Random numbers are used in various encipherment applications, in particular for enciphering the data exchanged in secure communication systems such as professional radiocommunication systems or PMR (“Professional Mobile Radio”). Data encipherment actually requires random numbers such as, for example, secret identification numbers, encipherment keys or initial values for iterative encipherment algorithms, or the like.
A known approach for generating random numbers consists in using a Linear Feedback Shift Register or LFSR. An n-bit LFSR is a pseudo-random number generator which processes a polynomial of degree n. A conventional structure comprises an LFSR of which an input value on 1 bit is provided by the sampled output of an oscillator with high phase noise whose frequency is much higher than the sampling frequency. This input value is called an entropy bit. The LFSR is regulated by a clock signal at the sampling frequency.
This structure, which exhibits in particular the advantage of occupying little silicon surface area and therefore of being well adapted to integrated circuit applications, nevertheless has a drawback. This drawback resides in the fact that the structure generates numbers which, over a long duration, are not totally random, they are correlated with the frequency of the oscillator which is stable since it depends only on the environmental conditions (temperature, voltage, etc.).
Various proposals have been made for increasing the randomness of the numbers generated.
Thus, document U.S. Pat. No. 6,954,770 discloses a structure in which an entropy value on a number N of bits is provided as input to the LFSR, where N is an integer greater than unity. Each entropy bit is provided by the sampled output of a respective oscillator. It is injected as input to one of the shift register elements forming the LFSR, via a logic gate of “Exclusive OR” type coupled additionally to the output of the previous shift register element. This more complex structure does indeed increase the randomness of the numbers generated, but it retains the same drawback described above, that is to say the numbers generated are not totally independent, each oscillator having a stable frequency. Another drawback of this solution is the increase in the power dissipated on account of a larger number of oscillators operating at high frequency.
In document U.S. Pat. No. 6,480,072 it is proposed that the entropy bit supplying an LFSR, or another device such as a CRC (“Cyclic Redundancy Check”) circuit, be obtained by sampling the output of a voltage-controlled oscillator or VCO at a much lower sampling frequency. To decrease the predictability of the phase relation which links the output frequency of the VCO and the sampling frequency, the output frequency of the VCO is modified during each sampling period. This modification is obtained by producing a control voltage for the VCO which results from the combination, in an “Exclusive OR” operator, of the sampling clock signal and of the output of an 8-bit LFSR dedicated to this function alone. This proposal also makes it possible to improve the quality of the random numbers generated, but it is also fairly complex and it has the drawback moreover of using analog modules which are easy to pinpoint on a microchip.