1. Field of the Invention
The present invention relates to a hybrid architecture for realizing a random numbers generator.
In particular, the invention relates to an architecture having a hybrid digital/noising structure that can be integrated monolithically
With the expression random numbers generator it is indicated a circuitry that can issue upon request one or more bytes not-correlated one to another, i.e. that can be defined as completely random.
The main object is to create a totally unpredictable bytes sequence, thus a sequence of bytes having a theoretically infinite period and an uniform distribution.
The scope is that of improving the features of a random numbers generator in order to reach the best possible statistical conditions.
2. Description of the Related Art
As it is well known, the random numbers generators are of increasing interest, in particular in the landscape of Internet applications, in relation with the need of obtaining electric transmission systems always surer and surer, using a more and more sophisticated cryptography system.
In particular, the Internet explosion will allow an increasing number of users to perform even more critical and complex operations, for example shopping on Web directly paid by credit cards, request for official documents or communication, or other no free of charge services. Such operations emphasize the need of digital authentication and certification device to be provided, as the electronic signature.
It is obvious that a sophisticated coding system would be as surer as the used key for the cryptographic algorithm is unknown and unpredictable.
It should be also noted that random numbers are also used in several scientific search and technology areas. So, the random number generators (RNG) are important devices for the simulation phase of a lot of phenomenons (for example, in the nuclear physic field), in all situation where impartial decisions are to be made, in evaluating the algorithms' complexity or in solving numerical analysis. In particular, a different application field would require a RNG with different properties.
The main characteristics of a cryptography system are the following:                secrecy: the message to be send should be decodified and read by the addressee only;        authentication: the addressee receiving a message should be sure of the sender identity;        integrity: the content of the message should be sure;        sender identity guarantee: the sender should be prevented to deny a message transmission (digital signature).        
The object of a cryptographic algorithm is making as complex as possible the decodification of a cipher message without knowing the appropriate key. In case of a good working cryptographic algorithm, the only possible way in order to obtain a plain text from a cipher message is to try all possible key in order to identify the correct one: the number of proofs increases in an exponential manner with the key length.
So, the main operation in order to obtain a secure cryptographic system is the creation of the key, which should be as long and random as possible.
It should be noted that two main types of systems for generating random numbers are currently used.
Digital Systems
They are mainly pseudo-random generators. Such devices are based on a substantially digital core which can provide a numbers sequence having a really long period.
They can be assimilated to states machines which realize algorithms and extremely complex functions having a difficult capture. In most cases, the finding of the function which generates the sequence could even need hundred years of computational time.
In particular, in order to generate a random number, the known generator, implemented by computing system, uses random variables which are connected to the system or external to it.
Internal random variables of a computing system such as a personal computer (PC) are the following:                system status variables, like the clock time, the serial numbers of the PC (for example, the Ethernet serial number and so on);        the number of files stored in the hard disk or in a particular directory;        the empty space on the hard disk;        the information contained in several buffers of the computer, the I/O content or the video driver information;        the number of tasks within the operating system, the corresponding ID or sizes;        the central memory state;        information defined by the user (size or positioning of the windows, used colors, file names, . . . ).        
The above listed internal variables are interesting from the point of view of their random character but show the limitation of the number of random bits they can provide and thus they are not so reliable from the secrecy point of view.
External random variables are the following:                content of the keys selected on the keyboard;        time length between one selected key and the following;        measures of time and position of the mouse movements;        arrival time of bit sequences on the network.        
All the above listed external variables show a good random degree and are in some way dependent on the user actions.
In any case, the random sequence so obtained is generally not used per se but is processed by suitable algorithms in order to increase their random character and thus the security of the cipher message.
The most known techniques that provide for this kind of devices are the following:                LCG (Linear Congruence Generator) technique that provides for a numerical sequence of the type:Xn=a1 Xn−1+C(mod m)  (1)        
where m, a e C are the parameters that randomize the sequence, respectively known as module, multiplier and additional constant.                MRG (Multiple Recursive Generator) technique that provides for a numerical recurrent sequence of the type:Xn=a1Xn−1+a2Xn−2+. . .+akXn−k(mod m)  (2)        
In particular, the above recurrent formula (2) corresponds to a primitive polinomy division and can be implemented by a so-called LFSR (Linear Feedback Shift Register), schematically shown in FIG. 1.
In particular, the LFSR 10 of FIG. 1 comprises a shift register 11 receiving a first input signal INPUT and providing an output signal OUT.
The shift register 11 is connected in a loop-like manner to a primitive polinomy generator 12, in turn receiving a second input signal IN.
Actually, in order to realize a pseudo-random generator according to the prior art techniques, a circuitry combining different LFSRs to obtain a more complicated sequence is used.
In particular, as schematically shown in FIG. 2, such a technique realizes a random numbers generator or RNG by means of combinations of LFSRs.
The generator RNG 20 of FIG. 2 comprises a first LFSR1, a second LFSR2 and a third register LFSR3, receiving an irregular clock signal issued by a clock generator 21 in turn comprising a set of clock oscillators CLK L1, CLK L2, CLK H1, CLK H2.
In particular, within the clock generator 21, the clock oscillator CLK L1 is connected to the clock oscillators CLK H1 and CLK H2, the clock oscillator CLK L2 is connected to the clock oscillators CLK H1 and CLK H2, the clock oscillator CLK H2 is connected to the clock oscillator CLK H1. Moreover, the output of the clock oscillator CLK H1 is connected to the registers LFSR1, LFSR2, LFSR3.
The first register LFSR1 is connected to the second register LFSR2, in turn connected to an output terminal OUT_RNG of the generator RNG 20.
Finally, the third register LFSR3 is connected to the first register LFSR1 by means of a scrambling device 22.
It is also known to combine the above described techniques.
The digital systems just described have the advantage of being totally reliable and of guaranteeing a sequence which is complicated at the most possible level but substantially always deterministic.
Analog Systems
Such techniques find their basis in the detection of natural phenomenons that are per se random. The most common used techniques are the followings:                Direct amplification of a noise, such as a thermal noise generated by a resistor or during a radioactive source emission.        Use of analog features of a chaotic circuit which is really sensible to parameters variations or to the initial conditions. In such a way, the common process imperfections or the reference voltage errors generate sequences totally not-correlated one to another.        Use of a composition of amplifiers, analog filters, connected to noise sources.        
According to the first technique, a high gain and wide band amplifier is used in order to process a small signal issued form a thermal noise source (the so-called shot noise). The noise signal should be amplified up to a level whereat it can be compared by means of a comparator showing no bias and provided with a clock signal.
However, the absence of a suitable protection with respect to the noise source from external noises due to the power supply and to the substrate does not allow one to use such a technique in integrated applications.
On the contrary, according to the second technique, a chaotic circuit can be obtained, for example, from a cascade of n analog/digital converter (ADC) stages and a Sample & Hold circuit, in other words by means of a known n bit analog/digital (A/D) converter. In particular, such a chaotic circuit realizes the Bernoulli map following the equation:Xn=2(Xn−1+e(n))(mod 1.0)(3)
where e(n) is a Gaussian noise signal.
Finally, according to the third technique, an oscillator sampling can be used in order to realize a random generator, where a random signal is obtained starting from the phase noise of an oscillator.
In particular, an output signal from a fast oscillator is sampled by means of a D-type flip-flop (DFF) receiving as clock signal an output signal of a slow oscillator. In such a case, the evolution of the fast oscillator guarantees random samples obtained from the DFF, by simply fixing the oscillators frequencies ratio.
The analog systems just described (also known as TRUE RANDOM) have the main advantage of furnishing all random sequences. However, they require a deep attention during the design phase. It is in fact too simple that a minor imperfection in the system so realized degrades the performance of the system itself in such a way that it can no more be used.