Long period pseudo random number sequence generator by Wang, Charles C.
United States Patent [11] Patent Number: 4,890,252 
W-g [45] Date of Patent: Dec. 26, 1989 
LONG PERIOD PSEUDO RANDOM . 
NUMBER SEQUENCE GENERATOR 
Inventor: Charles C. Wan& Arcadia, Calif. 
Assignee: The United States of America as 
represented by the Administrator of 
the National Aeronautics and Space 
Administration, Washington, D.C. 
Appl. NO.: 113,954 
Filed Oct. 29,1987 
Int. c l . 4  ................................................ Go6F 1/02 
U.S. cl. .................................. 364/717; 364/746.1 
Field of Search ...................... 364/717, 746.1, 754 
References Cited 
U.S. PATENT DOCUMENTS 
3,614,400 10/1971 Farnett et al. ...................... 364/717 
4,251,875 2/1981 Marver et al. ................... 364/746.1 
4,587,627 5/1986 Omura et al. ....................... 364/754 
OTHER PUBLICATIONS 
Wang et al, “VLSI Architectures for Computing Multi- 
plications and Inverses in GF(29”, IEEE Trans. on 
Comp., vol. C-34, No. 8, Aug. 1985, pp. 709-717. 
Primary Examiner-E. S. Kemeny 
Assistant Examiner-Tan V. Mai 
Attorney, Agent, or Firm-Thomas H. Jones; John R. 
Manning; Charles E. B. Glenn 
E571 ABSTRACT 
A circuit for generating a sequence of pseudo random 
numbers, {Ak}. There is an exponentiator (30) in 
GF(2m) for the normal basis representation of elements 
in a finite field GF(2m) each represented by m binary 
digits and having two inputs and an output from which 
the sequence {Ak} of pseudo random numbers is taken. 
One of the two inputs is connected to receive the out- 
puts {&} of maximal length shift register of n stages. 
There is a switch (32) having a pair of inputs and an 
output. The switch (32) output is connected to the other 
of the two inputs of the exponentiator (30). One of the 
switch (32) inputs is connected for initially receiving a 
primitive element Aoin GF(2m). Finally, there is a delay 
circuit (34) having an input and an output. The delay 
circuit (34) output is connected to the other of the 
switch (32) inputs and the delay circuit (34) input is 
connected to the output of the exponentiator (30) 
whereby after the exponentiator (30’) initially receives 
the primitive element A0 in GF(2m) through the switch 
(32), the switch (32) can be switched to cause the ex- 
ponentiator (30’) to receive as its input a delayed output 
Ak- 1 from the exponentiator (30’) thereby generating 
{Ak} continuously at the output of the exponentiator 
(30). The exponentiator (30) in GF(2m) is novel and 
comprises a cyclic-shift circuit; a Massey-Omura multi- 
plier; and, a control logic circuit all operably connected 
together to perform the function Ui==2i(for ni= 1) or 1 
(for ni=O). 
5 Claims, 4 Drawing Sheets 
-30’ 
L 
‘ EXPONENTIATOR ’
OF c- 
GF(2 m, 
DELAY 32 
https://ntrs.nasa.gov/search.jsp?R=19900014320 2020-03-24T03:04:24+00:00Z
U.S. Patent DW 26,1989 Sheet 1 of 4 4,890,252 
W 
0 
Q 
L C V  
h 
c5 
2 
:.I w 
0 
hi 4-4- 
U.S. Patent DN. 26,1989 Sheet 2 of 4 4,890,252 
t 
hl 
J 
J 
-0 
11 I1 
U.S. Patent DW. 26,1989 Sheet 3 of 4 4,890,252 
\ 
0 
M 
U.S. Patent 
I- 
3 
I- 
3 
0 
a 
Dec. 26,1989 Sheet 4 of 4 4,890,252 
I\ 
I! 
E 
r\ 
7 
E 
S I  
f 
I 
F 
t 
\ 
0 
M 
z 
-I 
I& 
I- 
a 
a 
n 
t- m 
I 
z 
I I  
2 
v) 
I 
3 s 
a 
a 
k m 
I 
II 
LL 
I- 
Q 
24 
h 
h 
ti 
Y a 
I- 
t, 
Y 
LI 
i' 
O M  a 
cy 
h 
h GF(2m) through the switch-the switch can be 
switched to cause the exponentiator to thereafter re- 
ceive as its input a delayed output Ak-1 from the ex- 
ponenthtor thereby generating {&} continuously at 
the output of the exponentiator. 
In the preferred embodiment, the exponentiator in 
GF(2m) comprises, a cyclic-shift circuit; a Massey- 
Omura multiplier; and, a control logic circuit all opera- 
bly connected together to perform the function Ui==28 
(for ni= 1) or 1 (for ni=O). 
2. Prior Art and Technical References 
The following provide further information on the 
subject matter of the present invention and/or tech- 
niques and apparatus incorporated therein. 
1. J. L. Massey and J. K. Omura, Patent Application 
on “Computational Method and Apparatus for 
Fine Field Arithmetic”, now U.S. Letters Pat. No. 
4,587,627. 
2. C. C. Wang, et al., “VLSI Architectures for Com- 
puting Multiplications and Inverses in GF(2m)”, 
B E E  Transactions on Computers, Vol. C-34, No. 
8, August 1985. 
3. R. C. Dixon, Spread Spectrum Systems, John Wiley 
& Sons, Inc., 1932. 
4. F. J. MacWilliams and N. J. A. Sloane, The Theov 
of Error-Correcting Codes, North-Holland Publish- 
ing, New York, 1977. 
5. M. Perlman, “Periodic Binary Sequence Genera- 
tors: Very Large Scale Integrated (VLSI) Circuits 
Considerations”, Jet Propulsion Laboratory (JPL) 
Publications 85-7, December, 1984. 
DESCRIPTION OF THE PRIOR ART 
The field of cryptography has undergone a step in- 
crease in its requirements for producing “unbreakable” 
code since the inception of the digital computer. When 
coded messages only existed and were transmitted in 
analog form (Le. the written “word”) as represented by 
FIGS. 1 and 2, the production of a code which was 
4,890,252 
1 2 
difficult to break was fairly easy and the breaking of the 
code of others was a laborous and time-consuming task 
as the work had to be done by human mental labor. For 
example, one could make a code table 10 as shown in 
5 FIG. 1 wherein a symbol is substituted for each letter of 
ne invention in the per- the no& alphabet, e.g., A becomes &. Messages writ- 
fo-ce of work a NASA contract and is sub- ten with the substituted alphabet are easily deciphered 
j e t  to the provisions of Public Law 96517 (35 UsC only with the help of a corresponding code table 10 in 
202) in which the Contractor has elected not to r e a  the hands of the receiver. Thus, only with a code table 
title. 1. Technical Field 10 10 can the receiver of the message “@&#%” under- 
The present invention relates to cryptography and, stand it to be the word “FACE’ as shown in FIG. 2. TO 
more particularly, to a circuit for generating a sequence break the code, one must use trial and error substitu- 
of pseudo random numbers, {A&}, having a long period tions trying to find substitutions which make sense. 
comprising, an exponentiator in GF(2m) for the normal Certain knowledge about common combinations make 
basis representation of elements in a finite field GF(2m) the process easier; but, it is st i l l  laborous at best. 
each represented by m binary digits and having two With the advent of the digital computer with the 
inputs and an output from which the sequence {A&} of ability to perform masses of combinations and permuta- 
pseudo random numbers is taken, one of the two inputs tions of trial and error data in a matter of seconds, mere 
being COnnected to receive the Outputs { E d  of a maxi- substitution codes become relatively worthless. Addi- 
mal length Shift register Of n Stages; a switch having a 2o tionally, the electronic transmission of data added to the 
pair of inputs and an output, the switch output being problem. While the written analog cryptographer could 
connected to the other ofthe two inputs ofthe exponen- devise his own symbols for substitution, the electronic 
LONG PERIOD PSEUDO RANDOM NUMBER 
SEQUENCE GENERATOR 
ORIGIN OF THE INVENTION 
herein was 
tiator, one Of the switch hlpUtS being connected for cryptographer is faced with the use of bi- 
initially receiving a Primitive element b in GF(zm); nary electronic substitutions for the alphabetic (and 
and, a delay circuit having an input and an output, the 25 associated) characters. Even the original Morse code 
switch inputs, the delay Circuit input being Connected to binary code with fixed substitutions. F~~ example, a 
delay circuit output being connected to the other of the 
the output of the exponentiator whereby after the ex- 
Donentiator initially receives the primitive element A0 
employed with telegraph transmissions is a form of a 
‘‘dash,, can be thought of as a binary ‘61,, while a “dot” 
is a (i.e. Morse code dash, 660,y. nus, the letter 3u dash, dot) can be thought of as binary 110. Most digital 
devices associated with computers employ fmed numer- 
ical representations (such as so-called “ASCII”) for the 
characters as input, transmitted, and printed. Thus, as 
35 represented by the drawing of FIGS. 3 and 4, the letter 
“A”, for example, is represented by the number “01” 
(Le. the eight bit binary byte OOOOOO0l) and the message 
“FACE” of FIG. 2 becomes “06010305” (in binary 
bytes) when transmitted within a binary system. 
Faced with this problem, cryptographers (where the 
term “cryptographer” includes persons who develop 
methods for seching data a programs within the digital 
computers themselves) found that an effective method 
of encrypting data, programs, and messages was to add 
45 a pseudo random number sequence thereto on the trans- 
mitting end and to subtract the same pseudo random 
number sequence therefrom on the receiving end as 
shown in FIG. 5. Since there is no constant substitution 
factor, the trial and error method of code breaking is 
The generation of a periodic sequence of pseudo 
random numbers finds use in a number of applications 
such as spread spectrum communications and crypto- 
graphic systems as well as in other signal processing 
55 applications such as noise generation, ranging code 
generation, and test data sequence generation. The 
pseudo random number sequence addition/subtraction 
technique has been applied to varying levels of security 
requirements from the simple prevention of unautho- 
60 rized disclosure of valuable coding within otherwise 
accessible computer programs and data to the incryp- 
tion of data highly sensitive to the national security. The 
differentiating factor, in each case, being the complexity 
of the generator for the pseudo random number se- 
65 quence. The shorter the period of the sequence (Le. the 
number of pseudo random numbers in the sequence 
before the sequence begins to repeat), the less costly the 
generator and the more regular (Le. less random) resul- 
4o 
50 ineffective, even at computer speeds. 
4,890,252 
3 4 
tant sequence. As can be appreciated in this regard FIG. 4 is an example of the numeric representation of 
when considered in the ridiculous extreme, a pseudo the message of FIG. 2 employing the numeric substitu- 
random sequence of 02, 05, 03, 02, 05, 03, . . . would tions of the table of FIG. 3. 
approach the adding of a constant to any data and FIG. 5 is a block diagram showing a prior art tech- 
would be fairly wily whereas a sequence 5 nique employed in the protection and encrypting of 
with an infinite period (‘.g. which never repeated) data represented numerically wherein a pseudo random 
would be virtually impossible to recognize. number sequence is added to the data for transmission 
n e  typical prior art approach to the generation of a or storage and then subtracted out for use. 
pseudo random number sequence is shown in simplified FIG. 6 is a block diagram of a prior art maximal 
form in FIG. 6. A modular multiple-tap sequence gener- 10 length shift register employed for generating Pseudo 
ator as developed is described in reference 3 and has 
been in the art as a very powerful and simple FIG. 7 is a simplified representation of a finite field 
pseudo number generator. A VLSI circuit for 
that generator has also been developed and is reported FIG. 8 is a simplified diagram of a cyclic-shift circuit 
in referena 5. general, there is a n-position shift I5 for achieving ,2iby operating on the normal basis repre- 
register 12. An initial value is loaded into the register 12 sentation Of ,2i-1* 
the register 12 by one position for each pseudo random invention for realizing the exponentiation in GF(2m) by 
number to be generated. me register 12 is a wrap- using a cyclic-shift circuit, a M-y-Omura multiplier, 
around register in the bit being shifted out at the 20 and a control logic circuit performing the function 
feedback or FIG. 10 is a VLSI implementable circuit according to 
into the register 12 since the number of positions “n” of 25 FIG. 11 is a block diagram of the system structure of 
FIG. 12 is a block diagram of a mechanism according of bits in each “number” of the sequence. 
Of the pseudo random number sequence to the present invention which can generate pseudo 
produced by the prior art apparatus of FIG. 6 is deter- random numbers, Ak. mined by the number of positions “n” of the register 12. 3o 
Since an initialization value of “zero” is never employed DETAILED DESCRIPTION OF THE 
(for obvious reasons), the period is equal to the quantity INVENTION 
2n- 1 and is known as the “maximal length” achievable With reference to FIG. 7 as a starting point, aSSume 
by this the perid Of a that there is a field 24 containing a number of points 26. 
. . Pn. The field and the points 
Prior art manner of FIG. 6 is 131,071- To get a larger therein can be described with respect to any of a num- 
perid* more POSitions must be added to the re&er ber of co-ordinate systems such as that indicated as 28. 
12-and the increase is not substantial. For example, the one such representation system well known in the prior 
period of a 19-stage maximal length shift register is only art is the 
449,113. This may seem substantial; however, it is small 40 Recently, Masse,, and Omura [as described in refer- 
in circumstances of extreme criticality where an infinite ence 11 invented a new algorithm to multiply in the 
period would be more desirable and beneficial. finite field GF(2m). In their invention, they utilize a 
DISCLOSURE OF THE INVENTION normal basis of the form a, a2, a4, . . , =2m- 1 to repre- 
sent elements of the field. Employing a normal basis 
This invention is Primarily directed at a method and 45 representation, each element in the finite field GF(2m) 
apparatus for generating a random number sequence can be represented by m binary digits. Also, in employ- 
whose period is longer than 2”- 1 when n shift registers ing a normal basis representation, squaring of an ele- 
are used. It incorporates a simple VLSI implementable ment in GF(2m) is readily shown to be a simple cyclic 
device to Perform exponentiation in GF(zm) bY Using a shift of its binary digits [as described in references 1 and 
M-Y-Omura multiplier and is capable of generateg a 50 21. Also, multiplication requires the same logic circuitry 
Very long Pseudo random sequence When 2m- 1 1s a for any one digit of the product as it does for any other 
h k ~ n n e  P-e. While the sequence generated by the [as also described in references 1 and 21. Adjacent prod- 
present inventian may not have a flat spectrum as does uct digit circuits differ only in their inputs, which are 
the sequence generated by the Prior art maximal length cyclically shifted versions of one another. In reference 
Shift register as d e w k d  a-der herein, the increase of 55 2, the inventor herein and others presented a VLSI 
the Period is very Significant and makes its sequence architecture to implement this Massey-Omura multi- 
very d e s i d e  in some applications wherein period plier in GF(2m). Both sequential-type and parallel-type 
length is of paramount importance. Massey-Omura multipliers have been illustrated. They 
are shown to be simple and regular. A VLSI architec- 
60 t v e  for computing inverses in GF(2m) was also devel- 
oped in reference 2 by using a parallel-type Massey- DRAWINGS 
Omura multiplier. 
Exponentiation in the finite field GF(2m) is necessary 
in the implementation of some error-correcting coders, 
65 such as Reed-Soloman codes. The conventional method 
for computing exponents in a finite field uses a lookup 
table. This method cannot be realized efficiently in a 
VLSI circuit. As will be described herein shortly, the 
random number sequences. 
Containing points identifiable in a co-ordinate system. 
over the input h e  14. The value is then shifted though 9 a chart Of the method of the Present 
output end 16 is shifted into the input end 18 via the 
number sequence is taken out from a number of taps 22 
the register 12 is much larger than the number 
(for ni=l) Or (for ni=o)* 
line 20. The pseudo the present invention for PIforming the recursive algO- 
rithm for computing exponentiation in GF(24). 
the circuitry of FIG. 10 for a general field GF(2m). 
The 
By way Of 
maximal length register Operating in the 35 designated as Pi, Pir 
basis” system. 
OF THE 
FIG. 1 is a substitution table as used in the prior art 
for encrypting written messages. 
FIG. 2 is an example of an encrypted message using 
the table of FIG. 1. 
FIG. 3 is a table showing how numbers are employed 
to represent characters in the electronic input, transmis- 
sion, and printing of characters. 
42390,252 
6 5 
inventor herein has devised a recursive pipeline expo- 
nentiation circuit using a Massey-Omura multiplier. The 
architecture of that circuit is similar to that of the inver- 
sion circuit mentioned above, is regular and expandable, 
and, hence, naturally suitable for VLSI implementation. 
For an arbitrary a in the finite field GF(2m) and an 
integer N, (where lSNS2m- l), and a = f l N ,  clearly, fl  
is in GF(2m). When N is represented in binary form as 
(not n t  nz, . . . nm-l)~, it can be proved mathematically 
(proof omitted in the interest of simplicity and the 
avoidance of redundancy) that exponentiation in the 
finite field GF(2m) can be accomplished by successive 
multiplication. From the teachings of references 1 and 2 
it is known that, in normal basis, a2ican be achieved by 
a cyclic-shift circuit as shown in FIG. 8 operating on 
the normal basis representation of a2i-l. The exponenti- 
ation in GF(2m) can, therefore, be realized by using a 
cyclic-shift circuit, a Massey-Omura multiplier, and a 
control logic circuit performing the function Ui=,2[ 
(for ni= 1) or 1 (for nj=O). The algorithm of this struc- 
ture is shown in FIG. 9 and can be described as follows: 
(i) Let A=a 
If ng= 1, let B=A 
Otherwise, let B= 1 
Let C=l and k=O 
(ii) Multiply B and C to obtain Z=B C 
(iii) Replace A with the cyclic shift (CS) of A 
Set k=k+ 1 
If k=m, Z=aN, Stop 
If k<m, C=Z and B=A if nk= 1, 
Otherwise B= 1 
(iv) Go back to step (ii) 
This recursive algorithm for computing exponentia- 
tion in GF(24) can be realized by the circuit 30 shown in 
FIG. 10. In the circuit of FIG. 10, a parallel-type Mas- 
sey-Omura multiplier of GF(24) is utilized. The archi- 
tecture is somewhat similar to that shown in FIG. 9 of 
reference 2 as used for computing the inverses in 
GF(24); but, it has an additional input for the exponent 
N and only one control signal, Ld. By way of illustra- 
tion of its operation, let the exponent N be represented 
by (133, n2, nl, no)zsuch that N is equal to the sum from 
i=O to 4 of ni2j where ng=O or 1. If one follows the 
Drozress of the comDutation, it will be found that at the 
5 
10 
15 
20 
25 
30 
35 
40 
ind-of the third clodk cycle; the complementary values 45 
of al, az, and a3 are stored in the input buffer flip-flops 
B1, B2, and B3, respectively. During the fourth clock 
cycle, Ld= 1. Then the complementary values of a, al, 
a2, and a3 are simultaneously shifted into R1, R2, R3, and 
%, respectively. At the same moment, buffer flip-flops 50 
B7, Bs, B9, and Blo are fed with the values of n3, n2, nl, 
and no, respectively, and registers R5, R6, R7, and Rg are 
also fed with the values “0”. Notice that, actually, the 
complementary representation of a and 1 are entering 
the buffers R for multiplication. This is due to the fact 55 
that the “AND” function required in the Massey- 
Omura multiplier developed in reference 2 is achieved 
by using an “OR” function operating on the comple- 
ments of multiplicand and multiplier. 
simultaneously yields four product components &, d1, 
d2, and d3. Therefore, during the next four clock cycles, 
while nl(i=O, 1, 2, 3) controls the entering of either =2i 
or 1 to the multiplier, four successive multiplications are 
performed for the exponentiation. When the fourth 65 
multiplication is completed, Ld= 1. Thus, the first digit, 
b3, of the normal basis representation of aNis shifted out 
of the circuit. At the same time, the other three digits, 
A parallel-type GF(24) Massey-Omura multiplier 60 
bo, bl, and b2, of are fed into the output buffer flip-flops 
B4, €35, and B6, respectively. These are sequentially 
shifted out of the circuitry during the next three clock 
The above-described method of computing exponen- 
tiation in GF(24) takes four clock cycles. During this 
four clock cycles, the circuit of FIG. 10 allows the bits 
of the next element (following a) to be fed into it and 
the bits of the previous element to be shifted out of it, 
simultaneously. The circuit, therefore, provides a full 
pipeline capability so that the same operation can be 
performed continuously. As mentioned earlier, the 
pipelined exponentiation circuitry for GF(24) of FIG. 
10 is well-suited for VLSI implementation. The system 
structure of this circuitry 30’ for a general field GF(2m) 
is shown in FIG. 11. 
The use of exponentiation in a finite field GF(2m) to 
simply and easily generate a pseudo random number 
sequence having a period which is orders of magnitude 
longer than that possible with the prior art maximal 
length shift register approach will now be described. 
First, ifE1, E2, E3, , . e is a sequence of integers gener- 
ated by a maximal length shift register of n stages, it is 
well known that Ek is in the set S 1, 2, 3, . . . , 2”- 1; 
and, that the sequence Ek, where k=l, 2, 3, . . . , is a 
periodic sequence with period 2”- 1. Furthermore, the 
subsequence of E k  within on period is a permutation of 
elements in S. 
Now, by way of background and introduction, if A0 
is a primitive element in GF(29, where mSn (the “n” 
specified in the previous paragraph), then, 2m- 1 is the 
smallest positive integer L, the so-called order of A0 , 
such that A,-&= 1. Hence, for any two distinct numbers 
Ei, Ei (i, j S2n- 1) in the sequence {Ek}, ,&#AoEj. If 
Ai=,&, then {Ak} is a periodic sequence of elements 
in GF(2m) with the same period as the sequence {Ed, 
2n-1. Although {Ak} is a collection of elements in 
GF(2m), the representation of every Akin some basis of 
GF(2m) presents a binary representation of an integer in 
[l, 2m-11. Therefore, the sequence of {Ak) can be 
regarded as a periodic sequence of positive integers. By 
generating the sequence {Ak} as described above, how- 
ever, one cannot increase the periodicity of the se- 
quence {EL}. The manner in which this approach can 
be employed to increase the periodicity of the resultant 
sequence will now be described. 
A random number sequence {Ak} can be generated 
by letting Ak=Ak-IEk. Putting it differently, {Ak} can 
be expressed as: 
cycles. 
7 
4,890,252 
gain in period length more than compensates for the 
Wherefore having thus described the present inven- 
1. A circuit for generating a sequence of pseudo ran- 
(a) an exponentiator in GF(2m) for the normal basis 
representation of elements in a finite field GF(2m) 
each represented by m binary digits and having 
Ai = = . 9 = ,i=p' 10 two inputs and an output from which the sequence 
{Ak] of pseudo random numbers is taken, one of 
said two inputs being connected to receive the 
outputs {Ek} of a maximal length shift register of n 
stages; 
(b) a switch having a pair of inputs and an output, said 
output of said switch being connected to the other 
of said two inputs of said exponentiator, one of said 
inputs of said switch being connected for initially 
receiving a primitive element & in GF(2m); and 
(c) a delay circuit having an input and an output, said 
output of said delay circuit being connected to the 
other of said switch inputs, said input of said delay 
circuit being connected to said output of said ex- 
ponentiator whereby after said exponentiator ini- 
tially receives said primitive element &in GF(2m) 
through said switch, said switch is switched to 
make said exponentiator receive as an input thereto 
a delayed output Ak-1 from said exponentiator 
thereby generating {Ak} continuously at said out- 
put of said exponentiator. 
2. The circuit for generating a sequence of pseudo 
random numbers, {Ak}, of claim 1 wherein said ex- 
ponentiator in GF(2m) comprises: 
(1) losses in these properties. 
A1 = A f '  
tion, what is claimed is: 
dom numbers, {Ak}, comprising: 
A2 = A$ = A g l n  5 
T i rgmod2m-1 
0 
l5 
A2n-1 = A 2 F ! F 1  = Aop 
2o 
where P=(2n- l)! mod(2m- 1). 
In the interest of simplicity and the avoidance of 
redundancy, it will be taken as true that the following 
can be mathematically proved: 
25 
If the sequence { A d  is periodic, n < m (2) 
(3) If A0 is a primitive element in GF(2m) with 
2"' - 1 a Me-e prime, then {Ak)  is a periodic 3o 
sequence with perid of (2" - 1)r 
,where r is the smallest positive integer such 
that P' = 1 mod (2m - 1). 
35 (a) a cyclic-shift circuit; 
From (3), the algorithm given in (1) as to using expo- 
Mersenne prime has been proved to be able to generate 
a pseudo random number sequence with period 
(2n- 1)r. This period is, in general, much greater than 40 
the period of a maximal length sequence for the same 
n-stage shift register. FIG. 12 shows a mechanism 
which can generate such pseudo random numbers, Ak, 
in simplified block diagram form. The circuitry consists 
of an exponentiator 30' in GF(2m) as developed above 45 
herein. One of the two inputs to the exponentiator 31)' is 
the outputs {Ek} of a maximal length shift register of n 
stages (not shown) according to the prior art as de- 
scribed above. The other input is initially fed by a primi- 
tive element A0 in GF(2m) and then switched bv means 50 
(b) a Massey-Omura multiplier; and 
nentiation in the finite field GF(2m) with 2m- 1 being a (C) a COXltrOl logic Circuit connected to Said Cyclic- 
shift circuit and said Massey-Omura multiplier to 
perform the function Ui=a2i(for nj=1) or 1 (for 
ni=o), where i iS an integer greater than zero. 
3. A method of generating a sequence of pseudo ran- 
(a) providing an exponentiator in GF(2m) for the 
normal basis representation of elements in a finite 
field GF(2m) each represented by m binary digits 
and having two inputs and an output from which 
the sequence {Ak} of pseudo random numbers is 
taken; 
(b) connecting one of the two inputs to receive the 
Outputs {Ed Of a maximal length shift register of n 
dom numbers, b k } ,  comprising the steps of: 
. 
of switch 32 to the delayed output Ak-1 from-the ex- 
ponentiator 30' through delay circuit 34. It can be seen 
and appreciated that the pipeline structure of the ex- 
ponentiator 30 as describe above is necessary in order to 
generate Ak continuously. 
It is worthy of note at this time by way of comparison 
that with m=19 and n=17 the period of 131,071 of a 
prior art maximal length shift register of 17 stages is 
increased by 262,143 times to a period of 3,435,934,513 
with the pseudo random number generator according to 
the present invention as shown in FIG. 12. In fairness, it 
should be pointed out that the pseudo random number 
sequence generated by maximal length shift registers 
has good autocorrelation properties and some other 
periodicity properties which do not exist for the se- 
quence {Ak} described herein as produced by the pres- 
ent invention. For applications in cryptography, for 
example, these properties are not important and the vast 
stages; 
(c) providing a switch having a pair of inputs and an 
output; 
(d) connecting the output of the switch to the other of 
the two inputs of the exponentiator; 
(e) connecting one of the inputs of the switch to a 
source of a primitive element A0 in GF(2m); 
(0 providing a delay circuit having an input and an 
output; 
(g) connecting the output of the delay circuit to the 
other of the switch inputs; 
(h) connecting the input of the delay circuit to the 
output of the exponentiator; 
(i) initially positioning the switch to receive the prim- 
itive element & in GF(2m); and 
6) thereafter positioning the switch to make the ex- 
ponentiator receive as an input thereto a delayed 
output Ak- 1 from the exponentiator thereby gener- 
55 
60 
65 
4,890,252 
9 10 
ating {Ak} continuously at the output of the ex- 
ponentiator. 
4. The method for generating a sequence of pseudo 
the exponentiator in GF(2m) performs the function 
Ui=aZi (for ni=1) or 1 (for ni=O), where i is an 
integer greater than zero. 
5. The method for generating a sequence of pseudo 
random numbers, {Ak}, of claim 4 and additionally IO 
including the recursive steps of: 
(a) letting A=a(a point in the finite field GF(2m)); 
@) if n ~ =  1, letting B=A otherwise, letting B= 1; 
(c) letting c=l and k=@ 
(d) multiplying B and C to obtain Z=BC; 
(0 replacing A with the cyclic shift (CS) of A, 
(g) if k&m, z = ~ N ,  (where 1 s N s 2 m -  1) stopping; 
(h) if k<m, setting C=Z; and, setting B=A ifnk= 1, 
otherwise setting B= 1; 
(i) going back to step (d). 
random numbers, {Ak}, of claim 3 wherein: 
5 (e) setting k=k+ 1; 
* * * * *  
I5 
20 
25 . 
30 
35 
40 
45 
50 
55 
60 
65 
