The present invention relates to a seed generating circuit, a random number generating circuit, a semiconductor integrated circuit, an IC card, and an information terminal equipment, and more particularly, it relates to a seed generating circuit compactly constructed with a digital logic circuit, capable of generating random numbers with high randomness, and suitable for use in cryptographic algorithm, integrated circuit using the seed generating circuit, an IC card using the seed generating circuit, and an information terminal equipment using the seed generating circuit.
In use of a random number sequence for simulation of a phenomenon accompanied by a probability process or for a security purpose, not only the randomness in a time-sequence but also the randomness in a data sequence acquired by arranging data taken from the random number sequence by using same system clock is important. It is because the random number is used for the method of preventing cryptographic information from being read-out by sampling many data with same system clock, by carrying out computation of the cryptographic data and the random number which were read by sampling many data with same system clock.
A pseudo random number generating circuit is comparatively small. Moreover, the data of a time-sequence acquired by the pseudo random number generating circuit can be used as a random number with comparatively high quality. However, the random number with high quality cannot be obtained in the data sequence made by arranging data taken with a same system clock in a way like first, second, . . . after switching on the power supply of the system.
FIG. 15 is a schematic diagram for explaining this situation. Supposing, the random number sequence is generated by outputting “0” and “1” time-sequentially, whenever the system including the pseudo random number generating circuit is turned ON. Then, the randomness taken along the time-sequence (along the horizontal direction in this figure) is good. However, the randomness taken along the data sequence obtained by sampling data with a same system clock from these random number sequences, (along the vertical direction in this figure) is not always good. For example, the problem that the appearance frequency of one of “0” and “1” is higher than that of the other in the same system clock data sequence arises, as illustrated in FIG. 15. This is because the random number sequence is determined depending on the “initial value” i.e., “seed” of the pseudo random number circuit in the case of the pseudo random numbers.
FIG. 16A through FIG. 16C are schematic diagrams for explaining a role of the seed in the pseudo random number circuit. FIG. 16A expresses the circuit provided the linear feedback shift register of an example of the pseudo random number circuit. In this circuit, data X is outputted one by one in response to the inputted seed. However, if the seed inputted is fixed, the random number sequences (sequence of the horizontal direction in this figure) obtained are also the same. Therefore, the same system clock data sequences (vertical direction in this figure) obtained by sampling data of the same system clock from these random number sequences have always the same order.
Even if a certain circuit which has a role of “disturbing” this sameness is provided, the same system clock data sequence cannot easily become the random number with high quality. That is, even if the seed inputted is rewritten each time, the balance of “0” and “1” shifts from 1:1, or a certain regularity and periodicity exist in many cases, as expressed in FIG. 16C. This is because the randomness of the same system clock data sequence obtained by the pseudo random number circuit depends only on the randomness of the inputted seed. That is, the randomness of the inputted seed becomes very important in the case of the pseudo random number circuit.
Although there are many cases where seed is rewritten by using appropriate software at the time of starting the system, it is almost impossible to give seed the always different randomness by this rewriting. For example, the method that “a sample data is obtained by extracting a part of unreproducible information which changes irregularly over time among the state information generated by the functional media of a mobile terminal. The sample data is inputted into the random number generating part 103 as the seed 102, and a random number 104 is generated.” is disclosed in Japanese Patent Laid-Open Publication No. 2002-215030.
However, even if the sample data itself has the randomness, neither a mechanism with which the balance of “0” and “1” is kept nor a mechanism to preclude periodicity and regularity is not provided in the method disclosed in Japanese Patent Laid-Open Publication No. 2002-215030.
On the other hand, a mechanism with which the seed is always rewritten at random is required in a pseudo random number circuit. That is, the random seed in which a certain randomness which appears in a hardware is used, the balance of “0” and “1” does not shift from 1:1, and there is no regularity and periodicity is required.
There is a method of generating a seed by using the random number generated by the random signal generated by pure physical phenomena such as a thermal noise. However, since the circuit generally becomes large by this method, it is difficult to integrate the circuit in small systems such as a semiconductor integrated circuit, an IC card and various kinds of information terminal equipment, for example.