1. Field of the Invention
The present invention relates to a random sequence generating apparatus, an encryption/decryption apparatus, a random sequence generating method, an encryption/decryption method and a program.
2. Description of the Related Art
Various random sequence generating techniques have been proposed so far. Random numbers acquired by those techniques are used in, for example, simulation of various kinds of physical phenomena and chemical phenomena in the Monte Carlo analysis and a block encryption system for privacy communications.
It is desirable in those random sequence generating techniques to satisfy various properties such that the distribution of values included in an acquired random sequence should be uniform, the frequency of occurrence of “0” and “1” of a predetermined bit in a numerical expression of the values in a computer should have been as less lopsided as possible when one sees only this predetermined bit, and the period of a random sequence should be as long as possible.
Accordingly, it is an object of the invention to provide a random sequence generating apparatus and random sequence generating method, which generate a sequence of random numbers having a preferably property as a random sequence, an encryption/decryption apparatus and encryption/decryption method which uses the random sequence generating apparatus and method, and a program which achieves those apparatuses and methods using a computer.
To achieve the object, according to the first aspect of the invention, there is provided a random sequence generating apparatus that generates a sequence of integers of w bits and comprises a seed receiving section, an initialization section, a transformation section, a rotation section, an updating section and an output section, which are designed as follows.
The seed receiving section receives a sequence of integers s1, s2, . . . , Sn, . . . , sm of w bits as a seed for integers n and m (1≦n≦m−1).
The initialization section provides the transformation section with the received sequence of integers s1, s2, . . . , Sn, . . . , sm as an integer sequence x1, x2, . . . , xn , . . . , xm.
The transformation section performs predetermined transformation on each of the provided integer sequence x1, x2, . . . , xn, . . . , xm to acquire a sequence of integers y1, y2, . . . , yn, . . . , ym of w bits.
The rotation section acquires a number of rotation bits from the sequence of integers yn+1, . . . , ym, performs a rotation operation on the acquired number of rotation bits with respect to all of or a part of the sequence of integers y1, y2, . . . , yn, . . . , ym taken as a bit sequence of wm bits, and acquires a sequence of integers z1, z2, . . . , zn, . . . , zm of w bits from the acquired bit sequence of wm bits.
The updating section provides the transformation section with the sequence of integers z1, z2, . . . , zn, . . . , zm as the integer sequence x1, x2, . . . , xn, . . . , xm.
The output section outputs a sequence of integers z1, z2, . . . , zn or zn+1, . . . , zm obtained last as a random sequence r1, r2, . . . , rn or r1, r2, . . . , rm−n respectively in case where transformation in the transformation section and rotation in the rotation section are repeated a predetermined number of times.
In the random sequence generating apparatus, the transformation section performs transformation by recursion formulae given below for an integer i (1≦i≦m−1) using mapping g(•, •)
y1=g(xm, x1)
yi+1=g(xi, xi+1).
In the random sequence generating apparatus, the transformation section can perform transformation by recursion formulae given below for an integer i (1≦i≦m−1) using mapping g(•, •)
y1=g(xm, x1)
yi+1=g(xi, xi+1).
Alternatively, in the random sequence generating apparatus, the transformation section can perform transformation by recursion formulae given below for an integer i (1≦i≦m−1) using a predetermined integer c and mapping g(•, •)
y1=g(c, x1)
yi+1=g(yi, xi+1).
In the random sequence generating apparatus, the transformation section can also perform transformation by recursion formulae given below for an integer i (1≦i≦m−1) using mapping g(•, •)
y1=g(c, x1)
yi+1=g(x, xi+1).
In any one of the random sequence generating apparatuses, the mapping g(•, •) can be defined as
g(a, b)=2b2+h(a)b+q(mod 2w)
from predetermined mapping h(•) and a predetermined integer q (0≦q≦2w−1).
In the random sequence generating apparatus, the mapping h(•) is defined as
h(a)=a.
In the random sequence generating apparatus, the mapping h(•) can be defined by an operation of clearing a predetermined bit in a numerical expression of a given value.
In the random sequence generating apparatus, the mapping h(•) can be defined by an operation of inverting a predetermined bit in a numerical expression of a given value.
In the random sequence generating apparatus, the mapping h(•) can be defined by an operation of setting 01 to least significant two bits in a numerical expression of a given value.
In any one of the random sequence generating apparatuses, taking the sequence of integers yn+1, . . . , ym as a bit sequence of w(m−n) bits, the rotation section can acquire, as the number of rotation bits, an integer value equivalent to a bit sequence taken as an integer and obtained by arranging at least one bit at a predetermined position extracted from the bit sequence.
In the random sequence generating apparatus, taking the sequence of integers yn+1, . . . , ym as a bit sequence of w(m−n) bits, the rotation section can determine a direction of rotation based on a value of a bit at a predetermined position in the bit sequence.
In any one of the random sequence generating apparatuses, the rotation section can acquire a number of rotation bits from the sequence of integers yn+1, . . . , ym, can perform a rotation operation on the acquired number of rotation bits with respect to the sequence of integers y1, y2, . . . , yn, . . . , ym taken as a bit sequence of wn bits, can acquire a sequence of integers z1, z2, . . . , zn of w bits from the acquired bit sequence of wn bits, can perform a rotation operation on the acquired number of rotation bits with respect to the sequence of integers yn+1, . . . , ym taken as a bit sequence of w(m−n) bits, and can acquire a sequence of integers zn+1, . . . , zm of w bits from the acquired bit sequence of w(m−n) bits. That is, zi is ui undergone a rotation operation by a predetermined number of rotation bits.
According to the second aspect of the invention, there is provided an encryption/decryption apparatus comprising a rotation section, a message receiving section and an encryption/decryption section, which are designed as follows.
The random sequence generating section generates a random sequence r1, r2, . . . , rn by means of the aforementioned random sequence generating apparatus.
The message receiving section receives a sequence of integers p1, p2, . . . of w bits as a message.
The encryption/decryption section outputs a sequence of integers p1 xor r1, p2 xor r2, . . . , pi xor r((i+n−1)mod n)+1 as a result of encryption or decryption.
According to the third aspect of the invention, there is provided a random sequence generating method that generates a sequence of integers of w bits and comprises a seed receiving step, an initialization step, a transformation step, a rotation step, an updating step and an output step, which are designed as follows.
The seed receiving step receives a sequence of integers s1, s2, . . . , sn, . . . , sm of w bits as a seed for integers n and m (1≦n≦m−1).
The initialization step provides the transformation step with the received sequence of integers s1i, s2, . . . , sn, . . . , sm as an integer sequence x1, x2, . . . , xn, . . . , xm.
The transformation step performs predetermined transformation on each of the provided integer sequence x1, x2, . . . , xn, . . . , xm to acquire a sequence of integers y1, y2, . . . , yn, . . . , ym of w bits.
The rotation step acquires a number of rotation bits from the sequence of integers yn+1, . . . , ym, performs a rotation operation on the acquired number of rotation bits with respect to all of or a part of the sequence of integers y1, y2, . . . , yn, . . . , ym taken as a bit sequence of wm bits, and acquires a sequence of integers z1, z2, . . . , zn, . . . , zm of w bits from the acquired bit sequence of wm bits.
The updating step provides the transformation step with the sequence of integers z1, z2, . . . , zn, . . . , zm as the integer sequence x1, x2, . . . , xn. . . , xm.
The output step outputs a sequence of integers z1, z2, . . . , zn or zn+1, . . . , zm obtained last as a random sequence r1, r2, . . . , rn or r1, . . . , rm−n respectively in case where transformation in the transformation step and rotation in the rotation step are repeated a predetermined number of times.
In the random sequence generating method, the transformation step can perform transformation by recursion formulae given below for an integer i (1≦i≦m−1) using mapping g(•, •)
y1=g(xm, x1)
yi+1=g(xi, xi+1).
Alternatively, in the random sequence generating method, the transformation step can perform transformation by recursion formulae given below for an integer i (1≦i≦m−1) using a predetermined integer c and mapping g(•, •)
y1=g(c, x1)
yi+1=g(yi, xi+1).
In the random sequence generating method, the transformation step also can perform transformation by recursion formulae given below for an integer i (1≦i≦m−1) using mapping g(•, •)
y1=g(c, x1)
yi+1=g(xi, xi+1).
In any of the random sequence generating methods, the mapping g(•, •) can be defined as
g(a, b)=2b2+h(a)b+q(mod 2w)
from predetermined mapping h(•) and a predetermined integer q (0≦q≦2w−1).
In the random sequence generating method, the mapping h(•) can be defined as
h(a)=a.
In the random sequence generating method, the mapping h(•) can be defined by an operation of clearing a predetermined bit in a numerical expression of a given value.
In the random sequence generating method, the mapping h(•) can be defined by an operation of inverting a predetermined bit in a numerical expression of a given value.
In the random sequence generating method the mapping h(•) can be defined by an operation of setting 01 to least significant two bits in a numerical expression of a given value.
In any one of the random sequence generating methods, taking the sequence of integers yn+1, . . . , ym as a bit sequence of w(m−n) bits, the rotation step can acquire, as the number of rotation bits, an integer value equivalent to a bit sequence taken as an integer and obtained by arranging at least one bit at a predetermined position extracted from the bit sequence.
In the random sequence generating method, taking the sequence of integers yn+1, . . . , ym as a bit sequence of w(m−n) bits, the rotation step can determine a direction of rotation based on a value of a bit at a predetermined position in the bit sequence.
In any one of the random sequence generating methods, the rotation step can acquire a number of rotation bits from the sequence of integers yn+1, . . . , ym, can perform a rotation operation on the acquired number of rotation bits with respect to the sequence of integers y1, y2, . . . , yn, . . . , ym taken as a bit sequence of wn bits, can acquire a sequence of integers z1, z2, . . . , zn of w bits from the acquired bit sequence of wn bits, can perform a rotation operation on the acquired number of rotation bits with respect to the sequence of integers yn+1, . . . , ym taken as a bit sequence of w(m−n) bits, and can acquire a sequence of integers zn+1, . . . , zm of w bits from the acquired bit sequence of w(m−n) bits.
According to the fourth aspect of the invention, there is provided an encryption/decryption method comprising a random sequence generating step, a message receiving step and an encryption/decryption step, which are designed as follows.
The random sequence generating step generates a random sequence r1, r2, . . . , rn by means of the aforementioned random sequence generating apparatus.
The message receiving step receives a sequence of integers p1, P2, . . . of w bits as a message.
The encryption/decryption step outputs a sequence of integers p1 xor r1, p2 xor r2, . . . , pi xor r((i+n−1)mod n)+1 as a result of encryption or decryption
According to the fifth aspect of the invention, there is provided a program which allows a computer to function as the aforementioned random sequence generating apparatus or encryption/decryption apparatus or to execute the aforementioned random sequence generating method or encryption/decryption method
Those programs may be recorded in a computer readable information recording medium, such as a compact disk, a flexible disk, a hard disk, a magneto-optical disk, a digital video disk, a magnetic tape or a semiconductor memory.
Each of the programs can be distributed and sold, independently of a computer on which the program is run, through a computer communication network. The computer readable information recording medium can be distributed and sold, independently of that computer.
These objects and other objects and advantages of the present invention will become more apparent upon reading of the following detailed description and the accompanying drawings in which:
A preferred embodiment of the invention is described below with reference to the accompanying drawings. The embodiment described below is illustrative and does not restrict the scope of the invention. Therefore, those skilled in the art can employ embodiments in which those elements or are individually or entirely replaced with their equivalent elements, and which are also included in the scope of the invention.
In one embodiment of the invention to be discussed below, to generate a sequence of “random numbers numerically expressed by w bits”, mapping g(•, •) which is defined as g(a, b)=2b2+h(a)b+q(mod 2w) using predetermined mapping h(•) and a predetermined integer q (0≦q≦2w−1) is used as non-linear transformation on a finite field.
The embodiment may employ the following operation which clears a predetermined bit in a numerical expression of a given value a by using a predetermined mask value MASK:
h(a)=a and MASK.
The embodiment may also employ the following operation which inverts a predetermined bit in the numerical expression of the given value a:
h(a)=a xor MASK
Further, the embodiment may employ the following operation which sets 01 to least significant two bits in the numerical expression of the given value a.
h(a)=(a and (not 3)) or 1.
In the above operations, the individual operators correspond to the numerical expressions (integer expressions) of the value a; specifically, “and” corresponds to a bit AND, “xor” corresponds to bit exclusive OR, “not” corresponds to bit inversion (bit NOT) and “or” bit OR.
Therefore, those operations can be accomplished using just what is prepared for an integer operation for w bits and without a particular consideration on the carry-over and carry-under in a computer.
It is desirable that the value of w should have a bit width of a machine word prepared in a CPU (Central Processing Unit) in the computer or a smaller width.
RC6 which is said to be one of the fastest block encryption techniques at the present is achieved by using non-linear transformation on a finite field:
f(x)=2x2+x(mod 2w)
but a random sequence generated from a seed always differs from a random sequence generated from a different seed (one to one mapping) and the maximum period of the random sequence to be generated is 2w−1.
The mapping g(•, •) which is used in this embodiment is further generalization of the non-linear transformation on a finite field employed in the RC6 and is capable of generating a random sequence equivalent to a random sequence generated by the RC6 when using g(•, •) with
h(a)=1
and
q=0.
As mapping different from what is equivalent to the mapping of RC6 can be selected in the invention, multifarious variations of random numbers can be acquired.
It is proved through experiments that favorable random sequences even when other operations and values are selected.
A random sequence generating apparatus 101 generates a sequence of integers of w bits and comprises a seed receiving section 102, an initialization section 103, a transformation section 104, a rotation section 105, an updating section 106 and an output section 107.
The seed receiving section 102 in the random sequence generating apparatus 101 receives a sequence of integers s1, s2, . . . , sn, . . . , sm of w bits as a seed (step S201) where 1≦n≦m−1.
While the sequence of integers s1, s2, . . . , sn, . . . , sm is stored in a memory, such as RAM (Random Access Memory), provided in the random sequence generating apparatus typically, it may be stored in a cache in the CPU or may be temporarily stored in a readable and writable external recording medium, such as a hard disk.
Then, the initialization section 103 provides the transformation section 104 with the received sequence of integers s1, s2, . . . , sn, . . . , sm as an integer sequence x1, x2, . . . , xn, . . . , xm (step S202).
The integer sequence x1, x2, . . . , xn, . . . , xm is likewise stored in a memory such as RAM. In this case, the process that is executed by the initialization section 103 can be accomplished by transferring a value from the memory corresponding to s1, s2, . . . , sn, . . . , sm to the memory corresponding to x1, x2, . . . , xn, . . . , xm.
Further, the transformation section 104 performs transformation, defined by the non-linear transformation g(•, •), on each of the provided integer sequence x1, x2, . . . , Xn, . . . , xm to acquire a sequence of integers y1, y2, . . . , yn, . . . , ym of w bits (step S203).
As the transformation, transformations defined by the following recursion formulae are available.
(1) Recursion formula given below for an integer i (1≦i≦m−1):
y1=g(xm, x1)
yi+1=g(xi, xi+1).
(2) Recursion formulae given below for an integer i (1≦i≦m−1) using a predetermined integer c and mapping g(•, •)
y1=g(c, x1)
yi+1=g(yi, xi+1).
(3) Recursion formulae given below for an integer i (1≦i≦m−1) using mapping g(•, •).
y1=g(c, x1)
yi+1=g(xi, xi+1).
Those computations can be accomplished by using an ALU (Arithmetic Logic Unit) provided in the CPU. The sequence of integers y1, y2, . . . , yn, . . . , ym is likewise stored in a memory or so.
The rotation section 105 acquires the number of rotation bits from the sequence of integers yn+1, . . . , ym (step S204). The following are available schemes for acquiring the number of rotation bits.
Taking yn+1, . . . , ym as a bit sequence, bits at predetermined bit positions are arranged in order and the resultant value is taken again as an integer value.
There are eight integer values 0 to 7 (in case of sign-less integer values) obtained from three bits. In this case, the direction of rotation employed is a “predetermined direction (rightward or leftward)” and the integer value to be obtained is treated directly as the number of rotation bits.
In an alternative case where one bit represents a sign (associated with a positive or negative sign) and the amount of rotation is acquired from the remaining two bits, the value may be rotated leftward in case of the positive sign or rightward in case of the negative sign by the number of bits of the absolute value.
Then, the rotation section 105 performs a predetermined rotation operation on the acquired number of rotation bits with respect to all of or a part of the sequence of integers y1, y2, . . . , yn, . . . , ym taken as a bit sequence of wm bits, and acquires a sequence of integers z1, z2, . . . , zn, . . . , zm of w bits from the acquired bit sequence of wm bits (step S205).
The following rotation operations can be used as the predetermined rotation operation.
(1) A bit sequence of wn bits is cyclically shifted by the obtained number of rotation bits.
(2) The entire bit sequence of wm bits is cyclically shifted by the obtained number of rotation bits. The entire bit sequence of wm bits should be cyclically shifted in a manner similar to the rotation of the bit sequence of wn bits in
(3) Cyclic shifting of a bit sequence of wn bits in y1, . . . , yn by the obtained number of rotation bits or cyclic shifting of a bit sequence of w(m−n) bits in y1, . . . , yn by the obtained number of rotation bits.
Those schemes can be achieved by cyclically shifting all or a part of y1, y2, . . . , yn, . . . , ym stored in the memory or so in a bit width unit natural to the CPU while considering the carry-over and carry-under. In this case, z1, z2, . . . , zn, . . . , Zm to be obtained are stored as new values in the area of the memory where y1, y2, . . . , yn, . . . , ym have been stored.
Further, the output section 107 determines whether transformation in the transformation section 104 and rotation in the rotation section 105 have been repeated a predetermined number of times or not (step S206).
The decision in step S206 can be made, for example, by setting a “value for the predetermined number of times” to a counter variable prepared in the memory before step S201, decrementing the value of the counter variable by 1 between step S204 and step S206 and determining whether the value of the counter variable becomes 0 or not.
When the transformation and rotation have been repeated a predetermined number of times (YES in step S206), z1, z2, . . . , zn acquired last are output as a random sequence r1, r2, . . . , rn (step S207) after which random sequence generation is terminated.
When the transformation and rotation have not been repeated a predetermined number of times (NO in step S206), those z1, z2, . . . , zn are given to the transformation section 104 as an integer sequence x1, x2, . . . , xn, . . . , xm (step S208) after which the flow returns to step S203 and transformation (step S203) and rotation (steps S204 and S205) are repeated.
This operation can be accomplished by transferring a value in the memory or so where z1, z2, . . . , zn, . . . , zm are stored to the memory or so where x1, x2, . . . , xn, . . . , xm are stored.
The random sequence generating apparatus 101 has an unillustrated memory section which can be constructed in such a way as to store s1, s2, . . . , sn, . . . , sm, x1, x2, . . . , xn, . . . , xm, y1, y2, . . . , yn, . . . , ym, z1, z2, . . . , zn, . . . , zm, r1, r2, . . . , rn and so forth in different areas or in the same area (e.g., y1, y2, . . . , yn, . . . , ym, z1, z2, . . . , zn, . . . , zm, etc.) through analysis of the dependency of usages of the values. The individual sections exchange computed values to one another using the common memory.
A computer 301 is controlled by a CPU 302. When the computer 301 is powered on, the CPU 302 executes an IPL (Initial Program Loader) prepared in a ROM (Read Only Memory) 303.
The execution of the IPL loads an OS (Operating System) recorded in a flexible disk loaded into a flexible disk drive 304 or a hard disk 305 or so, making the computer 301 ready for receiving various instructions input by a user.
The user manipulates a keyboard 306 or a mouse 307 to input various instructions to the computer 301.
In accordance with the input, the OS causes the CPU 302 to execute a program recorded in the hard disk 305 or a CD-ROM (Compact Disk ROM) loaded into a CD-ROM drive 308 and process various kinds of data recorded therein, and displays the progress or result of the processing on a display 309.
The CPU 302 uses a RAM 311 as a temporary memory area. The RAM 311 is used to store various sequence of numbers to be used in computation as mentioned above.
Further, the CPU 302 can save information the result of processing a generated random sequence and progress of the processing in the hard disk 305 during execution of the program.
An operation in this embodiment can be reduced to simple bit operations as mentioned above. Therefore, the random sequence generating apparatus 101 can be constructed by combining exclusive electronic circuits (adder, subtracter, shifter, latch, etc.) or using an electronic component whose circuit structure can be changed variably, such as an ASIC (Application Specific Integrated Circuit), DSP (Digital Signal Processor) or FPGA (Field Programmable Gate Array). Those modes are included in the scope of the invention.
(Results of Experiment)
Random sequences were generated from the following data using the random sequence generating apparatus 101 according to the embodiment:
w=32
n=32 and
g(a, b)=2b2+h(a)b
where mapping h(•) is defined by an operation which sets 01 to the least significant two bits in the numerical expression of the given value.
Further, each of transformation and rotation was done once per round. That is, the “predetermined number of times” is one.
A random sequence to be output is r1, r2, . . . , r1024 consisting of a total of wn=1024 bits.
20000×89999 types of seeds were given to this random sequence to output the random sequence r1, r2, . . . , r1024 20000×89999 rounds.
Of FIPS 140-1 and FIPS 140-2, standard tests of checking the randomness of a random sequence, the randomness checking test which would meet the standard security specification was applied to individual bit positions in the random sequence of 1024 bits to test the property of the random sequence generated by the embodiment
In those tests, a bit sequence of 20000 bits were extracted from the individual bit positions and the following processes were performed on the bit sequence of 20000 bits.
Monobit test which checks whether the frequency of occurrence of the value of a bit at a predetermined position is lopsided or not
Poker test which divides 20000 bits to 5000 patterns each of four bits and checks whether the frequency of occurrence of the 4-bit pattern is lopsided or not
Runs test which checks whether the frequency of occurrence of a run of a predetermined length extracted from a random sequence is lopsided or not.
Long runs test which is similar to the runs test but negates randomness when there are 34 or more runs in case of the FIPS 140-1 and negates randomness when there are 26 or more runs in case of the FIPS 140-2.
The results of the experiment showed that in the FPS 140-1, the sequence of 20000 bits in every one of the generated 1024 (bits)×89999 samples passed the set standards.
In the FIPS 140-2, 99.92 percent of the sequences of 20000 bits in the generated 1024 (bits)×89999 samples passed the set standards.
The invention was applied to NIST 800-22, a random test severer than the aforementioned random tests, to check the randomness. The results showed that the use of the rotation scheme (3) could provide extremely favorable random numbers.
As this algorithm was installed onto the FPGA of Vertex xcv 1000 (100,000,000 system gates), a product of XILINX (trademark), Inc., a random sequence could be generated at a speed of 25.62 Gbits/sec due to the parallel processing of the algorithm. That is, the installation of the algorithm onto hardware, such as an FPGA can bring about a significant merit on improving the speed.
In short, it was proved that random sequences generated by the embodiment had an extremely favorable property, would be effective in the field of encryption for privacy communications and the field of simulation of physical phenomena, chemical phenomena or so and would be remarkably effective to output random sequences with a good randomness from hardware at a high speed.
(Encryption/Decryption Apparatus)
Encryption and decryption can be accomplished by using the above-described random sequence generating apparatus.
An encryption apparatus 601 and a decryption apparatus 651 use s1, s2, . . . , sn, . . . , sm as a common key. Then, a generating section 602 in the encryption apparatus 601 and a generating section 652 in the decryption apparatus 651 have random sequence generating apparatuses 201 with the same structure (same computation scheme) and receive the common key s1, s2, . . . , sn, . . . , sm as an input. Then, both generating sections 602 and 652 generate the same random numbers r1, . . . , rn.
In the encryption apparatus 601, an XOR section 604 transforms an integer sequence
hd 1, p2, . . . of a transmission message, received by a message receiving section 603, to p1xor r1, p2 xor r2, . . . , pi xor r((i+n−1)mod n)+1 using the random numbers and outputs the result as an integer sequence e1, e2, . . . , e1, . . . of the encrypted message where “xor” means the aforementioned exclusive OR and “a mod n” means the remainder of division of a by n.
A message receiving section 653 in the decryption apparatus 651 receives the integer sequence e1, e2, . . . , ei, . . . of the encrypted message and an XOR section 654 transforms the integer sequence to e1 xor r1, e2 xor r2, . . . , ei xor r((i+n−1)mod n)+1 and outputs the result as an integer sequence f1, f2, f1, . . . of the encrypted message.
As
the integer sequence of the encrypted transmission message is identical to the integer sequence of the original transmission message, which is the proof that encryption and decryption can be done properly.
The length of a message to be processed can be set to n or less. In this case, ((i+n−1)mod n)+1 can be replaced with i. This can make the confidentiality higher than the repetitive use of the same random sequence.
Because the encryption apparatus 601 and the decryption apparatus 651 have quite the same structure, one apparatus with the structure can be used as the encryption apparatus 601 in one case and as the decryption apparatus 651 in some other case.
As described above specifically, the invention can provide a random sequence generating apparatus and random sequence generating method, which generate a sequence of random numbers having a preferably property as a random sequence, an encryption/decryption apparatus and encryption/decryption method which uses the random sequence generating apparatus and method, and a program which achieves those apparatuses and methods using a computer.
Various embodiments and changes may be made thereunto without departing from the broad spirit and scope of the invention. The above-described embodiment intended to illustrate the present invention, not to limit the scope of the present invention. The scope of the present invention is shown by the attached claims rather than the embodiment. Various modifications made within the meaning of an equivalent of the claims of the invention and within the claims are to be regarded to be in the scope of the present invention.
This application is based on Japanese Patent Application No. 2003-75438 filed on Mar. 19, 2003 and including specification, claims, drawings and summary. The disclosure of the above Japanese Patent Application is incorporated herein by reference in its entirety.
Number | Date | Country | Kind |
---|---|---|---|
2003-075438 | Mar 2003 | JP | national |
Number | Name | Date | Kind |
---|---|---|---|
5920625 | Davies | Jul 1999 | A |
6014446 | Finkelstein | Jan 2000 | A |
6339645 | Smeets | Jan 2002 | B2 |
7035408 | Antoine | Apr 2006 | B2 |
7194496 | Morris | Mar 2007 | B2 |
20050033785 | Umeno et al. | Feb 2005 | A1 |
Number | Date | Country |
---|---|---|
1289186 | Mar 2003 | EP |
2004-126915 | Apr 2004 | JP |
Number | Date | Country | |
---|---|---|---|
20040184609 A1 | Sep 2004 | US |