Chaos generator for accumulation of stream entropy
First Claim
1. A digital hardware device, comprising:
- a pseudo-random source, implemented in hardware, configurable for generating a binary pseudo-random input sequence having a first entropy; and
an entropy accumulator, implemented in hardware, coupled to the pseudo-random source and configurable for accumulating the first entropy and providing a binary pseudo-random output sequence based on the accumulated first entropy and a cryptographic prime.
2 Assignments
0 Petitions
Accused Products
Abstract
A chaos generator for accumulating stream entropy is disclosed. The chaos generator includes a random source coupled to an entropy accumulator that is configurable for generating a binary random input sequence. The entropy accumulator is configurable for accumulating entropy of the input sequence and providing a binary random output sequence based on the accumulated entropy. The binary random output sequence is reduced by a modular reduction operation having a modulus that is set equal to a cryptographic prime (e.g., the order of an elliptic curve). The number of iterations performed by the entropy accumulator on the binary random input sequence is selected to provide a binary random output sequence having a desired cryptographic strength. The chaos generator can be part of a signing and verification system that uses fast elliptic encryption for small devices.
-
Citations
29 Claims
-
1. A digital hardware device, comprising:
-
a pseudo-random source, implemented in hardware, configurable for generating a binary pseudo-random input sequence having a first entropy; and an entropy accumulator, implemented in hardware, coupled to the pseudo-random source and configurable for accumulating the first entropy and providing a binary pseudo-random output sequence based on the accumulated first entropy and a cryptographic prime. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of accumulating entropy, comprising:
at a first communication device coupled to a second communication device via an unsecured channel; receiving a first pseudo-random sequence associated with a first entropy; accumulating the first entropy; generating a second binary pseudo-random sequence from the accumulated first entropy and a cryptographic prime; and using the second binary pseudo-random sequence to generate or verify a digital signature to establish a communication session between the first and second communication devices over the unsecured channel. - View Dependent Claims (11, 12, 13, 14, 15)
-
16. A computer-readable medium storing one or more programs configured to be executed by a computer system, the one or more programs comprising:
-
instructions to receive a first pseudo-random sequence associated with a first entropy; instructions to accumulate the first entropy; and instructions to generate a second binary pseudo-random sequence from the accumulated first entropy and a cryptographic prime, wherein the second binary pseudo-random sequence is associated with a second entropy that is higher than the first entropy. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A digital signature generation system, comprising:
-
a processor; a computer readable medium coupled to the processor and having stored thereon instructions, which, when executed by the processor, causes the processor to perform the operations of; receiving a first pseudo-random number; accumulating entropy associated with the first pseudo-random number; generating a second pseudo-random number from the accumulated entropy, wherein the second pseudo-random number is from a finite field of numbers; generating field elements defining a first point on an elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the second pseudo-random number and an initial public point on the elliptic curve; generating a product from a field element, a private key, and a third pseudo-random number from the finite field of numbers, wherein the third pseudo-random number is received from a challenger seeking verification of a digital signature; generating a signature component by summing the product and the second pseudo- random number; reducing the signature component using one or more modular reduction operations, wherein the modular reduction operations are based on a modulus equal to an order of the elliptic curve; and sending the signature component and the field elements to the challenger as a signature for verification by the challenger.
-
-
23. A digital signature verification system, comprising:
-
a processor; a computer readable medium coupled to the processor and having stored thereon instructions, which, when executed by the processor, causes the processor to perform the operations of; generating a first pseudo-random number; accumulating entropy associated with the first pseudo-random number; generating a second pseudo-random number based on the accumulated entropy, wherein the second pseudo-random number is from a finite field of numbers; sending the second pseudo-random number to a signing device; receiving a digital signature packet from the signing device including a first point on an elliptic curve defined over the finite field of numbers and a signature component, wherein the signature is a function of the second pseudo-random number and a third pseudo-random number generated by the signing device; generating a second point on the elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the signature component and an initial public point on the elliptic curve; generating a product from the second point and the second pseudo-random number; reducing the product using one or more modular operations, wherein the modular operations are based on a modulus equal to an order of the elliptic curve; generating a third point on the elliptic curve defined over the finite field of numbers by performing elliptic curve arithmetic on the reduced product and a public point on the elliptic curve representing a public key of the signing device; and evaluating an elliptic identity using the first, second and third points, wherein the result of the evaluation is indicative of either a positive or negative verification of the digital signature.
-
-
24. A communication device, comprising:
-
memory; one or more processors; and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including; instructions to receive a first pseudo-random sequence associated with a first entropy; instructions to accumulate the first entropy; instructions to generate a second binary pseudo-random sequence from the accumulated first entropy and a cryptographic prime; and instructions to use the second binary pseudo-random sequence to generate or verify a digital signature to establish a communication session between the first and second communication devices. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification