data subsequence to obtain the statistical detection result.
10. The method of random number seed generation of claim 1, wherein the statistical test comprises a test corresponding to a first statistical test indicator; the statistical detection result comprises a first detection result; the random feature bits comprise a first random feature bit and a second random feature bit; the step of iterating until all the random feature bits of the random count value are statistically detected according to the statistical detection result, and taking all the final data sequences passing the statistical detection as random number seeds specifically comprises the following steps:
judging whether the first detection result corresponding to the first statistical detection index meets a first preset condition or not; wherein the first preset condition corresponds to the first statistical detection index;
if not, the initial configuration parameters of the statistical detection circuit are adjusted to be resampled;
if yes, acquiring and updating a first updated data subsequence to a position corresponding to the initial data sequence to obtain a first initial data sequence; wherein, the first update data subsequence is: updating the first randomness characteristic bit to the result of the lowest bit of the initial data sequence;
updating the first initial data sequence according to the second randomness characteristic bit, and carrying out statistical detection on the updated data sequence to obtain a corresponding statistical detection result;
and according to the statistical detection result, iterating until the statistical detection of the random characteristic bits of all the random count values is completed, and taking all the final data sequences passing the statistical detection as random number seeds.
11. A random number seed generation device, comprising:
the oscillator is used for generating the frequency of the clock signal by the entropy source and is internally arranged in the statistics detection circuit;
the counter is used for recording and counting the number of output pulses of the entropy source in a plurality of sampling periods according to the frequency of the clock signal generated by the entropy source to obtain a plurality of groups of random number count values which are connected to the oscillator;
a random number seed generation unit for extracting random characteristic bits of each group of random number count values; the method comprises the steps of updating an initial data sequence according to the randomness characteristic bits, and carrying out statistical detection on the updated data sequence to obtain a corresponding statistical detection result; the random feature bit statistical detection unit is used for iterating until all random count values are completed according to the statistical detection result, and connecting all final data sequences passing the statistical detection to the counter and the statistical detection unit by taking all final data sequences passing the statistical detection as random number seeds;
and the statistical detection unit is used for carrying out statistical detection on the updated data sequence generated each time to obtain a statistical detection result, and is connected with the random number seed generation unit.
CN202311549635.2A 2023-11-20 2023-11-20 Random number seed generation method and device Pending CN117742661A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311549635.2A CN117742661A (en) 2023-11-20 2023-11-20 Random number seed generation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311549635.2A CN117742661A (en) 2023-11-20 2023-11-20 Random number seed generation method and device

Publications (1)

Publication Number Publication Date
CN117742661A true CN117742661A (en) 2024-03-22

Family

ID=90251659

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311549635.2A Pending CN117742661A (en) 2023-11-20 2023-11-20 Random number seed generation method and device

Country Status (1)

Country Link
CN (1) CN117742661A (en)

Similar Documents

Publication Publication Date Title
US7461312B2 (en) Digital signature generation for hardware functional test
JP2554410B2 (en) Test pattern bit sequence generation circuit and method for testing digital circuit device
US7653855B2 (en) Random number test circuit, random number generation circuit, semiconductor integrated circuit, IC card and information terminal device
EP3208788A1 (en) Method of protecting a circuit against a side-channel analysis
EP1584937B1 (en) Systems and methods for processing automatically generated test patterns
JP4413858B2 (en) Random number test circuit
Huang et al. Statistical diagnosis for intermittent scan chain hold-time fault
CN106291324B (en) A kind of on piece differential delay measuring system and recycling integrated circuit recognition methods
CN109062794A (en) A kind of the determination method, apparatus and electronic equipment of software evaluating result
JP2005521156A (en) Monobit run frequency online randomness test
CN112597064B (en) Method for simulating program, electronic device and storage medium
US20070219735A1 (en) Electric Power Calculating Apparatus, Electric Power Calculating Method, Tamper Resistance Evaluating Apparatus, and Tamper Resistance Evaluating Method
US9836280B2 (en) Arrangement and method for checking the entropy of a random number sequence
CN117742661A (en) Random number seed generation method and device
CN109283833A (en) A kind of time statistical system and method
US10931487B2 (en) Chip failure detection method and device
US20140136900A1 (en) Method for Ranking Fault-Test Pairs Based on Waveform Statistics in a Mutation-Based Test Program Evaluation System
US9506983B2 (en) Chip authentication using scan chains
US20050024074A1 (en) Method and apparatus for characterizing an electronic circuit
Prashanth et al. BIST Based Aging Fault Prediction Using Machine Learning
Mondal et al. Hardware Trojan Detection using Transition Probability with Minimal Test Vectors
CN117560232B (en) Detection device and chip
CN111177987B (en) Method, device, terminal and storage medium for analyzing integrated circuit design
US20230153422A1 (en) Method, System and Apparatus for Detecting Malicious Modifications to Semiconductor Devices
RU2065202C1 (en) Device for testing digital units

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination