DOCSLIB.ORG

The Intel Random Number Generator

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

® THE INTEL RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH, INC. WHITE PAPER PREPARED FOR INTEL CORPORATION Benjamin Jun and Paul Kocher April 22, 1999 Information in this white paper is provided without guarantee or warranty of any kind. This review represents the opinions of Cryptography Research and may or may not reflect opinions of Intel Corporation. Characteristics of the Intel RNG may vary with design or process changes. © 1999 by Cryptography Research, Inc. and Intel Corporation. 1. Introduction n = − H K∑ pi log pi , Good cryptography requires good random i=1 numbers. This paper evaluates the hardware- where pi is the probability of state i out of n based Intel Random Number Generator (RNG) possible states and K is an optional constant to for use in cryptographic applications. 1 provide units (e.g., log(2) bit). In the case of a Almost all cryptographic protocols require random number generator that produces a k-bit the generation and use of secret values that must binary result, pi is the probability that an output be unknown to attackers. For example, random will equal i, where 0 ≤ i < 2k . Thus, for a number generators are required to generate -k perfect random number generator, pi = 2 and public/private keypairs for asymmetric (public the entropy of the output is equal to k bits. This key) algorithms including RSA, DSA, and means that all possible outcomes are equally Diffie-Hellman. Keys for symmetric and hybrid (un)likely, and on average the information cryptosystems are also generated randomly. present in the output cannot be represented in a RNGs are also used to create challenges, nonces sequence shorter than k bits. In contrast, the (salts), padding bytes, and blinding values. The entropy of typical English alphabetic text is 1.5 one time pad – the only provably-secure bits per character.2 encryption system – uses as much key material as ciphertext and requires that the keystream be An RNG for cryptographic applications generated from a truly random process. should appear to computationally-bounded adversaries to be close as possible to a perfect Because security protocols rely on the RNG. For this review, we analyze whether there unpredictability of the keys they use, random is any feasible way to distinguish the Intel RNG number generators for cryptographic from a perfect RNG. applications must meet stringent requirements. The most important is that attackers, including those who know the RNG design, must not be 2. Pseudorandomness able to make any useful predictions about the RNG outputs. In particular, the apparent entropy Most “random” number sources actually of the RNG output should be as close as utilize a pseudorandom generator (PRNG). possible to the bit length. PRNGs use deterministic processes to generate a series of outputs from an initial seed state. 1 According to Shannon , the entropy H of Because the output is purely a function of the any message or state is: seed data, the actual entropy of the output can never exceed the entropy of the seed. It can, 1 Shannon, C.E., “A Mathematical Theory of 2 Menezes, Oorschot, and Vanstone, Communication,” The Bell System Technical Journal, Handbook of Applied Cryptography, vol. 27, p. 379-423, July 1948. Ch.7, CRC Press, 1997. ANALYSIS OF THE INTEL RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH however, be computationally infeasible to processes, but these methods are awkward and distinguish a good PRNG from a perfect RNG. slow. For example, PGP4 version 6.02 requires that users spend about 15 seconds entering For example, a PRNG seeded with 256-bits random keystrokes or mouse movements to of entropy (or one with a 256-bit state) cannot produce a new key. Methods involving user produce more than 256 bits of true randomness. timing require inelegant user interfaces and An attacker who can guess the seed data can cannot be used (or become insecure) when predict the entire PRNG output. Guessing a 256- controlled by automated scripts. Some bit seed value is computationally infeasible, applications use hard drive seek times, but however, so it is possible that such a PRNG factors such as the drive technology, disk could be used in cryptographic applications. caches, and system timer resolution limits Examples of PRNGs designed for cryptographic require careful consideration. Measurements of applications include MD5Random and system activity, delays, configuration data, etc. SHA1Random (which respectively hold 128 bits TM,3 are also sometimes used. and 160 bits of state) in the BSAFE cryptographic toolkit. Overall, true random number generators implemented using conventional hardware tend Although properly-implemented and seeded to be slow, difficult to implement, require user PRNGs are suitable for most cryptographic involvement, and often provide unknown applications, great care must be taken in the amounts of true entropy. These methods also development, testing, and selection of PRNG make assumptions about the hardware that are algorithms. It is critical that a PRNG be properly not guaranteed. For example, operation timing seeded from a reliable source. For example, measurements may not contain the expected most PRNGs included in standard software amount of randomness under all system libraries use predictable seed or state values or configurations. Techniques that rely on user produce output that can be distinguished from events may not be reliable in unattended random data. systems such as servers. 3. The Need for TRNGs Anyone who considers Even though arithmetical methods of A true random number generator (TRNG) it is possible for producing random digits uses a non-deterministic source to produce applications to is, of course, in a state of randomness. Most operate by measuring produce their own sin. unpredictable natural processes, such as thermal secure random – John Von Neumann (1951) (resistance or shot) noise, atmospheric noise, or data, many do not. nuclear decay. The entropy, trustworthiness, and Reviews by performance all depend on the TRNG design. Cryptography Research frequently identify weaknesses in random number generation. A PRNG by itself will be insecure without a Similarly, Christopher Allen and Tim Dierks of TRNG for seeding. Seeding requires a source of Consensus Development report that “most true randomness, since it is impossible to create common problems [found in software security true randomness from within a deterministic reviews] were related to random number system. seeding.”5 Bruce Schneier writes, “Good On computers without a hardware RNG, random-number generators are hard to design, programmers typically try to obtain entropy for because their security often depends on the seed data using existing peripherals. The most common techniques involve timing user 4 PGP is available from Network Associates, Inc. 5 Dierks, T., and Allen, C., “Lessons from Doing 3 BSAFE is a software toolkit available from RSA Source Code Reviews of Commercial Products,” Data Security, Inc. Consensus Development, 1997. 2 ANALYSIS OF THE INTEL RANDOM NUMBER GENERATOR CRYPTOGRAPHY RESEARCH particulars of the hardware and software. Many products we Voltage High- Noise 6 Controlled Speed examine use bad ones.” Amplifier Oscillator Oscillator Ian Goldberg and David Wagner found that Netscape’s Johnson Thermal random number generator seed Noise Source was derived from “just three (Resistor) Super Latch quantities: the time of day, the process ID, and the parent process ID. Thus, an adversary who can Control/ FIFO Digital Corrector predict these three values can Status Reg. apply the well-known MD5 algorithm to compute the exact seed generated.”7 Although most Bus RNG flaws are not reported, Figure 1: Block diagram of the Intel RNG problems are common, partly because cryptographic software libraries often prove randomness, we have analyzed Intel’s leave it to programmers to find reliable sources design assumptions, design, and testing of seed material. procedures, as well as performed statistical tests on RNG output data. In many cases, system designers are faced with a trade-off between security and For this review, Cryptography Research convenience. For example, to avoid having to performed a series of tests and evaluated the collect fresh seed data each time the program results of experiments performed by Intel. Raw loads, many software applications store their data and design specifications for the analysis seed material on the hard drive where there can were provided by Intel. be a risk of compromise. The best sources for unpredictable data involve timing user processes, which add undesirable complexity to 4.1. Noise Source user interfaces. Johnson noise (commonly referred to as thermal noise), shot noise, and flicker noise are 4. Architecture Analysis present in all resistors. They have electrically measurable characteristics and are the result of Measuring randomness is as much a random electron and material behavior. philosophical debate as it is a mathematical The Intel RNG primarily samples thermal issue. An infinite sequence of random numbers noise by amplifying the voltage measured across will carry a known statistical distribution. It is undriven resistors. In addition to a large random impossible, however, to prove whether any component, these measurements are correlated finite set of numbers is actually random. For to local pseudorandom environmental example, the 128-bit value “0” is just as likely to characteristics8, such as electromagentic occur as hexadecimal “7c26b1b7f931eedb1f7e- radiation, temperature, and power supply e1b84764ae93”.
Recommended publications
  • Sensor-Seeded Cryptographically Secure Random Number Generation

    Sensor-Seeded Cryptographically Secure Random Number Generation

    International Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-8 Issue-3, September 2019 Sensor-Seeded Cryptographically Secure Random Number Generation K.Sathya, J.Premalatha, Vani Rajasekar Abstract: Random numbers are essential to generate secret keys, AES can be executed in various modes like Cipher initialization vector, one-time pads, sequence number for packets Block Chaining (CBC), Cipher Feedback (CFB), Output in network and many other applications. Though there are many Feedback (OFB), and Counter (CTR). Pseudo Random Number Generators available they are not suitable for highly secure applications that require high quality randomness. This paper proposes a cryptographically secure II. PRNG IMPLEMENTATIONS pseudorandom number generator with its entropy source from PRNG requires the seed value to be fed to a sensor housed on mobile devices. The sensor data are processed deterministic algorithm. Many deterministic algorithms are in 3-step approach to generate random sequence which in turn proposed, some of widely used algorithms are fed to Advanced Encryption Standard algorithm as random key to generate cryptographically secure random numbers. Blum-Blum-Shub algorithm uses where X0 is seed value and M =pq, p and q are prime. Keywords: Sensor-based random number, cryptographically Linear congruential Generator uses secure, AES, 3-step approach, random key where is the seed value. Mersenne Prime Twister uses range of , I. INTRODUCTION where that outputs sequence of 32-bit random Information security algorithms aim to ensure the numbers. confidentiality, integrity and availability of data that is transmitted along the path from sender to receiver. All the III. SENSOR-SEEDED PRNG security mechanisms like encryption, hashing, signature rely Some of PRNGs uses clock pulse of computer system on random numbers in generating secret keys, one time as seeds.
  • Lecture 8: Key Derivation, Protecting Passwords, Slow Hashes, Merkle Trees

    Lecture 8: Key Derivation, Protecting Passwords, Slow Hashes, Merkle Trees

    Lecture 8: Key derivation, protecting passwords, slow hashes, Merkle trees Boaz Barak Last lecture we saw the notion of cryptographic hash functions which are functions that behave like a random function, even in settings (unlike that of standard PRFs) where the adversary has access to the key that allows them to evaluate the hash function. Hash functions have found a variety of uses in cryptography, and in this lecture we survey some of their other applications. In some of these cases, we only need the relatively mild and well-defined property of collision resistance while in others we only know how to analyze security under the stronger (and not precisely well defined) random oracle heuristic. Keys from passwords We have seen great cryptographic tools, including PRFs, MACs, and CCA secure encryptions, that Alice and Bob can use when they share a cryptographic key of 128 bits or so. But unfortunately, many of the current users of cryptography are humans which, generally speaking, have extremely faulty memory capacity for storing large numbers. There are 628 ≈ 248 ways to select a password of 8 upper and lower case letters + numbers, but some letter/numbers combinations end up being chosen much more frequently than others. Due to several large scale hacks, very large databases of passwords have been made public, and one estimate is that the most frequent 10, 000 ≈ 214 passwords account for more than 90% of the passwords chosen. If we choose a password at random from some set D then the entropy of the password is simply log |D|. Estimating the entropy of real life passwords is rather difficult.
  • PATENT PLEDGES Jorge L. Contreras*

    PATENT PLEDGES Jorge L. Contreras*

    PATENT PLEDGES Jorge L. Contreras* ABSTRACT An increasing number of firms are making public pledges to limit the enforcement of their patents. In doing so, they are entering a little- understood middle ground between the public domain and exclusive property rights. The best-known of these patent pledges are FRAND commitments, in which patent holders commit to license their patents to manufacturers of standardized products on terms that are “fair, reasonable and non-discriminatory.” But patent pledges have been appearing in settings well beyond standard-setting, including open source software, green technology and the life sciences. As a result, this increasingly prevalent private ordering mechanism is beginning to reshape the role and function of patents in the economy. Despite their proliferation, little scholarship has explored the phenomenon of patent pledges beyond FRAND commitments and standard- setting. This article fills this gap by providing the first comprehensive descriptive account of patent pledges across the board. It offers a four-part taxonomy of patent pledges based on the factors that motivate patent holders to make them and the effect they are intended to have on other market actors. Using this classification system, it argues that pledges likely to induce reliance in other market actors should be treated as “actionable” * Associate Professor, S.J. Quinney College of Law, University of Utah and Senior Policy Fellow, American University Washington College of Law. The author thanks Jonas Anderson, Clark Asay, Marc Sandy Block, Mark Bohannon, Matthew Bye, Michael Carrier, Michael Carroll, Colleen Chien, Thomas Cotter, Carter Eltzroth, Carissa Hessick, Meredith Jacob, Jay Kesan, Anne Layne-Farrar, Irina Manta, Sean Pager, Gideon Parchomovsky, Arti Rai, Amelia Rinehart, Cliff Rosky, Daniel Sokol and Duane Valz for their helpful comments, suggestions and discussion of this article and contributions of data to the Patent Pledge Database at American University.
  • A Secure Authentication System- Using Enhanced One Time Pad Technique

    A Secure Authentication System- Using Enhanced One Time Pad Technique

    IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.2, February 2011 11 A Secure Authentication System- Using Enhanced One Time Pad Technique Raman Kumar1, Roma Jindal 2, Abhinav Gupta3, Sagar Bhalla4 and Harshit Arora 5 1,2,3,4,5 Department of Computer Science and Engineering, 1,2,3,4,5 D A V Institute of Engineering and Technology, Jalandhar, Punjab, India. Summary the various weaknesses associated with a password have With the upcoming technologies available for hacking, there is a come to surface. It is always possible for people other than need to provide users with a secure environment that protect their the authenticated user to posses its knowledge at the same resources against unauthorized access by enforcing control time. Password thefts can and do happen on a regular basis, mechanisms. To counteract the increasing threat, enhanced one so there is a need to protect them. Rather than using some time pad technique has been introduced. It generally random set of alphabets and special characters as the encapsulates the enhanced one time pad based protocol and provides client a completely unique and secured authentication passwords we need something new and something tool to work on. This paper however proposes a hypothesis unconventional to ensure safety. At the same time we need regarding the use of enhanced one time pad based protocol and is to make sure that it is easy to be remembered by you as a comprehensive study on the subject of using enhanced one time well as difficult enough to be hacked by someone else.
  • A Note on Random Number Generation

    A Note on Random Number Generation

    A note on random number generation Christophe Dutang and Diethelm Wuertz September 2009 1 1 INTRODUCTION 2 \Nothing in Nature is random. number generation. By \random numbers", we a thing appears random only through mean random variates of the uniform U(0; 1) the incompleteness of our knowledge." distribution. More complex distributions can Spinoza, Ethics I1. be generated with uniform variates and rejection or inversion methods. Pseudo random number generation aims to seem random whereas quasi random number generation aims to be determin- istic but well equidistributed. 1 Introduction Those familiars with algorithms such as linear congruential generation, Mersenne-Twister type algorithms, and low discrepancy sequences should Random simulation has long been a very popular go directly to the next section. and well studied field of mathematics. There exists a wide range of applications in biology, finance, insurance, physics and many others. So 2.1 Pseudo random generation simulations of random numbers are crucial. In this note, we describe the most random number algorithms At the beginning of the nineties, there was no state-of-the-art algorithms to generate pseudo Let us recall the only things, that are truly ran- random numbers. And the article of Park & dom, are the measurement of physical phenomena Miller (1988) entitled Random generators: good such as thermal noises of semiconductor chips or ones are hard to find is a clear proof. radioactive sources2. Despite this fact, most users thought the rand The only way to simulate some randomness function they used was good, because of a short on computers are carried out by deterministic period and a term to term dependence.
  • Pseudorandomness and Computational Difficulty

    Pseudorandomness and Computational Difficulty

    PSEUDORANDOMNESS AND COMPUTATIONAL DIFFICULTY RESEARCH THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF SCIENCE HUGO KRAWCZYK SUBMITTED TOTHE SENATEOFTHE TECHNION —ISRAEL INSTITUTE OF TECHNOLOGY SHVAT 5750 HAIFAFEBRUARY 1990 Amis padres, AurorayBernardo, aquienes debo mi camino. ALeonor,compan˜era inseparable. ALiat, dulzuraycontinuidad. This research was carried out in the Computer Science Department under the supervision of Pro- fessor Oded Goldreich. To Oded, my deep gratitude for being both teacher and friend. Forthe innumerable hoursofstimulating conversations. Forhis invaluable encouragement and support. Iamgrateful to all the people who have contributed to this research and given me their support and help throughout these years. Special thanks to Benny Chor,Shafi Goldwasser,Eyal Kushilevitz, Jacob Ukel- son and Avi Wigderson. ToMikeLuby thanks for his collaboration in the work presented in chapter 2. Ialso wish to thank the Wolf Foundation for their generous financial support. Finally,thanks to Leonor,without whom all this would not have been possible. Table of Contents Abstract ............................. 1 1. Introduction ........................... 3 1.1 Sufficient Conditions for the Existence of Pseudorandom Generators ........ 4 1.2 The Existence of Sparse Pseudorandom Distributions . ............ 5 1.3 The Predictability of Congruential Generators ............... 6 1.4 The Composition of Zero-Knowledge Interactive-Proofs . ........... 8 2. On the Existence of Pseudorandom Generators ............... 10 2.1. Introduction .......................... 10 2.2. The Construction of Pseudorandom Generators .............. 13 2.3. Applications: Pseudorandom Generators based on Particular Intractability Assump- tions . ............................ 22 3. Sparse Pseudorandom Distributions ................... 25 3.1. Introduction .......................... 25 3.2. Preliminaries ......................... 25 3.3. The Existence of Sparse Pseudorandom Ensembles ............. 27 3.4.
  • Access Order and Effective Bandwidth for Streams on a Direct Rambus Memory Sung I

    Access Order and Effective Bandwidth for Streams on a Direct Rambus Memory Sung I

    Access Order and Effective Bandwidth for Streams on a Direct Rambus Memory Sung I. Hong, Sally A. McKee†, Maximo H. Salinas, Robert H. Klenke, James H. Aylor, Wm. A. Wulf Dept. of Electrical and Computer Engineering †Dept. of Computer Science University of Virginia University of Utah Charlottesville, VA 22903 Salt Lake City, Utah 84112 Abstract current DRAM page forces a new page to be accessed. The Processor speeds are increasing rapidly, and memory speeds are overhead time required to do this makes servicing such a request not keeping up. Streaming computations (such as multi-media or significantly slower than one that hits the current page. The order of scientific applications) are among those whose performance is requests affects the performance of all such components. Access most limited by the memory bottleneck. Rambus hopes to bridge the order also affects bus utilization and how well the available processor/memory performance gap with a recently introduced parallelism can be exploited in memories with multiple banks. DRAM that can deliver up to 1.6Gbytes/sec. We analyze the These three observations — the inefficiency of traditional, performance of these interesting new memory devices on the inner dynamic caching for streaming computations; the high advertised loops of streaming computations, both for traditional memory bandwidth of Direct Rambus DRAMs; and the order-sensitive controllers that treat all DRAM transactions as random cacheline performance of modern DRAMs — motivated our investigation of accesses, and for controllers augmented with streaming hardware. a hardware streaming mechanism that dynamically reorders For our benchmarks, we find that accessing unit-stride streams in memory accesses in a Rambus-based memory system.
  • Big Data, AI, and the Future of Memory

    Big Data, AI, and the Future of Memory

    Big Data, AI, and the Future of Memory Steven Woo Fellow and Distinguished Inventor, Rambus Inc. May 15, 2019 Memory Advancements Through Time 1990’s 2000’s 2010’s 2020’s Synchronous Memory Graphics Memory Low Power Memory Ultra High Bandwidth for PCs for Gaming for Mobile Memory for AI Faster Compute + Big Data Enabling Explosive Growth in AI 1980s Annual Size of the Global Datasphere – 1990s Now 175 ZB More 180 Accuracy Compute Neural Networks 160 140 120 Other Approaches 100 Zettabytes 80 60 40 20 Scale (Data Size, Model Size) 2010 2015 2020 2025 Source: Adapted from Jeff Dean, “Recent Advances in Artificial Intelligence and the Source: Adapted from Data Age 2025, sponsored by Seagate Implications for Computer System Design,” HotChips 29 Keynote, August 2017 with data from IDC Global DataSphere, Nov 2018 Key challenges: Moore’s Law ending, energy efficiency growing in importance ©2019 Rambus Inc. 3 AI Accelerators Need Memory Bandwidth Google TPU v1 1000 TPU Roofline Inference on newer silicon (Google TPU K80 Roofline HSW Roofline v1) built for AI processing largely limited LSTM0 by memory bandwidth LSTM1 10 MLP1 MLP0 v nVidia K80 CNN0 Inference on older, general purpose Intel Haswell CNN1 hardware (Haswell, K80) limited by LSTM0 1 LSTM1 compute and memory bandwidth TeraOps/sec (log scale) (log TeraOps/sec MLP1 MLP0 CNN0 0.1 CNN1 LSTM0 1 10 100 1000 Memory bandwidth is a critical LSTM1 Ops/weight byte (log scale) resource for AI applications = Google TPU v1 = nVidia K80 = Intel Haswell N. Jouppi, et.al., “In-Datacenter Performance Analysis of a Tensor Processing Unit™,” https://arxiv.org/ftp/arxiv/papers/1704/1704.04760.pdf ©2019 Rambus Inc.
  • Cryptanalysis of the Random Number Generator of the Windows Operating System

    Cryptanalysis of the Random Number Generator of the Windows Operating System

    Cryptanalysis of the Random Number Generator of the Windows Operating System Leo Dorrendorf School of Engineering and Computer Science The Hebrew University of Jerusalem 91904 Jerusalem, Israel [email protected] Zvi Gutterman Benny Pinkas¤ School of Engineering and Computer Science Department of Computer Science The Hebrew University of Jerusalem University of Haifa 91904 Jerusalem, Israel 31905 Haifa, Israel [email protected] [email protected] November 4, 2007 Abstract The pseudo-random number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudo-randomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We examined the binary code of a distribution of Windows 2000, which is still the second most popular operating system after Windows XP. (This investigation was done without any help from Microsoft.) We reconstructed, for the ¯rst time, the algorithm used by the pseudo- random number generator (namely, the function CryptGenRandom). We analyzed the security of the algorithm and found a non-trivial attack: given the internal state of the generator, the previous state can be computed in O(223) work (this is an attack on the forward-security of the generator, an O(1) attack on backward security is trivial). The attack on forward-security demonstrates that the design of the generator is flawed, since it is well known how to prevent such attacks. We also analyzed the way in which the generator is run by the operating system, and found that it ampli¯es the e®ect of the attacks: The generator is run in user mode rather than in kernel mode, and therefore it is easy to access its state even without administrator privileges.
  • Download Attachment

    Download Attachment

    NON-CONFIDENTIAL 2010-1556 UNITED STATES COURT OF APPEALS FOR THE FEDERAL CIRCUIT ASUSTEK COMPUTER INC., ASUS COMPUTER INTERNATIONAL, INC., BFG TECHNOLOGIES, INC., BIOSTAR MICROTECH (U.S.A.) CORP., BIOSTAR MICROTECH INTERNATIONAL CORP., DIABLOTEK, INC., EVGA CORP., G.B.T., INC., GIGA-BYTE TECHNOLOGY CO., LTD., HEWLETT-PACKARD COMPANY, MSI COMPUTER CORP., MICRO-STAR INTERNATIONAL COMPANY, LTD., GRACOM TECHNOLOGIES LLC (FORMERLY KNOWN AS PALIT MULTIMEDIA, INC.), PALIT MICROSYSTEMS LTD., PINE TECHNOLOGY (MACAO COMMERCIAL OFFSHORE) LTD., AND SPARKLE COMPUTER COMPANY, LTD. Appellants, — v. — INTERNATIONAL TRADE COMMISSION, Appellee, and RAMBUS, INC., Intervenor, and NVIDIA CORPORATION, Intervenor. ______________ 2010-1557 ______________ NVIDIA CORPORATION, Appellant, — v. — INTERNATIONAL TRADE COMMISSION, Appellee, and RAMBUS, INC., Intervenor. ______________ ON APPEAL FROM THE UNITED STATES INTERNATIONAL TRADE COMMISSION IN INVESTIGATION NO. 337-TA-661 ______________ NON-CONFIDENTIAL REPLY BRIEF OF APPELLANTS NVIDIA CORPORATION ET AL. _______________ *Caption Continued on Next Page COMPANION CASES TO: 2010-1483 RAMBUS, INC., Appellant, — v. — INTERNATIONAL TRADE COMMISSION, Appellee, and NVIDIA CORPORATION ET AL., Intervenors. ______________ RUFFIN B. CORDELL I. NEEL CHATTERJEE MARK S. DAVIES ANDREW R. KOPSIDAS RICHARD S. SWOPE RACHEL M. MCKENZIE FISH & RICHARDSON P.C. NITIN GAMBHIR LAUREN J. PARKER 1425 K Street, NW, 11th Floor ORRICK, HERRINGTON ORRICK, HERRINGTON Washington, DC 20005 & SUTCLIFFE LLP & SUTCLIFFE LLP Tel. No. 202-626-6449
  • Random Number Generation Using MSP430™ Mcus (Rev. A)

    Random Number Generation Using MSP430™ Mcus (Rev. A)

    Application Report SLAA338A–October 2006–Revised May 2018 Random Number Generation Using MSP430™ MCUs ......................................................................................................................... MSP430Applications ABSTRACT Many applications require the generation of random numbers. These random numbers are useful for applications such as communication protocols, cryptography, and device individualization. Generating random numbers often requires the use of expensive dedicated hardware. Using the two independent clocks available on the MSP430F2xx family of devices, software can generate random numbers without such hardware. Source files for the software described in this application report can be downloaded from http://www.ti.com/lit/zip/slaa338. Contents 1 Introduction ................................................................................................................... 1 2 Setup .......................................................................................................................... 1 3 Adding Randomness ........................................................................................................ 2 4 Usage ......................................................................................................................... 2 5 Overview ...................................................................................................................... 2 6 Testing for Randomness...................................................................................................
  • A Mathematical Formulation of the Monte Carlo Method∗

    A Mathematical Formulation of the Monte Carlo Method∗

    A Mathematical formulation of the Monte Carlo method∗ Hiroshi SUGITA Department of Mathematics, Graduate School of Science, Osaka University 1 Introduction Although admitting that the Monte Carlo method has been producing practical results in many fields, a number of researchers have the following serious suspicion about it. The Monte Carlo method needs random numbers. But since no computer program can generate them, we execute a Monte Carlo method using a pseu- dorandom number generated by a computer program. Of course, such an expedient can never have any mathematical justification. As a matter of fact, this suspicion is a misunderstanding caused by prejudice. In this article, we propose a proper mathematical formulation of the Monte Carlo method, which resolves this suspicion. The mathematical definitions of the notions of random number and pseudorandom number have been known for quite some time. Indeed, the notion of random number was defined in terms of computational complexity by Kolmogorov and others in 1960’s ([3, 4, 6]), while the notion of pseudorandom number was defined in the context of cryptography by Blum and others in 1980’s ([1, 2, 14]). But unfortunately, those definitions have been thought to be useless until now in understanding and executing the Monte Carlo method. It is not because their definitions are improper, but because our way of thinking about the Monte Carlo method has been improper. In this article, we propose a mathematical formulation of the Monte Carlo method which is based on and theoretically compatible with those definitions of random number and pseudorandom number. Under our formulation, as a result, we see the following.