fonctions non-linéaires ou linéaires par morceaux
TRANSCRIPT
Diverses méthodes de construction de
générateurs de nombres pseudo
aléatoires à partir d’itérations de
fonctions non-linéaires ou linéaires par
morceaux
René Lozi
Laboratoire J. A. Dieudonné,
UMR du CNRS 7351
True Pseudo-Random Numbers vs Pseudo-
Random Numbers and Chaotic Numbers
“True” Random Numbers are produced generally by physical devices
such as presented in the next slide.
However they are not “controllable”, that means one cannot
synchronize two devices generating Random Numbers. Therefore
they are not useful for cryptography for which the coding and
decoding processes are linked by keys (either secret or public).
Pseudo-Random Numbers (as those generated by function Rand in
your computer) depend on an initial seed (for example the time in
microsecond of the internal clock of your computer used as a
guess). Using the same seed gives the same sequence of Pseudo
Random Numbers.
Chaotic Pseudo-Random Numbers are built from Chaotic Numbers,
they are equipped with more astute parameters than only one initial
seed. They are more fitted for cryptography based chaos. Those
parameters can be used as keys.
Example of physical random number generator
QUANTIS is a physical
random number generator
exploiting an elementary
quantum optics process.
One needs to use Quantis
in connection with a
computer or server.
The product exists in three
versions compatible with
most platforms:
• USB device – random stream of 4Mbits/sec
• PCI Express (PCIe) board – random stream of 4Mbits/sec
• PCI board – random stream of 4Mbits/sec and 16Mbits/sec
Pseudo-Random Numbers
Generators (PRNG)
They are many kinds of generators:
- Linear Congruential generator
- Blum Blum Shub (B.B.S.)
- Mersenne Twister
1 modn nx ( ax c ) m
2
1n nx x mod M
The Blum Blum Shub PRNG
Blum Blum Shub (B.B.S.) is a Pseudo Random Number
Generator proposed in 1986 by Lenore Blum, Manuel
Blum and Michael Shub.
It takes the form:
where is the product of
two large primes.
At each step of the algorithm the output is derived from
The output is commonly either the bit parity of or one or more of
least significant bits of
2
1n nx x mod M M pq
1nx
1nx
1nx
The Blum Blum Shub PRNG: conditions
1- The seed should be an integer that is co-prime
with ,i.e. are not factors of , and
not 0 or 1.
2- the two primes should both be congruent
to 3 (mod 4) and should be
small,
where is the Euler function which is, in this case, the
number of integers in the range for
which the greater common divisor of is
M0x
p and q 0x
p and q1 1gcd( ( p ), (q ))
1 k n k
1gcd( n,k ) k
The dawn of chaotic
dynamical systems
(from early beginning to nowadays)
The dawn of chaotic iterations (I)
The study of nonlinear dynamics is relatively recent
with respect to the long historical development of the
early mathematics since the Egyptian and the Greek
civilizations. The beginning of this study can be
traced to the phenomenal work of Henri Poincaré.
The Poincaré map being an essential tool linking
differential equations and mappings. Henri Poincaré
(1854-1912) Concerning iterations theory,
one has to include in this field
of research the pioneer works
of Gaston Julia and Pierre Fatou
related to one-dimensional maps
with a complex variable, near
a century ago.
Pierre Fatou Gaston Julia
1878-1929 1893-1978
The dawn of chaotic iterations (II)
In France Igor Gumosky and Christian Mira began
their mathematical researches in 1958. They
produced a considerable work on the matter (theory
of boxes in the boxes for example). Among their
discoveries one can emphasize on their family of
attractors from an aesthetic point of view (of course
Christian Mira it is only a microscopic point of view of what they
haveproduced)
The Gumowski-Mira attractor:
Christian Mira
is sensitive to slight changes of parameters a and b
The dawn of chaotic iterations (III)
a = - 0.918, b = 0.9
a = - 0.93333, b = 0.92768
The dawn of chaotic iterations (IV)
In Japan the Hayashi’s School (with disciples like Ikeda, Ueda and Kawakami)
in the same period, were motivated by applications to electric and electronic
circuits. Mappings were used as models of behavior of electric circuits.
The Ikeda attractor (1980):
has a chaotic attractor when u 0.6
u = 8.6
u = 8,9
The dawn of chaotic iterations (V)
In the last 50 years long history of chaotic iterations leading to the new
concept of strange attractors, and corresponding chaotic differential
systems, one can mention few important dates:
Sharkovsky order Lorenz attractor Rössler attractor Hénon map
1962 1963 1976 1976
Belykh map 1976 Chua attractor 1983 Chen attractor 1999
Two-Dimensional discrete dynamical systems: Hénon
mapping (1976)
Simplest model of Poincaré map of Lorenz equation.
Associated dynamical system
with initial value:
Linearized version in 1978
a 1.4, b 0.3 Ha,b
2x y 1 ax:y bx
La,b
x y 1 a x:
y bx
2 2
a,bH :
2n 1 n n
n 1 n
x y 1 ax
y bx
a 1.7, b 0.5
0
0
x
y
Fractal structure of the Hénon attractor
First zoom Second magnification
Fractal structure of the Hénon attractor
Structure of Cantor set
+ Sensitivity to initial
conditions
= strange attractor
Sensitivity to initial
conditions is assessed by
Lyapunov exponents
Third zoom
Chaotic Pseudo-Random Number Generators
Mastering high quality
randomness via chaos
theory
One-Dimensional discrete dynamical systems: Logistic
and Tent Map
Maps of some interval included in the real line
Logistic map symmetric tent map
Associated dynamical system Associated dynamical system
n 1x rx ( 1 x )n n
f ( x ) rx( 1 x )r
f ( x ) 1 2 x
n 1x 1 2 xn
f :
f : 0,1 0,1 f : 1,1 1,1
Symmetric tent map
Invariant measure
= Lebesgue measure
However numerical instability
leads to the collapse of
solutions to the unstable
fixed point x = -1
G. Yuan & J. A. Yorke, Collapsing of chaos in one dimensional maps, Physica D, 136,18-30 (2000).
: 1,1 1,1f
2a
af ( x ) 1 a x
-1
-0,5
0
0,5
1
-1,0 -0,5 0,0 0,5 1,0
symmetric tent map
Density of iterated values of the Logistic map
0
0,5
1
0,0 0,3 0,5 0,8 1,0
logistic map on the unit square
1 4 1n n nx x x
0
1
2
3
4
5
0,0 0,3 0,5 0,8 1,0
Invariant measure of the logistic map
1( )
(1 )P x
x x
The route from chaos to pseudo-randomness via ultra-
weak coupling, and chaotic or mixing undersampling
Step 1: Ultra-weak coupling of 1-D maps
Ultra-weak coupling means
for floating points or for double precision numbers
Ultra-weak coupling is efficient in order to restore numerically the chaotic properties of chaotic mappings, avoiding any numerical collapse
710i
f ( x ) 1 2 x n 1x 1 2 xn
1410i
1 1 2 3 4
n 1 1 n 1 n 1 n 1 n
2 1 2 3 4
n 1 2 n 2 n 2 n 2 n
3 1 2 3 4
n 1 3 n 3 n 3 n 3 n
4 1 2 3 4
n 1 4 n 4 n 4 n 4 n
x (1 3ε ) f ( x ) ε f ( x ) ε f ( x ) ε f ( x )
x ε f ( x ) (1 3ε ) f ( x ) ε f ( x ) ε f ( x )
x ε f ( x ) ε f ( x ) (1 3ε ) f ( x ) ε f ( x )
x ε f ( x ) ε f ( x ) ε f ( x ) (1 3ε ) f ( x )
The main criteria for CPRNG robustness
Approximate distribution of iterates
We define several function errors, which assess the between uniform distribution and discrete repartition of iterates in boxes. In the case of 1-D mapping, one can assess, the repartition of the iterates on the Interval, but not only: the space of delay must also be considered.
Such functions depend on the number of boxes
and the number of iterates
In the case of p-Dimensional mapping, much more functions are needed
First numerical results
First numerical results
Variation of the error vs the number of iterations and the number of boxes
Variation of the error vs the initial values
Correlation between variables
Step 2: Chaotic and mixing under sampling
1 4
1 2
2 4
2 3
3 4
3
,
,
,1
n n
q n n
n n
x iff x T T
x x iff x T T
x iff x T
Example in 4-D: Let be three thresholds
instead of using directly the coupled sequences
One mixes and samples those sequences using the fourth one:
using
In order to obtain:
which are pseudo-random. ,,,,,, 1210 qq xxxxx
-1 < T1 < T2 < T3 < 1
,,,,,, 1
1
11
2
1
1
1
0 nn xxxxx
4 4 4 4 4
0 1 2 1n nx , x , x , , x , x ,
2 2 2 2 2
0 1 2 n n 1x , x , x , , x , x , and
,,,,,, 3
1
33
2
3
1
3
0 nn xxxxx
Correlation between variables
Window of randomness versus
Geometric undersampling
Step 1: Ring coupling of several tent maps Instead of using one single tent maps , we use simultaneously
several (up to 10 or 20) tent maps coupled in a ring way.
Moreover we restrain de new p-dimensional map to the torus:
: 1,1 1,1f
1,1p
Ring coupling of p tent maps
In the p-dimensional case the mapping is defined by:
In order to confine the vector Xn+1 on
the torus , one modifies the
components in the following way:
1 1 2
n 1 n 1 n
m m m 1
n 1 n m n
p 1 p 1 p
n 1 n p 1 n
p p 1
n 1 n p n
x 1 2 x k x
x 1 2 x k x
x 1 2 x k x
x 1 2 x k x
j
n 1
j
n 1
if ( x 1) add 2
if ( x 1) substract 2
1,1p
The NIST tests
NIST Test for p=10
Example: K1, K2, K3, K4, K5, K6, K7, K8, K9, K10 = 1
(joint work with Ina Taralova and Andrea Espinel-Rojas)
Conclusion: each stream generates pseudo-random
numbers, moreover these streams are uncorrelated.
Chaotic multi-stream pseudorandom number generators
(Cms-PRNG)
Using together ring coupling and full ultra-weak coupling,
it is possible to build a Pseudo Random Number
Generator with a huge number of keys.
1, j
p p1 2 jn 1 1 n 1, j n
j 3 j 3
p pm m m 1 jn 1 n m m, j n m, j n
j 1, j m;m 1 j 1, j m;m 1
p 2 p 2p 1 p 1 p j
n p 1 p 1, j n p 1, j nn 1j 1 j 1
1x 1 2 x k 1 x xn
x 1 2 x k 1 x x
x 1 2 x k 1 x x
p 1 p 1p p 1 j
n p p , j n p , j nn 1j 2 j 2
x 1 2 x k 1 x x
Step 2: Ring coupling of 2 tent maps
Example with 2 coupled symmetric tent maps:
the vector Xn+1 is confined on the torus identified to a square.
The coefficients ki are set to +1
with
It is possible to define critical lines forming a partition of the square.
1 1 2
n 1 n n
2 2 1
n 1 n n
x 1 2 x x
x 1 2 x x
j
n 1
j
n 1
if ( x 1) add 2
if ( x 1) substract 2
2
1,1
Invariant partition of the square
First quadrant (I) Second quadrant (II)
Fourth quadrant (IV) Third quadrant (III)
Exact computation of invariant measure
First quadrant (I) Image of the first quadrant f(I)
Comparison with numerical iterations
Geometric subsampling
We first select the iterated points belonging to a subsquare
of the lozenge
We then enlarge it to the initial square
Exploring new topologies
of network of coupled
chaotic maps
Tent-Logistic map
We introduce a combined Tent-Logistic map:
When used in more than one dimension, map can be
considered as a two variable map:
TL
2 2f ( x ) TL ( x ) L ( x ) T ( x ) x x ( x x )
1 2 1 2 2( ) ( ) ( ) ( )TL ( x ,x ) ( x ( x ) )
TL
Ring coupling of Tent with Tent-Logistic maps
Hence it possible to define a mapping:
where and the coefficients ki are set to 1
In order to hold dynamics
in the torus we use the injection:
p pM : J J
p
Rp pp
J 1,1
j
n 1
j
n 1
if ( x 1) add 2
if ( x 1) substract 2
(1) 1 (1) (2)(1) (1)
1
(2) 2 (2) (3)(2) (2)
1
( ) ( ) (p) (p) (1)1
( ) ( , )
( ) ( , )
( ) ( , )
n n nn n
n n nn n
p
p p pn n n n n
T x k TL x xx x
T x k TL x xx x
M
x x T x k TL x x
2-Dimensional topologies
Among four choices of we select two cases:
1/ The ring coupling non-alternative map :
2/ the simple coupling alternative:
( 1 ) ( 1 ) ( ) ( ) 2x 1 x ( x ( x ) )n n nn 1( 1 ) ( 2 )RCTTL ( x , x )
n n ( 2 ) ( 2
2
) ( 1 ) ( 2 ) 2x 1 x ( x ( x ) )n n n
1
n 1
( 1 ) ( 1 ) ( ) ( ) 2x 1 x ( x ( x ) )n n nn 1( 1 ) ( 2 )SCTTL ( x , x )
n n ( 2 ) ( 2
1
) ( 1 ) ( 2 ) 2x 1 x ( x ( x ) )n n n
2
n 1
M2
The main criteria for CPRNG robustness
Bifurcation diagram of 2-D new map non alternative
RCTTL
Left: Largest Lyapunov exponent of non alternative
Right: Largest Lyapunov exponent of alternative
When LLE > 0 there is chaos
RCTTL
SCTTL
The parameter μ is set to 2
Left: Phase space behaviour of non alternative,
Plot of 20,000 points.
Right: Phase space behaviour of non alternative,
Plot of 20,000 points.
RCTTL
2
SCTTL
2
A new 2-D chaotic PRNG
In order to improve the previous topologies, we define a
new map with = 2
With a new injection mechanism which fits better the Torus
( 1 ) ( 2 )
n n
( 1 ) ( 2 ) ( 1 )2x 1 2( x ) ) 2 xn nn 1SCMTTL (
2 ( 2 ) ( 2 ) ( 1 ) ( 2 )2x 1 2( x ) 2( x x )n n nn 1
x ,x )
1
1
2
1
2
1
1 2
1 2
1 2
( )
n
( )
n
( )
n
if ( x ) then substract
if ( x ) then add
if ( x ) then substract
2 21,1 R
Injection mechanism of alternative map
SCMTTL
2
Left: Approximate density function of alternative
map, on the plane.
Right: Approximate density function of alternative
map, on the phase delay plane
SCMTTL
2
SCMTTL
2
( 1 ) ( 2 )( x , x )
( 1 ) ( 1 )( x , x )
n n 1
Approximate density function of alternative map
SCMTTL
2
NIST Test for
Results for x(1), the same results are obtained for x(2)
Conclusion: each stream generates pseudo-random
numbers, these streams are uncorrelated
SCMTTL
2
p-Dimensional topologies
We generalize the coupling non-alternative map from
dimension 2:
to dimension p:
( 1 ) ( 1 ) ( 2 ) ( 1 ) 2x 1 2 x 2( x ( x ) )n n nn 1
( 2 ) ( 2 ) ( 3 ) ( 2 ) 2RC,pD ( 1 ) ( 2 ) ( p ) x 1 2 x 2( x ( x ) )n n nn 1TTL ( x , x , , x )2 n n n
( p ) ( p ) ( 1 ) ( p ) 2x 1 2 x 2( x ( x ) )n n nn 1
( 1 ) ( 1 ) ( 2 ) ( 1 ) 2x 1 2 x 2( x ( x ) )n n nn 1( 1 ) ( 2 )RC,2DTTL ( x , x )
2 n n ( 2 ) ( 2 ) ( 1 ) ( 2 ) 2x 1 2 x 2( x ( x ) )n n nn 1
NIST Test for
Results for x(1), the same results are obtained for x(2), x(3),
x(4),
Conclusion: each stream generates pseudo-random
numbers which are uncorrelated
RC,4DTTL
2
Other numerical experiments using
multi-core processor
Equal density test
Graph of the error versus equal density on in dimension
p = 2 to 5, (horizontal axis, logarithmic value of the number of random
numbers).
pp1,1 R
These results show that the pace of computation is very high.
When is the mapping tested, and the machine used is
a laptop computer with a Core i7 4980HQ processor with 8
logical cores, computing 1011 iterates with five parallel streams
of PRNs leads to around 2 billion PRNs being produced per
second.
Since these PRNs are computed in the standard double precision
format, it is possible to extract from each 50 random bits (the
size of the mantissa being 52 bits for a double precision floating-
point number in standard IEEE-754). Therefore,
can produce 100 billion random bits per second, an incredible
pace! With a machine with 4 Intel Xeon E7-4870 processors
having a total of 80 logical cores, the computation is twice as
fast, producing 200 billion random bits per second.
RC,5DTTL
2
RC,5DTTL
2
Merci de votre attention