1. Field of the Invention
The present invention relates to a random number generating apparatus, more particularly, to a random number generating apparatus that is used as a random number source for an encryption algorithm.
2. Description of the Related Background Art
In association with the development of the Internet and Intranet, new market areas such as international transactions, transactions among different industries, electronic data interchange (EDI), and the like are being actively exploited. Due to openness of the Internet, it is necessary to take countermeasures against illegal acts (tapping, falsification, pretending, destructive action, and the like) on information signals transmitted and received in communication networks. Development of a security technique is urgently demanded.
Encryption technology is widely used to assure the security of communication networks. For example, there is a digital signature algorithm (DSA) standardized in the U.S. In encryption devices employing such an algorithm, it is necessary to generate random numbers each time a signature is generated. Random numbers to be used in the devices are desirable to be xe2x80x9cinformation-theoretically (cryptographically) securexe2x80x9d.
The xe2x80x9ccryptographically securexe2x80x9d random numbers denote random numbers which satisfy a condition such that xe2x80x9cother bits cannot be estimated from an arbitrary part of a random number sequence with a probability of more than 50%xe2x80x9d. Since the condition is very strict, however, the following evaluation measures may practically be used. That is,
(1) equality between occurrence frequency of 0 and that of 1,
(2) long periodicity,
(3) non-linearity,
(4) high linear complexity, and
(5) non-correlation.
These are necessary conditions. Non-linearity denotes that random numbers are not an output itself of a linear feedback shift register. The maximum period of a sequence which can be generated by linear feedback shift registers of a stages is equal to 2nxe2x88x921. The sequence of the period 2nxe2x88x921 is called an M sequence (maximum length shift register sequence). The M sequence, therefore, which is often used as pseudo-random numbers does not satisfy the non-linearity condition.
The linear complexity of the random number sequence denotes the minimum and equivalent number of stages of the linear feedback shift registers to generate the sequence. In case of the M sequence with the period 2nxe2x88x921 as an example, since it is a sequence of the maximum period that is generated by the linear feedback shift registers of n stages, the linear complexity of the M sequence is equal to n. When the linear complexity is low, an equivalent random number generator can be readily constructed. Thus the random numbers of low linear complexity cannot be cryptographically secure, since unknown bits are easily predicted.
Non-correlation denotes that, for example, the bits in a portion of random numbers are independent from those of the other portions. When there is a correlation, on the contrary, unknown bits can be easily estimated.
Hitherto, as a random number source of the encryption algorithm, pseudo-random numbers have generally been used. The pseudo-random numbers, however, cannot be cryptographically secure in view of the above-mentioned evaluation measures. That is, since the pseudo-random numbers are generated by a certain arithmetic process or a combination of functions, the same random numbers can be generated by giving the same initial conditions. An encryption method using the pseudo-random numbers can be, therefore, easily predicted and the generated cipher readily deciphered. It is insufficient in terms of ensuring security.
As a method of generating random numbers that is close to xe2x80x9ctrulyxe2x80x9d random numbers, there is an apparatus utilizing a natural phenomenon, for example, a decay of a radioactive material or the like. It has, however, a drawback that the apparatus is large and complicated.
Thus, a random number generating apparatus of compact size which achieves high security and can be easily assembled in a personal computer or the like is therefore demanded.
The invention is made in consideration of the aforementioned drawbacks and it is an object to provide a random number generating apparatus and the method for generating binary random numbers which are cryptographically secure and is adapted for miniaturization.
A random number generating apparatus according to the present invention comprises: a semiconductor device having a junction; reverse bias applying circuit for applying a reverse bias voltage of a degree so as to cause a breakdown current in the junction; and a binarizing circuit for binarizing a noise signal created in a current path including said junction for generating random numbers from the binarized signal.