- 浏览: 539990 次
- 性别:
- 来自: 杭州
文章分类
最新评论
-
GGGGeek:
看完了博主的博文,如果没猜错的话应该是浙大吧?很多优秀的人因为 ...
转《D君的故事》 以时刻警示自己 -
游牧民族:
楼主写的不错,学习了,最近对爬虫比较感兴趣,也写了些爬虫相关的 ...
通用爬虫框架及heritrix爬虫介绍 -
jimmee:
jerome_s 写道ice 你怎么看? 粗略的看了一下ice ...
MessagePack, Protocol Buffers和Thrift序列化框架原理和比较说明 -
jerome_s:
ice 你怎么看?
MessagePack, Protocol Buffers和Thrift序列化框架原理和比较说明 -
jimmee:
nk_tocean 写道照着做了,但是不行啊,还是乱码.先确认 ...
hive编写udf处理非utf-8数据
In this chapter we introduce a simple specialized machine called a linear feedback shift register (LFSR). We describe how it works, discover interesting applications, and study its limitations. Later, in the book, we will repeat the same process with a general-purpose computer.
One-time pad. As motivation for studying linear feedback shift registers, we will first consider an interesting application to cryptography. Cryptography is the science of creating secret codes, e.g., suppose Alice wants to send a secret message to Bob over the Internet. Alice's first step is to encrypt the message. Encrypting a message means transforming it into another message. She will send this encrypted message over the Internet. Of course, for the cryptographic scheme to be useful, Bob must be able to decrypt the encrypted message back into its original form. A one-time pad is a simple encryption method that is provably secure. That is, even if a malicious third party Eve is able to intercept the encrypted message, she will not be able to glean any information about the contents of the original message, other than its length.
Encryption. Now, we describe how Alice can use a one-time pad to send Bob a message.
* First, we'll assume that Alice's message consists of N bits. A bit is one of two values 0 (false) or 1 (true). If Alice's message consists of text, then she must first pre-process it into a sequence of bits. A simple scheme for doing this is to use the Base64 encoding of the text: replace every occurrence of the letter 'A' with 000000, 'B' with 000001, and so forth according to the table below:
Binary Char Binary Char Binary Char Binary Char Binary Char Binary Char
000000 A 001011 L 010110 W 100001 h 101100 s 110111 3
000001 B 001100 M 010111 X 100010 i 101101 t 111000 4
000010 C 001101 N 011000 Y 100011 j 101110 u 111001 5
000011 D 001110 O 011001 Z 100100 k 101111 v 111010 6
000100 E 001111 P 011010 a 100101 l 110000 w 111011 7
000101 F 010000 Q 011011 b 100110 m 110001 x 111100 8
000110 G 010001 R 011100 c 100111 n 110010 y 111101 9
000111 H 010010 S 011101 d 101000 o 110011 z 111110 +
001000 I 010011 T 011110 e 101001 p 110100 0 111111 /
001001 J 010100 U 011111 f 101010 q 110101 1
001010 K 010101 V 100000 g 101011 r 110110 2
For example, to encode the 9-character message SENDMONEY, we would use the following sequence of N = 54 bits.
S E N D M O N E Y (message)
010010000100001101000011001100001110001101000100011000 (message bits)
It is also possible to convert audio, image, or video data into a sequence of bits. Digital computers do exactly this to store MP3, JPEG, and DivX files on your computer.
* Now, we assume Alice and Bob have agreed on a random sequence of N bits ahead of time, which they each know, but have kept it a secret from the rest of the world. These random bits are called the one-time pad. In the example above, Alice and Bob need to share 54 bits ahead of time, say
110010010011110110111001011010111001100010111111010010 (one-time pad)
* Alice encrypts her message by lining it up with the one-time pad, combines pairs of bits using the exclusive or (XOR) function. The XOR function of two bits is 0 if the sum of the two bits is even and 1 if the sum is odd. Equivalently, the XOR function of two bits is 0 if the bits are the same, and 1 if they are different. The truth table below characterizes the behavior of the XOR function.
x y XOR
0 0 0
0 1 1
1 0 1
1 1 0
Applying the XOR function to Alice's message bits and the one-time pad yields:
010010000100001101000011001100001110001101000100011000 (message bits)
^ 110010010011110110111001011010111001100010111111010010 (one-time pad)
------------------------------------------------------
100000010111111011111010010110110111101111111011001010 (encrypted bits)
We note that ^ is the Java symbol for exclusive or. We use the XOR function to prevent an eavesdropper from discovering the original message. If each bit of the one-time pad is chosen according to a fair and independent coin flip, then the corresponding bit in Alice's message also has an equal chance of winding up 0 or 1. To an eavesdropper, the encrypted bits are indistinguishable from a sequence of random coin flips.
* Finally, Alice converts the encrypted bits back to text using Base64 encoding.
100000010111111011111010010110110111101111111011001010 (encrypted bits)
g X 7 6 W 3 v 7 K (encrypted message)
Alice encrypts the message "SENDMONEY" and sends it to Bob.
Decryption. Bob decrypts the encrypted message by applying the exact same procedure.
* First, he converts the encrypted message to bits using the Base64 encoding.
* Next, he takes the XOR of the encrypted message with the one-time pad.
* Finally, he converts the bits to text using Base64 encoding.
g X 7 6 W 3 v 7 K (encrypted message)
100000010111111011111010010110110111101111111011001010 (encrypted bits)
^ 110010010011110110111001011010111001100010111111010010 (one-time pad)
------------------------------------------------------
010010000100001101000011001100001110001101000100011000 (message bits)
S E N D M O N E Y (message)
Implementation. To implement one-time pads, we must generate and distribute long sequences of random bits since the number of random bits required is equal to the number of bits in the message we wish to send. To ensure security, we must not reuse the bits - hence the name one-time pad.
A simple machine. A LFSR is a simple machine that captures many of the properties of real computers. One of its main application is generating pseudo-random bits. To generate a random bit, we could flip a fair coin and associate heads with 0 and tails with 1. This is horrendously tedious if we need to generate a million random bits. Instead, we would like to produce random bits automatically, using some kind of mechanical device. However, traditional computers are deterministic: they follow a proscribed set of rules, and given the same input, they always produce the same output. Nevertheless, it is possible to generate sequence of random bits that "look" like truly random bits. Such sequences are called pseudo-random. Robert R. Coveyou once remarked, "The generation of random numbers is too important to be left to chance." But according to the famous physicist John von Neumann, "anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." Prepare yourself, as we are about to enter a state of sin.
A LFSR is comprised of four components. A cell is a storage element that holds one bit. A register is a sequence of cells. The behavior of the LFSR changes at discrete time intervals, when the clock ticks. A shift register is a register whose bits propagate one cell to the left when the clock ticks. Whatever bit is stored in cell i at time t is stored in cell i + 1 at time t + 1. To completely characterize the behavior of the machine, we must specify what happens at the boundary conditions (cell 0 and cell 10). We simply discard the bit stored in cell 10 since there is no room to store it in the next time step. The bit stored in cell 0 at time t + 1 is the exclusive or (XOR) of the bits stored in cells 8 and 10 at time t. Below are the contents of an 11-bit LFSR after the first eight time steps.
time | X 9 8 7 6 5 4 3 2 1 0
---------------------------------------
0 | 0 1 1 0 1 0 0 0 0 1 0
---------------------------------------
1 | 1 1 0 1 0 0 0 0 1 0 1
2 | 1 0 1 0 0 0 0 1 0 1 1
3 | 0 1 0 0 0 0 1 0 1 1 0
4 | 1 0 0 0 0 1 0 1 1 0 0
5 | 0 0 0 0 1 0 1 1 0 0 1
6 | 0 0 0 1 0 1 1 0 0 1 0
7 | 0 0 1 0 1 1 0 0 1 0 0
8 | 0 1 0 1 1 0 0 1 0 0 1
9 | 1 0 1 1 0 0 1 0 0 1 0
...
The description above completely specifies the behavior of the machine, except for the starting input or seed. Any value other than all 0's will do. If we specify 001101000010 as the seed, then the first 8 steps of the machine evolves as above. It is interesting in consider the sequence of bits that appear in cell 0. The first 1000 such bits are listed below.
110010010011110110111001011010111001100010111111010010000100110100101
111001100100111111101110000010101100010000111010100110100001111001001
100111011111110101000001000010001010010101000110000010111100010010011
010110111100011010011011100111101011110010001001110101011101000001010
010001000110101010111000000010110000010011100010111011010010101100110
000111111100110000011111100011000011011110011101001111010011100100111
011101110101010101000000000010000000010100000010001000010101010010000
000110100000111001000110111010111010100010100001010001001000101011010
100001100001001111001011100111001011110111001001010111011000010101110
010000101110100100101001101100011110111011001010101111000000100110000
101111100100100011101101011010110001100011101111011010100101100001100
111001111110111100001010011001000111111010110000100011100101011011100
001101011001110001111101101100010110111010011010100111100001110011001
101111111110100000001001000001011010001001100101011111100001000011001
0100111110001110001101101101110110....
Can you see any pattern? These bits are not truly random, since they arise from a precise set of rules. Once the machine is started with a given seed, the same sequence of bits is produced.
Analysis. Now that we have a machine (LFSR) that generates pseudo-random bits, we are interested in analyzing properties of the machine and the bits they produces.
* Repeating sequences. A natural question is to ask whether or not the bits repeat. For example, the sequence 1110111101111011110111101 repeats after every 5 bits. After very careful and tedious inspection, you might notice that the pattern of bits produced by the machine above repeats every 2047 steps, but not before. In fact, you would get a cycle length of 2047 regardless of the initial seed (as long as it is nonzero). This is essentially the best you can hope for with any 11-bit machine. The state of the LFSR is characterized by 11 bits, so the machine only has 211 = 2048 possible states. Once it revisits a state, it gets caught in a loop, and will repeat the same sequence of values forever. The LFSR can only go 2048 steps without revisiting a state.
* Randomness. A sequence which takes a large number of steps to repeat is clearly necessary if we want a pseudo-random number generator, but it is not sufficient. For example, counting from 0 to 2047 in binary has the same property, but is far from anything we would consider to be random....
* Taps. The cells that are XOR'ed together are called taps. What happens if we choose a different set of taps instead of 8 and 10? It turns out that the choice of taps is very important. The taps 1 and 10 would also produce a cycle of length 2047. However, if we chose 4 and 10 as the taps, the cycle length would decrease to 595 (for the same starting seed value). Understanding why this is the case requires mathematics beyond the scope of this book (abstract algebra and finite fields).
* Scalability. The 11-bit LFSR produces 2047 pseudo-random bits before repeating. What if we need more? The LFSR naturally extends to store more bits. With a careful choice of tap positions, it is possible to get pseudo-random bits with a cycle length of 1 million with 20 cells (taps 2 and 19), or 1 billion with 30 cells (taps 0, 3, 5, and 29). Here are some taps of maximal length taps for N-bit linear feedback shift registers.
* Security. Berlekamp and Massey discovered an amazing algorithm that can reconstruct an N-bit LFSR after seeing only 2N bits. That is, after seeing the first 2N bits from any LFSR, the Berlekamp-Massey algorithm can correctly predict every future bit. Thus, we should not use a LFSR to generate random bits for a one time pad in a mission critical application because a knowledgeable adversary can break the system. In Section 7.9 we will consider cryptographic methods that cannot be so easily circumvented.
One of the major drawbacks of one-time pads is key distribution. The two parties must exchanges private keys prior to their communication. Until somewhat recently, the White House and Kremlin would communicate this way. They employed trusted couriers who would travel with the one-time pads in a briefcase, handcuffed to themselves. Another problem is that if Alice sends Bob a message, there is no way that Bob can prove to a third party that Alice really sent it. In Section 10.x we will consider the very widely used RSA cryptosystem, which overcomes these obstacles and more.
Other applications. Most modern military cryptosystems use LFSR in some form. Cray supercomputers even have a built-in instruction called population count that directly supports the simulation of LFSRs, and this support is required in some government contracts! (Reference: Applied Crypto, p. 380)
DVD encryption. Another application of LFSRs is to encrypt DVDs with CSS (content scrambling system). CSS was designed to prevent copying DVD content and to prevent playing DVDs designed for one region in the world from being played in another region. CSS relies on two LFSRs (one of 17 bits, the other of 25 bits) and a 40-bit key to encrypt the data on a DVD. To play back the DVD, you need licensed hardware or software that is capable of decrypting the data. Since the CSS license is incompatible with open source software, Linux users could not play DVDs on their own computers. On October 6, 1999, in response to this dire situation, Norwegian teenager Jon Johansen released a program called DeCSS which decrypts CSS-encrypted DVDs and allows them to be played back (or copied). The security of the CSS encryption scheme relied on the bits generated from the LFSR to be random. However, they are not random, and this enabled programmers to completely reverse engineer the scheme and break the CSS system.
Context. The LFSR shares many important properties with everyday computers. Both are build from simple components; both scale to solve huge problems; both require a deep understanding to use effectively.
Basic Component LFSR Computer
Control Start, stop, load Start, stop, load
Clock Regular pulse 2.8 GHz pulse
Memory 11 bits 512 MB
Input Seed Sequence of bits
Computation XOR, shift Logic, arithmetic, ...
Output Pseudo-random bits Sequence of bits
The critical difference between a LFSR and a computer is that a computer can be programmed to simulate any abstract machine.
Simulating an LFSR in Java. It is possible to build an LFSR out of physical components. Another way to study its behavior is by writing a Java program. You will learn about writing Java programs soon, but to give you an idea, the Java program LFSR.java prints out the first N bits of the LFSR described above, where N is a parameter specified by the user. Even without any programming experience, you may be able to glean information from the code. In Java a boolean variables stores one of two values, true or false. The ^ operator means exclusive or.
/*************************************************************************
* Compilation: javac LFSR.java
* Execution: java LFSR N
*
* Simulate a LFSR for N steps and print results.
*
* % java LFSR 40
* 0100110010000001100010001011101010111100
*
*************************************************************************/
public class LFSR {
public static void main(String[] args) {
// initial fill
boolean[] a = { false, true, false, false, false,
false, true, false, true, true, false
};
int T = Integer.parseInt("40"); // number of steps
int N = a.length; // length of register
int TAP = 8; // tap position
// Simulate operation of shift register.
for (int t = 0; t < T; t++) {
// Simulate one shift-register step.
boolean next = (a[N-1] ^ a[TAP]); // Compute next bit.
for (int i = N-1; i > 0; i--)
a[i] = a[i-1]; // Shift one position.
a[0] = next; // Put next bit on right end.
if (next) System.out.print("1");
else System.out.print("0");
}
System.out.println();
}
}
One-time pad. As motivation for studying linear feedback shift registers, we will first consider an interesting application to cryptography. Cryptography is the science of creating secret codes, e.g., suppose Alice wants to send a secret message to Bob over the Internet. Alice's first step is to encrypt the message. Encrypting a message means transforming it into another message. She will send this encrypted message over the Internet. Of course, for the cryptographic scheme to be useful, Bob must be able to decrypt the encrypted message back into its original form. A one-time pad is a simple encryption method that is provably secure. That is, even if a malicious third party Eve is able to intercept the encrypted message, she will not be able to glean any information about the contents of the original message, other than its length.
Encryption. Now, we describe how Alice can use a one-time pad to send Bob a message.
* First, we'll assume that Alice's message consists of N bits. A bit is one of two values 0 (false) or 1 (true). If Alice's message consists of text, then she must first pre-process it into a sequence of bits. A simple scheme for doing this is to use the Base64 encoding of the text: replace every occurrence of the letter 'A' with 000000, 'B' with 000001, and so forth according to the table below:
Binary Char Binary Char Binary Char Binary Char Binary Char Binary Char
000000 A 001011 L 010110 W 100001 h 101100 s 110111 3
000001 B 001100 M 010111 X 100010 i 101101 t 111000 4
000010 C 001101 N 011000 Y 100011 j 101110 u 111001 5
000011 D 001110 O 011001 Z 100100 k 101111 v 111010 6
000100 E 001111 P 011010 a 100101 l 110000 w 111011 7
000101 F 010000 Q 011011 b 100110 m 110001 x 111100 8
000110 G 010001 R 011100 c 100111 n 110010 y 111101 9
000111 H 010010 S 011101 d 101000 o 110011 z 111110 +
001000 I 010011 T 011110 e 101001 p 110100 0 111111 /
001001 J 010100 U 011111 f 101010 q 110101 1
001010 K 010101 V 100000 g 101011 r 110110 2
For example, to encode the 9-character message SENDMONEY, we would use the following sequence of N = 54 bits.
S E N D M O N E Y (message)
010010000100001101000011001100001110001101000100011000 (message bits)
It is also possible to convert audio, image, or video data into a sequence of bits. Digital computers do exactly this to store MP3, JPEG, and DivX files on your computer.
* Now, we assume Alice and Bob have agreed on a random sequence of N bits ahead of time, which they each know, but have kept it a secret from the rest of the world. These random bits are called the one-time pad. In the example above, Alice and Bob need to share 54 bits ahead of time, say
110010010011110110111001011010111001100010111111010010 (one-time pad)
* Alice encrypts her message by lining it up with the one-time pad, combines pairs of bits using the exclusive or (XOR) function. The XOR function of two bits is 0 if the sum of the two bits is even and 1 if the sum is odd. Equivalently, the XOR function of two bits is 0 if the bits are the same, and 1 if they are different. The truth table below characterizes the behavior of the XOR function.
x y XOR
0 0 0
0 1 1
1 0 1
1 1 0
Applying the XOR function to Alice's message bits and the one-time pad yields:
010010000100001101000011001100001110001101000100011000 (message bits)
^ 110010010011110110111001011010111001100010111111010010 (one-time pad)
------------------------------------------------------
100000010111111011111010010110110111101111111011001010 (encrypted bits)
We note that ^ is the Java symbol for exclusive or. We use the XOR function to prevent an eavesdropper from discovering the original message. If each bit of the one-time pad is chosen according to a fair and independent coin flip, then the corresponding bit in Alice's message also has an equal chance of winding up 0 or 1. To an eavesdropper, the encrypted bits are indistinguishable from a sequence of random coin flips.
* Finally, Alice converts the encrypted bits back to text using Base64 encoding.
100000010111111011111010010110110111101111111011001010 (encrypted bits)
g X 7 6 W 3 v 7 K (encrypted message)
Alice encrypts the message "SENDMONEY" and sends it to Bob.
Decryption. Bob decrypts the encrypted message by applying the exact same procedure.
* First, he converts the encrypted message to bits using the Base64 encoding.
* Next, he takes the XOR of the encrypted message with the one-time pad.
* Finally, he converts the bits to text using Base64 encoding.
g X 7 6 W 3 v 7 K (encrypted message)
100000010111111011111010010110110111101111111011001010 (encrypted bits)
^ 110010010011110110111001011010111001100010111111010010 (one-time pad)
------------------------------------------------------
010010000100001101000011001100001110001101000100011000 (message bits)
S E N D M O N E Y (message)
Implementation. To implement one-time pads, we must generate and distribute long sequences of random bits since the number of random bits required is equal to the number of bits in the message we wish to send. To ensure security, we must not reuse the bits - hence the name one-time pad.
A simple machine. A LFSR is a simple machine that captures many of the properties of real computers. One of its main application is generating pseudo-random bits. To generate a random bit, we could flip a fair coin and associate heads with 0 and tails with 1. This is horrendously tedious if we need to generate a million random bits. Instead, we would like to produce random bits automatically, using some kind of mechanical device. However, traditional computers are deterministic: they follow a proscribed set of rules, and given the same input, they always produce the same output. Nevertheless, it is possible to generate sequence of random bits that "look" like truly random bits. Such sequences are called pseudo-random. Robert R. Coveyou once remarked, "The generation of random numbers is too important to be left to chance." But according to the famous physicist John von Neumann, "anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." Prepare yourself, as we are about to enter a state of sin.
A LFSR is comprised of four components. A cell is a storage element that holds one bit. A register is a sequence of cells. The behavior of the LFSR changes at discrete time intervals, when the clock ticks. A shift register is a register whose bits propagate one cell to the left when the clock ticks. Whatever bit is stored in cell i at time t is stored in cell i + 1 at time t + 1. To completely characterize the behavior of the machine, we must specify what happens at the boundary conditions (cell 0 and cell 10). We simply discard the bit stored in cell 10 since there is no room to store it in the next time step. The bit stored in cell 0 at time t + 1 is the exclusive or (XOR) of the bits stored in cells 8 and 10 at time t. Below are the contents of an 11-bit LFSR after the first eight time steps.
time | X 9 8 7 6 5 4 3 2 1 0
---------------------------------------
0 | 0 1 1 0 1 0 0 0 0 1 0
---------------------------------------
1 | 1 1 0 1 0 0 0 0 1 0 1
2 | 1 0 1 0 0 0 0 1 0 1 1
3 | 0 1 0 0 0 0 1 0 1 1 0
4 | 1 0 0 0 0 1 0 1 1 0 0
5 | 0 0 0 0 1 0 1 1 0 0 1
6 | 0 0 0 1 0 1 1 0 0 1 0
7 | 0 0 1 0 1 1 0 0 1 0 0
8 | 0 1 0 1 1 0 0 1 0 0 1
9 | 1 0 1 1 0 0 1 0 0 1 0
...
The description above completely specifies the behavior of the machine, except for the starting input or seed. Any value other than all 0's will do. If we specify 001101000010 as the seed, then the first 8 steps of the machine evolves as above. It is interesting in consider the sequence of bits that appear in cell 0. The first 1000 such bits are listed below.
110010010011110110111001011010111001100010111111010010000100110100101
111001100100111111101110000010101100010000111010100110100001111001001
100111011111110101000001000010001010010101000110000010111100010010011
010110111100011010011011100111101011110010001001110101011101000001010
010001000110101010111000000010110000010011100010111011010010101100110
000111111100110000011111100011000011011110011101001111010011100100111
011101110101010101000000000010000000010100000010001000010101010010000
000110100000111001000110111010111010100010100001010001001000101011010
100001100001001111001011100111001011110111001001010111011000010101110
010000101110100100101001101100011110111011001010101111000000100110000
101111100100100011101101011010110001100011101111011010100101100001100
111001111110111100001010011001000111111010110000100011100101011011100
001101011001110001111101101100010110111010011010100111100001110011001
101111111110100000001001000001011010001001100101011111100001000011001
0100111110001110001101101101110110....
Can you see any pattern? These bits are not truly random, since they arise from a precise set of rules. Once the machine is started with a given seed, the same sequence of bits is produced.
Analysis. Now that we have a machine (LFSR) that generates pseudo-random bits, we are interested in analyzing properties of the machine and the bits they produces.
* Repeating sequences. A natural question is to ask whether or not the bits repeat. For example, the sequence 1110111101111011110111101 repeats after every 5 bits. After very careful and tedious inspection, you might notice that the pattern of bits produced by the machine above repeats every 2047 steps, but not before. In fact, you would get a cycle length of 2047 regardless of the initial seed (as long as it is nonzero). This is essentially the best you can hope for with any 11-bit machine. The state of the LFSR is characterized by 11 bits, so the machine only has 211 = 2048 possible states. Once it revisits a state, it gets caught in a loop, and will repeat the same sequence of values forever. The LFSR can only go 2048 steps without revisiting a state.
* Randomness. A sequence which takes a large number of steps to repeat is clearly necessary if we want a pseudo-random number generator, but it is not sufficient. For example, counting from 0 to 2047 in binary has the same property, but is far from anything we would consider to be random....
* Taps. The cells that are XOR'ed together are called taps. What happens if we choose a different set of taps instead of 8 and 10? It turns out that the choice of taps is very important. The taps 1 and 10 would also produce a cycle of length 2047. However, if we chose 4 and 10 as the taps, the cycle length would decrease to 595 (for the same starting seed value). Understanding why this is the case requires mathematics beyond the scope of this book (abstract algebra and finite fields).
* Scalability. The 11-bit LFSR produces 2047 pseudo-random bits before repeating. What if we need more? The LFSR naturally extends to store more bits. With a careful choice of tap positions, it is possible to get pseudo-random bits with a cycle length of 1 million with 20 cells (taps 2 and 19), or 1 billion with 30 cells (taps 0, 3, 5, and 29). Here are some taps of maximal length taps for N-bit linear feedback shift registers.
* Security. Berlekamp and Massey discovered an amazing algorithm that can reconstruct an N-bit LFSR after seeing only 2N bits. That is, after seeing the first 2N bits from any LFSR, the Berlekamp-Massey algorithm can correctly predict every future bit. Thus, we should not use a LFSR to generate random bits for a one time pad in a mission critical application because a knowledgeable adversary can break the system. In Section 7.9 we will consider cryptographic methods that cannot be so easily circumvented.
One of the major drawbacks of one-time pads is key distribution. The two parties must exchanges private keys prior to their communication. Until somewhat recently, the White House and Kremlin would communicate this way. They employed trusted couriers who would travel with the one-time pads in a briefcase, handcuffed to themselves. Another problem is that if Alice sends Bob a message, there is no way that Bob can prove to a third party that Alice really sent it. In Section 10.x we will consider the very widely used RSA cryptosystem, which overcomes these obstacles and more.
Other applications. Most modern military cryptosystems use LFSR in some form. Cray supercomputers even have a built-in instruction called population count that directly supports the simulation of LFSRs, and this support is required in some government contracts! (Reference: Applied Crypto, p. 380)
DVD encryption. Another application of LFSRs is to encrypt DVDs with CSS (content scrambling system). CSS was designed to prevent copying DVD content and to prevent playing DVDs designed for one region in the world from being played in another region. CSS relies on two LFSRs (one of 17 bits, the other of 25 bits) and a 40-bit key to encrypt the data on a DVD. To play back the DVD, you need licensed hardware or software that is capable of decrypting the data. Since the CSS license is incompatible with open source software, Linux users could not play DVDs on their own computers. On October 6, 1999, in response to this dire situation, Norwegian teenager Jon Johansen released a program called DeCSS which decrypts CSS-encrypted DVDs and allows them to be played back (or copied). The security of the CSS encryption scheme relied on the bits generated from the LFSR to be random. However, they are not random, and this enabled programmers to completely reverse engineer the scheme and break the CSS system.
Context. The LFSR shares many important properties with everyday computers. Both are build from simple components; both scale to solve huge problems; both require a deep understanding to use effectively.
Basic Component LFSR Computer
Control Start, stop, load Start, stop, load
Clock Regular pulse 2.8 GHz pulse
Memory 11 bits 512 MB
Input Seed Sequence of bits
Computation XOR, shift Logic, arithmetic, ...
Output Pseudo-random bits Sequence of bits
The critical difference between a LFSR and a computer is that a computer can be programmed to simulate any abstract machine.
Simulating an LFSR in Java. It is possible to build an LFSR out of physical components. Another way to study its behavior is by writing a Java program. You will learn about writing Java programs soon, but to give you an idea, the Java program LFSR.java prints out the first N bits of the LFSR described above, where N is a parameter specified by the user. Even without any programming experience, you may be able to glean information from the code. In Java a boolean variables stores one of two values, true or false. The ^ operator means exclusive or.
/*************************************************************************
* Compilation: javac LFSR.java
* Execution: java LFSR N
*
* Simulate a LFSR for N steps and print results.
*
* % java LFSR 40
* 0100110010000001100010001011101010111100
*
*************************************************************************/
public class LFSR {
public static void main(String[] args) {
// initial fill
boolean[] a = { false, true, false, false, false,
false, true, false, true, true, false
};
int T = Integer.parseInt("40"); // number of steps
int N = a.length; // length of register
int TAP = 8; // tap position
// Simulate operation of shift register.
for (int t = 0; t < T; t++) {
// Simulate one shift-register step.
boolean next = (a[N-1] ^ a[TAP]); // Compute next bit.
for (int i = N-1; i > 0; i--)
a[i] = a[i-1]; // Shift one position.
a[0] = next; // Put next bit on right end.
if (next) System.out.print("1");
else System.out.print("0");
}
System.out.println();
}
}
相关推荐
总的来说,LFSR伪随机序列生成器和游程检测是理解数字系统中的随机性、密码学安全性和统计分析的关键概念。通过深入研究和实践,我们可以更好地理解和利用这些工具在各种IT应用中创造安全和高效的解决方案。
通过对本原多项式的定义和特性的深入研究,本文提出的算法能够有效地寻找n次全部本原多项式,为伪随机序列的生成提供了有力的支持。该算法不仅简化了复杂的计算过程,还提高了生成伪随机序列的效率,具有重要的实际...
由于它们的确定性特征,伪随机序列具有可重复性,能够准确地在不同时间或条件下重现序列,这在需要多次实验或计算的场合中极其有用。此外,相比于需要依赖物理过程或复杂计算的真随机序列,伪随机序列的生成更加高效...
综上所述,徐光宪和金峻宏的研究提出了一种基于伪随机序列的Arnold加密算法,该算法在传统Arnold变换的基础上,通过引入伪随机序列和安全哈希算法,有效地解决了传统算法密钥量不足的问题,增强了加密图像的安全性,...
本篇博士学位论文深入探讨了伪随机序列的构造方法以及其随机性的评估技术,旨在为密码学实践提供理论支持和技术指导。 #### 伪随机序列的概念与应用 伪随机序列是指通过确定性算法产生的序列,虽然由特定规则生成...
在提出的快速算法基础上,研究者设计了一个基于FPGA的伪随机序列发生器。设计中涉及到对硬件资源的分配,例如使用32位存储单元来存储算法中涉及到的常数和运算结果。通过硬件语言设计的快速算法,能够直接在FPGA中...
伪随机m序列是扩频通信中的重要组成部分,其特性在提高通信系统的抗干扰能力和保密性方面具有关键作用。本篇文章主要介绍了伪随机m序列的基本原理、性能特点以及构造方法,并提供了使用C语言实现m序列生成的源程序,...
【伪随机序列】是模拟随机性但其实遵循确定性规则的序列,它们在现代通信、测试和加密等技术中有着广泛的应用。这类序列的特点是可以预知且可重复生成,同时在统计特性上接近真正的随机序列。在实际工程中,伪随机...
M序列,全称为Maximum Length Sequence,是一种...总的来说,M序列产生算法是一种高效且重要的伪随机数生成技术,它在通信、密码学以及模拟等领域有着广泛的应用。理解其原理和特性,对于设计和分析相关系统至关重要。
综上所述,"基于3-DES算法的伪随机数生成器"是一个利用3-DES算法创建高质量随机数种子的工具,适用于需要高安全性和随机性的应用场景,如加密通信、密码生成等。该软件遵循ANSIX9.17标准,确保了生成的随机数在金融...
在数字通信领域,伪随机序列是一种重要的信号生成工具,广泛应用于各种通信系统中。本章节主要探讨了伪随机序列,特别是m序列的产生、性质及其应用。 **1. m序列的产生** m序列,也称为最大长度序列,是通过线性...
本文将深入探讨“伪随机码 FPGA 源代码及仿真分析”这一主题,以及如何通过 FPGA 设计实现一个可控的 m 序列产生器。 首先,我们要理解什么是伪随机码。伪随机码是一种看似随机但实际上完全可预测的比特序列。它们...
伪随机数在加密中通常用于生成一次性密码(OTP)或密钥。例如,在AES中,我们可以使用`RNGCryptoServiceProvider`生成一个随机的密钥和初始化向量(IV),确保每次加密都会得到不同的结果,增加安全性。 以下是一个...
在这个案例中,压缩包文件名“C#伪随机数加密完整源码__0525.rar”可能包含了若干个源代码文件,这些文件演示了如何将伪随机数生成和加密技术结合在一起。 总结一下,这个压缩包提供的源码示例可能涵盖了以下关键...
这个设计使用了一个16位寄存器作为核心组件,这样的LFSR可以产生2^16 - 1个不同的状态,形成一个较长的伪随机序列。LFSR的工作原理是每次时钟脉冲到来时,寄存器中的位会根据预定义的反馈函数(通常是异或门组合)...
这个多项式的选择决定了LFSR的周期长度和伪随机序列的质量。 4. **输出**:LFSR的输出通常是最右边的位,即经过反馈后的新位。这个位是下一个时钟周期的种子,用于生成新的伪随机数。 5. **控制逻辑**:有时还需要...
2. **混沌序列生成**:使用混沌映射(如 Logistic 映射或 Henon 映射)生成伪随机序列,这个序列将用于扰动语音数据。 3. **数据扰乱**:将混沌序列与语音数据进行某种操作(如异或 XOR)结合,使得原始语音数据的...
数据加密及传输电路是加密处理电路的中转站,它负责接收数据源生成电路的并行数据V1和伪随机序列生成电路产生的密钥流V2,将二者结合进行加密运算,从而产生串行的密文数据V3。在这一过程中,加密算法的实施需要保证...