WO2011113743A2 - Method and installation for generating nondeterministic random elements - Google Patents

Abstract

The invention relates to a method of generating nondeterministic random elements by computing means, in which the frequency of operation of at least part of said computing means is increased, at least until an error at the output of the means whose operating frequency has been increased is detected.

Description

 METHOD AND INSTALLATION FOR GENERATING NON-ALEAS

 DETERMINISTIC

The invention relates to the field of the generation of hazards by computer means.

 More specifically, the invention relates to the field of the generation of non-deterministic hazards usable for example in applications for generating safe random numbers, games or lotteries or large-scale simulation.

 The generation of non-deterministic hazards by computer means comes up against the fundamental problem of the unavoidable determinism of the functioning of computers. A. Turing [1] has described the Laplacian determinism dimension of the discrete state machine, which has since been used as a theoretical basis for the functioning of all computers and their insensitivity to the initial conditions that govern all the physical phenomena of our universe. In order to solve this problem, several approaches have been followed over the last twenty years. The first is to look outside the computer for a source of randomness based on unpredictable physical phenomena. Internet sites thus provide the possibility of finding the result in the form of a series of bits of the collection of these physical phenomena. The most famous are: Hotbits [2], based on the radioactive decay of Cassium-137, LavaRand [3], based on images of "lava lamps" filmed by a camera, LavaRnd [4], based on the noise of a CCD or random.org sensor [5], based on radio-atmospheric noise.

 All these approaches have several major drawbacks, including the need to be connected to have access to hazards and the very low bit rate (a few hundred bits per second) that can be obtained from these sources.

The second approach is to collect a number of events occurring within a computer to power a entropy pool (entropy pool in English) which will later serve seed to pseudo random number generators. These events are commonly used: moving the pointing device (mouse), network activity or input / output (I / O), processor load, or noise generated by the computer sound card. Operating systems like Linux, Solaris, FreeBSD (and many others) use this approach in the form of the entropy reading contained in the "/ dev / random" file [6]. A description of the weaknesses of such an approach and possible attacks was made in 2006 [7]. It should be noted in this connection that the work of the HAVEGE project [32] seems to provide a number of answers.

 The third approach is radically different in that it uses real sources of physical hazards connected in the form of peripherals to the computer and is the subject of a commercial offer contrary to the previous approaches. The sources of physical hazards chosen by these solutions are, for example, out of phase multiple oscillators, diode or transistor junctions, cascaded oscillators or quantum optics phenomena. It is possible to find on the market these different products, including: the SG100 TRNG [8] of the Protego company, the R2000KU [9] of the ComScire company, the rw3 [10] built by Rolf Freitag or the Quantis of the company Quantum id [11]. Various patents or patent applications have been filed for this type of solution (such as DE 19926640, US 6,324,558, US 6,763,364, US 6,862,605, US 7,096,242, or FR 04 09138 and FR 05 52046).

Despite the undeniable qualities (bit volume, uniformity) of the hazards provided by these devices, a number of faults make these solutions inaccessible to the greatest number, in particular the need to acquire a specialized device, to install a specific driver, to follow updates of the associated software part, etc. In addition, the evolution over time of physical sources of hazards (radioactivity, lasers, ...) or devices relating to their detection (aging of sensors) still needs to be researched to validate its long-term reliability.

An object of the present invention is therefore to solve the problems raised by current hazard generators, in particular the weakness of their bit rates, the vulnerability of the entropy pools, the complexity and specificity of the devices implemented, etc.

 More precisely, an aim of the invention is to make the generation of random events independent without resorting to external resources (dedicated peripherals, internet sites) or internal resources (events, interrupts) to initiate or maintain the generation of random events. and using resources (programming interfaces, hardware) standard and present on the majority of personal computers, embedded industrial equipment or portable devices (phones, tablets, netbook), to improve the cryptographic quality of the hazards generated by the impossibility of prediction of the successive states of the generator as well as the protection of the internal states of the generator against attacks. For this purpose, the invention proposes a method for generating non-deterministic hazards by computer means, in which the operating frequency of at least a portion of said computer means is increased, at least until an error in the output means whose operating frequency has been increased is detected.

 Some preferred but non-limiting aspects of the invention are the following:

 the method comprises the following steps:

 the operating frequency of at least a portion of the computer resources is incremented, and

o we implement on computer means whose operating frequency has been increased transformation that modifies its state;

the incrementation and transformation steps being repeated at least until an error is detected at the output of the means whose operating frequency has been incremented;

 - transformation is an ergodic transformation;

 the computer means whose operating frequency is incremented comprises a working memory, and the transformation modifies the addressing of data stored in said memory;

 an error is detected by comparison between expected states for the data on which the transformation is implemented and states obtained at the end of the transformation for these data;

 the method further comprises a random generation step in which:

 o a temporal hazard by determining the moment of appearance of the error; and or

 o a spatial hazard by determining the coordinates of the error; and or

 o a quantitative hazard by evaluating the difference between the value of the expected state of the error and the value of the state obtained from the error;

 the method further comprises at least one collection cycle, during which:

 o the uncertainties generated during the last transformation and

 o transforming the state of the computer resources whose operating frequency has been increased by modifying the addressing of the data in the memory according to these hazards;

 the method further comprises the steps in which:

o we define a variable of randomness: o the random variable is initialized according to the random events generated during the last transformation, the step of transforming the state of the computer means being implemented as a function of the value of said random variable; and

 o the value of the hazard variable is modified according to the hazards detected during the new transformation;

the method further comprises the steps in which:

 o the addressing of the data is divided into N subgroups, N being a non-zero integer; and

 transforming the state of the computer means whose operating frequency has been increased by modifying the addressing of the data in the memory by subgroup according to an order which is determined by the value of said random variable;

the method further comprises the steps in which:

 o a threshold number is defined;

 o it is determined whether the number of errors produced by the increase in the frequency of the computer means exceeds the threshold number;

^■ if the threshold number is reached or exceeded, the collection cycle is completed;

^■ if the threshold number is not reached, a new collection cycle is repeated by repeating the transformation step;

for that,

 o define a threshold quantity of random numbers;

 o a results table is initialized from the transformed data resulting from the collection cycles;

o a transformation of the states of the data by modifying their addressing; o the hazards generated by the transformation are detected; and o fill in the results table with the hazards detected during the transformation;

the transformation and filling steps of the array being repeated until the quantity of random numbers contained in the array reaches or exceeds the predefined threshold quantity;

 the data to which a transformation is applied are pixel values (501 -506) forming an initial matrix, and the transformed data are pixel values forming a transformed matrix;

 the error is detected by comparing the values of the pixels of the transformed matrix with values of the pixels of the initial matrix, said error being a color error;

 the error is detected by performing, during the same transformation cycle, two consecutive readings of the transformed matrix in order to compare pixel values resulting from the first reading of the transformed matrix with pixel values derived from the second reading of the same matrix, said error being a difference error;

 the method furthermore comprises, in addition, a feedback loop comprising the following steps:

 o initialize a feedback variable;

 o determine whether the detected error is a color error or a difference error;

^■ if the value of the variable is even, detect a color error;

^■ if the value of the variable is odd, detect a difference error; and

 o increment the feedback variable;

the computer means are a graphics card, the data to which a transformation is applied being data stored in its random access memory, and in which, prior to the incrementation of the frequency, the method is initialized according to the following steps:

 o detect the graphics card;

 o determine the over-frequency capacity of the RAM of the graphics card;

 o create a graphical context; and

 initializing the initial matrix of pixels; and

 the method comprises the steps in which:

 o a standard is defined for computing resources by defining a maximum number of allowable errors for a given frequency increase,

 o whether the number of errors obtained is greater than or equal to this maximum number of allowable errors; and o it is determined whether the computer means comply with the standard

 the coordinates of the pixels that systematically generate an error from a determined frequency are determined, and a unique identifier of the computer means is defined by constructing a mapping of these pixels. According to a second aspect, the invention proposes a computer system for the generation non-deterministic hazards, including:

a generator, which is a computer means with an internal clock,

a processor supervisor capable of interacting with said generator, the supervisor controlling the increase of the frequency of the generator's internal clock and comprises means for implementing an error detection at the output of the generator.

 Some preferred but non-limiting aspects of the system according to the invention are the following:

the generator is a processor-based computer means and includes means for memorizing a transformation to be implemented, the supervisor controlling the implementation of the said transformation;

- the generator is a graphics card;

 - the supervisor is a motherboard of a computer; and

 - the supervisor and the generator are both carried by a motherboard of a computer.

 Such a system makes it possible in particular to use the constantly increasing power of graphics processors (GPU) to generate large volumes of randomness. Other features, aims and advantages will appear better on reading the detailed description which follows, and with reference to the appended drawings given as non-limiting examples and in which:

 FIG. 1 schematically represents a conventional computer, equipped with peripherals,

 Figure 2 schematically shows a conventional graphics card;

 FIG. 3 represents an operating flow diagram of a system according to the invention;

 FIG. 4 represents the nature of the flows between the supervisor and the generator;

 FIG. 5 represents a 3200% zoom of the initial matrix loaded at the beginning of the method according to the invention by the supervisor in the video memory of the generator;

 Fig. 6 shows histograms of RGBA color channels of the initial pixel matrix according to one embodiment of the invention;

FIG. 7 represents histograms of RGBA color channels of the pixel matrix, highlighting the distribution of the hazards appeared after application of a detection cycle according to the invention, in the case of the embodiment of the FIG. 6 containing the hazards read by the supervisor from the video memory of the generator; FIG. 8 represents a zoom of a part of the final matrix highlighting the hazards that appeared after the application of a detection cycle of the method according to the invention;

 FIG. 9 represents histograms of RGBA color channels of the final matrix of pixels, highlighting the distribution of the hazards appeared after application of a detection cycle and a collection cycle according to the invention;

 FIG. 10 represents histograms of the RGBA channels corresponding to the matrix of pixels after the application of ten million (10,000,000) detection cycles in accordance with the invention without overfrequency;

 Figure 11 details steps of the initialization of the method according to the invention;

 Figure 12 details the steps of the detection cycle according to the invention; Figure 13 details steps of the collection cycle according to the invention; Figure 14 details steps of the generation cycle according to the invention; and

 Figure 15 details four examples of transformations that can be implemented over three cycles illustrated in Figures 12 to 14.

General principles

 Figures 1 and following illustrate an implementation overclocking (or overdocking in English) of one or more components of a computer to create non-deterministic hazards according to the invention.

 These electronic components are subject to standard specifications that allow component suppliers and their customers to industrialize their manufacturing and assembly.

According to one embodiment, the working memory of a processor, for example a random access memory (RAM) of the computer and / or some of its peripherals such as its card, is preferably on-frequency. graphic.

 The RAM standards are developed and finalized by the Joint Electron Devices Engineering Council (JEDEC) consortium in the form of specifications describing all memory characteristics such as DDR (Double Data Rate) 2 or 3.

 These specifications are the subject of physical implementations that manufacturers describe as a "datasheet". These components, once manufactured, are tested to ensure that the specifications are correct and finalized. The results of these tests may lead to the acceptance of the manufactured component, its downgrading or its rejection.

 Overclocking is a set of techniques designed to increase the performance of one or more components of a computer by relying on their physical tolerances, in order to achieve higher overall operating performance. These techniques are particularly the subject of sites devoted to them [15] [16], specialized tools [17] which are sometimes provided by the equipment manufacturers themselves [18] [19] [20], benchmarks (performance measures) [21] [22] [23] and official competitions [24]. These techniques are mainly aimed at two components: the processor and the RAM whose over-frequency is to be subjected to stability tests aimed at detecting the threshold beyond which the operation of the computer or device in question could be postponed. in question.

 The most used test tools are: Super PI (processor) [24], Prime 95 (processor) [25], memtest (RAM) [26], OCCT (processor + memory) [27], Fur Mark (card graph). [28] The official support of overfrequency by the suppliers of their own hardware thus guarantees the proper functioning of the invention within the limits of industrial tolerances supported by these same manufacturers.

Here, we use the over-frequency of a standard component of a computer to create non-deterministic hazards, without questioning the good functioning of the computer or the peripheral whose component is the object of the overfrequency and without endangering the component itself by this action.

 Preferably, the RAM of the graphics card of the computer is over-frequency so as not to over-frequent the processor or the random-access memory of the computer and to guarantee the integrity and proper functioning of the computer. the present invention.

 Indeed, in case of over-excessive frequency of the RAM of the graphics card, only the part concerning the display of the computer is affected, and at worst would require a restart of the computer without impact on its integrity.

 In addition, the RAM is a component whose operating tolerances (frequencies, voltages, temperatures) are much greater than for a processor. The risk of irreparable electronic damage to RAM by increasing the frequency is extremely low. Conversely, the over-frequency of the processor can bring, in case of cooling fault adapted to a permanent destruction of this component. This remains true for the processor of the computer (CPU) or for a processor of the graphics card (GPU).

System for hazard generation

 The computer resources planned for this implementation include, for example:

 A processor (hereinafter referred to as a supervisor), capable of interacting with peripherals, in particular a graphics processor, and capable of executing a supervision program; and

A device (hereinafter referred to as a generator), such as a graphics processor, having a dedicated working memory capable of increasing in frequency of functioning and able to execute a program or transformation, able to modify the state of the device.

 The generator executes a transformation, preferably a mixing, of which each transformation cycle corresponds to a different state of the generator.

 The supervisor measures the internal state of the generator at each generator transformation cycle. This measurement consists in finding errors contained in the data transformed by the generator.

 Preferably, during a given measurement cycle, the supervisor over-frequency the random access memory of the generator by incrementing the frequency of the random access memory by a determined step. The generator then executes a transformation cycle for each frequency and then reads the transformed data into the generator memory. Advantageously, the mixing transformation comprises a return cycle time to an identical state as long as possible.

 This blending transformation can be a "baker's transformation" whose ergodicity properties have been proven [29]. By ergodic transformation, the present invention intends that the distribution of the succession of successive states of the transformed system following a transformation T is that of all the possible states of the system s at an instant n of T (n).

 These properties are used in the context of the present invention as follows:

 - After each step of the baker's transformation, the geometric coordinates of each point are modified, which guarantees a state n + 1 always different from the state preceding n modulo the return time to the identical.

- The time of return to the identical of a set of points depends on the dimensions of the matrix which is the object of the transformation. In preferred implementation, the dimensions are chosen to have a return time guaranteeing a very large number of different states.

 The quality of ergodicity of the baker's transformation also guarantees a conservation of the properties of the probability distribution which is necessary for the uniformity of the hazards generated by the present invention.

 The proposed method is however not limited to over-frequencying of the RAM of a graphics processor.

 Typically, the generator may also be a motherboard adapted to over-frequency a component such as a memory bus, communication bus (PCI, PIC-E, ...), a working memory or a processor (CPU), a graphics processor (GPU) or a part of this processor (shaders).

 According to a preferred embodiment, the data manipulated by the generator are pixel values. In particular, the data may consist of a matrix of pixels containing four color channels: red (R), green (G), blue (B) and a transparency layer called alpha (A), subsequently designated by "RGBA".

 Nevertheless, the present invention is not limited to pixel processing but can also be applied to other types of data such as integers or floating-point numbers.

 The supervisor then initiates at startup a matrix comprising initial pixel values according to a specific provision likely to promote the appearance of errors. These values can be systematically the same at each new initialization step since it is the indeterminacy of the hazards generated by the overfrequency that guarantees the non-predictability properties of the present invention.

 The typology of the hazards generated by the over-frequency can be the following:

Temporal hazards, designated by the AT sequence, characterized by the moment of appearance of the errors generated by the overfrequency. The These uncertainties can be measured by the time elapsed since the start of the detection phase, by the frequency associated with the appearance of the first error or by the value of a variable incremented with each increase in the frequency.

 Spatial hazards, referred to as AS, characterized by the position of the errors generated by the overfrequency. The measurement of these hazards corresponds to the coordinates (abscissa and ordinate) of the pixel in the matrix transformed by the generator or by its physical address.

 Quantitative random events, referred to as AQ, correspond to the difference between the reference values expected by the supervisor and those provided by the generator.

 Hazards AT, AS or AQ are then detected by the supervisor by comparing the values of the pixels of the transformed matrix with respect to the values of the pixels of the initial matrix, ie in:

 (1) The appearance of one or more RGBA colors in the pixel matrix transformed by the generator that are different from those initialized at the start of the program. It is then a "color error"; and

 (2) RGBA colors that differ between two consecutive reads of the generator pixel array corresponding to the same transformation cycle. It is then a "mistake of differences".

 The supervisor qualifies each error detected as random AT, AS or AQ. Preferably, the supervisor carries out three different cycles in which one or more "color errors" and / or "error of differences" may be searched:

 - A first cycle, called detection, aims to determine the appearance of the first color error (s) and / or the first error (s) of differences.

- a second cycle, called the collection cycle, consists of producing by the generator a number of color errors or differences exceeding a predefined threshold number.

 A third cycle, called the generation cycle, uses the pixel matrix constructed by the implementation of the first two steps to cause the generator to produce a series of bits whose random properties have successfully passed all the reference tests. ] [13] [14].

 These three stages (or cycles) of detection, collection, and generation implement the same transformation of the baker in order to make the best use of the properties. In addition, at each of these steps, the present invention can use the measured hazards to dynamically modify the operation thereof.

 Thus, for example, the matrix of pixels of dimensions X by Y transformed by the generator can be divided into four sub-matrices. According to FIG. 15, the transformation of the baker can be carried out indifferently on the sub-matrices:

 - 1501, whose dimensions are X / 2 by Y defined by the coordinates ([0,0], [X / 2,0]) on the abscissa and ([0, Y], [X / 2, Y / 2 ]) on the y-axis and subsequently called "T1"

 - 1502, whose dimensions are X by Y / 2 defined by the coordinates ([0, Y / 2], [X, Y / 2]) on the abscissa and ([0, Y], [X, Y]) on the y-axis and subsequently called "T2"

 - 1503, whose dimensions are X / 2 by Y defined by the coordinates ([X / 2,0], [X, 0]) as abscissa and ([X / 2, Y / 2], [X, Y ]) on the y-axis and subsequently called "T3"

 - 1504, whose dimensions are X by Y / 2 defined by the coordinates ([0,0], [X, 0]) on the abscissa and ([0, Y / 2], [X, Y / 2]) on the y-axis and subsequently called "T4"

 The logical sequence order of transformations is T1 → T2 →

T3 → T4. This order can be dynamically changed by taking into account the hazards AT, AS or AQ, which, in the form of a logical combination of N variables (N> 1), will make it possible to modify the sequence. This feedback dimension aims to amplify the non-deterministic nature of each step. However, it is not necessary for the proper execution of the invention.

 Alternatively, the number of sub-matrices chosen in the implementation of the present invention may be different from four.

 Matrices of smaller dimensions would make it possible to make the best use of the parallelism present in the cores (core in English) of the processors of computers or graphics cards.

 Finally, the generator performs an EXCLUSIVE OR (XOR) logic operation between the pixels of the matrix at step N and the pixels transformed at step N + 1. This logical combination aims to improve the uniformity of the hazards generated by the present invention.

In more detail, a computer 10 comprises a CPU (Central Processing Unit) 1 1 capable of communicating with a working memory 12 via a memory bus 13. The working memory 12 is capable of storing the instructions executed by the central unit 11 as well as the data necessary for the implementation of the present invention.

 The central unit also communicates with a number of peripherals (for example a keyboard 16, a mouse, etc.) via a dedicated bus 14 supporting standard interfaces such as USB (for Universal Serial Bus), SATA (for Serial). Advanced Technolgy Attachment) or AGP (for Accelerated Graphie Port) or PCI-Express (for Peripheral Component Interconnect - Express).

Preferred communication interfaces are the PCI-Express [30] or AGP [31] protocols relating to the communication with the graphics card 20. Storage devices such as one or more hard disks 15 make it possible to save the program implemented by the present invention. invention and, where appropriate, the hazards produced by the generator. Figure 2 describes the generic architecture of an embodiment of the graphics card.

 The graphics card 20 includes a GPU 21 (Graphics Processing Unit) capable of accelerating the execution of graphic primitives as described in the OpenGL or DirectX3D standards. The graphics card also includes a working memory 22 capable of storing instructions and data. The central unit 21 and the working memory 22 do not communicate via the memory bus 23. It communicates by means of a peripheral bus 423 with the computer or one or more screens 24 via the standard protocols 25 such as AGP or PCI -Express for computer 26 and DVI (for Device Visual Interface) or HDMI (for High Definiton Multimedia Interface) for display devices (eg screen). Random generation method

 Reference is now made to FIG. 3, which describes operating steps of the method. All these steps are performed by the supervisor on the computer as described in Figure 1.

 In step 101, the supervisor initializes the operation of the generator. This step aims to verify the capabilities of the generator to implement the present invention, to create a graphical context capable of executing the supervisor procedure, to set the parameters necessary for its operation, to initialize an initial matrix of pixels RGBA, to transfer it to the memory of the generator and to transfer in this same memory the program of the supervisor. The details of these different steps will be repeated in the description of FIG. 11.

During the course of step 101, a certain number of checks and error detections are carried out by the supervisor. In case of failure (impossibility of over-frequency, insufficient graphic characteristics, etc.), the present invention can not be implemented. Advantageously, the method does not depend on any event and / or external data to build its own entropy and generate the hazards. The initial matrix (Figure 5) can be constantly the same for all cycles leading to the generation of hazards.

 It is therefore no longer necessary to go through the step of searching for initial seeds, which often represents the most sensitive part of the cryptographic attacks of random number generators (RNGs). The process also does not depend on the interruptions produced by an operating system under which this method is implemented to constitute the dynamics of the generation of hazards.

 Its total autonomy vis-à-vis external devices is also a guarantee against the type of attack aimed at playing on the quality of entropy pools data to calculate the sequence of hazards generated by other types of approach.

 The method described herein therefore responds to the recommendations of the National Institute of Standards and Technology (NIST) concerning the initialization of random number generators.

 In step 102, the supervisor executes the detection cycle.

 The objective of this cycle is the detection of the first errors resulting from the increase of the working frequency of the working memory of the generator.

 With reference to FIG. 12, step 102 comprises a loop consisting of the following sub-steps: initialization of variables ErrColor, ErrDifference and Incr at zero, overfrequency of the generator memory, detection of color errors for the even values of the variable Incr and error detection differences for the odd values of the variable Incr. The alternation of the detections of the errors colors or differences has for objectives:

• to dissociate the detection of errors and to allow the adaptation of the present invention to a very wide range of materials • to allow the implementation of temporal hazards (AT) in the course of this step. Once the detection of an error type (colors or differences) has been completed, only the detection of the other type of error is subsequently performed.

 The course of the substeps of this loop therefore follow a deterministic approach. As long as no error has been detected, the content of the pixel matrix of the generator is in fact perfectly determined by the number of times that the loop has been performed. The simple knowledge of the transformation used by the system would allow, as a function of the number of iterations, to reconstruct identically the pixel matrix of the generator.

 The indeterminism of the method according to the invention is due to the nature of the hazards (AT, AS, AQ) detected.

 First, the order of appearance of the first error, regardless of its type (color or difference) is totally random and unpredictable. The alternation between the sub-steps for detecting color and difference errors is thus unpredictable and constitutes the first step of the non-deterministic (in the form of time-type random events - AT) of the present invention.

 Second, the error values or their position in the pixel array are also unpredictable and constitute the second step of nondeterminism (in the form of spatial or quantitative randomness - AS or AQ) of the present invention.

 Thus, the indeterminacy following the increase in the frequency of operation of the generator memory is highlighted in step 102.

In addition, it is possible to implement the method from the same initial matrix, insofar as it is the errors generated during the transformations of the matrix that make it possible to obtain random events, independently of the initial values of pixels. of the matrix, which further demonstrates the non-determinism of the process.

Of course, it is also possible to start from different initial matrices for each implementation of the method.

 However, the choice of values of the initial matrix determines the sensitivity of the tests used. Over-frequencying of the generator's working memory could lead to a blocking of the graphics card and its shutdown. The combination of the color and difference tests makes it possible to detect the appearance of errors at the earliest in the overfrequency step and thus to remain within the limits of the operating tolerances of this component.

 The implementation of the method is not incompatible with the proper operation of the graphics card and can therefore operate in the context of normal operation of the computer.

 Moreover, the knowledge of the internal state of a random generator can lead a user to predict the future states and thus to question the desired cryptographic qualities. Nevertheless, the test concerning the "difference" error is carried out by two consecutive readings of the matrix of pixels of the generator. Once the first detected difference error corresponds to a given overfrequency frequency, any other reading of the generator pixel array is likely to generate the same type of "difference" errors. Thus, the internal state of the generator is thus protected from any user to know the content.

 In step 103, the supervisor executes the collection cycle.

 Its objective is both to amplify the errors detected during phase 102, and to increase the mixing of the transformation carried out by the generator.

Indeed, despite the indeterminacy of the errors detected during step 102, the values that these errors may take belong to an interval too small to generate quality hazards. Step 103 therefore aims to improve the quality of hazards, by implementing a loop consisting of four sub-steps (see Figure 14 attached):

 incrementing a given step of the frequency of the supervisor's working memory,

 the repatriation of the matrix of pixels and the collection of N hazards in this matrix,

 the execution of a type of transformation by the supervisor according to the risks collected,

 the detection of "color" or "difference" errors and the test of exceeding a given threshold.

 The implementation of step 103 thus increases the mixing power of the transformation performed by the generator.

 After each reading of the array of pixels of the generator, the supervisor uses N random variables of this matrix in order to modify in a non-deterministic way the order of the transformations T1, T2, T3 or T4.

 This embodiment is similar to a dynamic feedback loop whose course can not be predicted by any user seeking to determine, by the sequence of cycles of different transformations, the internal state of the generator.

 In a preferred embodiment, the overfrequency of the generator memory and the detection of color or difference errors are performed only during steps 102 and 103.

 In step 104, the supervisor performs the generation cycle.

 Its purpose is to generate hazards from the matrix constructed in steps 102 and 103.

 With reference to FIG. 14, step 104 comprises a loop composed of the following sub-steps:

 -initialization of the variable GenAlea with a random of the spatial type

(AS)

 execution by the generator of the transformations T1, T2, T3 or T4 as a function of the value of the GenAlea variable,

-Reading the generator pixel array in the array Results,

 -changing the GenAlea value.

 This loop ends when a set number of random events has been reached.

 Between steps 102 and 103 and steps 103 and 104, it is performed at an initialization of the generator matrix in order to use the hazards collected in the previous steps and to increase the non-determinism of the implementation of the present invention. invention.

 Figure 4 illustrates the nature of the exchanges between the generator and the supervisor through API programming interfaces (for Application Programming Interfaces).

 The purpose of using these APIs is for the supervisor to create the necessary and sufficient conditions for the execution of the generator procedure to be optimal on the graphics card.

 Preferably, three types of APIs are used:

 • Windows APIs that allow the supervisor to create an OpenGL context. This context itself includes:

 The creation and configuration of a window (Windows) supported by the operating system windowing system and able to support the creation of the OpenGL context.

 The setting of the OpenGL context within the windowing system and the nature of the pixel surface to use

 • The OpenGL APIs that will allow the generator to execute all the transformations and including:

 Setting the OpenGL Graphical Context

 The setting of the initial matrix and its loading in the video memory of the generator

 The procedure for executing the transformation

The procedure for reading the transformed pixel matrix · Overclocking APIs that allow overclocking of the video memory of the generator.

 These APIs must provide at least two basic functions: reading the operating frequency of the video memory of the graphics card and positioning the video frequency of the graphics card to a given value. The APIs used can be for example: API Nvidia, NVCIock or AMD Display Library. In a variant of the present invention, the use of other windowing systems supporting OpenGL APIs could be envisaged, for example: the X11 system supported by all Linux or MAC-OS systems or mobile devices (telephones, PDAs, tablets) supporting OpenGL ES (iPhone from Apple or Android from Google). The use of Microsoft DirectX APIs, iso-functional with respect to OpenGL APIs or CUDA APIs from Nvidia, Stream from ATI / AMD or Direct Compute from Microsoft can also be used for the implementation of of the present invention.

 FIG. 5 illustrates a detail (23 pixels by 23 pixels) of the initial matrix such that the supervisor transfers it into the video memory of the generator.

 Each square corresponds to a pixel whose values are:

 For pixels having the same color as pixel 501: R = 255, V = 255, B = 255, A = 0

 For pixels having the same color as pixel 502: R = 0, V = 255, B = 255, A = 0

 · For pixels having the same color as pixel 503: R = 0, V = 0, B = 0, A = 255

 • for the pixels having the same color as the pixel 504: R = 0, V = 0, B = 255, A = 0

 • for the pixels having the same color as the pixel 505: R = 255, V = 0, B = 255, A = 0

• for the pixels having the same color as the pixel 506: R = 0, V = 255, B = 0, A = 255

 The actual dimensions of the matrix are here 640 pixels by 320 pixels. The choice of these dimensions is dictated, in the context of the present invention, by several requirements:

 -The return time of a dot matrix of dimensions 640 by 320 is exactly

27873734249601531218081261179123119152374672476617970212 70339426065706228849261868945902223159327454950336975627 57566248658243955951319824075156833445766472523202334180 88960729326256844295251248435412655167225253433296277943 4432000, a figure of ²⁷⁶⁶ bits. The size of such a number puts out of reach of the current calculations the possibility to enumerate all the internal states of the generator by attacks called "brute force". The transformation of the baker used by the present invention preferably operates for matrices of even-sized dots. This choice was chosen because it avoids, as is the case of odd dimensions, to make a test during transformation, expensive test in terms of performance.

 Nevertheless, the method can be implemented on any suitable matrix, for example comprising a different number of pixels, and is not limited to the use of even-sized matrices.

 The pattern visible in the enlarged part (3200 times) of the image is retained because it is regular and repetitive, increases the sensitivity of the detection cycle, and thus reduces the risks of excessive overfrequency of the working memory of the image. supervisor.

 Similarly, the choice to initialize the initial matrix of pixels with only RGBA values of 0 (black pixel) and 255 respectively

(white pixel) makes it possible to simplify tests of the detection cycle and the speed of implementation of the detection cycle.

Other choices, both of the dimensions of the initial pixel matrix and of the starting values of these same pixels, produce results. quantitatively different from the implementation described in this document but also result, under more varied conditions that can lead to the blocking of the operation of the graphics card, to the production of non-deterministic hazards by over-frequency.

Figure 6 illustrates histograms of each color channel as they appear in Adobe's PhotoShop software. The RGBA colors appear under the respective names Alpha 1, Red (R), Green (G) and Blue (B). Each histogram is divided into 255 levels which represent the ²⁸ possible values for each channel.

 FIG. 6 highlights the fact that after the initialization step, all the values taken by the RGBA channels of the initial matrix of the generator comprise only the values zero (0, black pixel) or two hundred fifty five (255, white pixel).

 FIG. 7 highlights random events generated after the execution of the detection cycle according to the invention.

 The histograms are produced following the same procedure as for Figure 6. The peaks that appear respectively in the channels Alpha 1 and Red and Green show the values in levels and numbers of the hazards produced as a result of the complete application of the cycle of detection. It can be seen that the Blue channel (B) is empty of any hazard.

 This distribution of hazards is different at each execution of the detection cycle and for each graphics card used for the implementation of the present invention. This dimension of variability between different materials reinforces both the non-deterministic nature of the present invention but also the difficulties that would have a user seeking to know the internal state of the graphics card being attacked, each card graphic with its own behavior.

Figure 8 highlights the value of the hazards generated by the implementation of the method. The matrix 801 corresponds to the matrix read by the Supervisor in the generator memory after a full cycle of detection. An 803 zoom of four pixels 802 of this matrix was made so that they could be measured by the "info" tool 804 of the Photoshop software. It thus appears that the pixel 809 has the values designated at 806, the pixel 810 the values designated at 807, the pixel 811 the values designated at 805 and the pixel 812 the values designated at 808, values that are not present in the initial matrix of pixels. These only show values 0 or 255. This shows that the overfrequency process produces random events whose non-deterministic dimension is also characterized by the value taken by the different color channels of each pixel.

 FIG. 9 illustrates the histograms, produced according to the same procedure as for FIGS. 6 and 7, corresponding to the matrix of the generator after the execution of the detection and collection cycles. It appears that the RGBA colors have all the 255 levels filled by the hazards generated during the different cycles. The lack of uniformity of the values of each of the levels is the signature of the purely non-deterministic character of the implementation of the present invention and does not question, as a result of past tests, the qualities of the hazards generated.

Figure 10 provides further evidence of the importance of overfrequency for the generation of non-deterministic hazards. Figure 10 shows the histograms corresponding to the array of generator pixels after ten million (10,000,000) runs of the detection cycle without overfrequency. No hazards appear in the color channels. These histograms are in all respects identical to those of FIG. 6. This lack of randomness is to be compared with what has been described previously with regard to the over-frequency approach by suppliers of electronic or computer equipment. The tests that these manufacturers are passing on to their products are precisely intended to validate the tolerances of the integrated components. The execution of ten million (10,000 000) of error-free iterations is a validation of both the quality of these same materials and the possibility of the use of overfrequency for the generation of non-deterministic hazards. Detailed example of hazard generation

 Reference is now made to Figure 11 to describe the initialization portion performed by the supervisor. This begins with step 1101 of detecting the presence of a graphics card as described in Figure 2 and connected to a computer corresponding to Figure 1. In case of a negative response, there is an impossibility to continue the process and it is proceeded to the exit 1108 of the supervisor.

 If a graphics card could be detected, it is then proceeded to step 1102 to check the over-frequency possibilities of the working memory of the graphics card. If this is not possible, exit 1108 from the supervisor. Once this verification is done positively, the supervisor proceeds to step 1103 to create an OpenGL context to be executed by the graphics card. If this is not possible, exit 1108 from the supervisor.

 Once the OpenGL context has been created, the supervisor proceeds to step 1104 of initializing the initial matrix with the pattern and the RGBA values described in FIG.

 In step 1105, the supervisor sets the operating parameters of the OpenGL context.

 In step 1106, the supervisor loads the previously initialized matrix at step 1104 into the generator memory and proceeds to step 1107 at the loading of the transformation program.

 Steps 1101 and 1102 use the Overclocking APIs. Step 1103 uses the Windows APIs whereas steps 1104, 1105, 1106, and 1107 use the OpenGL APIs.

 Figure 12 describes the course of the detection cycle. At the stage

1201, the supervisor initializes the variables ErrColor, ErrDifference and Incr to zero (0).

 In step 1202, the supervisor performs the test of the absence of a color error and the parity of the variable Incr. In the case of a positive test (ErrColor equal to zero (0) and Incr even), the supervisor proceeds to step 1203 of overfrequency of the generator memory. This value of the overfrequency step can be 500 000 Hz. The working memory frequencies of the graphics cards are between 200 MHz and more than 1000 MHz for the fastest. The choice of this value equal to 0.5 MHz allows a progressivity in the overfrequency preventing the implementation of the present invention a blocking of the operation of the graphics card too high overfrequency. Combined with the sensitivity of color and difference tests, the implementation of the present invention is made with the maximum of guarantees of good operation.

 In step 1204, the supervisor performs the logical OR EXCLUSIVE (XOR) combination between the variable ErrDifference and the variable Incr. The purpose of this combination is to implement the temporal hazard represented by the change in value of the variable ErrDifference. Indeed, since the order of appearance of the color errors or of the difference errors is indeterminable, the taking into account of the value of the variable ErrDifference, in the case where a difference error would already have been detected, will make it possible to modify the order of transformations of step 1205.

 The supervisor performs at step 1205 the transformations T1, T2, T3 or T4 as a function of the value of the variable Incr modulo 4 (remainder of the division of the value of the variable Incr by 4). As long as the variable ErrDifference is equal to zero, the order is T1 → T2 → T3 → T4. In the case where the variable ErrDifference is different from zero, this order will be modified and will start the non-determinism of the implementation of the present invention from the detection step.

At step 1206, the supervisor reads the memory of the generator. In step 1207, the supervisor performs the color error detection test. In a preferred implementation, the form of this test is done by comparing the values of the matrix of the generator and the values of the initial matrix. This test can be represented in the following algorithmic form: if (pix [n]! = 0 && pix [n]! = 255), where pix [] is the result table of the reading of the generator matrix, n the index in this table and the values 0 (zero) or 255 (two hundred and fifty five) the values initialized in step 1104. Also in step 1207, the supervisor, in the case of the detection of a color error, will modify the value of the ErrColor variable. In a preferred implementation, this change may take the form of the following logical combination: ErrColor ^Λ = pix [n] ^A n, where the symbol " ^Λ " corresponds to the logical OR EXCLUSIVE operation, the purpose of this combination being to give a value to the variable ErrCouleur directly related to the occurrence of the hazard corresponding to the appearance of the first color error.

 The supervisor then proceeds to step 1208 which is the step to which it leads directly if the test 1202 is negative. In step 1208, the supervisor performs the test of the absence of a difference error and the parity of the variable Incr. In the case of a positive test (ErrDifference equal to zero (0) and odd Incr), the supervisor proceeds to step 1209 of overfrequency of the generator memory which follows the same rules as in step 1203.

 In step 1210, the supervisor performs the logical EXCLUSIVE OR (XOR) combination between the variable ErrColor and the variable Incr for reasons identical to those described for step 1204.

 In step 1211, the supervisor performs the transformations T1, T2, T3 or T4 according to the same rules as for step 1205.

 In step 1212, the supervisor performs a double reading of the generator memory, that is to say two consecutive reads of the generator matrix without any transformation having been made.

In step 1213, the supervisor performs the difference error detection test. In a preferred implementation, the form of this test is by comparing the values of the generator matrix of the first reading with the values of the generator matrix of the second reading. This test can be represented in the following algorithmic form: if (tab1 [n]! = Tab2 [n]), where tab1 [] is the result table of the first reading of the generator matrix, where tab2 [] is the result table of the second reading of the generator matrix and n the index in these tables. Still at step 1213, the supervisor, in the case of detecting a difference error, will modify the value of the variable ErrDifference. In a preferred implementation, this modification can take the form of the following logical combination: ErrDifference ^Λ = (tab1 [n] ^A tab2 [n]) ^A n, where the symbol " ^Λ " corresponds to the logical OR EXCLUSIVE operation, The purpose of this combination is to give a value to the variable ErrDifference directly related to the occurrence of the hazard corresponding to the appearance of the first error differences.

 The supervisor then proceeds to step 1214 to perform the test on the values of the ErrColor and ErrDifference variables. In one embodiment, it may be chosen to go to step 1215 (end of the detection cycle) only when these two variables are different from zero (0), that is to say when color errors and errors tests differences are both positive. In a variant, the detection cycle can be stopped as soon as an error is detected by choosing a color error or a difference error. This choice could be dictated by hardware devices that can not lead to the detection of the two errors without questioning the proper functioning of these same devices. This possibility, offered by the present invention, allows greater flexibility in its implementation.

In the opposite case (test of step 1214 negative), the supervisor proceeds to step 1216 which increments the value of the variable Incr of 1, making it possible to modify the parity test on this variable, before returning to the step 1202 to continue the detection cycle. Steps 1203 and 1209 use Overclocking APIs while steps 1205, 1206, 1211, and 1212 use the OpenGL APIs.

 According to one embodiment, this detection cycle could be used to test embedded memories in hardware such as computers, graphics cards or mobile phones. The color error test could make it possible to validate a maximum error rate beyond which the marketing of the hardware embarking this memory could not be considered any more.

 In a variant, this method makes it possible to locate the position of the cells (or bits) which, from a given overfrequency frequency, would systematically generate color or difference errors. This location could be used to build a map of these cells that would constitute a unique identifier of the material in question. This identifier could in turn be used as security key for the encryption of messages or their signature.

 In another variant, this same method makes it possible to constitute a temporary safe of data. Once the complete cycle (error colors and errors differences) of detection made, the matrix of the generator could initialized with data to protect while leaving the memory of the generator at the frequency reached at the end of the detection cycle. Any attempt to read this data would be imprinted with errors due to overfrequency and make this data unusable.

 In another variant, the generator matrix is initialized with data to be protected at the start of the detection cycle. The memorization of all the transformations carried out, their order as well as all the errors found during the detection cycle would make it possible, once saved the data of the generator at the end of the detection cycle, to encrypt this data in a unique way. The use of the stored information and the inverse transformation of the baker would allow to reconstitute the data to the identical.

Figure 13 describes the collection cycle. In step 1301, the supervisor reads the matrix of the generator and the copy in the Alea table of identical dimension to the matrix of the generator. This operation aims to collect the indeterminate state of this matrix, indeterminacy constituted by the unpredictable order of the transformations T1, T2, T3 or T4 as well as by the set of color and difference errors that this matrix contains at the end of the detection cycle.

 In step 1302, the supervisor initializes the generator memory with the data in the Alea table.

At step 1303, the supervisor initializes the IndexAlea variable which will act as an index in the Alea collection table during the collection cycle. In one embodiment, the initialization of the IndexAlea variable is done by the following logical combination: lndiceAlea = (ErrColor ^A ErrDifference) modulo (matrix size). The purpose of this combination is to use the AS and AT hazards collected in the ErrColor and ErrDifference variables during the detection cycle. Thus, the filling of the Alea table will be done at the beginning of each collection cycle at an indeterminate index of the table in order to increase the indeterminacy dimension of the implementation of the present invention.

 In step 1304, the supervisor over-frequents the generator memory. The value of the overfrequency step during the collection cycle is 11000 Hz. Since color and / or difference errors have already been detected during the detection cycle, the overfrequency step may be lower than the one used. during the detection cycle. This choice allows the implementation of the present invention with all the necessary precautions to not over-frequency memory of the generator beyond its proper operation.

In step 1305, the supervisor performs the logical OR EXCLUSIVE (XOR) combination between the variable IndexAeA and the variable Incr. The purpose of this logic combination is identical to that described for steps 1204 and 1210. In step 1306, the supervisor performs the transformations T1, T2, T3 or T4 according to the result modulo 4 of the logical combination performed in step 1305.

 In step 1307, the supervisor performs the double reading of the generator memory after execution of the transformation made in step 1306.

 In step 1308, the supervisor collects the generated random events. This collection corresponds to the same tests color errors and errors diferences made in steps 1207 and 1213. Each time one of these errors is detected, the supervisor fills the box of the Alea table with the IndexAlea index with the following values:

• In the case of a color error in table tab1 resulting from the first reading performed in step 1307, the value given in the table Alea is Alea [lndiceAlea] ^A = (tab1 [n] ^A (n ^A (lndiceAlea) )) modulo 255 where the symbol " ^Λ " corresponds to the logical operation EXCLUSIVE OR and n is the index of detection of the error.

• In the case of a color error in table tab2 resulting from the second reading carried out at step 1307, the value given in the table Alea is Alea [lndiceAlea] ^A = (tab2 [n] ^A (n ^A (lndiceAlea) )) modulo 255 where the symbol " ^A " corresponds to the logical OR EXCLUSIVE operation and n is the index of detection of the error.

In the case of an error between the tab1 and tab2 arrays resulting from the two readings performed in step 1307, the value given in the Alea array is Alea [lndiceAlea] ^A = ((tab1 [n] ^A tab2 [n] ) ^A (n ^A (lndiceAlea))) mod 255 where the symbol ^"A" corresponds to the logical XOR operation and n is the error detection index.

The logical combination "Alea [lndiceAlea] ^A =" aims at logically mixing the hazards collected in the Alea table during the detection cycle with the new risks generated during the collection cycle. The purpose of the "modulo 255" operation is to ensure that the values obtained fall within the range [0; 255] levels of RGBA colors as well as their uniformity. The different values contained in the tab1 and tab2 arrays are quantitative type (AQ) hazards, whereas the n position index of these errors inside the arrays is of the spatial type (AS). At each randomness detection, the supervisor increments the IndexAlea variable. In the case where the variable IndexAlea is greater than the size of the array Alea, the supervisor sets its value to zero (0). The supervisor then performs the 1309 test to determine if the collection threshold has been reached. For example, this threshold may correspond to the number of times the IndexAlea variable is reset (0) by the supervisor, ie the number of times the Alea table has been completely filled. This threshold is at least greater than 1. In the case where this test is negative, the supervisor proceeds to step 1311 corresponding to the incrementation of the variable Incr and returns to step 1304. In the opposite case (the threshold has been reached) the supervisor ends the cycle collection to proceed to step 1401 of the generation cycle. Step 1304 uses the Overclocking APIs while steps 1306 and 1307 use the OpenGL APIs.

 In a variant, the method also makes it possible to choose a statistical distribution corresponding to financial or simulation applications. At step 1308, it will be possible to place in the table Alea values resulting from Normal, Poisson, Student or other laws (pseudo-random number generator for example) replacing the values described above. The conservation property of the baker's ergodic processing distributions makes it possible, once the values of these distributions have been entered in the Alea table, to implement the present invention in a very wide range of applications.

 In another variant and still in step 1308, it may be carried out "whitening" operations (whitening in English) to ensure the uniformity of the randomly generated.

It will be noted that a variant of the method consists in directly performing steps 1207, 1213 and 1308 (testing for the presence of errors color or differences) by the generator, without previously implementing steps 1206, 1212 and 1307 respectively (reading of the generator matrix). Indeed, by the use of programming languages such as GLSL, HLSL, Cg, CUDA or OpenCL, it is possible to have the generator run directly the tests relating to the presence of errors in the matrix of the generator without it. it is necessary to read this matrix by the supervisor. Such a choice may be dictated by performance requirements by eliminating the read time of the generator array and utilizing the processing power of the generator to perform these tests. However, logical errors of operation of the programs executed by the generator can occur, errors due to over-frequency of the working memory of the generator and to question the reliability of detections of these same errors. This remains true in the case where the entirety of the steps of the present invention implemented by the generator and the supervisor is performed by the same and unique hardware.

 Reference is now made to Figure 14.

 In step 1401, the supervisor initializes the generator memory with the data in the Alea table.

 At step 1402, the supervisor initializes the Incr variable to zero (0) and sets the GenAlea variable to GenAlea = Alea [lndiceAlea]. This operation makes it possible to use the last value taken by the IndexAlea variable to fetch a value from the Alea table. This operation implements the IndexAlea and Alea [lndiceAlea] values, both of which are not determinable before running the detection and collection cycles. The goal is to start the order of transformations in the generation cycle indefinitely.

At step 1403, the supervisor performs the EXCLUSIVE OR (XOR) logical combination between the GenAlea and Incr variables to, again, increase the indeterminacy of the order of the transformations. In step 1404, the supervisor has the generator carry out the transformations T1, T2, T3 or T4 according to the result of the logic combination modulo 4 of step 1403.

 In step 1405, the supervisor reads the generator matrix. The result of this reading is put in a Results table. The values inserted in the Results table are random numbers that can be used in applications that require a high degree of indeterminacy.

 In addition, the supervisor re-initializes the GenAlea variable as follows: GenAlea = Results [lncr]. The objective of this operation is to guarantee a constant indeterminacy of the order of sequence of transformations by the use of the hazards (AS and AQ) generated by the present invention.

 In step 1406, the supervisor performs the test concerning the amount of random numbers generated. If this number reaches or exceeds a threshold number requested, the supervisor stops the generation cycle, the Results table containing all the required random numbers. In the opposite case, the supervisor proceeds to step 1407 where the variable Incr is incremented by 1 and then proceeds to step 1403 to continue the generation.

Note that it is possible not to over-frequencyize the memory of the generator during the generation cycle.

List of references cited

 [I] http://www.thocp.net/biographies/papers/turing_oncomputablenumbers _1936.pdf

 [2] https://www.fourmilab.ch/hotbits/secure_generate.html

[3] http://www.lavalite.com/

 [4] http://www.lavarnd.org/what/index.html

[5] http://www.random.org/randomness/

[6] http: //www.linuxcertif.eom/man/4/random/

[7] http://www.pinkas.net/PAPERS/gpr06.pdf

[8] http://www.protego.se/sg100_en.htm

[9] http://www.comscire.com/Home/

[10] http://true-random.com/

 [I I] http: //www.idquantique.eom/component/content/article/9.html

[12] http://www.stat.fsu.edu/pub/diehard/

[13] http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html [14] http://www.iro.umontreal.ca/~simardr/testu01/tu01 .html

[15] http://www.overclockers.com/

[16] http://www.overclockersclub.com/

 [17] http://www.ocinside.de/go_e. html? http: //www.ocinside.de/html/links/oc soft_links.html

 [18] http://www.nvidia.com/object/ntune_5.05.54.00.html

[19] http://www.evga.com/precision/

 [20] http://www.gigabyte.com.tw/FileList/NewTech/old_motherboard_newte ch / Tech_20041125_PX_ET5.htm

[21] http://www.futuremark.com/

[22] http://www.sisoftware.co.uk/

[23] http://www.xtremesystems.com/pi/

 [24] http://www.gigabyte.com.tw/News/Motherboard/News_List.aspx7New SLD = 1467

[25] http://www.mersenne.org/freesoft/

[26] http://www.memtest.org/ [27] http://www.ocbase.com/perestroika/index.php

[28] http://www.ozone3d.net/benchmarks/fur/

[29] http://www.dma.ens.fr/culturemath/maths/pdf/algebre/chaosq.pdf [30] http://www.pcisig.com/specifications/pcix_20/

[31] http://members.datafast.net.au/dft0802/specs/agp30.pdf

[32] http://www.irisa.fr/caps/projects/hipsor/

Claims

1. Method for generating non-deterministic hazards by computer means, characterized in that the operating frequency of at least a portion of said computer means is increased, at least until an error at the output of the means of which one has increased the operating frequency be detected. 2. Method according to claim 1, characterized by the following steps:  the operating frequency of at least a portion of the computer means (20) is incremented, and  it implements on the computer means (20) whose operating frequency has been increased a transformation which modifies its state; the steps of incrementation and transformation being repeated at least until an error (102) is detected at the output of the means (20) whose operating frequency has been incremented. 3. The method according to the preceding claim, wherein the transformation is an ergodic transformation. 4. Method according to one of claims 2 or 3, characterized in that the computer means (20) whose operating frequency is incremented comprise a working memory (22), and in that the transformation modifies the addressing of data stored in said memory (22). 5. Method according to claim 4, characterized in that one detects (102) an error by comparison between expected states for the data on which the transformation is implemented and states obtained at the end of the transformation for these data. 6. Method according to the preceding claim, further comprising a random generation step (AS, AT, AQ) in which is generated: - a temporal hazard (AT) by determining the time of occurrence of the error; and or  a spatial hazard (AS) by determining the coordinates of the error; and or  a quantitative hazard (AQ) by evaluating the difference between the value of the expected state of the error and the value of the state obtained from the error. 7. Method according to the preceding claim, further comprising at least one collection cycle (1301 -1311), during which:  the contingencies generated during the last transformation are determined and the state of the computer means (20) whose operating frequency has been increased by modifying the addressing of the data in the memory (22) according to these hazards; . 8. Method according to the preceding claim, further comprising the steps in which:  we define a random variable (GenAlea);  the variable of randomness is initialized as a function of the random events generated during the last transformation, the step of transforming the state of the computer means (20) being implemented as a function of the value of said random variable; and  the value of the hazard variable is modified as a function of the hazards detected during the new transformation. 9. Method according to the preceding claim, further comprising the steps in which: - the data addressing is divided into N subgroups, N being one nonzero integer; and  the state of the computer means (20) whose operating frequency has been increased by modifying the addressing of the data in the memory (22) by a subgroup according to an order which is determined by the value of said variable d hazards (1205, 1211, 1306, 1406). The method of one of claims 7 to 9, further comprising the steps of:  defining (1301) a threshold number;  determining (1309) whether the number of errors produced by the frequency increase of the computing means (20) exceeds the threshold number;  if the threshold number is reached or exceeded, the collection cycle is terminated (1401);  if the threshold number is not reached (1311), a new collection cycle is repeated by repeating the transformation step. 11. Method according to the preceding claim, wherein:  a threshold quantity of random numbers is defined;  a results table is initialized from the transformed data resulting from the collection cycles;  the data states are transformed by modifying their addressing (1402, 1403, 1404);  the irregularities generated by the transformation (1405) are detected; and  -complete the results table with the hazards detected during the transformation; the transforming (1403) and padding steps of the array being repeated until the amount of random numbers contained in the array reaches or exceeds the predefined threshold quantity (1406). The method according to one of claims 4 to 11, wherein the data to which a transformation is applied are pixel values (501 -506) forming an initial matrix, and the transformed data are pixel values forming a transformed matrix. . 13. The method of claim 12, wherein the error is detected by comparing the values of the pixels of the transformed matrix with values of the pixels (501 -506) of the initial matrix, said error being a color error. The method of claim 12 or 13, wherein the error is detected by performing, during the same transformation cycle, two consecutive reads of the transformed matrix in order to compare pixel values from the first reading of the matrix transformed with pixel values from the second reading of the same matrix, said error being a difference error. The method of claims 13 and 14, further comprising a feedback loop comprising the steps of:  -initialize a feedback variable (1201);  -determine whether the detected error is a color error or a difference error;  if the value of the variable is even (1202), detecting a color error (1206, 1207, 1214);  if the value of the variable is odd (1208), detecting an error of differences (1211, 1212, 1214); and  -Increment the feedback variable (1216). 16. Method according to one of claims 12 to 15, wherein the computer means are a graphics card, the data to which a transformation is applied being data stored in its memory. RAM, and in which, prior to the incrementation of the frequency, the method is initialized according to the following steps:  detecting (1201) the graphics card (20);  -determine (1202) the over-frequency capacity of the random access memory (22) of the graphics card (20);  -create a graphical context (1103); and  initializing the initial matrix of pixels (1104). 17. Method according to one of the preceding claims, wherein:  a standard is defined for the computer means by defining a maximum number of acceptable errors for a given frequency increase,  it is determined whether the number of errors obtained is greater than or equal to this maximum number of admissible errors; and  it is determined whether the computer means (20) comply with the standard. 18. The method as claimed in one of claims 12 to 16, wherein the coordinates of the pixels systematically generating an error are determined from a determined frequency, and a unique identifier of the computer means is defined by constructing a mapping of these pixels. 19. Computer system (10, 20) for the generation of non-deterministic hazards, comprising:  a generator (20), which is an internal clock computing means, a processor supervisor (10) adapted to interact with said generator (20), characterized in that the supervisor (10) controls the increase of the frequency of the internal clock of the generator (20) and comprises means to implement an error detection at the output of the generator (20). 20. Computer system (10, 20) according to claim 19, characterized in that the generator (20) is a processor computer means and comprises means (22) storing a transformation to be implemented, the supervisor (10) controlling the implementation of said transformation. 21. Computer system (10, 20) according to one of claims 19 or 20, characterized in that the generator is a graphics card (20). 22. Computer system (10, 20) according to one of claims 19 to 21, characterized in that the supervisor is a motherboard of a computer (10). 23. Computer system (10, 20) according to one of claims 19 or 20, wherein the supervisor and the generator are both carried by a motherboard of a computer.