battery of tests in TestU01. Experiments show that this PRNG can generate
about 20 billions of random numbers per second on Tesla C1060 and NVidia GTX280
cards.
-It is finally established that, under reasonable assumptions, the proposed PRNG can be cryptographically
+It is then established that, under reasonable assumptions, the proposed PRNG can be cryptographically
secure.
+A chaotic version of the Blum-Goldwasser asymmetric key encryption scheme is finally proposed.
\end{abstract}
Finally, a small part of the community working in this domain focus on a
third requirement, that is to define chaotic generators.
The main idea is to take benefits from a chaotic dynamical system to obtain a
-generator that is unpredictable, disordered, sensible to its seed, or in other words chaotic.
+generator that is unpredictable, disordered, sensible to its seed, or in other word chaotic.
Their desire is to map a given chaotic dynamics into a sequence that seems random
and unassailable due to chaos.
However, the chaotic maps used as a pattern are defined in the real line
motivates our proposal of a chaotic and statistically perfect PRNG for GPU.
Such device
allows us to generated almost 20 billions of pseudorandom numbers per second.
-Last, but not least, we show that the proposed post-treatment preserves the
+Furthermore, we show that the proposed post-treatment preserves the
cryptographical security of the inputted PRNG, when this last has such a
property.
+Last, but not least, we propose a rewritten of the Blum-Goldwasser asymmetric
+key encryption protocol by using the proposed method.
The remainder of this paper is organized as follows. In Section~\ref{section:related
works} we review some GPU implementations of PRNGs. Section~\ref{section:BASIC
RECALLS} gives some basic recalls on the well-known Devaney's formulation of chaos,
and on an iteration process called ``chaotic
iterations'' on which the post-treatment is based.
-Proofs of chaos are given in Section~\ref{sec:pseudorandom}.
+The proposed PRNG and its proof of chaos are given in Section~\ref{sec:pseudorandom}.
Section~\ref{sec:efficient PRNG} presents an efficient
implementation of this chaotic PRNG on a CPU, whereas Section~\ref{sec:efficient PRNG
- gpu} describes the GPU implementation.
+ gpu} describes and evaluates theoretically the GPU implementation.
Such generators are experimented in
Section~\ref{sec:experiments}.
We show in Section~\ref{sec:security analysis} that, if the inputted
generator provided by the post-treatment.
Such a proof leads to the proposition of a cryptographically secure and
chaotic generator on GPU based on the famous Blum Blum Shum
-in Section~\ref{sec:CSGPU}.
+in Section~\ref{sec:CSGPU}, and to an improvement of the
+Blum-Goldwasser protocol in Sect.~\ref{Blum-Goldwasser}.
This research work ends by a conclusion section, in which the contribution is
summarized and intended future work is presented.
FPGA appears as the fastest and the most
efficient architecture, providing the fastest number of generated pseudorandom numbers
per joule.
-However, we can notice that authors can ``only'' generate between 11 and 16GSamples/s
+However, we notice that authors can ``only'' generate between 11 and 16GSamples/s
with a GTX 280 GPU, which should be compared with
the results presented in this document.
We can remark too that the PRNGs proposed in~\cite{conf/fpga/ThomasHL09} are only
path from $x$ to $x'$ in $\Gamma(f)$ if and only if there exists a
strategy $s$ such that the parallel iteration of $G_f$ from the
initial point $(s,x)$ reaches the point $x'$.
-
-We have finally proven in \cite{bcgr11:ip} that,
+We have then proven in \cite{bcgr11:ip} that,
\begin{theorem}
if and only if $\Gamma(f)$ is strongly connected.
\end{theorem}
-This result of chaos has lead us to study the possibility to build a
+Finally, we have established in \cite{bcgr11:ip} that,
+\begin{theorem}
+ Let $f: \mathds{B}^{n} \rightarrow \mathds{B}^{n}$, $\Gamma(f)$ its
+ iteration graph, $\check{M}$ its adjacency
+ matrix and $M$
+ a $n\times n$ matrix defined by
+ $
+ M_{ij} = \frac{1}{n}\check{M}_{ij}$ %\textrm{
+ if $i \neq j$ and
+ $M_{ii} = 1 - \frac{1}{n} \sum\limits_{j=1, j\neq i}^n \check{M}_{ij}$ otherwise.
+
+ If $\Gamma(f)$ is strongly connected, then
+ the output of the PRNG detailed in Algorithm~\ref{CI Algorithm} follows
+ a law that tends to the uniform distribution
+ if and only if $M$ is a double stochastic matrix.
+\end{theorem}
+
+
+These results of chaos and uniform distribution have lead us to study the possibility to build a
pseudorandom number generator (PRNG) based on the chaotic iterations.
As $G_f$, defined on the domain $\llbracket 1 ; \mathsf{N} \rrbracket^{\mathds{N}}
\times \mathds{B}^\mathsf{N}$, is build from Boolean networks $f : \mathds{B}^\mathsf{N}
\rightarrow \mathds{B}^\mathsf{N}$, we can preserve the theoretical properties on $G_f$
-during implementations (due to the discrete nature of $f$). It is as if
+during implementations (due to the discrete nature of $f$). Indeed, it is as if
$\mathds{B}^\mathsf{N}$ represents the memory of the computer whereas $\llbracket 1 ; \mathsf{N}
\rrbracket^{\mathds{N}}$ is its input stream (the seeds, for instance, in PRNG, or a physical noise in TRNG).
+Let us finally remark that the vectorial negation satisfies the hypotheses of the two theorems above.
\section{Application to Pseudorandomness}
\label{sec:pseudorandom}
$2^{32}-1=4.29\times10^9$, is summed up in Algorithm~\ref{XORshift}. It is used
in our PRNG to compute the strategy length and the strategy elements.
-
-We have proven in \cite{bcgr11:ip} that,
-\begin{theorem}
- Let $f: \mathds{B}^{n} \rightarrow \mathds{B}^{n}$, $\Gamma(f)$ its
- iteration graph, $\check{M}$ its adjacency
- matrix and $M$ a $n\times n$ matrix defined as in the previous lemma.
- If $\Gamma(f)$ is strongly connected, then
- the output of the PRNG detailed in Algorithm~\ref{CI Algorithm} follows
- a law that tends to the uniform distribution
- if and only if $M$ is a double stochastic matrix.
-\end{theorem}
-
-This former generator as successively passed various batteries of statistical tests, as the NIST~\cite{bcgr11:ip}, DieHARD~\cite{Marsaglia1996}, and TestU01~\cite{LEcuyerS07}.
+This former generator has successively passed various batteries of statistical tests, as the NIST~\cite{bcgr11:ip}, DieHARD~\cite{Marsaglia1996}, and TestU01~\cite{LEcuyerS07} ones.
\subsection{Improving the Speed of the Former Generator}
more local memory is used, and the less branching instructions are
used (if, while, ...), the better the performances on GPU is.
Obviously, having these requirements in mind, it is possible to build
-a program similar to the one presented in Algorithm
+a program similar to the one presented in Listing
\ref{algo:seqCIPRNG}, which computes pseudorandom numbers on GPU. To
do so, we must firstly recall that in the CUDA~\cite{Nvid10}
environment, threads have a local identifier called
\texttt{ThreadIdx}, which is relative to the block containing
-them. With CUDA parts of the code which are executed by the GPU are
+them. Furthermore, in CUDA, parts of the code that are executed by the GPU are
called {\it kernels}.
prove by an immediate mathematical induction that, as the initial $x$
is uniformly distributed (it is provided by a cryptographically secure PRNG),
the two other stored values shmem[o1] and shmem[o2] are uniformly distributed too,
-(this can be stated by an immediate mathematical
-induction), and thus the next $x$ is finally uniformly distributed.
+(this is the induction hypothesis), and thus the next $x$ is finally uniformly distributed.
Thus Algorithm~\ref{algo:gpu_kernel2} is a concrete realization of the general
chaotic iterations presented previously, and for this reason, it satisfies the
cards have 240 cores.
In Figure~\ref{fig:time_xorlike_gpu} we compare the quantity of pseudorandom numbers
-generated per second with various xor-like based PRNG. In this figure, the optimized
+generated per second with various xor-like based PRNGs. In this figure, the optimized
versions use the {\it xor64} described in~\cite{Marsaglia2003}, whereas the naive versions
embed the three xor-like PRNGs described in Listing~\ref{algo:seqCIPRNG}. In
order to obtain the optimal performances, the storage of pseudorandom numbers
t|=BBS1(bbs1)\&7\;
t<<=BBS7(bbs7)\&3\;
t|=BBS2(bbs2)\&7\;
- t=t $\wedge$ shmem[o1] $\wedge$ shmem[o2]\;
+ t=t \^{ } shmem[o1] \^{ } shmem[o2]\;
shared\_mem[threadId]=t\;
- x = x $\wedge$ t\;
+ x = x \^{ } t\;
store the new PRNG in NewNb[NumThreads*threadId+i]\;
}
Let us remark that to initialize $t$ is not a necessity as we
fill it 4 bits by 4 bits, until having obtained 32 bits.
The two last new shifts are realized in order to enlarge
-the small periods of the BBS used here, to introduce a variability.
+the small periods of the BBS used here, to introduce a kind of variability.
In these operations, we make twice a left shift of $t$ of \emph{at most}
3 bits and we put \emph{exactly} the 3 last bits from a BBS into
the 3 last bits of $t$, leading possibly to a loss of a few
It should be noticed that this generator has another time the form $x^{n+1} = x^n \oplus S^n$,
where $S^n$ is referred in this algorithm as $t$: each iteration of this
-PRNG ends with $x = x \wedge t;$. This $S^n$ is only constituted
+PRNG ends with $x = x \wedge t$. This $S^n$ is only constituted
by secure bits produced by the BBS generator, and thus, due to
Proposition~\ref{cryptopreuve}, the resulted PRNG is cryptographically
secure
\subsection{Toward a Cryptographically Secure and Chaotic Asymmetric Cryptosystem}
-
+\label{Blum-Goldwasser}
We finish this research work by giving some thoughts about the use of
the proposed PRNG in an asymmetric cryptosystem.
This first approach will be further investigated in a future work.
\item $i=0$.
\item While $i \leqslant L-1$:
\begin{itemize}
-\item Set $b_i$ equal to the least-significant\footnote{BBS can securely output up to $\mathsf{N} = \lfloor log(log(N)) \rfloor$ of the least-significant bits of $x_i$ during each round.} bit of $x_i$,
+\item Set $b_i$ equal to the least-significant\footnote{As signaled previously, BBS can securely output up to $\mathsf{N} = \lfloor log(log(N)) \rfloor$ of the least-significant bits of $x_i$ during each round.} bit of $x_i$,
\item $i=i+1$,
\item $x_i = (x_{i-1})^2~mod~N.$
\end{itemize}
\section{Conclusion}
-In this paper we have presented a new class of PRNGs based on chaotic
-iterations. We have proven that these PRNGs are chaotic in the sense of Devaney.
-We also propose a PRNG cryptographically secure and its implementation on GPU.
-
-An efficient implementation on GPU based on a xor-like PRNG allows us to
-generate a huge number of pseudorandom numbers per second (about
-20Gsamples/s). This PRNG succeeds to pass the hardest batteries of TestU01.
-
-In future work we plan to extend this work for parallel PRNG for clusters or
-grid computing.
+In this paper, a formerly proposed PRNG based on chaotic iterations
+has been generalized to improve its speed. It has been proven to be
+chaotic according to Devaney.
+Efficient implementations on GPU using xor-like PRNGs as input generators
+shown that a very large quantity of pseudorandom numbers can be generated per second (about
+20Gsamples/s), and that these proposed PRNGs succeed to pass the hardest battery in TestU01,
+namely the BigCrush.
+Furthermore, we have shown that when the inputted generator is cryptographically
+secure, then it is the case too for the PRNG we propose, thus leading to
+the possibility to develop fast and secure PRNGs using the GPU architecture.
+Thoughts about an improvement of the Blum-Goldwasser cryptosystem, using the
+proposed method, has been finally proposed.
+
+In future work we plan to extend these researches, building a parallel PRNG for clusters or
+grid computing. Topological properties of the various proposed generators will be investigated,
+and the use of other categories of PRNGs as input will be studied too. The improvement
+of Blum-Goldwasser will be deepened. Finally, we
+will try to enlarge the quantity of pseudorandom numbers generated per second either
+in a simulation context or in a cryptographic one.
