[go: up one dir, main page]

HK40003949B - Computer readable media, system and method for providing instructions for true random numbers - Google Patents

Computer readable media, system and method for providing instructions for true random numbers Download PDF

Info

Publication number
HK40003949B
HK40003949B HK19127465.3A HK19127465A HK40003949B HK 40003949 B HK40003949 B HK 40003949B HK 19127465 A HK19127465 A HK 19127465A HK 40003949 B HK40003949 B HK 40003949B
Authority
HK
Hong Kong
Prior art keywords
entropy
value
instruction
random numbers
computer
Prior art date
Application number
HK19127465.3A
Other languages
Chinese (zh)
Other versions
HK40003949A (en
Inventor
D‧格雷纳
T‧斯莱格尔
C‧佐林
B‧纳兹
T‧维谢格拉迪
Original Assignee
国际商业机器公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国际商业机器公司 filed Critical 国际商业机器公司
Publication of HK40003949A publication Critical patent/HK40003949A/en
Publication of HK40003949B publication Critical patent/HK40003949B/en

Links

Description

Computer-readable storage media, system, and method for providing instructions for true random numbers
Background
One or more aspects relate generally to processing within a computing environment, and more particularly to processing associated with generating true random numbers.
Computer applications use random numbers for various functions, including generation of data encryption keys, simulation of complex phenomena, selection of samples from a larger data set, games, and the like. To generate random numbers, a Random Number Generator (RNG) is used. A random number generator is a computing or physical device designed to generate a series of numbers or symbols that are reasonably predictable, preferably by random chance. The random number may be a pseudo random number or a true random number.
Pseudo-random numbers are generated using a pseudo-random number generator (PRNG), also known as a Deterministic Random Bit Generator (DRBG). A pseudo-random number generator is an algorithm for generating a sequence of numbers whose properties approximate those of a sequence of random numbers. The PRNG-generated sequence is not truly random because it is determined entirely by a relatively small set of initial values, called the PRNG's seed, which may include truly random values.
True random numbers are generated using a hardware random number generator, also known as a True Random Number Generator (TRNG). A true random number generator is a device that generates random numbers from a physical process rather than a computer program. For example, true random number generators may be based on quantum effects of radioisotope decay, atmospheric radio noise, interference of ring oscillators, and the like.
Disclosure of Invention
The shortcomings of the prior art are overcome and additional advantages are provided through the provision of a computer program product for facilitating processing in a computing environment. The computer program product comprises a storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes, for instance, obtaining an instruction to be executed, the instruction configured to perform a plurality of functions. The instruction is executed, and the executing includes examining one or more inputs to the instruction to determine which one or more of the plurality of functions to execute based on the function code associated with the instruction having a selected value. Based on a first input of the one or more inputs having a first value, performing a function that provides original entropy, wherein providing the original entropy includes storing a plurality of original random numbers. Based on a second input of the one or more inputs having a second value, performing another function that provides adjusted entropy, wherein providing adjusted entropy includes storing a plurality of adjusted random numbers.
One instruction is used that can provide the original entropy and/or the adjusted entropy. True random numbers are generated using instructions and these random numbers facilitate processing within the computing environment, such as highly secure data encryption processing and/or other processing.
As an example, the plurality of original random numbers includes a program-specified number of original random numbers, and the plurality of adjusted random numbers includes a program-specified number of adjusted random numbers.
In one embodiment, the function code is provided in a register associated with the instruction, and the one or more inputs are provided in one or more registers indicated by the instruction.
As one example, the one or more inputs include at least one length value. For example, the one or more inputs include a first length value and a second length value, and the checking includes checking the first length value and the second length value. Storing a plurality of original random numbers based on the first length value having a first value; and storing a plurality of adjustment random numbers based on the second length value having the second value.
As an example, the first value is a value greater than zero and the second value is a value greater than zero.
In a further embodiment, the raw-to-adjusted ratio is provided based on the function code having another selected value. The raw-to-adjusted ratio indicates, for example, the number of bytes of raw entropy used to generate the corresponding number of bytes of adjusted entropy. The providing includes, for example, storing a count of the number of bytes of the original entropy in one location of the parameter block and storing a count of the number of bytes of the adjusted entropy in another location of the parameter block.
An instruction may be used to provide the raw entropy, the adjusted entropy and/or the raw-to-adjusted ratio.
Methods and systems relating to one or more aspects are also described and claimed herein. Services relating to one or more aspects are also described and may be claimed herein.
Additional features and advantages are realized through the techniques described herein. Other embodiments and aspects are described in detail herein and are considered a part of the claimed aspects.
Drawings
Embodiments of the invention will now be described, by way of example only, with reference to the following drawings:
FIG. 1A depicts one example of a computing environment to incorporate and use one or more embodiments of the present invention;
FIG. 1B depicts further details of the processor of FIG. 1A, according to an embodiment of the invention;
FIG. 2A depicts another example of a computing environment to incorporate and use one or more embodiments of the present invention;
FIG. 2B depicts further details of the memory of FIG. 2A, according to an embodiment of the invention;
FIG. 3A depicts one example of a format for executing a random number operation instruction, according to an embodiment of the invention;
FIG. 3B depicts one example of the contents of general register, general register 0 (GR 0), used by one or more embodiments of the execute random number operation instruction of FIG. 3A, according to one embodiment of the present invention;
FIG. 3C depicts one example of the contents of another general register, general register 1 (GR 1), used by the execute random number operation instruction of FIG. 3A, according to one embodiment of the present invention;
FIG. 3D depicts a register R used in one or more embodiments by the execute random number operation instruction of FIG. 3A, according to one embodiment of the invention 1 One example of the content of (1);
FIG. 3E depicts a register R used in one or more embodiments by the execute random number operation instruction of FIG. 3A, according to one embodiment of the invention 1 One example of content of + 1;
FIG. 3F depicts a register R used in one or more embodiments by the execute random number operation instruction of FIG. 3A, according to one embodiment of the invention 2 One example of the content of (1);
FIG. 3G depicts execution of a random number operation instruction in one or of FIG. 3A according to one embodiment of the inventionRegister R used in various embodiments 2 One example of content of + 1;
FIG. 3H depicts one example of a format of a parameter block used by the execute random number operation instruction of FIG. 3A, according to one embodiment of the invention;
FIG. 4 depicts one example of processing associated with performing a random number operation, in accordance with an embodiment of the present invention;
FIG. 5A depicts one example of processing associated with a true random number generator function executing a random number operation instruction, in accordance with an embodiment of the present invention;
FIG. 5B depicts another example of processing associated with a true random number generator function executing a random number operation instruction, in accordance with an embodiment of the present invention; and
6A-6B depict one example of processing associated with executing instructions configured to perform multiple functions in accordance with an embodiment of the present invention.
Detailed Description
In accordance with one or more embodiments, true random numbers are provided. True random numbers can be used, for example, in highly secure data encryption processes, as well as other processes. As one example, in accordance with an embodiment of the present invention, an instruction (e.g., an architectural machine instruction) that generates true random numbers is provided. The instructions may generate raw entropy, which comes directly from a noise source; an adjusted entropy, which is the original entropy processed via a pseudorandom number generator; or both. Additionally, in one embodiment, the instructions also provide a raw-to-adjusted ratio, which indicates a ratio of raw-to-adjusted outputs. Further, the instructions may provide one or more other functions. There are many variations.
The DRAFT journal 800-90B, recommendation for the expression Sources Used for Random Bit Generation by the National Institute of Standards and Technology (NIST), describes an Entropy source model for TRNG that includes (a) a noise source (and digitization thereof), (b) optional conditions, and (c) a health check. The noise source may include any of the mechanisms listed above; such as radioisotope decay, atmospheric radio noise, interference from ring oscillators, etc. Adjustments may be used to reduce any potential bias in the noise source or to increase its entropy rate. The health check ensures that the noise source and entropy source continue to operate within expected parameters.
According to at least one embodiment of the NIST proposal, there is provided an instruction, referred to herein as an execute random number operation instruction, that generates raw entropy and/or adjusted entropy, and is capable of providing a ratio of raw-adjusted outputs.
One example of a computing environment to incorporate and use one or more embodiments of the present invention is described with reference to FIG. 1A. In one example, the computing environment is based on the z/architecture provided by International Business machines corporation of Armonk, N.Y.. One embodiment of the z/Architecture is described in IBM publication SA22-7832-10, 3/2015, "z/Architecture Principles of Operation," which is incorporated herein by reference in its entirety. Z/ARCHITECTURE is a registered trademark of International Business machines corporation, armonk, N.Y..
In another example, the computing environment is based on the Power architecture provided by International Business machines corporation of Armonk, N.Y.. One embodiment of the Power architecture is described in International Business machines corporation "Power ISA Version 2.07B (Power ISA Version 2.07B)" year 2015, 4, month 9, the entire contents of which are incorporated herein by reference. Power ARCHITECTURE is a registered trademark of International Business machines corporation, armonk, N.Y..
The computing environment may also be based on other architectures including, but not limited to, the Intel x86 architecture. Other examples also exist.
As shown in FIG. 1A, computing environment 100 includes, for example, a computer system/server 12, which may include, but is not limited to, one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 to the processors 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro Channel Architecture (MCA) bus, enhanced ISA (EISA) bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer system/server 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer system/server 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache memory 32. The computer system/server 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown and commonly referred to as "hard disk drives"). Although not shown, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk such as a CD-ROM, DVD-ROM, or other optical media may be provided. In this case, each drive may be connected to bus 18 by one or more data media interfaces. As will be further depicted and described below, memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42, and by way of example and not limitation, an operating system, one or more application programs, other program modules, and program data may be stored in memory 28. Each of the operating system, one or more application programs, other program modules, and program data or some combination thereof, may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methodologies of embodiments of the present invention as described herein.
Computer system/server 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.); may also communicate with one or more devices that enable a user to interact with the computer system/server 12; and/or with any device (e.g., network card, modem, etc.) that enables computer system/server 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. In addition, the computer system/server 12 may also communicate with one or more networks, such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network (e.g., the Internet) via the network adapter 20. As shown, network adapter 20 communicates with the other components of computer system/server 12 via bus 18. It should be understood that although not shown, other hardware and/or software components may be used in conjunction with the computer system/server 12. Examples include, but are not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
In one example, processor 16 includes a number of functional components for executing instructions. As shown in fig. 1B, these functional components include: for example, an instruction fetch component 120 for fetching instructions to be executed; an instruction decode unit 122 to decode the fetched instruction and obtain operands of the decoded instruction; an instruction execution component 124 for executing decoded instructions; a memory access component 126 that accesses memory for instruction execution, if needed; and a write-back component 130 that provides results of executing the instructions. According to embodiments of the present invention, one or more of these components may provide true random numbers or information related thereto 136, as described further below.
In one embodiment, processor 16 also includes one or more registers 140 used by one or more functional components.
Another example of a computing environment to incorporate and use one or more embodiments is described with reference to FIG. 2A. In this example, the computing environment 200 includes: such as a local Central Processing Unit (CPU) 202, a memory 204, and one or more input/output devices and/or interfaces 206 coupled to each other via, for example, one or more buses 208 and/or other connections. By way of example, the computing environment 200 may include: a PowerPC processor or pSeries server, available from International Business machines corporation of Armonk, N.Y.; HP Superdome equipped with intel itanium processor supplied by hewlett packard company of palo alto, california; and/or other machines based on an architecture provided by international business machines corporation, hewlett-packard, intel, oracle, or other companies.
The native central processing unit 202 includes one or more native registers 210, such as one or more general purpose registers and/or one or more special purpose registers used during processing within the environment. These registers contain information representing the state of the environment at any particular point in time.
In addition, the native central processing unit 202 executes instructions and code stored in memory 204. In one particular example, the central processing unit executes emulator code 212 stored in memory 204. The code enables a computing environment configured in one architecture to emulate another architecture. For example, the emulator code 212 allows machines based on architectures other than z/architecture (such as PowerPC processors, pSeries servers, HP Superdome servers, or others) to emulate z/architecture and execute software and instructions developed based on z/architecture.
Further details regarding the emulator code 212 are described with reference to FIG. 2B. The guest instructions 250 stored in the memory 204 include software instructions (e.g., related to machine instructions) developed to execute in an architecture different from that of the native CPU 202. For example, guest instructions 250 may have been designed to execute on z/architecture processor 102, but instead are emulated on native CPU202, which native CPU202 may be, for example, an Intel Itanium II processor. In one example, emulator code 212 includes an instruction fetch routine 252 to fetch one or more guest instructions 250 from memory 204 and optionally provide a local cache for the fetched instructions. It also includes an instruction conversion routine 254 to determine the type of guest instruction that has been obtained and to convert the guest instruction into one or more corresponding native instructions 256. The conversion includes: for example, a function to be performed by guest instructions is identified and a native instruction to perform the function is selected.
In addition, the emulator 212 includes an emulation control routine 260 to cause native instructions to be executed. Emulation control routine 260 may cause native CPU202 to execute a routine of native instructions that emulate one or more previously obtained guest instructions, and at the end of such execution, return control to the instruction obtaining routine to emulate the obtaining of the next guest instruction or set of guest instructions. Execution of the native instructions 256 may include: loading data from memory 204 into registers; storing data from the register back to the memory; or perform some type of arithmetic or logical operation as determined by the conversion routine.
Each routine is implemented, for example, in software that is stored in a memory and executed by the local central processing unit 202. In other examples, one or more routines or operations are implemented in firmware, hardware, software, or some combination thereof. Registers of the emulated processor may be emulated using registers 210 of the native CPU or by using locations in memory 204. In embodiments, guest instructions 250, native instructions 256, and emulator code 212 may reside in the same memory or may be allocated in different memory devices.
As used herein, firmware includes, for example, microcode, millicode, and/or macrocode of a processor. For example, it includes hardware-level instructions and/or data structures for implementing higher-level machine code. In one embodiment, it comprises, for example, proprietary code that is typically delivered as microcode, that includes trusted software or microcode specific to the underlying hardware, and that controls operating system access to the system hardware.
In one example, the guest instruction 250 that has been obtained, converted, and executed is an execute random number operation instruction described herein. Instructions having one architecture (e.g., z/architecture) are fetched from memory, translated, and represented as a series of native instructions 256 having another architecture (e.g., powerPC, pSeries, intel, etc.). These native instructions are then executed.
Details are described herein regarding one embodiment of an execute random number operation instruction that includes explicit and implicit fields for the instruction, and execution by a processor (in a native or emulated system). According to embodiments of the present invention, executing the random number operation instruction provides a plurality of functions, including but not limited to a query function for providing an indication of available functions; pseudo-random number functions (e.g., SHA-512-DRNG functions); a true random number function (TRNG) that generates an original entropy, an adjusted entropy, or both; and a query raw-to-adjusted ratio function, each of which is described in further detail below. In other embodiments, one or more functions may not be supported or provided, and/or one or more other functions may be provided. There are many possibilities.
One embodiment of executing a random number operation instruction is described with reference to FIG. 3A. In one example, the execute random number operation instruction 300 includes an opcode field 302 (e.g., bits 0-15) having an opcode (opcode) indicating that a random number operation is to be performed; for specifying at least one first register (R) 1 ) A first register field 304 (e.g., bits 24-27); for specifying at least one second register (R) 2 ) Second register field 306 (e.g., bits 28-31). In one example, each of the fields 304-306 is separate and independent from the opcode field. Further, in one embodiment, they are separate and independent of each other; however, in other embodiments, more than one field may be combined.
In one example, the format of the instruction is a register-register operation with an extended opcode field. In this format, R 1 The contents of the even-odd register pair specified by the field contain the address and length of the first operand. Similarly, from R 2 The contents of the even-odd register pair specified by the field contain the address and length of the second operand.
Except for R encoded in the instruction 1 And R 2 Outer coverOne implementation of the instruction also uses one or more implicit registers (implicit registers), including, for example, general register 0 (GR 0) and general register 1 (GR 1). Each register is further described below with reference to fig. 3B-3G.
Referring first to FIG. 3B, one embodiment of a format for general register 0 (320) is described. In one example, general register 0 includes a modifier (M) control 322 (e.g., bit 56) and a Function Code (FC) field 324 (e.g., bits 57-63). The function code field includes a function code that specifies a function to be performed. As shown herein, some functions may use parameter blocks. In one example, the assigned function code includes: code 0 for a query function, having a specified parameter block size of 16; code 3 for the SHA-512-DRNG (deterministic random number generator) function, with a specified parameter block size 240; code 112 for performing a random number operation-TRNG-query raw-adjust ratio function having a specified parameter block size of 8; and code 114 for performing a random number operation, TRNG, that does not use the parameter block. In one embodiment, a specification exception is identified if bits 57-63 of general register 0 specify an unallocated or uninstalled function code.
Depending on the function, the instruction may access a parameter block, a first operand, and/or a second operand in storage. When applicable, as shown at 330 of FIG. 3C, general register 1 includes an address 332 that stores the leftmost byte of the parameter block. Furthermore, general purpose registers R, when applicable 1 And R 2 Even and odd pairs of general purpose registers corresponding to the first and second operands, respectively, are specified. Even number register R 1 (340, FIG. 3D), R 2 (360, FIG. 3F) contains the addresses 342, 362 of the operands in storage, the odd register R 1 +1 (350, FIG. 3E), R 2 +1 (370, fig. 3G) contains the length 352, 372 of the corresponding operand. When the length of the corresponding operand is non-zero, the storage location corresponding to the operand is accessed.
In one embodiment, the general purpose registers containing the address are limited by the current addressing mode. For example, in a 24-bit addressing mode, the contents of bit positions 40-63 of the register constitute the address of the storage location, andand the contents of bit positions 0-39 are ignored. In the 31-bit addressing mode, the contents of bit positions 33-63 of the register constitute the addresses of the storage locations, and the contents of bit positions 0-32 are ignored. In the 64-bit addressing mode, the contents of bit positions 0-63 of the register constitute the address of the storage location. In the access register mode, general registers 1, R 1 And R 2 An address space containing a parameter block, a first operand, and a second operand is specified, respectively.
The odd registers containing the operand length are also limited by the current addressing mode. In a 24-bit or 31-bit addressing mode, the contents of bit positions 32-63 of the register form a 32-bit unsigned binary integer that specifies the number of bytes in the stored operand, and bit positions 0-31 are ignored. In the 64-bit addressing mode, the contents of bit positions 0-63 of the register form a 64-bit unsigned binary integer that specifies the number of bytes in the store operand.
For a query function (e.g., function code 0) that provides a mechanism for indicating the availability of other functions, general register R is ignored 1 ,R 1 +1,R 2 And R 2 Content of + 1.
For the SHA-512-DRNG function (e.g., function code 3), a modifier control 322 is used. When the modification amount control is zero, the generation operation is performed, and when the modification amount control is 1, the seeding operation is performed. Further, for SHA-512-DRNG function generation operations, at the completion of the instruction, in the general register R 1 The first operand length is updated in + 1. General register R 1 Is not updated.
For TRNG to query the raw-to-adjust ratio function (e.g., function code 112), general register R is ignored 1 ,R 1 +1,R 2 And R 2 Content of + 1.
For TRNG functions (e.g., function code 114), general register R 1 ,R 1 +1,R 2 And R 2 The first operand address, the first operand length, the second operand address, and the second operand length in +1 may be updated at the completion of the instruction, respectively. In 24-bit addressing mode, even registersBits 40-63 of the register are incremented by the number of bytes processed for the corresponding operand, bits 0-31 of the register remain unchanged, bits 32-39 of the register may be set to zero or may remain unchanged regardless of the length of the operand. In the 31-bit addressing mode, bits 33-63 of the even register are incremented by the number of bytes processed for the corresponding operand, and bits 0-31 of the register remain unchanged, regardless of the length of the operand, and bit 32 of the register may be set to zero or may remain unchanged. In the 64-bit addressing mode, bits 0-63 of the even register are incremented by the number of bytes processed for the corresponding operand. In a 24-bit or 31-bit addressing mode, bits 32-63 of the odd register are decremented by the number of bytes processed for the corresponding operand, and bits 0-31 of the register remain unchanged. In the 64-bit addressing mode, bits 0-63 of the odd register are decremented by the number of bytes processed by the corresponding operand.
When a parameter block overlaps any portion of a storage operand, the result is unpredictable.
As observed by other CPUs and I/O subsystems, references to parameter blocks and storage operands may be multiple access references, accesses to these locations are not necessarily block-concurrent, and the order of these accesses or references is undefined.
Each function is described further below.
And (4) query function:
in one example, function code 0 represents a query function. Based on indicating the query function, a status word (e.g., 128 bits) is stored in a parameter block associated with the instruction. Bits 0-127 of this field correspond to function codes 0-127, respectively, that execute random number operation instructions. When a certain bit is 1, installing a corresponding function; otherwise, the function is not installed. For example, if the SHA-512DRNG function is installed, bit 3, which corresponds to function code 3, is set to 1. Similarly, if the TRNG-query raw-adjust ratio function is installed, bit 112 corresponding to function code 112 is set to 1; if a TRNG operation is installed, bit 114 corresponding to function code 114 is set to 1.
When the execution of the inquiry function is completed, a condition code 0 is set; condition code 3 (specifying, for example, partial completion of a function) is not applicable to the query function.
DRNG function:
in one embodiment, the function code 3 specifies a Deterministic Random Number Generator (DRNG) function to be performed. Depending on the modifier control 322, for example, the bits 56 of the general register 0, the DRNG function performs a deterministic pseudorandom number generation operation or a deterministic pseudorandom number seeding operation using, for example, a 512-bit secure hash algorithm (SHA-512).
Deterministic pseudo-Random Number Generation, also known as Deterministic Random Bit Generation, is defined in, for example, recommendation for Random Number Generation Using Deterministic Random Bit Generators (an agreement on Random Number Generation Using Deterministic Random Bit Generators) in the National Institute of Standards and Technology (NIST) publication 800-90A, n.1, 2012. Further, a description of a Secure Hash algorithm may be found in Secure Hash Standard (SHS) (Secure Hash Standard (SHS)) in federal information processing Standard publication FIPS PUB180-4 of the national institute of information and technology, national institute of standards and technology, MD gaithersburg, month 3, 2012, for example.
For the DRNG function, a parameter block is used, which represents the internal state of the deterministic random number generator. In one example, the parameter block for the DRNG function includes:
and (3) reserving: bytes 0-3, 16 and 128 of the parameter block are reserved.
A reseeding counter: bytes 4-7 of the parameter block contain a 32-bit unsigned binary integer indicating the number of times the instruction has completed with condition code 0 since the last instantiation or re-seeding of the parameter block.
When the reseed counter contains zero, the following applies:
* Performing a seeding operation causes the parameter block to be instantiated with an initial value, including setting the reseed counter to a value of 1.
* Performing the generate operation may result in identifying a specification exception.
When the reseed counter contains a non-zero value, the parameter block is considered instantiated, and the following applies:
* Performing a sow operation results in a reseed parameter block, including resetting the reseed counter to a value of 1.
* Executing a generate operation that causes condition code 0 to increment a reseed counter; any carry for bit position 0 of the reseed counter field is ignored.
Stream byte: bytes 8-15 of the parameter block contain 64-bit unsigned binary integers. When a parameter block is instantiated (i.e., when the reseed counter is zero), the stream byte field is set to zero by performing a seed operation; this field is not changed by the execution of the seeding operation when the parameter block has been instantiated.
A partial or complete completion of the generate operation causes the contents of the stream byte field to increment the number of bytes stored in the first operand; any carry bit at bit position 0 of the stream byte field is ignored.
Value (V): bytes 17-127 of the parameter block contain, for example, an 888 bit value that indicates the internal state of the random number generator represented by the parameter block. V is initialized by performing a seeding operation when instantiating a parameter block. V is updated by (a) performing a seeding operation when the reseed counter is non-zero, or (b) performing a generating operation ending with a condition code of 0.
Constant (C): bytes 129-239 of the parameter block contain, for example, an 888 bit value that indicates the internal state of the random number generator represented by the block. C is initialized by performing a seeding operation and detected by a generating operation.
The generation operation and the seeding operation (including instantiation and re-seeding) use the same parameter block format. Parameter blocks containing all zeros are considered to be not instantiated. The program should zero out the parameter block before issuing a seeding operation to instantiate the parameter block, and then the program should not change the contents of the parameter block unless it is zeroed out; otherwise, the instruction may generate unpredictable results.
More details regarding the seeding operation and the generation operation of the DRNG function (also referred to herein as the SHA-512-DRNG function) are described below.
The SHA-512-DRNG seeding operation instantiates or reseeds the deterministic pseudorandom number generation parameter block using, for example, a 512-bit secure hash algorithm. In one embodiment, the operations are performed by a processor; however, in other embodiments it is performed by other components or co-processors.
Depending on whether the reseed counter in bytes 4-7 of the parameter block is zero or non-zero, an instantiation or reseed operation is performed, respectively. Further details of instantiation and reseeding are described below.
* For the instantiation operation, the second operand in storage includes one or more of an entropy input, a random number (nonce), and optionally a personalization string, each of which will be described below. This information is used to form the seed material.
As an example, the entropy input is the smallest amount of unpredictable input bit string that provides an evaluation for a Deterministic Random Bit Generator (DRBG) mechanism. The DRBG mechanism is part of a Random Bit Generator (RBG) that includes the functions of instantiating and un-instantiating the RBG, generating pseudorandom bits, optionally reseeding the RBG, and testing the health of the DRBG mechanism.
A Random Bit Generator (RBG) is a device, algorithm, technique, or mechanism that outputs a sequence of binary bits that appears to be statistically independent and unbiased. One example of an RBG is DRBG. For example, DRBG is an RBG that includes a DRBG mechanism and can access (at least initially) an entropy input source. DRBG generates a series of bits from a secret initial value called a seed, and possibly other inputs.
A seed is a string of bits that is used as input to the DRBG mechanism. The seed determines a part of the internal state of the DRBG and its entropy is sufficient to support the security strength of the DRBG. Entropy is a measure of disorder, randomness, or variability in a closed system. The minimum entropy is a metric used in one embodiment.
The minimum entropy (in bits) of the random variable X is the maximum value m with the following characteristics: each observation of X provides at least m bits of information (i.e., the minimum entropy of X is the maximum lower bound on the information content of the potential observation of X). The minimum entropy of a random variable is the lower bound of its entropy. For having a probability p 1 ,……,p n Is given as- (log 2 max p) for the formula of minimum entropy i ). The minimum entropy is usually used as the invariance of the random variableA predictive worst case metric.
The random number is a time-varying value that has at most a negligible chance of repetition, e.g., a random value that is regenerated for each use, a timestamp, a sequence number, or some combination of these.
The personalized string is an optional string of bits that is combined with the secret entropy input and (possibly) the random number to generate the seed.
* For re-seeding operations (re-seeding acquires additional bits that affect the internal state of the DRBG mechanism), the second operand in storage includes entropy inputs and optional additional inputs used to form the seed material. The optional additional input may be any desired information that adds further randomness, such as a time value or other arbitrary value, as examples.
When performing the instantiation operation, the seed material is formed using the second operand. For example, the input values of the second operand are concatenated to form the seed material. However, when a reseed operation is performed, the seed material is formed from a concatenation of, for example, the hexadecimal value 01, the contents of the V field of the parameter block, and the contents of the second operand.
For instantiation or re-seeding operations, one or more seed values are initialized/updated. In one example, one such seed value is V new It is formed as follows: one byte counter, four byte value 888, seed material (formed as described above) and padding are concatenated and used as input to, for example, the SHA-512 algorithm, along with the initial hash value (also referred to as the initial chaining value). In one embodiment, the pad is a hexadecimal value 80 concatenated with 0-127 bytes of zero, concatenated with a 16-byte binary integer specifying the bit length of the inputs to the SHA-512 algorithm excluding the pad (i.e., the length of one byte counter, the four byte value 888, and the seed material). For example, the initial hash value is a 64 byte value.
The SHA-512 algorithm is invoked twice to form two 64-bit hash results; a byte counter contains the value 1 for the first call to the SHA-512 algorithm and it contains the value 2 for the second call. The second call also uses the 4-byte value 888, the seed material and the padding along with the initial hash value as inputs to the SHA-512 algorithm to form a 64-bit hash result.
The two 64 byte hash results are concatenated together and in this example, the leftmost 111 bytes of the 128 byte concatenation form the new value field (V) in the parameter block new )。
# and V new Formation of fields similarly, a new constant field (C) is formed during an instantiation or reseeding operation new )。
C new Is another seed value stored in the parameter block. One byte counter, 4 byte value 888, one byte value zero, V new The fields and padding are concatenated and used as input to, for example, the SHA-512 algorithm, along with the initial hash value. The pad is, for example, a hexadecimal value of 80, concatenated with 122 bytes of zero, concatenated with a 16-byte binary integer specifying the bit length of the input to the SHA-512 algorithm excluding the pad (i.e., one byte counter, 4 bytes of 888, one bytes of zero and V new The length of the field).
The SHA-512 algorithm is invoked twice to form two 64-bit hash results; a byte counter contains the value 1 for the first call to the SHA-512 algorithm and it contains the value 2 for the second call. The second call also uses a 4-byte value 888, one-byte value zero, V new The fields and padding are input to the SHA-512 algorithm along with the initial hash value.
The two 64-byte hash results are concatenated together, and in this example, the leftmost 111 bytes of the 128-byte concatenation form a new constant field (C) new )。
For an instantiation or reseeding operation, the reseeding counter field in the parameter block is set to a value of 1. For instantiation operations, the stream byte field in the parameter block is set to zero; the stream byte field remains unchanged by the reseeding operation.
When the execution of the SHA-512-DRNG seeding operation is completed, a condition code of 0 is set; the condition code 3 is not applicable to the seeding operation.
As described above, the SHA-512-DRNG generation operation generates pseudo-random numbers using parameter blocks instantiated or re-seeded as described above and a 512-bit secure hash algorithm, for example. In one embodiment, the operations are performed by a processor; however, in other embodiments it is performed by other components or co-processors.
General register R 1 Including, for example, the address of the leftmost byte of the first operand. When general register R 1 The first operand in +1 is non-zero in length, and is stored in a 64-byte block unit in a right-to-left order, except that the rightmost block may contain less than 64 bytes. The number of blocks to be stored (including any partial rightmost block) is determined by the general purpose register R 1 The first operand in +1 is rounded to a multiple of 64 and the value is divided by 64. The blocks of the first operand are 0 to n-1 from left to right, where n-1 represents the rightmost block.
The following procedure is performed for each block of the first operand location, starting with the rightmost (n-1) block and proceeding forward.
1. The value (V) of the parameter block is added to the block number being processed, ignoring any overflow of the addition.
2. The sum of 111 bytes of this addition is concatenated with a 17-byte pad, which is used as input to, for example, the SHA-512 algorithm, to generate a 64-byte hash value. The 17-byte pad provided to the SHA-512 algorithm contains a hexadecimal value of 80 followed by a 16-byte binary integer value 888 (length of V in bits).
3. If general register R 1 The first operand in +1 is a multiple of 64, the resulting 64 byte hash value is stored in the corresponding block of first operand locations, and the general register R 1 The length in +1 is decremented by 64.
If the first operand length is not a multiple of 64, the left-most m bytes of the generated 64-byte hash value are stored in the right-most partial block of the first operand, where m represents the remainder of the first operand length divided by 64. In this case, the general register R 1 The length of +1 is decreased by m.
Whether storing a complete block or a partial block, the stream byte field in bytes 8-15 of the parameter block, for example, is incremented by the number of bytes stored in the first operand location.
The above process is repeated until the general register R 1 The first operand in +1 is zero in length (called normal completion) or has processed the number of blocks determined by the CPU (called partial completion). The number of blocks determined by the CPU depends on the model and may be a different number each time an instruction is executed. The number of blocks determined by the CPU is typically non-zero. In some exceptional cases, the number may be zero and condition code 3 may be set to no progress. However, the CPU can prevent such endless reoccurrence of the no progress situation.
When general register R 1 When the first operand length in +1 is initially zero, normal completion occurs without storing to the first operand location; however, the parameter block is updated as described below.
When the pseudo random number generation process ends due to normal completion, the parameter block is updated as described below. 1. The one byte hexadecimal value 03, the 111 byte value (V) and the 144 byte pad from the parameter block are used as inputs to, for example, the SHA-512 algorithm, thereby generating a 64 byte hash value. The pad consists of a hexadecimal value 80 concatenated with 127 bytes of zero, concatenated with a 16-byte binary integer specifying the bit length of the input to the SHA-512 algorithm excluding the pad (i.e., the length of the one-byte hexadecimal value 03 and V field). The values of the 4-byte reseed counter field and the 111-byte value (V) and constant (C) fields in the parameter block, and the hash value of 64 bytes (from the above calculation) are added. For the purpose of this addition, each value is treated as an unsigned binary integer, extended to the left with zeros as necessary. Ignoring any overflow of the addition, the resulting 111 bytes sum replaces the value field in the parameter block (Vnew).
2. The 4-byte reseed counter field in the parameter block is incremented by 1.
3. A condition code 0 is set.
When the pseudo-random number generation process ends due to partial completion, the general purpose register R 1 First operation in +1The number length contains a non-zero multiple of 64, the reseed counter and value (V) fields in the parameter block are not updated, and condition code 3 is set.
For a generate operation, rather than handling an access exception in a single execution instruction, an access exception may be reported for a larger portion of the first operand. However, no access exception is identified for locations that do not contain the first operand, and for locations that are more than 4 kbytes from the location currently being processed.
For a generate operation, when the operation ends due to normal completion, the condition code 0 is set and the general register R is set 1 The result value in +1 is zero. When the operation ends due to partial completion, the condition code 3 is set and the general register R is set 1 The result value in +1 is non-zero.
TRNG queries the raw-to-adjusted ratio function:
another available function for executing the random number operation instruction is the TRNG query raw-to-adjust ratio function. In one embodiment, when the function code 324 to execute the random number operation instruction is 112, the TRNG query raw-to-adjusted ratio function may be used to determine the ratio of raw-to-adjusted entropy generated when the TRNG function requests two types of entropy.
In operation of this function, the parameter block is stored with, for example, two 32-bit unsigned binary integers indicating the number of bytes in the block used to generate the original entropy of the entropy adjusted block. In one example, referring to fig. 3H, the parameter block 390 includes an original entropy field 392 and an adjusted entropy field 394. The original entropy field 392 includes a value of original entropy, which is a numerator in a fraction indicating the ratio of original entropy-adjusted entropy. This value is obtained from a storage location, e.g., in memory, registers, other hardware devices, etc., and placed in the original entropy field 392. The adjusted entropy field 394 includes a value of adjusted entropy, which is the denominator in the fraction that specifies the ratio of original entropy to adjusted entropy. Again, this value is obtained from a storage location, such as in memory, registers, other hardware devices, etc., and placed in the adjustment entropy field 394.
The original entropy-adjusted entropy ratio indicates the number of bytes in the block of original entropy used to generate the block of adjusted entropy.
When the TRNG query execution of the primitive-adjust function is completed, a condition code 0 is set; condition code 3 is not applicable to this function.
TRNG function:
further, when the function code to execute the random number operation instruction is 114, the TRNG function is executed. For example, a series of hardware generated random numbers are stored at either or both of the first and second operand locations. In one embodiment, the parameter block is not used for this function and general register 1 is ignored.
R 1 The field specifies an even-odd general register pair. The even register contains the address of the leftmost byte of the first operand and the odd register contains the length of the first operand. The first operand comprises a random number in the form of an original entropy, e.g., generated directly by a hardware source (e.g., a noise source).
R 2 The field specifies an even-odd general register pair. The even register contains the address of the leftmost byte of the second operand and the odd register contains the length of the second operand. The second operand comprises a random number extracted from the original entropy source and then adjusted by an approved algorithm (e.g., processed by the PRNG based on, for example, the SHA-256 algorithm).
The ratio of the raw entropy bits used to generate the adjustment entropy bits can be determined by the TRNG query raw-to-adjustment ratio function. In one example, the ratio is 6:1, but this is merely an example. When the length of the first operand is non-zero, the original entropy is stored in the first operand location (see 400 in FIG. 4); similarly, when the length of the second operand is non-zero, the adjustment entropy is stored in the second operand location (402 in FIG. 4). When the length of both the first and second operands is non-zero, the original and adjusted entropy are stored at the first and second operand locations, respectively, at the original-adjusted ratio. The number of bytes stored in a single operation unit depends on the model and the execution of the instructions may vary.
When the length of the first operand is non-zero and the length of the second operand is zero, the process continues with storing the original entropy in the first operand. Similarly, when the length of the second operand is non-zero and the length of the first operand is zero, the process continues with storing the adjustment entropy in the second operand.
Rather than handling an access exception in a single execution instruction, an access exception may be reported for a larger portion of the first and second operands. However, no access exception is identified for locations that do not contain the first or second operand, and for locations that are more than 4 kbytes from the location currently being processed.
This process continues until both operands are zero in length (referred to as normal completion) or until the number of bytes determined by the CPU has been stored (referred to as partial completion), whichever occurs first. When the operation ends due to normal completion, the condition code 0 is set. When the operation ends due to partial completion, the condition code 3 is set. The number of bytes determined by the CPU depends on the model and may be a different number each time the instruction is executed. The number of bytes determined by the CPU is typically non-zero. In some exceptional cases, this number may be zero and condition code 3 may be set to no progress. However, the CPU can prevent endless reproduction of such a progression-free situation.
General register R ends whether the operation is due to normal completion or partial completion 1 And R 1 +1 increments and decrements, respectively, the number of bytes stored in the first operand, and general register R 2 And R 2 +1 is the number of bytes stored in the second operand, incremented and decremented respectively.
If the first and second operands overlap, the result is unpredictable. For example, a specification exception is identified and no other action is taken if any of the following conditions exist: bits 57-63 of general register 0 specify the unassigned or uninstalled function code; r 1 Or R 2 The field specifies an odd register or general register 0. The exception is recognized regardless of the function code; for seeding operations of SHA-512-DRNG function, general register R 2 The length of +1 is greater than 512. For the SHA-512-DRNG function generate operation, if the reseed counter in the parameter block is zero, a general operand data exception is identified.
In accordance with one or more embodiments, the TRNG function may be useful when implementing a hybrid random number generator using a regulated entropy source from the TRNG to periodically reseed deterministic random number generation, such as the generation provided by the SHA-512-DRNG function.
The conditioning entropy provided by the TRNG function may be shared by multiple independently seeded deterministic random number generators. When seeding deterministic random number generators, independence can be achieved through entropy, random numbers or personalized strings provided by the unique program.
In one example, the original entropy provided by the first operand is intended to be used by a diagnostic program that tests the quality of the entropy provided by the function.
In one example, the ratio of raw-to-adjusted entropy provided by a function is constant across all processors of the same model type. Thus, once the program determines the ratio, it does not need to re-execute the TRNG query raw-to-adjusted ratio function unless it is relocated to another model type.
Although the TRNG function generates entropy at the raw-adjusted ratio reported by the TRNG query-raw-condition ratio function, the program never has to request raw and adjusted entropy at that ratio.
As observed by CPUs, other CPUs, and I/O subsystems, inconsistent results may be stored transiently in locations defined for storage for specific functions.
In the above example, the function code is provided to use a single instruction for multiple functions. However, if only one function is provided, the function code may not be used. In addition, more, less or different function code may be used to include more, less or different functions. There are many possibilities. Additionally, in one embodiment, a modified quantity control is provided for use by one of the functions. However, in one or more other embodiments, if the supported functionality does not use modifier control, modifier control may not be included.
As described herein, a single CPU instruction having multiple functions is provided. One functional code of the instruction is to generate one or both of (a) a program specified number of original random numbers (i.e., directly from the hardware TRNG source) and/or (b) a program specified number of adjusted random numbers derived from the original random numbers. Another function of the instruction is to store a ratio X/Y, where X represents the number of true random numbers used to generate the Y adjusted random numbers.
Further details regarding one embodiment of true random number generator functionality are described with reference to FIG. 5A. Initially, an instruction is obtained, STEP 500. The instructions are then executed (on at least one processor), step 502. Based on the executing instruction, function code is obtained, STEP 504, and a determination is made as to whether a true random number generator function is being requested, INQUIRY 506. If it is not the designated true random number generator function, processing is performed according to the function code as described above, step 508. Then the condition code is set, STEP 510, and the process is complete. However, if it is a true random number generator function specified by the function code, the first length is further determined (e.g., at R) 1 Specified in + 1) is greater than zero, query 520. If the first length is greater than zero, the original entropy is provided, step 522. Thereafter, or if the first length is not greater than zero, processing continues to determine the second length (e.g., at R) 2 Specified in + 1) is greater than zero, inquiry 524. If the second length is greater than zero, then the adjustment entropy is provided, step 526. If the second length is not greater than zero or after providing the adjustment entropy, a condition code is set, step 510.
Further details of one embodiment of the true random number generator function are described with reference to FIG. 5B. The logic executes on at least one processor.
Referring to fig. 5B, first, the operation of the TRNG function is started, step 550. This example refers to the ratio of raw-justified bytes generated by the query raw-justified ratio function. The original number of bytes (RB) used to generate the adjusted number of bytes (CB) is shown in 552 and 554, respectively.
The function determines if there are additional true random numbers to store, INQUIRY 556. For example, if register R 1 +1 and R 2 If the +1 values are all zero, the function is complete, stepAn indication of completion is set (e.g., the condition code is set to zero) in 558 and the instruction completes.
If the determination in query 556 indicates that there are additional bytes to store, the function then obtains the original data of the RB bytes from the hardware entropy source, step 560.
The function determines whether the original data is to be stored, INQUIRY 562 (e.g., register R) 1 The value in +1 is non-zero). If so, the function calculates the number of bytes to be stored (M) as RB and register R 1 The minimum of the values in +1, step 564. This function stores the M bytes of raw data in the specified location, STEP 566, (e.g., register R) 1 Memory address of). The function maps the memory address (register R) in steps 568 and 570, respectively 1 ) Increment M and leave the number of bytes to be stored (register R) 1 + 1) decreases M and continues with query 572.
In INQUIRY 572, the function determines whether the adjustment data (e.g., register R) is to be stored 2 The value in +1 is non-zero). If so, the function calculates the number of bytes to be stored (N) as CB and register R 2 The minimum value among the values in +1, step 574. This function generates N bytes of conditioning data from the raw data and at a specified location (e.g., at register R) 2 At the memory address of (c) stores N bytes of adjustment data, step 576. The function then compares the memory address (register R) in steps 578 and 580, respectively 2 ) Increment N and the number of remaining bytes to be stored (register (R) 2 + 1)) decrements N and continues with query 582.
In query 582, the function determines whether model-dependent processing has occurred. If a model-dependent timeout has not occurred, processing continues at step 556. If a model-dependent timeout occurs, then an indication of partial completion is set in step 584 (e.g., the condition code is set to 3) and the instruction completes.
In accordance with one or more embodiments, either or both of the raw data or the adjusted data may be generated; raw and/or adjustment data having a program specified length may be requested; the condition code indicates whether the results of all requests have been stored; and/or whether the individual function indicates a ratio of raw-to-adjusted data.
Further details regarding processing instructions (e.g., architectural machine instructions) configured to perform a plurality of functions are described with reference to fig. 6A-6B.
Referring first to FIG. 6A, instructions configured to perform a plurality of functions are obtained by a processor, step 600. Execution of the machine instruction then continues, step 602. Execution includes, for example, examining one or more inputs to the instruction to determine which one or more of the plurality of functions to execute based on the function code associated with the instruction having a selected value, step 604. Further, based on a first input of the one or more inputs having a first value, performing a function that provides original entropy, wherein providing original entropy comprises storing a plurality of original random numbers, step 606, and based on a second input of the one or more inputs having a second value, performing another function that provides adjusted entropy, wherein providing adjusted entropy comprises storing a plurality of adjusted random numbers, step 608.
In one embodiment, the plurality of original random numbers includes a program specified number of original random numbers 610 and the plurality of adjusted random numbers includes a program specified number of adjusted random numbers 612.
Further, in one example, the function code is set in a register associated with the instruction, and the one or more inputs are set in one or more registers indicated by the instruction 614. Additionally, the one or more inputs include at least one length value 616.
In one example, the one or more inputs include a first length value and a second length value, and wherein checking includes checking the first length value and the second length value, wherein the plurality of original random numbers are stored based on the first length value having the first value, and wherein the plurality of adjusted random numbers are stored based on the second length value having the second value, step 620 (fig. 6B). For example, the first value is a value greater than zero and the second value is a value greater than zero 622.
In a further embodiment, a raw-to-adjusted ratio is provided based on the function code having another selected value, step 624. The raw-to-adjusted ratio indicates, for example, the number of bytes of raw entropy 626 used to generate the corresponding number of bytes of adjusted entropy.
In one embodiment, the providing includes storing a count of the number of bytes of the original entropy in one location of the parameter block and storing a count of the number of bytes of the adjusted entropy in another location of the parameter block, step 628.
Embodiments of the present invention are not separable from computer technology that improves processing within a computing environment, including but not limited to security-related processing, such as data encryption and the like.
Generating true random numbers may be more CPU resource intensive than generating pseudo random numbers. Thus, to avoid lengthy instruction execution, an instruction may be completed by indicating that only a portion of the requested results were generated. In this case, the instruction is completed by incrementing the register containing the address by the number of bytes stored, decrementing the register containing the length by the same amount, and setting an indicative condition code (e.g., CC 3). When all requested TRNG outputs have been generated, the instruction is completed by updating the address and length registers to indicate its progress and setting another indicative condition code (e.g., CC 0).
One use is to periodically use the TRNG function to generate a regulated output for an application and then use the regulation result to initially seed the pseudo-random number generation for some number of iterations. Thus, for this usage, adjusting the output is the only result needed. However, for statistical validation of TRNG results, it is useful to have both raw and adjusted entropy, so the instruction provides both. The TRNG function of the instruction generates both raw and adjusted entropy. The program specifies how many bytes of original entropy (if any) to generate; and the program specifies how many bytes of adjustment entropy (if any) to generate. The TRNG query raw-adjusted ratio function generates a ratio indicating that X bytes of raw entropy are used to generate Y bytes of adjusted entropy.
Although in the above examples certain information such as function codes and/or other inputs are indicated as being provided in registers, in other examples they may be provided in other locations, such as memory locations or the like. Further, the raw-to-adjusted ratio may be returned to a location other than the parameter block, such as in a register or other memory location. Many other such variations are possible.
The present invention may be a system, method, and/or computer program product for any possible level of technical detail integration. The computer program product may include a computer-readable storage medium (or multiple computer-readable storage media) having computer-readable program instructions embodied thereon for causing a processor to perform various aspects of the present invention.
The computer readable storage medium may be a tangible device that can retain and store the instructions for use by the instruction execution apparatus. The computer readable storage medium may be, for example, but is not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer-readable storage medium includes the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device such as a punch card or a raised-in-groove structure having instructions recorded thereon, and any suitable combination of the foregoing. The computer-readable storage medium used herein should not be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses delivered through a fiber optic cable), or electrical signals transmitted through a wire.
The computer-readable program instructions described herein may be downloaded to a corresponding computing/processing device from a computer-readable storage medium, or downloaded to an external computer or external storage device via a network (e.g., the internet, a local area network, a wide area network, and/or a wireless network). The network may include copper transmission cables, optical transmission fibers, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives the computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium within the respective computing/processing device.
Computer readable program instructions for carrying out operations of the present invention may be assembler instructions, instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, integrated circuit configuration data, or source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, an electronic circuit comprising, for example, a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA), can personalize a custom electronic circuit by utilizing state information of computer-readable program instructions that the electronic circuit executes in order to perform aspects of the present invention.
Aspects of the present invention are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable storage medium having the instructions stored therein comprise an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
The computer-readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition to the above, one or more aspects of the service may be provided, given, deployed, managed, serviced, etc. by a service provider who offers customer environment management. For example, a service provider can create, maintain, support, and/or execute a computer infrastructure of one or more aspects for one or more customers. In return, the service provider may receive payment from the customer, e.g., according to a subscription and/or fee agreement. Additionally or alternatively, the service provider may receive payment from the sale of advertising content to one or more third parties.
In one aspect, an application may be deployed to perform one or more embodiments. As one example, deployment of an application includes providing a computer infrastructure operable to perform one or more embodiments.
As another aspect, a computing infrastructure can be deployed comprising integrating computer-readable code into a computing system, wherein the code in combination with the computing system is capable of performing one or more embodiments.
As yet another aspect, a process for integrating computing infrastructure can be provided that includes integrating computer readable code into a computer system. The computer system includes a computer-readable medium, where the computer medium includes one or more embodiments. The code in combination with the computer system is capable of performing one or more embodiments.
While various embodiments are described above, these are only examples. For example, computing environments having other architectures may be used to incorporate and use one or more embodiments. Further, different instructions, instruction formats, instruction fields, and/or instruction values may be used. Many variations are possible.
In addition, other types of computing environments may benefit and be used. By way of example, data processing systems suitable for storing and/or executing program code are available that include at least two processors coupled directly or indirectly to memory elements through a system bus. The memory elements include, for instance, local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
Input/output or I/O devices (including but not limited to keyboards, displays, pointing devices, DASD, tape, CDs, DVDs, thumb drives and other storage media, etc.) can be coupled to the system either directly or through intervening I/O controllers. Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the available types of network adapters.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
The corresponding structures, materials, acts, and equivalents of all means or step plus function elements in the claims below, if any, are intended to include any structure, material, or act for performing the function in combination with other claimed elements as specifically claimed. The description of one or more embodiments has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the embodiments in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiments were chosen and described in order to best explain various aspects and practical applications, and to enable others of ordinary skill in the art to understand various embodiments with various modifications as are suited to the particular use contemplated.

Claims (20)

1. A computer-readable storage medium for facilitating processing in a computing environment, readable by a processing circuit and storing instructions for execution by the processing circuit, for performing a method, the method comprising:
obtaining an instruction to be executed, the instruction being an architectural machine instruction, the instruction configured to perform a plurality of functions including a true random number generator function that generates an original entropy, a conditioning entropy, or both; and
executing the instructions, the executing comprising:
based on a function code associated with the instruction having a selected value, examining one or more inputs to the instruction to determine which one or more functions of the plurality of functions to execute;
performing a function that provides original entropy based on a first input of the one or more inputs having a first value, wherein the providing original entropy comprises storing a plurality of original random numbers; and
based on a second input of the one or more inputs having a second value, performing another function that provides adjustment entropy, wherein the providing adjustment entropy includes storing a plurality of adjustment random numbers.
2. The computer-readable storage medium of claim 1, wherein the plurality of original random numbers comprises a program-specified number of original random numbers.
3. The computer-readable storage medium of claim 1, wherein the plurality of adjustment random numbers comprises a program-specified number of adjustment random numbers.
4. The computer-readable storage medium of claim 1, wherein the function code is disposed in a register associated with the instruction and the one or more inputs are disposed in one or more registers indicated by the instruction.
5. The computer-readable storage medium of claim 1, wherein the one or more inputs comprise at least one length value.
6. The computer-readable storage medium of claim 1, wherein the one or more inputs comprise a first length value and a second length value, and wherein the checking comprises checking the first length value and the second length value, wherein the plurality of original random numbers are stored based on the first length value having the first value, and wherein the plurality of adjusted random numbers are stored based on the second length value having the second value.
7. The computer-readable storage medium of claim 6, wherein the first value is a value greater than zero and the second value is a value greater than zero.
8. The computer-readable storage medium of claim 1, wherein based on the function code having another selected value, providing a raw-to-adjusted ratio.
9. The computer-readable storage medium of claim 8, wherein the raw-to-adjusted ratio indicates a number of bytes of raw entropy used to generate a corresponding number of bytes of adjusted entropy.
10. The computer-readable storage medium of claim 9, wherein said providing a raw-to-adjusted ratio comprises: a count of the number of bytes of the original entropy is stored at one location of the parameter block, and a count of the number of bytes of the adjusted entropy is stored at another location of the parameter block.
11. A computer system for facilitating processing in a computing environment, the computer system comprising:
a memory; and
a processor in communication with the memory, wherein the computer system is configured to perform a method comprising:
obtaining an instruction to be executed, the instruction being an architectural machine instruction, the instruction configured to perform a plurality of functions including a true random number generator function that generates an original entropy, a scaled entropy, or both; and
executing the instructions, the executing comprising:
based on a function code associated with the instruction having a selected value, examining one or more inputs to the instruction to determine which one or more functions of the plurality of functions to execute;
performing a function that provides original entropy based on a first input of the one or more inputs having a first value, wherein the providing original entropy comprises storing a plurality of original random numbers; and
based on a second input of the one or more inputs having a second value, performing another function that provides adjustment entropy, wherein the providing adjustment entropy includes storing a plurality of adjustment random numbers.
12. The computer system of claim 11, wherein the plurality of original random numbers comprises a program specified number of original random numbers, and wherein the plurality of adjusted random numbers comprises a program specified number of adjusted random numbers.
13. The computer system of claim 11, wherein the function code is disposed in a register associated with the instruction and the one or more inputs are disposed in one or more registers indicated by the instruction.
14. The computer system of claim 11, wherein the one or more inputs comprise a first length value and a second length value, and wherein the checking comprises checking the first length value and the second length value, wherein the plurality of original random numbers are stored based on the first length value having the first value, and wherein the plurality of adjusted random numbers are stored based on the second length value having the second value.
15. The computer system of claim 11, wherein based on the function code having another selected value, a raw-to-adjusted ratio is provided, wherein the raw-to-adjusted ratio indicates a number of bytes of raw entropy used to generate a corresponding number of bytes of adjusted entropy.
16. A computer-implemented method of facilitating processing in a computing environment, the computer-implemented method comprising:
obtaining an instruction to be executed, the instruction being an architectural machine instruction, the instruction configured to perform a plurality of functions including a true random number generator function that generates an original entropy, a scaled entropy, or both; and
executing the instructions, the executing comprising:
based on a function code associated with the instruction having a selected value, examining one or more inputs to the instruction to determine which one or more functions of the plurality of functions to execute;
performing a function that provides original entropy based on a first input of the one or more inputs having a first value, wherein the providing original entropy comprises storing a plurality of original random numbers; and
based on a second input of the one or more inputs having a second value, performing another function that provides adjusted entropy, wherein the providing adjusted entropy includes storing a plurality of adjusted random numbers.
17. The computer-implemented method of claim 16, wherein the plurality of original random numbers comprises a program-specified number of original random numbers, and wherein the plurality of adjusted random numbers comprises a program-specified number of adjusted random numbers.
18. The computer-implemented method of claim 16, wherein the function code is disposed in a register associated with the instruction, the one or more inputs being disposed in one or more registers indicated by the instruction.
19. The computer-implemented method of claim 16, wherein the one or more inputs comprise a first length value and a second length value, and wherein the checking comprises checking the first length value and the second length value, wherein the plurality of original random numbers are stored based on the first length value having the first value, and wherein the plurality of adjusted random numbers are stored based on the second length value having the second value.
20. The computer-implemented method of claim 16, wherein based on the function code having another selected value, providing a raw-to-adjusted ratio, wherein the raw-to-adjusted ratio indicates a number of bytes of raw entropy used to generate a corresponding number of bytes of adjusted entropy.
HK19127465.3A 2016-09-30 2017-09-26 Computer readable media, system and method for providing instructions for true random numbers HK40003949B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US15/281,159 2016-09-30

Publications (2)

Publication Number Publication Date
HK40003949A HK40003949A (en) 2020-04-17
HK40003949B true HK40003949B (en) 2023-06-02

Family

ID=

Similar Documents

Publication Publication Date Title
CN109804347B (en) Computer-readable storage media, system, and method for providing instructions for true random numbers
JP6177355B2 (en) Instruction to perform pseudo-random number generation operation
US10313109B2 (en) Instruction for performing a pseudorandom number seed operation
TW201820816A (en) Cipher message with authentication instruction
JP6986556B2 (en) Computer program products, computer systems, and computer implementation methods to facilitate processing in a computing environment.
TW202034655A (en) Compute digital signature authentication sign with encrypted key instruction
TW202040966A (en) Compute digital signature authentication sign instruction
HK40003949B (en) Computer readable media, system and method for providing instructions for true random numbers
HK40003949A (en) Computer readable media, system and method for providing instructions for true random numbers
CA3036108C (en) Instruction to provide true random numbers
HK40005677B (en) Determination of state of padding operation