TREA

Pseudo-random binary sequence generators

Follow

Information

  • Patent Grant
  • 4748576
  • Patent Number
    4,748,576
  • Date Filed
    Tuesday, October 1, 1985
    39 years ago
  • Date Issued
    Tuesday, May 31, 1988
    36 years ago
Information
Abstract
A pseudo-random binary sequence generator comprises at least one shift register (S, T) arranged in a recirculating loop and having a plurality of logic gates (G) for logically combining the outputs of selected stages of the register to provide a pseudo-random sequence, and a multiplexer (M), having a p data inputs and q address inputs all connected to selected shift register stages, and which selects at any instant one of the p data input bits in accordance with the q-bit address word to provide the generator output. The number s of logic gates is especially high and is related to the total number r of shift register stages (r>p+q) by the expression: 2.sup.s .gtoreq.r.sup.2. Some of the shift register stages of the or each shift register are connected to selected data inputs of the multiplexer and others of the stages of the same shift register are connected to selected address inputs of the multiplexer. Switches (SW1-SW4) are provided for regularly loading a re-initialization word into the shift register(s), and this re-initialization word can be formed by an arrangement (FIG. 4) which combines a control word with the frame count.
Description

This invention relates to pseudo-random binary sequence generators.
BACKGROUND OF THE INVENTION
Pseudo-random binary sequence generators (p.r.b.s. generators) are well known and reference should be made to the book "Cypher Systems" by Beker and Piper, 1982, published by Northwood Books, London for a description of the construction and operation of such generators. In particular, such generators can take the form of linear-feedback shift registers (LFSRs) and particular reference should be made to LFSRs of the "Galois" or "dual" kind.
P.r.b.s. generators comprise essentially an n stage recirculatory shift register and one or more associated logic gates in the loop for combining the output of at least two register stages. By appropriate choice of the logic gates a repeating sequence can be obtained of length 2.sup.n -1 bits. If n is a suitably large number this sequence is very long indeed, and the bits can be regarded as random; hence the term "pseudo random".
There may be applications where it is desired to reduce the possibilities of mimicking the generator output, and thus to increase the unpredictability of both the output signal and also the contents of the shift register stages, even when the contents of some of the shift register stages may be known.
SUMMARY OF THE INVENTION
A pseudo-random binary sequence generator using a selector having data inputs and address inputs for selecting at any instant one of the data input bits in accordance with the address input word to provide the generator output. The generator includes a recirculatory shift register with at least one recirculatory loop having a plurality of logic gates for logically combining the outputs of selected stages of the loop to provide a pseudo-random sequence. Data inputs of the selector are connected to the outputs of some of the shift register stages of the loop and address inputs of the selector are connected to the outputs of others of the shift register stages of the same loop.
The invention in its various aspects is defined in the appended claims to which reference should now be made.





DESCRIPTION OF THE DRAWING
The invention will be described by way of example with reference to the drawings, in which
FIGS. 1, 2 and 3 each show a block circuit diagram of a respective p.r.b.s. generator embodying the invention, and
FIG. 4 is a block diagram of a circuit for modifying the input to the p.r.b.s. generator shown in FIGS. 1, 2 or 3.





DESCRIPTION OF THE PREFERRED EMBODIMENTS
FIG. 1 shows a p.r.b.s. generator which comprises two LFSRs, S and T. The register S has 29 stages S.sub.0 . . . S.sub.28 and the register T has 31 stages T.sub.0 . . . T.sub.30. In each case the output of the final stage is during normal running applied as the input to the first stage in a recirculating loop. The loop also includes a plurality of logic gates G, in the form of exclusive-OR circuits, which combine the output of the final stage with the output of one shift register stage for application to the next shift register stage.
The positions of the gates G are chosen so that the sequence generated by the register is of maximum possible length. Conventionally, the positions of the gates are described in the form of a polynomial, of the form:
f(X)=1+C.sub.1 X+C.sub.2 X.sup.2 +. . . C.sub.i X.sup.i +. . . +C.sub.n-1 X.sup.n-1 +X.sup.n
Using this notation, it is seen that p.r.b.s. generator S is of the form
1+X.sup.2 +X.sup.3 +X.sup.4 +X.sup.5 +X.sup.7 +X.sup.11 +X.sup.13 +X.sup.14 +X.sup.20 +X.sup.29
which means that gates are located at the inputs to stages S.sub.2, S.sub.3, S.sub.4, S.sub.5, S.sub.7, S.sub.11, S.sub.13, S.sub.14 and S.sub.20. Thus, there are nine such gates, and each gate introduces an additional term into the polynomial.
Similarly, p.r.b.s. generator T has gates G at the inputs to stages T.sub.1, T.sub.2, T.sub.3, T.sub.5, T.sub.6, T.sub.7, T.sub.9, T.sub.10, T.sub.11, T.sub.15, T.sub.19, T.sub.23 and T.sub.27. In this case there are 13 gates.
The circuit of FIG. 1 also includes a multiplexer M, or selector circuit. This has 5 address inputs A.sub.i and 32 data inputs B.sub.i and operates to select one of the data inputs for application to the output in dependence upon the address word applied to the address inputs. More generally, where there are p data inputs there will be q address inputs where q takes the lowest value consistent with 2q.gtoreq.p.
The data inputs receive the outputs of the stages of the register T such that:
T.sub.i is connected to B.sub.i for i=0, 1, . . . 30 and T.sub.30 is also connected to B.sub.31.
The address inputs receive the outputs of the first five stages of the register S, i.e.:
S.sub.i is connected to A.sub.i for i=0, 1, 2, 3, 4. Thus q outputs are taken from register S.
In use the two registers S and T are clocked simultaneously. The 31-bits of the pseudo-random sequence held in register T are applied to the data inputs of the selector M. One of these bits is selected as the output bit at any instant. The bit selected is determined by the contents of the first five stages of the register S. In this way the output number is difficult to predict even if the contents of register T were to be known.
It should be noted that the total number of shift register stages involved, which is 60, is greater than is required solely to provide the q-bit address and p data bits. If the total number of register stages is r, then:
r>p+q.
We have appreciated that it is desirable to provide a number of "unused" stages, in the sense that the outputs of these stages are not applied to the selector M, and that this number should be large in relation to the number of address bits. Preferably therefore:
r.gtoreq.p+q.sup.2.
The provision of these unused stages increases the unpredictability of the address word and hence makes it difficult to predict the generator output even if the contents of register T are known.
It will also be seen that the shift registers use a large number of logic gates G, twenty two in fact. As noted above, these gates are chosen in each case to give a maximum length sequence. However, the use of such a large number of gates is not necessary for that purpose alone.
We have appreciated, however, that the more gates there are the more the contents of the shift registers will be difficult to predict, because a given sequence will not simply travel from the beginning of the register to the end but will be liable to change at many points.
Accordingly we propose a minimum of s such logic gates where:
2.sup.s .gtoreq.r.sup.2,
thus providing a high degree of unpredictability in relation to the total number of register stages involved. For a total number of register stages equal to 60, a minimum of 12 logic gates should be provided, preferably with a minimum for each register substantially proportionate to the number of register stages. Normally also s will be less than r/2.
As seen in the figure, switches SW1, SW2, SW3 and SW4 are provided which in normal operation ("RUN") complete the two recirculating loops around registers S and T. However, these four switches can be changed over from the positions shown to the LOAD positions, in which the output of register S is applied as the input of register T, and the gates G all receive a zero at that input which is normally connected to the register output. A 60-bit initialisation word can then be applied to the LOAD input of the switch SW1 which is clocked through all the 60 shift register stages.
This re-initialisation operation takes place regularly during normal operation of the generator on receipt of a defined cue and may take place in a manner such as will be described later with regard to FIG. 4. This again assists in making the output unpredictable even if the contents of the registers become known at any instant.
It may be desirable, after the initialisation word is received, to clock the generator through several cycles before utilizing the generator output.
FIG. 2 shows a modification of the generator of FIG. 1. Much of the apparatus is the same as FIG. 1 and only the differences will be described.
Again register S has 29 stages and register T has 31 stages. Gates are now coupled to the inputs of the following stages: in register S--S.sub.2, S.sub.3, S.sub.4, S.sub.8, S.sub.11, S.sub.16, and S.sub.20 in register T--T.sub.1, T.sub.2, T.sub.3, T.sub.7, T.sub.14, T.sub.19 and T.sub.25. Thus there are 60 register stages altogether, 32 data inputs and 5 address inputs to the selector M, and 14 gates.
In this instance, however, some of the stages of each register are respectively connected to some of each of the data and address inputs. That is to say the connections are as follows:
A.sub.0 --S.sub.0
A.sub.1 --S.sub.1
A.sub.2 --T.sub.0
A.sub.3 --T.sub.1
A.sub.4 --T.sub.2
B.sub.0 to B.sub.7 --S.sub.2 to S.sub.9 respectively
B.sub.8 to B.sub.31 --T.sub.3 to T.sub.26 respectively.
By mixing the outputs of the shift registers and the inputs of the selector M in this way it is again made more difficult to predict the operation of the generator even when a great deal about its state is known.
FIG. 3 shows a further variant in which the two shift registers of FIGS. 1 and 2 are replaced by a single shift register S having 61 stages S.sub.0 to S.sub.60. There are 25 logic gates G connected as shown to the inputs of the following stages:
S.sub.2, S.sub.3, S.sub.7, S.sub.8, S.sub.9, S.sub.10, S.sub.12, S.sub.15,
S.sub.19, S.sub.20, S.sub.22, S.sub.24, S.sub.25, S.sub.28,
S.sub.30, S.sub.33, S.sub.34, S.sub.37, S.sub.40, S.sub.43,
S.sub.44, S.sub.46, S.sub.54, S.sub.56 and S.sub.60.
The five address bits A.sub.0 . . . A.sub.4 are taken from the outputs of stages S.sub.4, S.sub.9, S.sub.14, S.sub.19 and S.sub.24, and the 32 data bits are taken from the outputs of stages S.sub.29 to S.sub.60. In this way a single recirculatory loop provides outputs to both the data and the address inputs of the multiplexer M.
In this case only two switches SW1 and SW2 are required for re-initialisation with a 61 bit initialisation word.
The generator of FIG. 3 again uses a single recirculatory loop to provide both address and data input bits to the multiplexer M.
In accordance with conventional practice in this technology the generators have been described and illustrated in terms of discrete circuitry. It will be appreciated however that the description and claims are equally applicable to the implementations of the invention in the form of computer programs, where the generator polynomials may be reproduced mathematically or by logical steps to produce the same resultant sequences as the generators described.
The outputs of the p.r.b.s. generators can be used to scramble the components of a conditional access (or subscription) television signal, such as a DBS signal (direct broadcasting by satellite). Returning to the re-initialisation operation described above, for scrambling a video signal a new code is preferably transmitted say every ten seconds, but the code is repeated many times during that ten second period, as the maximum time for a decoder to lock-in should be much less than one second. However, this means that the picture information is scrambled with repetitions of the same sequence. This is relatively insecure because correlations between different pieces of the scrambled picture can then be made.
An eight-bit frame count word (FCNT) could be transmitted with a television signal, such as a DBS signal, for the purpose of counting television frames. The count is incremented every 40 ms (every frame) and repeats after a predetermined number of frames e.g. every 256 frames (approx. 10 seconds).
Now, this frame count word (FCNT) can then be applied as an input to the p.r.b.s. generator at the transmitter, and to the corresponding generator in the decoder at the receiver. Thus both the frame count signal and a secret control word are fed to the p.r.b.s. generator at the transmitter at the beginning of each television frame. The effect upon the generator of using the frame count signal is to cause it to generate a different output during each loading of the same control word value. This means that the picture signal is always scrambled with a different keystream, which is more secure. Furthermore, since each sequence now begins every television frame (40 ms), fast access may be obtained to the video information at the decoder. The frame count word may be combined with the control word in any suitable manner. Simple modulo-two addition is an obvious example.
The above described operation will be more readily understood from the following description with reference to FIG. 4.
A frame counter 10 produces an output in the form of, say, an 8-bit word which increments every frame. Every time the frame counter is incremented, an output 10a is fed to a dividing circuit 11 which divides by a number equivalent to the desired length of the repetition period, in this case by 256 which gives a repetition period of 10 seconds. The dividing circuit provides an output for clocking a control word generator 12 and causing the generator to produce a different long control word e.g. a 60-bit control word.
The 8-bit output of the frame counter is the frame count word (FCNT) and this is fed through a divide-by-2 inverting circuit 14 where every alternate 8-bit FCNT word is complemented. The output of the inverting circuit 14 is then fed to a modulo-2 adder represented by an EX-OR gate 15 where each FCNT word is modulo-2 added to a byte of the 60-bit control word. Thus the first 8-bit byte of the control word is modulo-2 added to the first FCNT word, the second byte added to the complement of the second FCNT word, the third byte added to the third FCNT word and so on until the last byte, which for a 60-bit control word is only 4-bit, the last byte being added to the least significant four bits of the complement of the eighth FCNT word. The output of the gate 15 is fed as the initialisation input to the p.r.b.s. generator 16 and loaded into the generator every frame count i.e. every time the frame counter 10 increments. The generator 16 may be any of the generators illustrated, though is preferably that of FIG. 2.
Thus two signals are applied to the input of the p.r.b.s. generator; one (the frame count) is known but the other (the control word) is not. In these circumstances knowledge of both the known input and the generator output will still not allow the unknown input to be found. Thus the same control word can be repeatedly loaded into the p.r.b.s. generator but its output is prevented from repeating the same sequence, thereby improving the security.
The above processing can be carried out on a word by word basis or on a serial basis.
The frame count is the preferred periodic sequence for these purposes but it may not be the only available sequence. For example, a suitable count may be derived from an associated data signal, such as a date/time signal, or from another count such as the line count, or from a combination of counts.
Claims
  • 1. A pseudo-random binary sequence generator, comprising:
  • selector means having p data inputs and q address inputs (2.sup.q .gtoreq.p) for selecting at any instant one of the data input bits in accordance with the address input word to provide the generator output;
  • recirculatory shift register means having a total of r stages and having s logic gates located between register stages for logically combining the outputs of selected stages to provide a pseudo-random sequence; and
  • means connecting the p data input of the selector means to the outputs of selected shift register stages and for connecting the q address inputs of the selector means to the outputs of q selected shift register stages, in which r and s are so chosen that:
  • r>p+q and 2.sup.s .gtoreq.r.sup.2.
  • 2. A generator according to claim 1, in which the number of stages r is so chosen that:
  • r.gtoreq.p+q.sup.2.
  • 3. A generator according to claim 1, in which the shift register means comprises at least one recirculating loop and the connecting means connects the outputs of some of the shift register stages of the said loop to data inputs of the selector means and the outputs of others of the shift register stages of the same loop to address inputs of the selector means.
  • 4. A generator according to claim 3, including means for regularly loading a re-initialisation word into the shift register means.
  • 5. A pseudo-random binary sequence generator, comprising:
  • selector means having p data inputs and q address inputs (2.sup.q .gtoreq.p) for selecting at any instant one of the data input bits in accordance with the address input word to provide the generator output;
  • recirculatory shift register means comprising at least one recirculating loop having a plurality of logic gates for logically combining the outputs of selected stages of the loop to provide a pseudo-random sequence; and
  • means connecting the outputs of some of the shift register stages of the said loop to data inputs of the selector means and the outputs of others of the shift register stages of the same loop to address inputs of the selector means.
  • 6. A generator according to claim 5, in which the recirculatory shift register means comprises two recirculating loops, respective ones of the data inputs of the selector means being connected to each loop, and respective ones of the address inputs of the selector means being connected to each loop.
  • 7. A pseudo-random binary sequence generator, comprising:
  • selector means having p data inputs and q address inputs (2.sup.q .gtoreq.p) for selecting at any instant one of the data input bits in accordance with the address input word to provide the generator output;
  • recirculatory shift register means comprising at least one recirculating loop having a plurality of logic gates for logically combining the outputs of selected stages of the loop to provide a pseudo-random sequence;
  • means connecting the p data inputs of the selector means to the outputs of selected shift register stages and for connecting the q address inputs of the selector means to the outputs of q selected shift register stages; and
  • means for regularly loading a re-initialisation word into the shift register means.
  • 8. A generator according to claim 7, wherein the loading means comprises:
  • means for generating a periodic count word;
  • means for generating a control word; and
  • means for combining the count and control words whereby to alter the re-initialisation word every time it is regularly loaded into the shift register means.
  • 9. A generator according to claim 8, in which the combining means comprise a circuit for complementing alternate count words.
  • 10. A generator according to claim 8, in which the combining means comprises modulo-2 adding means for adding each count word to selected bits of the control word.
  • 11. A generator according to claim 8, in which the periodic count word is a frame count word formed by counting successive video frames.
  • 12. A generator according to claim 7, further including means operative subsequent to the loading of a re-initialisation word to clock the register means for a plurality of clock cycles before the generator output is utilised.
  • 13. A generator according to claim 7, in which the recirculatory shift register means is arranged in normal operation in two recirculating loops, and the loading means when operated connects the shift register means of the two loops into a single shift register.
Priority Claims (2)
Number Date Country Kind
8403046 Feb 1984 GBX
8412431 May 1984 GBX
PCT Information
Filing Document Filing Date Country Kind 102e Date 371c Date
PCT/GB85/00051 2/4/1985 10/1/1985 10/1/1985
Publishing Document Publishing Date Country Kind
WO85/03678 8/29/1985
US Referenced Citations (2)
Number Name Date Kind
3881099 Ailett et al. Apr 1975
4047008 Perkins Sep 1977
Non-Patent Literature Citations (3)
Entry
H. Beker et al, "Cipher Systems-The Protection of Communications", Northwood Publications, 1982, pp. 212, 240-246.
S. Jennings, "Multiplexed Sequences: Some Properties of the Minimum Polynomial", in Cryptography Lecture Notes in Computer Science, vol. 149, pp. 189-206, Published in Proceeding Burg Feuerstein 1982 by Springer Verlag 1983.
S. Jennings, "A Special Class of Binary Sequences", Ph. O. Thesis, Univ. of London, 1980, chapter 2, pp. 57-61 & chapter 4, pp. 156-161.