The present disclosure relates to the field of electronic technologies, and in particular, to a random number generation apparatus and method.
Currently, communication can be performed between a vehicle and an external device, and between components inside the vehicle. Some communication processes require high security, and therefore need to use a proper security mechanism. Usually, most security mechanisms rely on random numbers. For example, a random number may be used as an initialization vector, a session identifier, or a basic unit for key generation and verification. The randomness of the random number may be represented by an entropy of the random number. Usually, a higher entropy of the random number indicates that a security mechanism depending on the random number is less likely to be cracked, and security of the random number is higher. Therefore, whether the random number can have a high entropy is very important for security of vehicle communication.
Usually, entropy bit data may be generated by adding a hardware entropy source to the vehicle, and a random number is generated after a specific operation is performed on the entropy bit data. An entropy of the random number mainly depends on an entropy of the entropy bit data. Therefore, currently, a high-quality hardware entropy source needs to be configured in most vehicles, which is not conducive to reducing production costs of the vehicles.
In conclusion, currently, generation of a random number in a vehicle needs to be further studied.
The present disclosure provides a random number generation apparatus and method, to generate a true random number and a pseudo random number without using a hardware entropy source.
According to a first aspect, an embodiment of this application provides a random number generation apparatus. The apparatus mainly includes an electric network frequency (ENF) extractor, an entropy generation module, and an entropy pool. An input end of the ENF extractor is connected to an electric network, an output end of the ENF extractor is connected to an input end of the entropy generation module, and an output end of the entropy generation module is connected to the entropy pool. The ENF extractor may extract an ENF signal of the electric network. The entropy generation module may generate first bit data based on the ENF signal. The entropy pool may receive at least one piece of input data, where the at least one piece of input data includes the first bit data; and generate a random number based on the at least one piece of input data.
The ENF signal of the electric network changes with an electricity requirement of a user in the electric network, and the electric network carries a large quantity of users. Therefore, it may be considered that an overall electricity requirement of the users in the electric network is irregular, and further, the first bit data with true randomness may be generated based on the ENF signal. In this embodiment of this application, the at least one piece of input data received by the entropy pool includes the first bit data. Therefore, the entropy pool may generate a true random number and a pseudo random number based on the first bit data. Therefore, by using the random number generation apparatus provided in this embodiment of this application, a true random number and a pseudo random number can be generated without using a hardware entropy source.
For generating a true random number, the entropy pool may include a first operational circuit, the first operational circuit is connected to the output end of the entropy generation module, and the first operational circuit may generate a first random number based on the first bit data, where the first random number is a true random number. Because the first bit data has true randomness, the first operational circuit may generate the first random number with true randomness based on the first bit data.
For example, the entropy pool may further include a deterministic random bit generator DRBG, and the DRBG is separately connected to the output end of the entropy generation module and the first operational circuit. The DRBG may generate second bit data based on the first bit data. When generating the first random number, the first operational circuit may perform an exclusive OR operation on the current first bit data and the second bit data, to generate the first random number. It should be noted that the current first bit data is real-time bit data, that is, first bit data output by the DRBG when the exclusive OR operation is performed.
For generating a pseudo random number, the entropy pool may further include a storage area and an interface circuit. The DRBG may correspondingly generate at least one piece of third bit data based on the at least one piece of input data, where the at least one piece of third bit data includes the second bit data. The storage area may store the at least one piece of third bit data. After receiving a pseudo random number request message, the interface circuit may randomly read third bit data from the storage area, and output a second random number based on the randomly read third bit data, where the second random number is a pseudo random number.
For example, the storage area includes a first storage area and a second storage area. The first storage area may store third bit data that has an entropy rate greater than a first threshold, and the second storage area may store third bit data that has an entropy rate not greater than the first threshold. In this case, based on an entropy rate corresponding to the at least one piece of third bit data, the DRBG may further separately store third bit data that is in the at least one piece of third bit data and that has an entropy rate greater than the first threshold into the first storage area, and store third bit data that is in the at least one piece of third bit data and that has an entropy rate not greater than the first threshold into the second storage area.
Based on this storage manner, the pseudo random number request message may be a full-entropy pseudo random number request message or a reduced-entropy pseudo random number request message. After receiving the full-entropy pseudo random number request message, the interface circuit may randomly read the third bit data from the first storage area, and output the second random number based on the randomly read third bit data. Alternatively, after receiving the reduced entropy pseudo random number request message, the interface circuit may randomly read the third bit data from the second storage area, and output the second random number based on the randomly read third bit data.
In this embodiment of the present disclosure, the entropy generation module may include an analog-to-digital converter and a second operational circuit. The analog-to-digital converter may convert the ENF signal from an analog signal into a digital signal. The second operational circuit may perform an operation on the ENF signal that is converted into the digital signal, to obtain the first bit data.
For example, the analog-to-digital converter may perform multi-bit (M-bit) quantization processing on the ENF signal in an analog signal form, to convert the ENF signal into a digital signal form. The ENF signal in the digital signal form carries a bit stream, and the second operational circuit may perform an operation on the bit stream according to an entropy conditioning algorithm, to obtain conditioned full entropy bits, that is, the first bit data.
To further improve quality of the random number, in a possible implementation, the entropy generation module may further include a preprocessing circuit, and the preprocessing circuit is separately connected to the ENF extractor and the analog-to-digital converter. The preprocessing circuit may preprocess the ENF signal, and output the preprocessed ENF signal to the analog-to-digital converter.
By preprocessing, processing such as filtering and enhancement may be performed on the ENF signal to remove noise or a useless component from the ENF signal. For example, a random or abnormal peak pulse, a ghost signal, and the like in the ENF signal can be removed, so that quality of the first bit data can be improved.
To detect an abnormal risk in a timely manner, in a possible implementation, the preprocessing circuit may further detect signal quality of the ENF signal; and continue or stop, based on the signal quality of the ENF signal, outputting the ENF signal to the analog-to-digital converter.
Specifically, the preprocessing circuit may continuously monitor the ENF signal, to ensure that the preprocessed ENF signal output to the analog-to-digital converter has enough randomness. For example, when the electric network is powered off or the ENF extractor is abnormal (for example, faulty or powered off), or when an attacker attempts to control the ENF signal to affect random number generation, the preprocessing circuit may monitor the ENF signal to determine signal quality of the ENF signal, for example, randomness quality and an attribute (for example, repeatability) of the ENF signal, so as to detect a possible risk in a timely manner. When quality of the ENF signal is not high, there may be an abnormal risk. In this case, the preprocessing circuit may stop outputting the ENF signal to the analog-to-digital converter, to reduce a risk of a security mechanism being cracked.
According to a second aspect, an embodiment of the present disclosure provides a random number generation method. The method may be applied to the random number generation apparatus provided in any implementation of the first aspect. For a technical effect of a corresponding solution in the second aspect, refer to a technical effect that can be obtained by using the corresponding solution in the first aspect. Details are not described herein. For example, the random number generation method provided in this embodiment of the present disclosure mainly includes the following step: obtaining at least one piece of input data, where the at least one piece of input data includes first bit data, and the first bit data may be generated based on an ENF signal of an electric network; and generating a random number based on the foregoing at least one piece of input data.
Because the ENF signal of the electric network used in this embodiment of the present disclosure has true randomness, the first bit data also has true randomness. Therefore, when the random number is output based on the at least one piece of input data, the first random number may be generated based on the first bit data, and the first random number may be a true random number.
For example, when the first random number is generated based on the first bit data, second bit data may be generated based on the first bit data; and an exclusive OR operation is performed on the current first bit data and the second bit data, to generate the first random number.
The random number generation method provided in this embodiment of the present disclosure may further generate a pseudo random number. For example, when the second bit data is generated based on the first bit data, at least one piece of third bit data may be correspondingly generated based on the at least one piece of input data, where the at least one piece of third bit data includes the second bit data; and then the at least one piece of third bit data is stored. After receiving a pseudo random number request message, third bit data may be randomly read from the at least one piece of stored third bit data, and a second random number is output based on the randomly read third bit data, where the second random number is a pseudo random number.
For example, when the at least one piece of third bit data is stored, based on an entropy rate corresponding to the at least one piece of third bit data, third bit data that is in the at least one piece of third bit data and that has an entropy rate greater than a first threshold may be stored into a first storage area, and third bit data that is in the at least one piece of third bit data and that has an entropy rate not greater than the first threshold may be stored into a second storage area.
In view of this, the pseudo random number request message may be a full-entropy pseudo random number request message or a reduced-entropy pseudo random number request message. After the full-entropy pseudo random number request message is received, the third bit data may be randomly read from the first storage area; and after the reduced-entropy pseudo random number request message is received, the third bit data may be randomly read from the second storage area.
To further improve quality of the first bit data, in a possible implementation, before the at least one piece of input data is obtained, the ENF signal may be first converted from an analog signal into a digital signal; and an operation is performed on the ENF signal that is converted into the digital signal, to obtain the first bit data.
To further improve quality of the first bit data, in a possible implementation, the ENF signal may be preprocessed first, and then the preprocessed ENF signal is converted from an analog signal into a digital signal.
To detect an abnormal risk in a timely manner, in a possible implementation, signal quality of the ENF signal may be first detected, and then conversion of the ENF signal from the analog signal to the digital signal is continued or stopped based on the signal quality of the ENF signal.
These aspects or other aspects in the present disclosure may be clearer and more intelligible in descriptions in the following embodiments.
Information security plays an important role in many types of electronic devices. For example, hundreds or thousands of electronic control units (ECUs) are integrated in a green car, and the electronic control units have a plurality of external communications interfaces such as vehicle-to-external-device, vehicle-to-vehicle, and vehicle-to-infrastructure. In addition, there are internal networks such as controller area network (CAN), local interconnect network (LIN), and Ethernet in green cars. Regardless of the external communications interfaces or the internal networks, specified security mechanisms are required during communication to ensure confidentiality, authenticity, and integrity of messages or data.
In a current communication security mechanism, a random number is a basis of a security mechanism in many electronic devices. For example, a random number may be used as an initialization vector, a session identifier, or a basic unit for key generation and verification. Usually, a higher quality of the random number indicates that the security mechanism based on the random number is less likely to be cracked. A quality of the random number may be understood as randomness of the random number, that is, an entropy of the random number. A higher entropy of the random number indicates higher quality of the random number. On the contrary, a lower entropy of the random number indicates lower quality of the random number.
Random numbers can be classified into true random numbers and pseudo random numbers based on generation modes of the random numbers. The true random number is a random number generated by using a physical phenomenon, and a value of the random number is totally unpredictable, and has real randomness. For example, thermal noise generated in a circuit, a decay process of a radioactive element, or timing information related to counting of a Geiger counter can be used to generate a true random number.
A pseudo random number is a random number generated by using a random algorithm. Although a pseudo random number may also have a high entropy or even a full entropy, the pseudo random number is generated according to an algorithm. Therefore, a value of the random number is theoretically predictable and does not have real randomness.
It can be learned that compared with the pseudo random number, the true random number can provide higher security assurance for the electronic devices. Therefore, a high-quality hardware entropy source is disposed in some electronic devices to generate true random numbers. However, this implementation increases system complexity of the electronic device, and also increases manufacturing costs of the electronic device.
In view of this, an embodiment of the present disclosure provides a random number generation apparatus. The random number generation apparatus may be a chip or a module in an electronic device, or may be an electronic device (for example, an electronic device such as a green car, the internet of things (IoT) device, a smart appliance, or an autonomous vehicle) that can connect to an electric network. This is not limited in this embodiment of the present disclosure. The random number generation apparatus provided in this embodiment of the present disclosure may generate a random number based on an ENF signal. The ENF signal of the electric network changes with an electricity requirement of a user in the electric network, and the electric network carries a large quantity of users. Therefore, it may be considered that an overall electricity requirement of the users in the electric network is irregular, and further, a true random number may be generated based on the ENF signal.
To make the objectives, technical solutions, and advantages of the present disclosure clearer, the following further describes the present disclosure in detail with reference to the accompanying drawings. A specific operation method in a method embodiment may also be applied to an apparatus embodiment or a system embodiment. It should be noted that in description of the present disclosure, “at least one” means one or more, and “a plurality of” means two or more. In view of this, in embodiments of the present disclosure, “a plurality of” may also be understood as “at least two”. The term “and/or” describes an association relationship for describing associated objects and represents that three relationships may exist. For example, A and/or B may represent the following three cases: Only A exists, both A and B exist, and only B exists. In addition, the character “/”, unless otherwise specified, generally represents an “or” relationship between the associated objects. In addition, it should be understood that in description of the present disclosure, terms such as “first” and “second” are merely used for distinguishing and description, but should not be understood as indicating or implying relative importance, or should not be understood as indicating or implying a sequence.
It should be noted that the “connection” in embodiments of the present disclosure refers to an electric connection, and the connection between two electrical elements may be a direct or indirect connection between the two electrical elements. For example, a connection between A and B may represent that A and B are directly connected to each other, or A and B are indirectly connected to each other by using one or more other electrical elements. For example, the connection between A and B may also represent that A is directly connected to C, C is directly connected to B, and A and B are connected to each other through C.
The following separately describes the ENF extractor 101, the entropy generation module 102, and the entropy pool 103 as examples.
1. ENF Extractor 101:
The ENF extractor 101 may be connected to an electric network, and the ENF extractor 101 may extract an ENF signal from the electric network. Signal strength of the ENF signal may represent an ENF change. For example, if the ENF is 50 hertz (Hz), the frequency of the ENF signal is also 50 Hz.
In this embodiment of the present disclosure, the electric network to which the ENF extractor 101 is connected may supply power to a large quantity of users. For example, the electric network may be a large electric network such as an urban electric network. When a power consumption of a user changes, the ENF also changes. That is, the ENF fluctuates within a specified range. Because there is a large quantity of users in the electric network, the power consumption of the users in the electric network is usually unpredictable. That is, the ENF is completely random. Therefore, the signal strength of the ENF signal extracted by the ENF extractor 101 from the electric network is also completely random.
2. Entropy Generation Module 102:
The entropy generation module 102 may generate first bit data based on the ENF signal provided by the ENF extractor 101. In this embodiment of the present disclosure, because signal strength of the ENF signal is completely random, the entropy generation module 102 may generate, based on the ENF signal, the first bit data that has true randomness.
For example, as shown in
The analog-to-digital converter 1021 may convert the ENF signal from an analog signal to a digital signal. For example, the analog-to-digital converter 1021 may perform M-bit quantization processing on the ENF signal in an analog signal form, to obtain an ENF signal in a digital signal form. The ENF signal in the digital signal form may carry a bit stream, for example, 0101100101.
The second operational circuit 1022 may perform an operation on the ENF signal that is converted into the digital signal, to obtain the first bit data. For example, the second operational circuit 1022 may perform an operation according to an entropy conditioning algorithm based on the bit stream carried in the ENF signal that is converted into the digital signal, to obtain conditioned full entropy bits, that is, the first bit data. The entropy conditioning algorithm used by the second operational circuit 1022 may be an algorithm such as a secure hash algorithm (SHA)-256. This is not limited in this embodiment of the present disclosure. A deviation in the bit data may be removed by performing an operation according to the entropy conditioning algorithm, to output conditioned full entropy bits with a high entropy value (approximately equal to 1 bit/bit), that is, the first bit data.
To further improve quality of the first bit data, in a possible implementation, the entropy generation module 102 may further include a preprocessing circuit 1023. As shown in
The preprocessing circuit 1023 may preprocess the ENF signal provided by the ENF extractor 101, and output the preprocessed ENF signal to the analog-to-digital converter 1021. For example, as shown in
In a possible implementation, the preprocessing circuit 1023 may further detect signal quality of the ENF signal; and continue or stop, based on the signal quality of the ENF signal, outputting the ENF signal to the analog-to-digital converter 1021. For example, as shown in
For example, when the electric network is powered off or the ENF extractor 101 is abnormal (for example, faulty or powered off), or when an attacker attempts to control the ENF signal to affect random number generation, the pulse checking unit 23-2 may check randomness of the ENF sample data to determine signal quality of the ENF signal, for example, randomness quality and an attribute (for example, repeatability) of the ENF signal, so as to detect a possible risk in a timely manner. When quality of the ENF signal is not high, there may be an abnormal risk. In this case, the pulse checking unit 23-2 may stop outputting the ENF signal to the analog-to-digital converter 1021, to reduce a risk of a security mechanism being cracked.
3. Entropy Pool 103:
In this embodiment of the present disclosure, the entropy pool 103 may receive at least one piece of input data. Different input data may be from a same entropy source or different entropy sources. For example, the at least one piece of input data received by the entropy pool 103 may include the first bit data, and an entropy source corresponding to the first bit data is the ENF signal of the electric network. Other input data may be from another type of entropy source. This is not limited in this embodiment of the present disclosure.
It should be noted that the entropy pool 103 provided in this embodiment of the present disclosure may generate both a true random number and a pseudo random number.
The following describes the details based on different cases.
True random number:
As shown in
For example, as shown in
In this case, the first operational circuit 1032 may perform an exclusive OR operation on the current first bit data and third bit data, to generate the first random number. It should be noted that the current first bit data is real-time bit data, that is, first bit data output by the DRBG 1031 when the exclusive OR operation is performed. Because the current first bit data has true randomness, and the third bit data is a full-entropy pseudo random number, it may be considered that the first random number has true randomness, that is, the first random number is a true random number.
As shown in
Pseudo Random Number:
In this embodiment of the present disclosure, the DRBG 1031 may correspondingly generate at least one piece of third bit data based on the at least one piece of received input data. For example, if the DRBG 1031 receives input data A to C, the DRBG 1031 may generate second bit data a based on the input data A, generate second bit data b based on the input data B, and generate second bit data c based on the input data C. In this case, the third bit data generated by the DRBG 1031 based on the first bit data (included in the at least one piece of input data) may be understood as the second bit data.
The at least one piece of second bit data output by the DRBG 1031 has pseudo randomness, that is, the at least one piece of third bit data is a pseudo random number. As shown in
In this case, the interface circuit 1033 may randomly read a piece of third bit data from the storage area. The interface circuit 1033 may output the randomly read third bit data as a second random number, or may generate the second random number after performing a further operation on the randomly read third bit data, and output the second random number. This is not much limited in this embodiment of the present disclosure.
In a possible implementation, as shown in
Specifically, because the at least one piece of input data received by the DRBG 1031 may be from different entropy sources, and the different entropy sources have different randomness, the at least one piece of third bit data correspondingly generated by the DRBG 1031 may have different randomness, that is, the at least one piece of third bit data may have different entropy rates.
In this embodiment of the present disclosure, the full-entropy storage area may store third bit data that has an entropy rate greater than a first threshold, and the reduced-entropy storage area may store third bit data that has an entropy rate not greater than the first threshold. As shown in
In this case, a random number request message received by the interface circuit 1033 may be a full-entropy pseudo random number request message or a reduced-entropy pseudo random number message. After receiving the full entropy pseudo random number request message, the interface circuit 1033 may randomly read third bit data from the full-entropy storage area, and output a third random number based on the randomly read third bit data. After receiving the reduced-entropy pseudo random number request message, the interface circuit 1033 may randomly read third bit data from the reduced-entropy storage area, and output a third random number based on the randomly read third bit data.
In this implementation, the interface circuit 1033 may be enabled to output third random numbers with different entropy rates, so as to respond to random number requests in a plurality of application scenarios.
Based on a same technical concept, an embodiment of the present disclosure further provides a random number generation method. The random number generation method may be applied to any random number generation apparatus provided in the foregoing embodiment of the present disclosure. For specific implementation of the method embodiment, refer to the foregoing apparatus embodiment. Details are not repeated.
For example, as shown in
S501: Obtain at least one piece of input data that includes first bit data, where the first bit data is generated based on an ENF signal.
S502: Output a random number based on the at least one piece of input data.
Because the ENF signal of the electric network used in this embodiment of the present disclosure has true randomness, the first bit data also has true randomness. Therefore, when the random number is output based on the at least one piece of input data, a first random number may be generated based on the first bit data, and the first random number may be a true random number.
For example, when the first random number is generated based on the first bit data, second bit data may be generated based on the first bit data; and an exclusive OR operation is performed on the current first bit data and the second bit data, to generate the first random number.
The random number generation method provided in this embodiment of the present disclosure may further generate a pseudo random number. For example, when the second bit data is generated based on the first bit data, at least one piece of third bit data may be correspondingly generated based on the at least one piece of input data, where the at least one piece of third bit data includes the second bit data; and then the at least one piece of third bit data is stored. After receiving a pseudo random number request message, third bit data may be randomly read from the at least one piece of stored third bit data, and a second random number is output based on the randomly read third bit data, where the second random number is a pseudo random number.
For example, when the at least one piece of third bit data is stored, based on an entropy rate of the at least one piece of third bit data, third bit data that is in the at least one piece of third bit data and that has an entropy rate greater than a first threshold may be stored into a first storage area, and third bit data that is in the at least one piece of third bit data and that has an entropy rate not greater than the first threshold may be stored into a second storage area.
In view of this, the pseudo random number request message may be a full-entropy pseudo random number request message or a reduced-entropy pseudo random number request message. After the full-entropy pseudo random number request message is received, the third bit data may be randomly read from the first storage area; and after the reduced-entropy pseudo random number request message is received, the third bit data may be randomly read from the second storage area.
In a possible implementation, before the at least one piece of input data is obtained, the ENF signal may be first converted from an analog signal into a digital signal; and an operation is performed on the ENF signal that is converted into the digital signal, to obtain the first bit data.
To further improve quality of the random number, in a possible implementation, the ENF signal may be preprocessed first, and then the preprocessed ENF signal is converted from an analog signal into a digital signal.
To detect an abnormal risk in a timely manner, in a possible implementation, signal quality of the ENF signal may be first detected, and then conversion of the ENF signal from the analog signal to the digital signal is continued or stopped based on the signal quality of the ENF signal.
A person skilled in the art should understand that embodiments of the present disclosure may be provided as a method, a system, or a computer program product. Therefore, the present disclosure may use a form of hardware only embodiments, software only embodiments, or embodiments with a combination of software and hardware. In addition, the present disclosure may use a form of a computer program product that is implemented on one or more computer-usable storage media (including but not limited to a disk memory, a compact disc read-only memory (CD-ROM), an optical memory, and the like) that include computer-usable program code.
The present disclosure is described with reference to the flowcharts and/or block diagrams of the method, the device (system), and the computer program product according to the present disclosure. It should be understood that computer program instructions may be used to implement each process and/or each block in the flowcharts and/or the block diagrams and a combination of a process and/or a block in the flowcharts and/or the block diagrams. These computer program instructions may be provided for a general-purpose computer, a dedicated computer, an embedded processor, or a processor of any other programmable data processing device to generate a machine, so that the instructions executed by a computer or a processor of any other programmable data processing device generate an apparatus for implementing a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
These computer program instructions may be stored in a computer-readable memory that can indicate the computer or any other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory generate an artifact that includes an instruction apparatus. The instruction apparatus implements a specific function in one or more processes in the flowcharts and/or in one or more blocks in the block diagrams.
The computer program instructions may alternatively be loaded onto a computer or another programmable data processing device, so that a series of operations and steps are performed on the computer or the another programmable device, so that computer-implemented processing is generated. Therefore, the instructions executed on the computer or the another programmable device provide steps for implementing a specific function in one or more procedures in the flowcharts and/or in one or more blocks in the block diagrams.
Clearly, a person skilled in the art can make various modifications and variations to the present disclosure without departing from the protection scope of the present disclosure. This application is intended to cover the modifications and variations of the present disclosure provided that they fall within the scope of the following claims and equivalent technologies of the present disclosure.
This application is a continuation of International Patent Application No. PCT/CN2020/092729, filed on May 27, 2020, the disclosure of which is hereby incorporated by reference in its entirety.
Number | Date | Country | |
---|---|---|---|
Parent | PCT/CN2020/092729 | May 2020 | US |
Child | 17993550 | US |