CN117971165B - A method and device for generating pseudo-random numbers - Google Patents
A method and device for generating pseudo-random numbers Download PDFInfo
- Publication number
- CN117971165B CN117971165B CN202410323435.3A CN202410323435A CN117971165B CN 117971165 B CN117971165 B CN 117971165B CN 202410323435 A CN202410323435 A CN 202410323435A CN 117971165 B CN117971165 B CN 117971165B
- Authority
- CN
- China
- Prior art keywords
- data
- source data
- entropy source
- random number
- entropy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/582—Pseudo-random number generators
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N7/00—Computing arrangements based on specific mathematical models
- G06N7/08—Computing arrangements based on specific mathematical models using chaos models or non-linear system models
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Computational Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Algebra (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Nonlinear Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
本发明涉及随机数发生器领域,特别是指一种伪随机数生成方法及装置,方法包括:构建熵池,利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据,进而生成第一初始种子;利用终端存储模块收集终端设备内部的多种随机数据,对多种随机数据进行截取移位混合操作,生成第二初始种子;根据第一初始种子以及第二初始种子,生成第三数据,使用第二哈希算法对第三数据进行第二步哈希处理,进而得到最终的伪随机数种子;将最终的伪随机数种子输入到伪随机数发生器,实现伪随机数的生成。本发明能够实现符合标准的、不可预测的、抗碰撞的、可公开验证的随机数种子的生成。
The present invention relates to the field of random number generators, and in particular to a method and device for generating pseudo-random numbers, the method comprising: constructing an entropy pool, using the entropy pool to collect entropy source data from a system environment, and performing layer-by-layer mixed mapping on the entropy source data to obtain mixed entropy source data, thereby generating a first initial seed; using a terminal storage module to collect a variety of random data inside a terminal device, performing interception, shifting and mixing operations on the various random data to generate a second initial seed; generating third data based on the first initial seed and the second initial seed, performing a second step of hash processing on the third data using a second hash algorithm, thereby obtaining a final pseudo-random number seed; inputting the final pseudo-random number seed into a pseudo-random number generator to achieve the generation of pseudo-random numbers. The present invention can achieve the generation of random number seeds that meet standards, are unpredictable, collision-resistant and publicly verifiable.
Description
技术领域Technical Field
本发明涉及随机数发生器技术领域,特别是指一种伪随机数生成方法及装置。The present invention relates to the technical field of random number generators, and in particular to a method and device for generating pseudo-random numbers.
背景技术Background technique
随机数在各行各业中都扮演着重要的角色,应用场景丰富,具有广泛地实际意义。如在科学和工程领域,随机数被广泛用于模拟和建模自然现象和随机事件;在金融领域,将随机数应用于金融模型和风险评估,来模拟市场波动、计算期权定价和进行风险分析;在计算机图形学中,随机数还被用于创建自然现象(如火焰、水波纹等)的逼真效果等;其中最主要也是最重要的应用场景在于密码学和安全性领域,随机数是数据保护的关键要素。它们用于生成安全的密码、加密密钥和初始化向量,确保敏感信息的机密性。缺乏随机性的密钥可能容易被破解,因此安全的随机数生成对于网络安全至关重要。Random numbers play an important role in all walks of life, with rich application scenarios and broad practical significance. For example, in the fields of science and engineering, random numbers are widely used to simulate and model natural phenomena and random events; in the financial field, random numbers are applied to financial models and risk assessments to simulate market fluctuations, calculate option pricing, and conduct risk analysis; in computer graphics, random numbers are also used to create realistic effects of natural phenomena (such as flames, water ripples, etc.); the main and most important application scenario is in the field of cryptography and security, where random numbers are a key element of data protection. They are used to generate secure passwords, encryption keys, and initialization vectors to ensure the confidentiality of sensitive information. Keys that lack randomness may be easily cracked, so secure random number generation is essential for network security.
而种子作为初始值输入随机数生成器,初始化随机数生成算法,是生成高质量随机数的关键参数;一种常见的方法是使用当前系统时间作为随机数生成器的种子。由于时间通常是不断变化的,这种方法可以提供相对较好的随机性。不过,在某些情况下,如果多个程序同时启动,可能会使用相同的时间作为种子,导致生成相同的随机数序列。这使得恶意攻击者很容易通过该漏洞来预测出某些时间点生成的随机数,进而威胁到由该随机数产生的密钥等私密信息,导致不安全。还有一类方法是通过对初步生成的种子数据经过单个哈希算法处理或内部信息截取组合进行异或处理等操作生成种子。如专利(CN202211123608.4)一种随机数种子生成方法、装置、电子设备及存储介质,公开了一种随机数种子生成方法:获取所述用户输入数据作为第一数组,结合所述第二数组和第三数组中的至少一项确定第一字符串;然后对所述第一字符串进行N+1次哈希迭代计算生成第一随机数种子;其中,对第一字符串进行第一次哈希迭代计算的输入为第一字符串,或者,对第一字符串进行第i次哈希迭代计算的输入由对第一字符串进行第i-1次哈希迭代计算的输出与第二数组组合构成;对第二字符串做哈希运算产生随机数。这种将初始种子数据与某个确定性的操作(如哈希处理或截取内部信息)组合时,可能会降低生成的种子随机性。由于当下计算机算力的快速提升,种子数据经过单一性哈希处理或拼接操作,攻击者可能会尝试分析该处理过程,以预测生成的随机数。如果处理过程不足够复杂或不足够随机,攻击者可能会成功地预测随机数的一部分或全部,也会导致不安全。The seed is input into the random number generator as the initial value to initialize the random number generation algorithm, which is a key parameter for generating high-quality random numbers. A common method is to use the current system time as the seed of the random number generator. Since time is usually constantly changing, this method can provide relatively good randomness. However, in some cases, if multiple programs are started at the same time, the same time may be used as the seed, resulting in the generation of the same random number sequence. This makes it easy for malicious attackers to predict the random numbers generated at certain points in time through this vulnerability, thereby threatening private information such as keys generated by the random numbers, resulting in insecurity. Another method is to generate seeds by processing the initially generated seed data with a single hash algorithm or performing XOR processing on the internal information interception combination. For example, the patent (CN202211123608.4) discloses a random number seed generation method, device, electronic device and storage medium, which discloses a random number seed generation method: obtaining the user input data as the first array, combining the second array and at least one item in the third array to determine the first string; then performing N+1 hash iterations on the first string to generate a first random number seed; wherein the input of the first hash iteration calculation on the first string is the first string, or the input of the i-th hash iteration calculation on the first string is composed of the output of the i-1-th hash iteration calculation on the first string and the second array; performing a hash operation on the second string to generate a random number. This combination of the initial seed data with a deterministic operation (such as hash processing or intercepting internal information) may reduce the randomness of the generated seed. Due to the rapid increase in computer computing power, the seed data undergoes a single hash processing or splicing operation, and attackers may try to analyze the processing process to predict the generated random number. If the processing process is not complex or random enough, the attacker may successfully predict part or all of the random number, which will also lead to insecurity.
发明内容Summary of the invention
为了解决现有技术存在的生成种子容易引起随机性降低及安全性不够的技术问题,本发明实施例提供了一种伪随机数生成方法及装置。所述技术方案如下:In order to solve the technical problem that the generated seeds in the prior art are prone to reduce randomness and lack of security, the embodiment of the present invention provides a pseudo-random number generation method and device. The technical solution is as follows:
一方面,提供了一种伪随机数生成方法,该方法由伪随机数生成设备实现,该方法包括:On the one hand, a pseudo-random number generation method is provided, the method is implemented by a pseudo-random number generation device, and the method includes:
S1、构建熵池,利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据,进而生成第一初始种子。S1. Construct an entropy pool, use the entropy pool to collect entropy source data from the system environment, and perform layer-by-layer mixed mapping on the entropy source data to obtain mixed entropy source data, thereby generating a first initial seed.
S2、利用终端存储模块收集终端设备内部的多种随机数据,对多种随机数据进行截取移位混合操作,生成第二初始种子。S2. Use the terminal storage module to collect various random data inside the terminal device, perform interception, shift and mixing operations on the various random data, and generate a second initial seed.
S3、根据第一初始种子以及第二初始种子,生成第三数据,使用第二哈希算法对第三数据进行第二步哈希处理,进而得到最终的伪随机数种子。S3. Generate third data according to the first initial seed and the second initial seed, and use the second hash algorithm to perform a second hash process on the third data to obtain a final pseudo-random number seed.
S4、将最终的伪随机数种子输入到伪随机数发生器,实现伪随机数的生成。S4. Input the final pseudo-random number seed into the pseudo-random number generator to realize the generation of pseudo-random numbers.
可选地,S1中的熵池包括:混合熵源数据存储模块、第一层混沌算法映射模块、第二层混沌算法映射模块以及处理后数据存储模块。Optionally, the entropy pool in S1 includes: a mixed entropy source data storage module, a first-layer chaos algorithm mapping module, a second-layer chaos algorithm mapping module, and a processed data storage module.
其中,混合熵源数据存储模块,用于存储从系统环境中收集的熵源数据,并对熵源数据进行混合,得到混合多元数据。Among them, the mixed entropy source data storage module is used to store the entropy source data collected from the system environment, and mix the entropy source data to obtain mixed multivariate data.
第一层混沌算法映射模块,用于使用第一混沌算法对混合多元数据进行第一层映射,得到第一层映射后的数据。The first-layer chaos algorithm mapping module is used to use the first chaos algorithm to perform the first-layer mapping on the mixed multivariate data to obtain the first-layer mapped data.
第二层混沌算法映射模块,用于使用第二混沌算法对第一层映射后的数据进行第二层映射,得到混合后的熵源数据。The second layer chaos algorithm mapping module is used to use the second chaos algorithm to perform the second layer mapping on the data after the first layer mapping to obtain the mixed entropy source data.
处理后数据存储模块,用于存储混合后的熵源数据。The processed data storage module is used to store the mixed entropy source data.
可选地,第一混沌算法为恩龙Henon混沌算法。Optionally, the first chaos algorithm is Henon chaos algorithm.
第二混沌算法为劳伦兹Lorenz混沌算法。The second chaos algorithm is the Lorenz chaos algorithm.
可选地,S1中的利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据,进而生成第一初始种子,包括:Optionally, the entropy source data is collected from the system environment by using the entropy pool in S1, and the entropy source data is mixed and mapped layer by layer to obtain mixed entropy source data, and then the first initial seed is generated, including:
S11、利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据。S11. Collect entropy source data from the system environment using an entropy pool, and perform layer-by-layer mixed mapping on the entropy source data to obtain mixed entropy source data.
S12、对混合后的熵源数据进行熵估计测试,得到测试后的熵源数据,判断测试后的熵源数据是否符合随机性要求,若符合,则执行步骤S13;若不符合,则转去执行步骤S11。S12, perform an entropy estimation test on the mixed entropy source data to obtain the entropy source data after the test, and determine whether the entropy source data after the test meets the randomness requirements. If yes, execute step S13; if not, go to execute step S11.
S13、使用第一哈希算法对符合随机性要求的熵源数据进行第一步哈希处理,生成第一初始种子。S13. Use a first hash algorithm to perform a first step hash processing on the entropy source data that meets the randomness requirements to generate a first initial seed.
可选地,S2中的利用终端存储模块收集终端设备内部的多种随机数据,对多种随机数据进行截取移位混合操作,生成第二初始种子,包括:Optionally, the step of collecting a plurality of random data in the terminal device by using the terminal storage module in S2, performing interception, shifting and mixing operations on the plurality of random data to generate a second initial seed includes:
S21、利用终端存储模块收集终端设备内部预设字节长度的随机数据,并按照预设字节长度随机截取终端设备的特有标识信息。S21. Use the terminal storage module to collect random data of a preset byte length inside the terminal device, and randomly intercept unique identification information of the terminal device according to the preset byte length.
S22、对随机数据以及特有标识信息进行截取移位混合操作,生成第二初始种子。S22, performing a truncation, shift and mixing operation on the random data and the unique identification information to generate a second initial seed.
可选地,S3中的根据第一初始种子以及第二初始种子,生成第三数据,使用第二哈希算法对第三数据进行第二步哈希处理,进而得到最终的伪随机数种子,包括:Optionally, generating third data according to the first initial seed and the second initial seed in S3, performing a second hash process on the third data using a second hash algorithm, and thereby obtaining a final pseudo-random number seed, includes:
S31、分别对第一初始种子以及第二初始种子进行随机拆分处理,对随机拆分处理得到的等长信息段进行移位加操作,生成第三数据。S31, performing random splitting processing on the first initial seed and the second initial seed respectively, performing shift-addition operation on equal-length information segments obtained by the random splitting processing, and generating third data.
S32、使用第二哈希算法对第三数据进行第二步哈希处理,得到新的数据列,根据新的数据列按照预设的输出位数输出随机数种子。S32. Perform a second hash process on the third data using a second hash algorithm to obtain a new data column, and output a random number seed according to the new data column and a preset number of output bits.
S33、对随机数种子进行有效性验证,若通过有效性验证,则得到最终的伪随机数种子;若未通过有效性验证,则转去执行步骤S31。S33, verify the validity of the random number seed. If it passes the validity verification, the final pseudo-random number seed is obtained; if it fails the validity verification, go to step S31.
另一方面,提供了一种伪随机数生成装置,该装置应用于伪随机数生成方法,该装置包括:On the other hand, a pseudo-random number generating device is provided, which is applied to a pseudo-random number generating method, and the device comprises:
第一生成模块,用于构建熵池,利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据,进而生成第一初始种子。The first generation module is used to build an entropy pool, use the entropy pool to collect entropy source data from the system environment, and perform layer-by-layer mixed mapping on the entropy source data to obtain mixed entropy source data, thereby generating a first initial seed.
第二生成模块,用于利用终端存储模块收集终端设备内部的多种随机数据,对多种随机数据进行截取移位混合操作,生成第二初始种子。The second generating module is used to collect various random data inside the terminal device by using the terminal storage module, perform interception, shift and mixing operations on the various random data, and generate a second initial seed.
种子生成模块,用于根据第一初始种子以及第二初始种子,生成第三数据,使用第二哈希算法对第三数据进行第二步哈希处理,进而得到最终的伪随机数种子。The seed generation module is used to generate third data according to the first initial seed and the second initial seed, and perform a second hash process on the third data using a second hash algorithm to obtain a final pseudo-random number seed.
输出模块,用于将最终的伪随机数种子输入到伪随机数发生器,实现伪随机数的生成。The output module is used to input the final pseudo-random number seed into the pseudo-random number generator to realize the generation of pseudo-random numbers.
可选地,熵池包括:混合熵源数据存储模块、第一层混沌算法映射模块、第二层混沌算法映射模块以及处理后数据存储模块。Optionally, the entropy pool includes: a mixed entropy source data storage module, a first-layer chaos algorithm mapping module, a second-layer chaos algorithm mapping module, and a processed data storage module.
其中,混合熵源数据存储模块,用于存储从系统环境中收集的熵源数据,并对熵源数据进行混合,得到混合多元数据。Among them, the mixed entropy source data storage module is used to store the entropy source data collected from the system environment, and mix the entropy source data to obtain mixed multivariate data.
第一层混沌算法映射模块,用于使用第一混沌算法对混合多元数据进行第一层映射,得到第一层映射后的数据。The first-layer chaos algorithm mapping module is used to use the first chaos algorithm to perform the first-layer mapping on the mixed multivariate data to obtain the first-layer mapped data.
第二层混沌算法映射模块,用于使用第二混沌算法对第一层映射后的数据进行第二层映射,得到混合后的熵源数据。The second layer chaos algorithm mapping module is used to use the second chaos algorithm to perform the second layer mapping on the data after the first layer mapping to obtain the mixed entropy source data.
处理后数据存储模块,用于存储混合后的熵源数据。The processed data storage module is used to store the mixed entropy source data.
可选地,第一混沌算法为恩龙Henon混沌算法。Optionally, the first chaos algorithm is Henon chaos algorithm.
第二混沌算法为劳伦兹Lorenz混沌算法。The second chaos algorithm is the Lorenz chaos algorithm.
可选地,第一生成模块,进一步用于:Optionally, the first generating module is further used to:
S11、利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据。S11. Collect entropy source data from the system environment using an entropy pool, and perform layer-by-layer mixed mapping on the entropy source data to obtain mixed entropy source data.
S12、对混合后的熵源数据进行熵估计测试,得到测试后的熵源数据,判断测试后的熵源数据是否符合随机性要求,若符合,则执行步骤S13;若不符合,则转去执行步骤S11。S12, perform an entropy estimation test on the mixed entropy source data to obtain the entropy source data after the test, and determine whether the entropy source data after the test meets the randomness requirements. If yes, execute step S13; if not, go to execute step S11.
S13、使用第一哈希算法对符合随机性要求的熵源数据进行第一步哈希处理,生成第一初始种子。S13. Use a first hash algorithm to perform a first step hash processing on the entropy source data that meets the randomness requirements to generate a first initial seed.
可选地,第二生成模块,进一步用于:Optionally, the second generating module is further used to:
S21、利用终端存储模块收集终端设备内部预设字节长度的随机数据,并按照预设字节长度随机截取终端设备的特有标识信息。S21. Use the terminal storage module to collect random data of a preset byte length inside the terminal device, and randomly intercept unique identification information of the terminal device according to the preset byte length.
S22、对随机数据以及特有标识信息进行截取移位混合操作,生成第二初始种子。S22, performing a truncation, shift and mixing operation on the random data and the unique identification information to generate a second initial seed.
可选地,种子生成模块,进一步用于:Optionally, the seed generation module is further used to:
S31、分别对第一初始种子以及第二初始种子进行随机拆分处理,对随机拆分处理得到的等长信息段进行移位加操作,生成第三数据。S31, performing random splitting processing on the first initial seed and the second initial seed respectively, performing shift-addition operation on equal-length information segments obtained by the random splitting processing, and generating third data.
S32、使用第二哈希算法对第三数据进行第二步哈希处理,得到新的数据列,根据新的数据列按照预设的输出位数输出随机数种子。S32. Perform a second hash process on the third data using a second hash algorithm to obtain a new data column, and output a random number seed according to the new data column and a preset number of output bits.
S33、对随机数种子进行有效性验证,若通过有效性验证,则得到最终的伪随机数种子;若未通过有效性验证,则转去执行步骤S31。S33, verify the validity of the random number seed. If it passes the validity verification, the final pseudo-random number seed is obtained; if it fails the validity verification, go to step S31.
另一方面,提供一种伪随机数生成设备,所述伪随机数生成设备包括:处理器;存储器,所述存储器上存储有计算机可读指令,所述计算机可读指令被所述处理器执行时,实现如上述伪随机数生成方法中的任一项方法。On the other hand, a pseudo-random number generating device is provided, comprising: a processor; a memory, wherein the memory stores computer-readable instructions, and when the computer-readable instructions are executed by the processor, any one of the pseudo-random number generating methods described above is implemented.
另一方面,提供了一种计算机可读存储介质,所述存储介质中存储有至少一条指令,所述至少一条指令由处理器加载并执行以实现上述伪随机数生成方法中的任一项方法。On the other hand, a computer-readable storage medium is provided, wherein at least one instruction is stored in the storage medium, and the at least one instruction is loaded and executed by a processor to implement any one of the above-mentioned pseudo-random number generation methods.
本发明实施例提供的技术方案带来的有益效果至少包括:The beneficial effects brought about by the technical solution provided by the embodiment of the present invention include at least:
本发明实施例中,通过收集系统环境的多个高质量熵源数据,并使用成熟的混沌算法混合数据来生成随机种子,确保随机种子生成的随机性,保证了随机数种子生成的不可预测性。In the embodiment of the present invention, multiple high-quality entropy source data of the system environment are collected, and a mature chaos algorithm is used to mix the data to generate a random seed, thereby ensuring the randomness of the random seed generation and the unpredictability of the random number seed generation.
采用了成熟的两种国内外HASH算法,可以保证生成随机种子的抗碰撞性。Two mature domestic and foreign HASH algorithms are adopted to ensure the collision resistance of the generated random seeds.
采用了结合终端设备特有环境下的两类随机信息来生成一个初步种子的方法,提升了随机数种子的安全性。A method of combining two types of random information in a unique environment of a terminal device to generate a preliminary seed is adopted, thereby improving the security of the random number seed.
采用最小熵估计法和种子有效性验证模块保证了生成的随机数种子符合国内标准,保证了随机数种子的安全性。The use of minimum entropy estimation method and seed validity verification module ensures that the generated random number seeds meet domestic standards and ensures the security of random number seeds.
并且可以通过种子的有效性验证结果直观的对随机数种子进行公开验证。And the random number seed can be publicly verified intuitively through the seed validity verification results.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required for use in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without creative work.
图1是本发明实施例提供的一种伪随机数生成方法流程图;FIG1 is a flow chart of a pseudo-random number generation method provided by an embodiment of the present invention;
图2是本发明实施例提供的一种对初始种子A和初始种子B两段信息进行拆分和移位加操作的方法原理示意图;2 is a schematic diagram showing the principle of a method for performing splitting and shift-adding operations on two pieces of information, an initial seed A and an initial seed B, provided by an embodiment of the present invention;
图3是本发明实施例提供的一种随机数种子生成方法的流程示意图;FIG3 is a schematic diagram of a flow chart of a random number seed generation method provided by an embodiment of the present invention;
图4是本发明实施例提供的一种熵池模块结构示意图;FIG4 is a schematic diagram of the structure of an entropy pool module provided in an embodiment of the present invention;
图5是本发明实施例提供的一种初始种子A生成流程示意图;FIG5 is a schematic diagram of a process for generating an initial seed A provided by an embodiment of the present invention;
图6是本发明实施例提供的一种初始种子B生成流程示意图;FIG6 is a schematic diagram of a process for generating an initial seed B provided by an embodiment of the present invention;
图7是本发明实施例提供的一种最终种子D生成示意流程图;FIG7 is a schematic flow chart of generating a final seed D provided by an embodiment of the present invention;
图8是本发明实施例提供的一种伪随机数生成装置框图;FIG8 is a block diagram of a pseudo-random number generating device provided by an embodiment of the present invention;
图9是本发明实施例提供的一种随机数种子生成方法的装置结构示意图;FIG9 is a schematic diagram of the structure of a random number seed generating method provided by an embodiment of the present invention;
图10是本发明实施例提供的一种伪随机数生成设备的结构示意图。FIG10 is a schematic diagram of the structure of a pseudo-random number generating device provided in an embodiment of the present invention.
具体实施方式Detailed ways
下面结合附图,对本发明中的技术方案进行描述。The technical solution of the present invention is described below in conjunction with the accompanying drawings.
在本发明实施例中,“示例地”、“例如”等词用于表示作例子、例证或说明。本发明中被描述为“示例”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言,使用示例的一词旨在以具体方式呈现概念。此外,在本发明实施例中,“和/或”所表达的含义可以是两者都有,或者可以是两者任选其一。In the embodiments of the present invention, words such as "exemplarily" and "for example" are used to indicate examples, illustrations or explanations. Any embodiment or design described as "example" in the present invention should not be interpreted as being more preferred or more advantageous than other embodiments or designs. Specifically, the use of the word "example" is intended to present the concept in a specific way. In addition, in the embodiments of the present invention, the meaning expressed by "and/or" can be both, or it can be either of the two.
本发明实施例中,“图像”,“图片”有时可以混用,应当指出的是,在不强调其区别时,其所要表达的含义是一致的。“的(of)”,“相应的(corresponding,relevant)”和“对应的(corresponding)”有时可以混用,应当指出的是,在不强调其区别时,其所要表达的含义是一致的。In the embodiments of the present invention, "image" and "picture" can sometimes be used interchangeably. It should be noted that when the difference between them is not emphasized, the meanings they intend to express are the same. "of", "corresponding, relevant" and "corresponding" can sometimes be used interchangeably. It should be noted that when the difference between them is not emphasized, the meanings they intend to express are the same.
本发明实施例中,有时候下标如W1可能会笔误为非下标的形式如W1,在不强调其区别时,其所要表达的含义是一致的。In the embodiments of the present invention, sometimes a subscript such as W1 may be mistakenly written as a non-subscript such as W1. When the difference is not emphasized, the meanings to be expressed are consistent.
为使本发明要解决的技术问题、技术方案和优点更加清楚,下面将结合附图及具体实施例进行详细描述。In order to make the technical problems, technical solutions and advantages to be solved by the present invention more clear, a detailed description will be given below with reference to the accompanying drawings and specific embodiments.
本发明实施例提供了一种伪随机数生成方法,该方法可以由伪随机数生成设备实现,该伪随机数生成设备可以是终端或服务器。如图1所示的伪随机数生成方法流程图,该方法的处理流程可以包括如下的步骤:The embodiment of the present invention provides a pseudo-random number generation method, which can be implemented by a pseudo-random number generation device, which can be a terminal or a server. As shown in the pseudo-random number generation method flow chart of Figure 1, the processing flow of the method may include the following steps:
S1、构建熵池,利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据,进而生成第一初始种子。S1. Construct an entropy pool, use the entropy pool to collect entropy source data from the system environment, and perform layer-by-layer mixed mapping on the entropy source data to obtain mixed entropy source data, thereby generating a first initial seed.
可选地,创建一个特定结构熵池,作为熵源数据收集器,通过接口收集系统环境中产生的多种熵源随机信息。根据国内标准要求,熵池大小应大于或等于512字节,但不超过4096个字节。Optionally, create an entropy pool of a specific structure as an entropy source data collector to collect random information from multiple entropy sources generated in the system environment through an interface. According to domestic standard requirements, the entropy pool size should be greater than or equal to 512 bytes, but not more than 4096 bytes.
具体地,熵池可以包括:混合熵源数据存储模块、第一层混沌算法映射模块、第二层混沌算法映射模块以及处理后数据存储模块。Specifically, the entropy pool may include: a mixed entropy source data storage module, a first-layer chaos algorithm mapping module, a second-layer chaos algorithm mapping module, and a processed data storage module.
其中,混合熵源数据存储模块,用于存储从系统环境中收集的熵源数据,并对熵源数据进行混合,得到混合多元数据。Among them, the mixed entropy source data storage module is used to store the entropy source data collected from the system environment, and mix the entropy source data to obtain mixed multivariate data.
第一层混沌算法映射模块,用于使用第一混沌算法对混合多元数据进行第一层映射,得到第一层映射后的数据。The first-layer chaos algorithm mapping module is used to use the first chaos algorithm to perform the first-layer mapping on the mixed multivariate data to obtain the first-layer mapped data.
其中,第一混沌算法可以是恩龙Henon混沌算法。Among them, the first chaos algorithm can be the Henon chaos algorithm.
第二层混沌算法映射模块,用于使用第二混沌算法对第一层映射后的数据进行第二层映射,得到混合后的熵源数据。The second layer chaos algorithm mapping module is used to use the second chaos algorithm to perform the second layer mapping on the data after the first layer mapping to obtain the mixed entropy source data.
其中,第二混沌算法可以是劳伦兹Lorenz混沌算法。The second chaos algorithm may be a Lorenz chaos algorithm.
处理后数据存储模块,用于存储混合后的熵源数据。The processed data storage module is used to store the mixed entropy source data.
可选地, S1中的利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据,进而生成第一初始种子,可以包括如下步骤S11- S13:Optionally, the step of collecting entropy source data from the system environment by using the entropy pool in S1, and performing layer-by-layer hybrid mapping on the entropy source data to obtain hybrid entropy source data, and then generating the first initial seed, may include the following steps S11-S13:
S11、利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据。S11. Collect entropy source data from the system environment using an entropy pool, and perform layer-by-layer mixed mapping on the entropy source data to obtain mixed entropy source data.
一种可行的实施方式中,系统可以是金融终端系统等。In a feasible implementation manner, the system may be a financial terminal system or the like.
进一步地,利用熵池收集系统环境中产生的多种熵源随机信息,如系统时间、鼠标移动、键盘击键、磁盘活动等;使用两种混沌算法对上述熵源数据进行逐层混合映射增加其随机性,然后将处理后的数据返回熵池特定存储位置。Furthermore, the entropy pool is used to collect random information from various entropy sources generated in the system environment, such as system time, mouse movement, keyboard keystrokes, disk activity, etc.; two chaotic algorithms are used to perform layer-by-layer mixed mapping on the above entropy source data to increase its randomness, and then the processed data is returned to a specific storage location in the entropy pool.
S12、对混合后的熵源数据进行熵估计测试,得到测试后的熵源数据,判断测试后的熵源数据是否符合随机性要求,若符合,则执行步骤S13;若不符合,则转去执行步骤S11。S12, perform an entropy estimation test on the mixed entropy source data to obtain the entropy source data after the test, and determine whether the entropy source data after the test meets the randomness requirements. If yes, execute step S13; if not, go to execute step S11.
一种可行的实施方式中,将混沌算法映射混合后的熵源数据传入熵估计模块进行熵估计测试。In a feasible implementation, the entropy source data after the chaotic algorithm mapping and mixing is transmitted to the entropy estimation module for entropy estimation test.
具体地,最常用的熵度量方式为香农熵,这种方式在信息论等领域应用广泛,香农熵是指熵源的平均熵值,在密码领域,最小熵更为常用,最小熵是给出熵源的熵值下界,安全性要求更高,因此在此设定的熵估计模块所使用的熵估计方法为最小熵,计算公式如下式(1)所示:Specifically, the most commonly used entropy measurement method is Shannon entropy, which is widely used in fields such as information theory. Shannon entropy refers to the average entropy value of the entropy source. In the field of cryptography, minimum entropy is more commonly used. Minimum entropy is the lower bound of the entropy value of the entropy source, and has higher security requirements. Therefore, the entropy estimation method used in the entropy estimation module set here is minimum entropy, and the calculation formula is shown in the following formula (1):
(1) (1)
假设某熵源输出的序列具有最小熵,则攻击者猜对该序列的最大概率是/>,如果该攻击者拥有/>次猜测机会,那么他猜测正确的最大概率是/>。Assume that the sequence output by an entropy source has the minimum entropy , then the maximum probability that the attacker guesses the sequence is/> , if the attacker has/> guessing opportunities, then the maximum probability that he guesses correctly is/> .
根据设计的随机数发生器提供对熵源最大可能输出概率的估计/>,进而得到最小熵估计/>。The random number generator is designed to provide the maximum possible output probability for the entropy source Estimates , and then get the minimum entropy estimate/> .
进一步地,测试收集的熵源数据是否符合随机性要求;增加熵池数据更新模块,若熵估计测试不符合要求则利用熵池重新收集熵源数据,更新熵池内部数据(多种熵源数据)并按上述处理方式(混沌算法混合数据)继续处理;若符合要求则紧接着下一步步骤。Furthermore, test whether the collected entropy source data meets the randomness requirements; add an entropy pool data update module. If the entropy estimation test does not meet the requirements, use the entropy pool to collect the entropy source data again, update the internal data of the entropy pool (multiple entropy source data) and continue processing according to the above processing method (chaotic algorithm mixed data); if it meets the requirements, proceed to the next step.
S13、使用第一哈希算法对符合随机性要求的熵源数据进行第一步哈希处理,生成第一初始种子。S13. Use a first hash algorithm to perform a first step hash processing on the entropy source data that meets the randomness requirements to generate a first initial seed.
一种可行的实施方式中,使用第一种HASH密码算法(HASH密码算法满足一定的安全要求)对映射处理后的数据进行第一步哈希计算,按所需位数输出生成初始种子A。In a feasible implementation, a first HASH cryptographic algorithm (the HASH cryptographic algorithm meets certain security requirements) is used to perform the first step of hash calculation on the mapped data, and the initial seed A is generated according to the required number of bits.
S2、利用终端存储模块收集终端设备内部的多种随机数据,对多种随机数据进行截取移位混合操作,生成第二初始种子。S2. Use the terminal storage module to collect various random data inside the terminal device, perform interception, shift and mixing operations on the various random data, and generate a second initial seed.
其中,终端存储模块可以是RAM。The terminal storage module may be a RAM.
可选地,上述步骤S2可以包括如下步骤S21- S22:Optionally, the above step S2 may include the following steps S21-S22:
S21、利用终端存储模块收集终端设备内部预设字节长度的随机数据,并按照预设字节长度随机截取终端设备的特有标识信息。S21. Use the terminal storage module to collect random data of a preset byte length inside the terminal device, and randomly intercept unique identification information of the terminal device according to the preset byte length.
S22、对随机数据以及特有标识信息进行截取移位混合操作,生成第二初始种子。S22, performing a truncation, shift and mixing operation on the random data and the unique identification information to generate a second initial seed.
一种可行的实施方式中,收集终端设备特有环境下的两类随机信息,具体地,通过内部授权接口采集终端设备内NVRAM(Non-Volatile Random Access Memory,非易失性随机访问存储器)所设定字节长度的随机数据,并按照所设定字节长度随机截取终端设备的特有标识信息;将收集的两段不同信息存入存储器中并进行移位混合,将混合后的信息列随机截取其中的所需长度作为初始种子B。In a feasible implementation, two types of random information are collected in a unique environment of a terminal device. Specifically, random data of a byte length set by an NVRAM (Non-Volatile Random Access Memory) in the terminal device is collected through an internal authorization interface, and unique identification information of the terminal device is randomly intercepted according to the set byte length; the two different pieces of collected information are stored in a memory and shifted and mixed, and the required length of the mixed information column is randomly intercepted as an initial seed B.
进一步地,在此过程中包含存储更新函数,对存储模块进行检测,预先设定按所需时间定时对存储模块所收集的随机信息进行更新,并检测到若存储模块内的随机信息已使用过一次则立即对存储模块内的随机信息进行更新。Furthermore, the process includes a storage update function, which detects the storage module, pre-sets the random information collected by the storage module to be updated at a required time, and immediately updates the random information in the storage module if it is detected that the random information in the storage module has been used once.
S3、根据第一初始种子以及第二初始种子,生成第三数据,用于最终种子的生成,使用第二哈希算法对第三数据进行第二步哈希处理,进而得到最终的伪随机数种子。S3. Generate third data based on the first initial seed and the second initial seed for generating the final seed, and perform a second hash process on the third data using the second hash algorithm to obtain a final pseudo-random number seed.
可选地,上述步骤S3可以包括如下步骤S31- S33:Optionally, the above step S3 may include the following steps S31-S33:
S31、分别对第一初始种子以及第二初始种子进行随机拆分处理,对随机拆分处理得到的等长信息段进行拆分、移位加操作,生成第三数据。S31. Perform random splitting processing on the first initial seed and the second initial seed respectively, and perform splitting, shift-adding operations on equal-length information segments obtained by the random splitting processing to generate third data.
一种可行的实施方式中,如图2所示,将初始种子数据A和初始种子数据B经过随机拆分处理,然后将初始种子A和初始种子B分别拆分的等长信息段按照预设的移位加操作进行组合生成数据C。In a feasible implementation, as shown in FIG2 , the initial seed data A and the initial seed data B are randomly split, and then the equal-length information segments respectively split from the initial seed A and the initial seed B are combined according to a preset shift-and-add operation to generate data C.
S32、使用第二哈希算法对第三数据进行第二步哈希处理,得到新的数据列,根据新的数据列按照预设的输出位数输出随机数种子。S32. Perform a second hash process on the third data using a second hash algorithm to obtain a new data column, and output a random number seed according to the new data column and a preset number of output bits.
一种可行的实施方式中,将数据C经过第二种HASH密码算法(需满足一定的安全要求)进行第二步哈希计算处理得到新的数据列,并按设定的输出位数输出符合要求的最终随机数种子D。In a feasible implementation, data C is subjected to a second HASH cryptographic algorithm (which must meet certain security requirements) for a second step of hash calculation processing to obtain a new data column, and a final random number seed D that meets the requirements is output according to a set number of output bits.
S33、对随机数种子进行有效性验证,若通过有效性验证,则得到最终的伪随机数种子;若未通过有效性验证,则转去执行步骤S31。S33, verify the validity of the random number seed. If it passes the validity verification, the final pseudo-random number seed is obtained; if it fails the validity verification, go to step S31.
一种可行的实施方式中,最后将最终随机数种子D导入种子有效性验证模块,对最终随机数种子进行有效性验证;验证不符合要求则返回,重复以上步骤。In a feasible implementation, the final random number seed D is finally introduced into the seed validity verification module to verify the validity of the final random number seed; if the verification does not meet the requirements, it returns and repeats the above steps.
S4、将最终的伪随机数种子输入到伪随机数发生器,实现伪随机数的生成。S4. Input the final pseudo-random number seed into the pseudo-random number generator to realize the generation of pseudo-random numbers.
一种可行的实施方式中,基于金融终端的随机数种子生成方法流程图如图3所示,使用最终随机数种子D作为设计好的伪随机数发生器初始化参数输入,实现伪随机数的生成,并对生成的伪随机数信息进行随机性测试。In a feasible implementation, a flow chart of a random number seed generation method based on a financial terminal is shown in FIG3 , and a final random number seed D is used as an initialization parameter input of a designed pseudo-random number generator to realize pseudo-random number generation, and a randomness test is performed on the generated pseudo-random number information.
为了解决上述方法生成种子容易引起随机性降低及安全性不够的问题,本发明提出一种新型的随机数种子生成方案,通过引入混沌映射函数混合多个熵源数据来确保熵源有足够的随机性和不可预测性,并结合终端设备两类不同的数据信息来生成随机数种子以保障生成种子的安全性,进而输入软件随机数发生器生成高质量随机数。该方法具有较好随机性、抗碰撞性、不可预测性、可验证性、安全性。In order to solve the problem that the above-mentioned method of generating seeds easily leads to reduced randomness and insufficient security, the present invention proposes a new random number seed generation scheme, which introduces a chaotic mapping function to mix multiple entropy source data to ensure that the entropy source has sufficient randomness and unpredictability, and combines two different types of data information of the terminal device to generate random number seeds to ensure the security of the generated seeds, and then inputs the software random number generator to generate high-quality random numbers. This method has good randomness, anti-collision, unpredictability, verifiability and security.
举例来说,本发明的一个实施例的生成随机数种子的方法,主要包含三个部分,步骤如下:For example, a method for generating a random number seed according to an embodiment of the present invention mainly includes three parts, and the steps are as follows:
第一个部分是初始种子A的生成:The first part is the generation of the initial seed A:
预先设定好适用于本发明的特定结构熵池,为方便理解,给出其结构图如图4所示,该结构内部包含混合熵源数据存储模块、第一层混沌算法映射模块、第二层混沌算法映射模块、处理后数据存储模块四个小模块;在本实施例中考虑到熵池大小适应性,将熵池大小设为2048字节;先从系统环境中收集包括鼠标移动、系统时间、键盘击键、磁盘活动等随机性较高的四种及以上熵源数据存储于预先设计好的熵池特定存储模块中进行混合,其中混合操作可包含异或、移位加、移位减等,具体方法可根据场景需要,在本实施例中在保证足够安全性的同时为了减少内存消耗,使用较为简单的异或操作。A specific structure entropy pool suitable for the present invention is pre-set. For ease of understanding, its structure diagram is shown in FIG4 . The structure includes four small modules, namely, a mixed entropy source data storage module, a first-layer chaos algorithm mapping module, a second-layer chaos algorithm mapping module, and a processed data storage module. In this embodiment, the entropy pool size is set to 2048 bytes in consideration of the adaptability of the entropy pool size. Four or more entropy source data with high randomness, such as mouse movement, system time, keyboard keystrokes, and disk activity, are first collected from the system environment and stored in a pre-designed entropy pool specific storage module for mixing. The mixing operation may include XOR, shift addition, shift subtraction, etc. The specific method may be based on the needs of the scenario. In this embodiment, a relatively simple XOR operation is used to reduce memory consumption while ensuring sufficient security.
然后进一步将混合多元数据通过第一个混沌算法进行第一层映射,映射完成后将混合映射后的数据转入第二个混沌算法进行第二层映射,经两层映射后的数据转存入熵池的特定存储模块;在本次实施例中第一层混沌映射算法使用Henon混沌算法,第二层混沌映射算法使用Lorenz混沌算法。Then, the mixed multivariate data is further mapped in the first layer through the first chaotic algorithm. After the mapping is completed, the mixed mapped data is transferred to the second chaotic algorithm for the second layer mapping. The data after the two layers of mapping are transferred and stored in a specific storage module of the entropy pool; in this embodiment, the first layer chaotic mapping algorithm uses the Henon chaotic algorithm, and the second layer chaotic mapping algorithm uses the Lorenz chaotic algorithm.
下一步将该混合数据同步输出给熵估计模块进行熵测试,若测试结果的熵不满足给定标准,则熵池更新函数经检测后对熵池下达重新收集熵源数据指令,重复之前熵源数据收集和处理步骤;若测试结果满足要求则继续进行下一步操作。In the next step, the mixed data is synchronously output to the entropy estimation module for entropy testing. If the entropy of the test result does not meet the given standard, the entropy pool update function will issue an instruction to the entropy pool to re-collect the entropy source data after detection, and repeat the previous entropy source data collection and processing steps; if the test result meets the requirements, proceed to the next step.
将满足熵估计的数据使用第一种符合安全性要求的HASH算法进行计算处理,随机截取256比特长度数据生成初始种子A;在本实施例中第一种哈希密码算法使用国外较为成熟的SHA256杂凑算法;其流程细节如图5所示。The data that meets the entropy estimation is calculated and processed using the first HASH algorithm that meets the security requirements, and 256-bit length data is randomly intercepted to generate the initial seed A; in this embodiment, the first hash cryptographic algorithm uses the more mature SHA256 hash algorithm from abroad; the process details are shown in Figure 5.
第二个部分是初始种子B的生成:The second part is the generation of the initial seed B:
利用内部授权接口先从终端设备的内部非易失性随机存储器中采集前32位字节数据,并按32个字节长度循环截取终端设备的特有标识信息,然后存入终端信息存储器中;在当前实施例中终端设备选择金融终端设备,并选择金融终端设备环境所特有的交易标识信息中包含的交易流水号、终端交易序号、授权码、商户订单标识、发卡行参考号五种标识信息,每次循环截取其中两种信息作为交易标识信息;将采集的两类随机信息存入终端信息存储器后进行截取移位混合操作,在本实施例中截取的信息长度设定为256比特,参照国内标准初始化参数输入字符串应至少具有128比特,或预期重复概率不大于;将混合处理后的信息字符串存入该模块特定存储区域作为初始种子B,等待调用;在本实施例中同时有内部更新函数,对终端信息存储模块进行实时检测,当模块内部随机信息被调用一次,即对模块下达更新指令,重新收集终端信息;并且更新函数在预先设定好的时间也会对终端信息收集模块进行定时更新,两种更新模式并不冲突;其流程细节如图6所示。The internal authorization interface is used to first collect the first 32 bytes of data from the internal non-volatile random access memory of the terminal device, and the unique identification information of the terminal device is intercepted cyclically according to the length of 32 bytes, and then stored in the terminal information memory; in the current embodiment, the terminal device selects a financial terminal device, and selects five types of identification information contained in the transaction identification information unique to the financial terminal device environment, including the transaction serial number, terminal transaction sequence number, authorization code, merchant order identification, and issuing bank reference number, and two of them are intercepted in each cycle as transaction identification information; after storing the collected two types of random information in the terminal information memory, an interception shift mixing operation is performed. In this embodiment, the intercepted information length is set to 256 bits. Referring to the domestic standard initialization parameter input character string, it should have at least 128 bits, or the expected probability of repetition is not greater than ; Store the mixed information string into the specific storage area of the module as the initial seed B, waiting for calling; in this embodiment, there is also an internal update function to perform real-time detection on the terminal information storage module. When the random information inside the module is called once, an update instruction is issued to the module to collect the terminal information again; and the update function will also periodically update the terminal information collection module at a preset time, and the two update modes do not conflict; the process details are shown in Figure 6.
第三部分是最终种子D的生成:The third part is the generation of the final seed D:
在此设定一个初始种子处理模块,利用接口调用函数从第一个部分熵池中的处理后数据存储模块和第二个部分终端信息存储模块中使用函数分别调用初始种子A和初始种子B两段信息比特串,进行拆分和移位加操作;在本发明实施例中,设定为先将初始种子A和初始种子B分别拆分成两个相同长度的信息串,然后各个信息段分别进行左移3位操作,再将A生成的两个等长信息和B生成的两个等长信息彼此随机匹配进行加计算合并,具体结构流程如图7所示;从而得到信息比特串数据C;再将所得数据C导入密码技术处理模块,通过第二种HASH密码算法进行哈希计算,所得到的数据结果随机截取256比特长度作为最终的随机数种子;在本实施例中考虑到安全性,使用国内成熟的SM3密码算法进行哈希计算;最后还需用种子验证模块对最终种子的随机性等进行验证;若不符合标准则返回上述步骤;若符合标准则作为初始化参数输入所设定的伪随机数发生器中用来生成高质量随机数。其流程细节如图7所示。Here, an initial seed processing module is set, and the interface calling function is used to call the two information bit strings of initial seed A and initial seed B from the processed data storage module in the first part of the entropy pool and the second part of the terminal information storage module, respectively, and perform splitting and shift addition operations; in the embodiment of the present invention, it is set to first split the initial seed A and initial seed B into two information strings of the same length, and then each information segment is shifted left by 3 bits, and then the two equal-length information generated by A and the two equal-length information generated by B are randomly matched with each other for addition calculation and merging, and the specific structural process is shown in Figure 7; thereby obtaining information bit string data C; then the obtained data C is imported into the cryptographic technology processing module, and hash calculation is performed through the second HASH cryptographic algorithm, and the obtained data result randomly intercepts 256 bits in length as the final random number seed; in this embodiment, considering security, the mature domestic SM3 cryptographic algorithm is used for hash calculation; finally, the seed verification module is required to verify the randomness of the final seed; if it does not meet the standard, return to the above steps; if it meets the standard, it is used as an initialization parameter input into the set pseudo-random number generator to generate high-quality random numbers. The details of the process are shown in Figure 7.
进一步地,根据生成的高质量随机数生成随机性高且安全性足够的密码用于数据验证、实现注册登录等功能。Furthermore, a password with high randomness and sufficient security is generated based on the generated high-quality random number for data verification and registration and login functions.
一种可行的实施方式中,本申请的随机数生成方法不仅可以应用于安全领域,还可以应用于如数学统计领域,物理应用等方面。In a feasible implementation manner, the random number generation method of the present application can be applied not only to the security field, but also to fields such as mathematical statistics, physical applications, etc.
具体地,密码技术领域:作为安全组件生成高质量的随机数可以用于生成密钥、初试向量等安全参数,或应用于随机化算法、数字签名、加密通信、消息认证等。Specifically, in the field of cryptographic technology: as a security component, high-quality random numbers can be generated, which can be used to generate security parameters such as keys and trial vectors, or applied to randomization algorithms, digital signatures, encrypted communications, message authentication, etc.
模拟和建模领域:使用随机数来生成随机天气条件,以研究气候变化和气象模型。Simulation and Modeling: Using random numbers to generate random weather conditions to study climate change and meteorological models.
金融领域:随机数可以用于模拟股价、货币汇率和其他市场变量。Finance: Random numbers can be used to simulate stock prices, currency exchange rates, and other market variables.
游戏开发:在游戏领域中,随机数被广泛应用于生成随机事件、地图等。通过使用随机数,游戏可以增加变化性和挑战性,使玩家的体验更加吸引人。Game Development: In the field of games, random numbers are widely used to generate random events, maps, etc. By using random numbers, games can increase variability and challenge, making the player's experience more attractive.
实验设计:在科学研究中,随机数可以用于实验设计和数据采样。Experimental design: In scientific research, random numbers can be used in experimental design and data sampling.
在统计学中,随机数也用于生成随机样本,以便进行推断和建模。In statistics, random numbers are also used to generate random samples for inference and modeling.
本发明实施例中,通过收集系统环境的多个高质量熵源数据,并使用成熟的混沌算法混合数据来生成随机种子,确保随机种子生成的随机性,保证了随机数种子生成的不可预测性。In the embodiment of the present invention, multiple high-quality entropy source data of the system environment are collected, and a mature chaos algorithm is used to mix the data to generate a random seed, thereby ensuring the randomness of the random seed generation and the unpredictability of the random number seed generation.
采用了成熟的两种国内外HASH算法,可以保证生成随机种子的抗碰撞性。Two mature domestic and foreign HASH algorithms are adopted to ensure the collision resistance of the generated random seeds.
采用了结合终端设备特有环境下的两类随机信息来生成一个初步种子的方法,提升了随机数种子的安全性。A method of combining two types of random information in a unique environment of a terminal device to generate a preliminary seed is adopted, thereby improving the security of the random number seed.
采用最小熵估计法和种子有效性验证模块保证了生成的随机数种子符合国内标准,保证了随机数种子的安全性。The use of minimum entropy estimation method and seed validity verification module ensures that the generated random number seeds meet domestic standards and ensures the security of random number seeds.
并且可以通过种子的有效性验证结果直观的对随机数种子进行公开验证。And the random number seed can be publicly verified intuitively through the seed validity verification results.
图8、图9是根据一示例性实施例示出的一种伪随机数生成装置框图,该装置用于伪随机数生成方法。参照图8,该装置包括第一生成模块810、第二生成模块820以及种子生成模块830、输出模块840。为了便于说明,图8仅示出了该伪随机数生成装置的主要部件:FIG8 and FIG9 are block diagrams of a pseudo-random number generating device according to an exemplary embodiment, and the device is used in a pseudo-random number generating method. Referring to FIG8 , the device includes a first generating module 810, a second generating module 820, a seed generating module 830, and an output module 840. For ease of explanation, FIG8 only shows the main components of the pseudo-random number generating device:
第一生成模块810,用于构建熵池,利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据,进而生成第一初始种子。The first generation module 810 is used to construct an entropy pool, use the entropy pool to collect entropy source data from the system environment, and perform layer-by-layer mixed mapping on the entropy source data to obtain mixed entropy source data, and then generate a first initial seed.
第二生成模块820,用于利用终端存储模块收集终端设备内部的多种随机数据,对多种随机数据进行截取移位混合操作,生成第二初始种子。The second generating module 820 is used to collect various random data inside the terminal device by using the terminal storage module, perform interception, shift and mixing operations on the various random data, and generate a second initial seed.
种子生成模块830,用于根据第一初始种子以及第二初始种子,生成第三数据,使用第二哈希算法对第三数据进行第二步哈希处理,进而得到最终的伪随机数种子。The seed generation module 830 is used to generate third data according to the first initial seed and the second initial seed, and perform a second hash process on the third data using a second hash algorithm to obtain a final pseudo-random number seed.
输出模块840,用于将最终的伪随机数种子输入到伪随机数发生器,实现伪随机数的生成。The output module 840 is used to input the final pseudo-random number seed into the pseudo-random number generator to realize the generation of pseudo-random numbers.
可选地,熵池包括:混合熵源数据存储模块、第一层混沌算法映射模块、第二层混沌算法映射模块以及处理后数据存储模块。Optionally, the entropy pool includes: a mixed entropy source data storage module, a first-layer chaos algorithm mapping module, a second-layer chaos algorithm mapping module, and a processed data storage module.
其中,混合熵源数据存储模块,用于存储从系统环境中收集的熵源数据,并对熵源数据进行混合,得到混合多元数据。Among them, the mixed entropy source data storage module is used to store the entropy source data collected from the system environment, and mix the entropy source data to obtain mixed multivariate data.
第一层混沌算法映射模块,用于使用第一混沌算法对混合多元数据进行第一层映射,得到第一层映射后的数据。The first-layer chaos algorithm mapping module is used to use the first chaos algorithm to perform the first-layer mapping on the mixed multivariate data to obtain the first-layer mapped data.
第二层混沌算法映射模块,用于使用第二混沌算法对第一层映射后的数据进行第二层映射,得到混合后的熵源数据。The second layer chaos algorithm mapping module is used to use the second chaos algorithm to perform the second layer mapping on the data after the first layer mapping to obtain the mixed entropy source data.
处理后数据存储模块,用于存储混合后的熵源数据。The processed data storage module is used to store the mixed entropy source data.
可选地,第一混沌算法为恩龙Henon混沌算法。Optionally, the first chaos algorithm is Henon chaos algorithm.
第二混沌算法为劳伦兹Lorenz混沌算法。The second chaos algorithm is the Lorenz chaos algorithm.
可选地,第一生成模块810,进一步用于:Optionally, the first generating module 810 is further configured to:
S11、利用熵池从系统环境中收集熵源数据,并对熵源数据进行逐层混合映射,得到混合后的熵源数据。S11. Collect entropy source data from the system environment using an entropy pool, and perform layer-by-layer mixed mapping on the entropy source data to obtain mixed entropy source data.
S12、对混合后的熵源数据进行熵估计测试,得到测试后的熵源数据,判断测试后的熵源数据是否符合随机性要求,若符合,则执行步骤S13;若不符合,则转去执行步骤S11。S12, perform an entropy estimation test on the mixed entropy source data to obtain the entropy source data after the test, and determine whether the entropy source data after the test meets the randomness requirements. If yes, execute step S13; if not, go to execute step S11.
S13、使用第一哈希算法对符合随机性要求的熵源数据进行第一步哈希处理,生成第一初始种子。S13. Use a first hash algorithm to perform a first step hash processing on the entropy source data that meets the randomness requirements to generate a first initial seed.
可选地,第二生成模块820,进一步用于:Optionally, the second generating module 820 is further configured to:
S21、利用终端存储模块收集终端设备内部预设字节长度的随机数据,并按照预设字节长度随机截取终端设备的特有标识信息。S21. Use the terminal storage module to collect random data of a preset byte length inside the terminal device, and randomly intercept unique identification information of the terminal device according to the preset byte length.
S22、对随机数据以及特有标识信息进行截取移位混合操作,生成第二初始种子。S22, performing a truncation, shift and mixing operation on the random data and the unique identification information to generate a second initial seed.
可选地,种子生成模块830,进一步用于:Optionally, the seed generation module 830 is further configured to:
S31、分别对第一初始种子以及第二初始种子进行随机拆分处理,对随机拆分处理得到的等长信息段进行移位加操作,生成第三数据。S31, performing random splitting processing on the first initial seed and the second initial seed respectively, performing shift-addition operation on equal-length information segments obtained by the random splitting processing, and generating third data.
S32、使用第二哈希算法对第三数据进行第二步哈希处理,得到新的数据列,根据新的数据列按照预设的输出位数输出随机数种子。S32. Perform a second hash process on the third data using a second hash algorithm to obtain a new data column, and output a random number seed according to the new data column and a preset number of output bits.
S33、对随机数种子进行有效性验证,若通过有效性验证,则得到最终的伪随机数种子;若未通过有效性验证,则转去执行步骤S31。S33, verify the validity of the random number seed. If it passes the validity verification, the final pseudo-random number seed is obtained; if it fails the validity verification, go to step S31.
本发明实施例中,通过收集系统环境的多个高质量熵源数据,并使用成熟的混沌算法混合数据来生成随机种子,确保随机种子生成的随机性,保证了随机数种子生成的不可预测性。In the embodiment of the present invention, multiple high-quality entropy source data of the system environment are collected, and a mature chaos algorithm is used to mix the data to generate a random seed, thereby ensuring the randomness of the random seed generation and the unpredictability of the random number seed generation.
采用了成熟的两种国内外HASH算法,可以保证生成随机种子的抗碰撞性。Two mature domestic and foreign HASH algorithms are adopted to ensure the collision resistance of the generated random seeds.
采用了结合终端设备特有环境下的两类随机信息来生成一个初步种子的方法,提升了随机数种子的安全性。A method of combining two types of random information in a unique environment of a terminal device to generate a preliminary seed is adopted, thereby improving the security of the random number seed.
采用最小熵估计法和种子有效性验证模块保证了生成的随机数种子符合国内标准,保证了随机数种子的安全性。The use of minimum entropy estimation method and seed validity verification module ensures that the generated random number seeds meet domestic standards and ensures the security of random number seeds.
并且可以通过种子的有效性验证结果直观的对随机数种子进行公开验证。And the random number seed can be publicly verified intuitively through the seed validity verification results.
图10是本发明实施例提供的一种伪随机数生成设备的结构示意图,如图10所示,伪随机数生成设备可以包括上述图8所示的伪随机数生成装置。可选地,伪随机数生成设备1010可以包括处理器2001。FIG10 is a schematic diagram of the structure of a pseudo-random number generating device provided by an embodiment of the present invention. As shown in FIG10 , the pseudo-random number generating device may include the pseudo-random number generating apparatus shown in FIG8 . Optionally, the pseudo-random number generating device 1010 may include a processor 2001 .
可选地,伪随机数生成设备1010还可以包括存储器2002和收发器2003。Optionally, the pseudo-random number generating device 1010 may further include a memory 2002 and a transceiver 2003 .
其中,处理器2001与存储器2002以及收发器2003,如可以通过通信总线连接。The processor 2001, the memory 2002 and the transceiver 2003 may be connected via a communication bus.
下面结合图10对伪随机数生成设备1010的各个构成部件进行具体的介绍:The following is a detailed introduction to the various components of the pseudo-random number generating device 1010 in conjunction with FIG. 10 :
其中,处理器2001是伪随机数生成设备1010的控制中心,可以是一个处理器,也可以是多个处理元件的统称。例如,处理器2001是一个或多个中央处理器(centralprocessing unit,CPU),也可以是特定集成电路(application specific integratedcircuit,ASIC),或者是被配置成实施本发明实施例的一个或多个集成电路,例如:一个或多个微处理器(digital signal processor,DSP),或,一个或者多个现场可编程门阵列(field programmable gate array,FPGA)。The processor 2001 is the control center of the pseudo-random number generating device 1010, and may be a processor or a general term for multiple processing elements. For example, the processor 2001 is one or more central processing units (CPUs), or may be application specific integrated circuits (ASICs), or may be one or more integrated circuits configured to implement the embodiments of the present invention, such as one or more microprocessors (digital signal processors, DSPs), or one or more field programmable gate arrays (field programmable gate arrays, FPGAs).
可选地,处理器2001可以通过运行或执行存储在存储器2002内的软件程序,以及调用存储在存储器2002内的数据,执行伪随机数生成设备1010的各种功能。Optionally, the processor 2001 may perform various functions of the pseudo-random number generating device 1010 by running or executing a software program stored in the memory 2002 , and calling data stored in the memory 2002 .
在具体的实现中,作为一种实施例,处理器2001可以包括一个或多个CPU,例如图10中所示出的CPU0和CPU1。In a specific implementation, as an embodiment, the processor 2001 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 10 .
在具体实现中,作为一种实施例,伪随机数生成设备1010也可以包括多个处理器,例如图10中所示的处理器2001和处理器2004。这些处理器中的每一个可以是一个单核处理器(single-CPU),也可以是一个多核处理器(multi-CPU)。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。In a specific implementation, as an embodiment, the pseudo-random number generating device 1010 may also include multiple processors, such as the processor 2001 and the processor 2004 shown in FIG10 . Each of these processors may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). The processor here may refer to one or more devices, circuits, and/or processing cores for processing data (such as computer program instructions).
其中,所述存储器2002用于存储执行本发明方案的软件程序,并由处理器2001来控制执行,具体实现方式可以参考上述方法实施例,此处不再赘述。The memory 2002 is used to store the software program for executing the solution of the present invention, and the execution is controlled by the processor 2001. The specific implementation method can refer to the above method embodiment, which will not be repeated here.
可选地,存储器2002可以是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、只读光盘(compactdisc read-only memory,CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。存储器2002可以和处理器2001集成在一起,也可以独立存在,并通过伪随机数生成设备1010的接口电路(图10中未示出)与处理器2001耦合,本发明实施例对此不作具体限定。Optionally, the memory 2002 may be a read-only memory (ROM) or other types of static storage devices that can store static information and instructions, a random access memory (RAM) or other types of dynamic storage devices that can store information and instructions, or an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compressed optical disc, laser disc, optical disc, digital versatile disc, Blu-ray disc, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store the desired program code in the form of instructions or data structures and can be accessed by a computer, but is not limited thereto. The memory 2002 may be integrated with the processor 2001, or may exist independently, and be coupled to the processor 2001 through an interface circuit (not shown in FIG. 10 ) of the pseudo-random number generation device 1010, which is not specifically limited in the embodiment of the present invention.
收发器2003,用于与网络设备通信,或者与终端设备通信。The transceiver 2003 is used to communicate with a network device or a terminal device.
可选地,收发器2003可以包括接收器和发送器(图10中未单独示出)。其中,接收器用于实现接收功能,发送器用于实现发送功能。Optionally, the transceiver 2003 may include a receiver and a transmitter (not shown separately in FIG. 10 ), wherein the receiver is used to implement a receiving function, and the transmitter is used to implement a sending function.
可选地,收发器2003可以和处理器2001集成在一起,也可以独立存在,并通过伪随机数生成设备1010的接口电路(图10中未示出)与处理器2001耦合,本发明实施例对此不作具体限定。Optionally, the transceiver 2003 may be integrated with the processor 2001 or exist independently and be coupled to the processor 2001 via an interface circuit (not shown in FIG. 10 ) of the pseudo-random number generating device 1010 , which is not specifically limited in the embodiment of the present invention.
需要说明的是,图10中示出的伪随机数生成设备1010的结构并不构成对该路由器的限定,实际的知识结构识别设备可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。It should be noted that the structure of the pseudo-random number generation device 1010 shown in FIG. 10 does not constitute a limitation on the router, and the actual knowledge structure identification device may include more or fewer components than shown in the figure, or a combination of certain components, or a different arrangement of components.
此外,伪随机数生成设备1010的技术效果可以参考上述方法实施例所述的伪随机数生成方法的技术效果,此处不再赘述。In addition, the technical effects of the pseudo-random number generation device 1010 can refer to the technical effects of the pseudo-random number generation method described in the above method embodiment, and will not be repeated here.
应理解,在本发明实施例中的处理器2001可以是中央处理单元(centralprocessing unit,CPU),该处理器还可以是其他通用处理器、数字信号处理器(digitalsignal processor,DSP)、专用集成电路(application specific integrated circuit,ASIC)、现成可编程门阵列(field programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that the processor 2001 in the embodiment of the present invention may be a central processing unit (CPU), and the processor may also be other general-purpose processors, digital signal processors (DSP), application specific integrated circuits (ASIC), field programmable gate arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or the processor may also be any conventional processor, etc.
还应理解,本发明实施例中的存储器可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory,RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的随机存取存储器(random accessmemory,RAM)可用,例如静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。It should also be understood that the memory in the embodiments of the present invention may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memories. Among them, the non-volatile memory may be a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), or a flash memory. The volatile memory may be a random access memory (RAM), which is used as an external cache. By way of example and not limitation, many forms of random access memory (RAM) are available, such as static RAM (SRAM), dynamic random access memory (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous link DRAM (SLDRAM), and direct rambus RAM (DR RAM).
上述实施例,可以全部或部分地通过软件、硬件(如电路)、固件或其他任意组合来实现。当使用软件实现时,上述实施例可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令或计算机程序。在计算机上加载或执行所述计算机指令或计算机程序时,全部或部分地产生按照本发明实施例所述的流程或功能。所述计算机可以为通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集合的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质。半导体介质可以是固态硬盘。The above embodiments can be implemented in whole or in part by software, hardware (such as circuits), firmware or any other combination. When implemented by software, the above embodiments can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions or computer programs. When the computer instructions or computer programs are loaded or executed on a computer, the process or function described in the embodiment of the present invention is generated in whole or in part. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium, or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions can be transmitted from one website, computer, server or data center to another website, computer, server or data center by wired (such as infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server or data center that contains one or more available media sets. The available medium can be a magnetic medium (for example, a floppy disk, a hard disk, a tape), an optical medium (for example, a DVD), or a semiconductor medium. The semiconductor medium can be a solid-state hard disk.
应理解,本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况,其中A,B可以是单数或者复数。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系,但也可能表示的是一种“和/或”的关系,具体可参考前后文进行理解。It should be understood that the term "and/or" in this article is only a description of the association relationship of associated objects, indicating that there can be three relationships. For example, A and/or B can represent: A exists alone, A and B exist at the same time, and B exists alone. A and B can be singular or plural. In addition, the character "/" in this article generally indicates that the associated objects before and after are in an "or" relationship, but it may also indicate an "and/or" relationship. Please refer to the context for specific understanding.
本发明中,“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“以下至少一项(个)”或其类似表达,是指的这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a,b,或c中的至少一项(个),可以表示:a, b, c, a-b, a-c, b-c, 或a-b-c,其中a,b,c可以是单个,也可以是多个。In the present invention, "at least one" means one or more, and "plurality" means two or more. "At least one of the following" or similar expressions refers to any combination of these items, including any combination of single items or plural items. For example, at least one of a, b, or c can mean: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, and c can be single or multiple.
应理解,在本发明的各种实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。It should be understood that in various embodiments of the present invention, the size of the serial numbers of the above-mentioned processes does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Professional and technical personnel can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of the present invention.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的设备、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working processes of the above-described equipment, devices and units can refer to the corresponding processes in the aforementioned method embodiments and will not be repeated here.
在本发明所提供的几个实施例中,应该理解到,所揭露的设备、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个设备,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed devices, apparatuses and methods can be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the units is only a logical function division. There may be other division methods in actual implementation, such as multiple units or components can be combined or integrated into another device, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the functions are implemented in the form of software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, or the part that contributes to the prior art or the part of the technical solution, can be embodied in the form of a software product. The computer software product is stored in a storage medium, including several instructions for enabling a computer device (which can be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), disk or optical disk, and other media that can store program codes.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以所述权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art who is familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed by the present invention, which should be included in the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.
Claims (6)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410323435.3A CN117971165B (en) | 2024-03-21 | 2024-03-21 | A method and device for generating pseudo-random numbers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410323435.3A CN117971165B (en) | 2024-03-21 | 2024-03-21 | A method and device for generating pseudo-random numbers |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117971165A CN117971165A (en) | 2024-05-03 |
| CN117971165B true CN117971165B (en) | 2024-06-11 |
Family
ID=90863259
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410323435.3A Active CN117971165B (en) | 2024-03-21 | 2024-03-21 | A method and device for generating pseudo-random numbers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117971165B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118611867A (en) * | 2024-05-30 | 2024-09-06 | 东风商用车有限公司 | Random number generation method, device, vehicle and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011076962A1 (en) * | 2009-12-24 | 2011-06-30 | Telefonica, S.A. | Method and system for generating unpredictable pseudo-random numbers |
| CN111190570A (en) * | 2018-11-15 | 2020-05-22 | 北京创原天地科技有限公司 | High-quality random number generator and random number generation method |
| CN113448539A (en) * | 2020-03-24 | 2021-09-28 | 北京奇虎科技有限公司 | Random number generator, method, equipment and storage medium of mobile terminal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230239144A1 (en) * | 2022-01-21 | 2023-07-27 | William David SCHWADERER | Deterministic chaos-based quantum computer resistant data encryption for large scale wide area network solutions |
-
2024
- 2024-03-21 CN CN202410323435.3A patent/CN117971165B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011076962A1 (en) * | 2009-12-24 | 2011-06-30 | Telefonica, S.A. | Method and system for generating unpredictable pseudo-random numbers |
| CN111190570A (en) * | 2018-11-15 | 2020-05-22 | 北京创原天地科技有限公司 | High-quality random number generator and random number generation method |
| CN113448539A (en) * | 2020-03-24 | 2021-09-28 | 北京奇虎科技有限公司 | Random number generator, method, equipment and storage medium of mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| 随机数在加密技术中的应用分析;张仿;计算机应用与软件;20041212(12);106-108 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117971165A (en) | 2024-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11757656B2 (en) | Efficient post-quantum anonymous attestation with signature-based join protocol and unlimited signatures | |
| Zhou et al. | Security and privacy for the industrial internet of things: An overview of approaches to safeguarding endpoints | |
| CN116561789B (en) | Processing method and device of privacy data, electronic equipment and readable storage medium | |
| CN105723651B (en) | Verifiable device | |
| JP7428704B2 (en) | Computer-implemented systems and methods for transferring access to digital resources | |
| Peris-Lopez et al. | LAMED—a PRNG for EPC class-1 generation-2 RFID specification | |
| CN112152785A (en) | XMSS hardware accelerator based on SHA2 and SHA3 combination | |
| Yan et al. | PCBChain: Lightweight reconfigurable blockchain primitives for secure IoT applications | |
| CN116739660A (en) | Lottery drawing method and system based on block chain | |
| JP2023184657A (en) | Computer-Implemented Systems and Methods Including Public Key Bond Verification | |
| US11843695B2 (en) | Distributed entropy system and method | |
| CN111859424B (en) | Data encryption method, system, terminal and storage medium of physical management platform | |
| CN117971165B (en) | A method and device for generating pseudo-random numbers | |
| CN112769548B (en) | Block chain numerical information transmission method, system, device and computer medium | |
| Guo et al. | Continuous improvement of script-driven verifiable random functions for reducing computing power in blockchain consensus protocols | |
| JP2022532764A (en) | Systems and methods for deparallelized mining in proof of work blockchain networks | |
| Wang et al. | A publicly verifiable outsourcing matrix computation scheme based on smart contracts | |
| Zhao et al. | Pratical privacy-preserving convolutional neural network inference framework with edge computing for health monitoring | |
| Mondal et al. | PReFeR: P hysically Re lated F unction bas ed R emote Attestation Protocol | |
| CN114978537B (en) | An identity recognition method, device, equipment and computer-readable storage medium | |
| Xia et al. | Teva: Training-efficient and verifiable aggregation for federated learning for consumer electronics in industry 5.0 | |
| CN117992942A (en) | Virtual image-based authentication method, device and electronic device | |
| CN111371789B (en) | Authentication device, server, authentication system, and authentication method based on confusion incentive | |
| Hsieh et al. | BCsRNG: A Secure Random Number Generator Based on Blockchain | |
| Khalili et al. | Towards Secure and Transparent Global Authentication: A Blockchain-based System Integrating Biometrics and Subscriber Identification Module |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |