Pseudorandom number generator with backup and restoration capability

Abstract

Pseudorandom numbers are generated in a cryptographic module in a cryptographically strong manner by combining a time-dependent value with a secret value and passing the result through a one-way hash function to generate a hash value from which a random number is generated. The secret value is continually updated whenever the cryptographic module is idle by a first feedback function that generates an updated secret value as a one-way function of the current secret value and the time-dependent value. In addition, the secret value is updated on the occurrence of a predetermined external event by a second feedback function that generates an updated secret value as a one-way function of the current secret value, the time-dependent value and an externally supplied value. Upon power-on reset, if the pseudorandom number generator has not been previously initialized, it initializes itself by resetting the time-dependent and secret values and requiring the second feedback function to perform a predetermined number of updates of the secret value in response to external events. Otherwise, the time-dependent and secret values are restored using values stored in backup registers. A hash of the current secret value that is different from either feedback function is used as a backup secret value to minimize the possibility that restoration will result in repetition of pseudorandom numbers.