Enhanced ANSI X9.17 pseudorandom number generators with forward security
First Claim
Patent Images
1. A forward secure ANSI X9.17 pseudorandom number generator, comprising a processor which executes instructions for implementing a state machine having:
- an iteration integer i, which takes on integer values that satisfy i>
0;
a key K;
a current state Asi−
1 for each iteration integer i;
an enhanced keyed block cipher F′
K, wherein the enhanced block cipher F′
K is a function obtained by combining a block cipher FK with its input value;
an enhanced next state As′
i for each iteration integer I, given by As′
i=F′
K(Asi−
1); and
an enhanced pseudorandom number generator output Ay′
i for each iteration integer i, wherein the enhanced pseudorandom number generator output Ay′
i is a function of at least one auxiliary input ti, given by Ay′
i=F′
K(F′
K(ti) ⊕
Asi−
1).
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are apparatuses and methods for generating pseudorandom numbers by making the existing ANSI and FIPS PRNGs forward secure and eliminating the need for re-keying them. A forward secure ANSI PRNG is created which includes an enhanced block cipher that is non-invertible even if the key becomes known and a function of the block cipher used in the existing ANSI PRNG. Additionally, the forward secure ANSI PRNG includes an enhanced next state that allows previous states to remain secret even when the key and the current state become known. A forward secure FIPS PRNG is created which includes a computation of an enhanced next state that is noninvertible.
31 Citations
7 Claims
-
1. A forward secure ANSI X9.17 pseudorandom number generator, comprising a processor which executes instructions for implementing a state machine having:
-
an iteration integer i, which takes on integer values that satisfy i>
0;a key K; a current state Asi−
1 for each iteration integer i;an enhanced keyed block cipher F′
K, wherein the enhanced block cipher F′
K is a function obtained by combining a block cipher FK with its input value;an enhanced next state As′
i for each iteration integer I, given by As′
i=F′
K(Asi−
1); andan enhanced pseudorandom number generator output Ay′
i for each iteration integer i, wherein the enhanced pseudorandom number generator output Ay′
i is a function of at least one auxiliary input ti, given by Ay′
i=F′
K(F′
K(ti) ⊕
Asi−
1). - View Dependent Claims (2)
-
-
3. A forward secure ANSI X9.17 pseudorandom number generator, comprising a processor which executes instructions for implementing a state machine comprising:
-
a seed generating function ANSI;
a function operating on the seed generating function ANSI, and which returns a key K and an initial state As0;
an iteration integer i, which takes on integer values that satisfy i>
0;an auxiliary input ti for each iteration integer ti; a current state As′
i−
1 for each iteration integer i;a seeded block cipher FK, wherein FK is keyed by the key K; an enhanced keyed block cipher F′
K, wherein the enhanced seeded block cipher F′
K is keyed by the key K, given by F′
K(x)FK(x)⊕
x, where x is an input value;an enhanced next state As′
i for each iteration integer i, wherein As′
i is given by As′
i=F′
K(Asi−
1)=FK(Asi−
1)⊕
Asi−
1; andan enhanced pseudorandom generator output Ay′
i for each iteration integer i, wherein Ay′
i is is given by Ay′
i=F′
K (FK(ti)⊕
Asi−
1).
-
-
4. A computer readable storage medium storing computer readable program code implementing a forward secure ANSI X9.17 pseudorandom number generator, the computer readable program code comprising instructions for implementing a state machine having:
-
an enhanced keyed block cipher F′
K, wherein the enhanced block cipher F′
K is a function obtained by combining a block cipher FK wit its input value;data encoding an iteration integer i, which takes on integer values that satisfy i>
0;a current state Asi−
1 for each iteration integer i;an enhanced next state As′
i for each iteration integer i, given by As′
i=F′
K(Asi−
1); andan enhanced pseudorandom number generator output Ay′
i for each iteration integer i, wherein the enhanced pseudorandom number generator output Ay′
i is a function of an auxiliary input ti, given by Ay′
i=F′
K(FK(ti)⊕
Asi−
1.
-
-
5. A method for producing forward secure pseudorandom numbers by altering an ANSI X9.17 pseudorandom number generator, comprising:
-
defining an iteration integer i which takes on values satisfying i>
0;replacing a keyed block cipher FK with an enhanced keyed block cipher F′
K, wherein the enhanced keyed block cipher F′
K is a function obtained by combining a block cipher F′
K with its input value; andusing a current state Asi−
1, calculating an enhanced next state As′
i, given by As′
i=F′
K(Asi−
1); anddefining an enhanced pseudorandom generator output Ay′
i and an auxiliary input ti for each iteration integer i, given by Ay′
i=F′
K(FK(ti)⊕
Asi−
1). - View Dependent Claims (6)
-
-
7. A method for producing pseudorandom numbers by altering an ANSI X9.17 pseudorandom number generator, comprising:
-
defining an iteration integer, which takes integer values that satisfy i>
1;enabling an auxiliary input ti for each iteration integer i; defining an enhanced keyed block cipher F′
K seeded with a key K, for an input x, which satisfy F′
K(x)=FK(x)⊕
x;replacing a keyed block cipher FK with the enhanced keyed block cipher F′
K, wherein the enhanced keyed block cipher F′
K is a function obtained by combining FK with its input value;replacing a current state Asi−
1 with an enhanced current state As′
i−
1;replacing a next state Asi with an enhanced next state As′
i, wherein As′
i is defined as a function of the keyed block cipher FK and the current state Asi−
1 for each iteration integer i in accordance with a relationship As′
i=F′
K (Asi−
1)=FK(Asi−
1)⊕
Asi−
1; anddefining an enhanced pseudorandom generator output Ay′
i for each iteration integer i, wherein Ay′
i is defined in accordance with a relationship As′
i=F′
K (FK(ti)⊕
Asi−
1).
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
-
Original AssigneeNTT Docomo Incorporated (Nippon Telegraph and Telephone Corporation)
-
InventorsDesai, Anand, Yin, Yiqun, Hevia, Alejandro
-
Primary Examiner(s)Zand; Kambiz
-
Assistant Examiner(s)Szymanski; Thomas M.
-
Application NumberUS10/267,463Publication NumberTime in Patent Office1,701 DaysField of Search708/254, 708/255, 380/259, 380/268, 380/262US Class Current380/46CPC Class CodesG06F 7/58 Random or pseudo-random num...H04L 9/0662 with particular pseudorando...
