Search

CN-121986321-A - Distributed network with distributed integrated random number generator

CN121986321ACN 121986321 ACN121986321 ACN 121986321ACN-121986321-A

Abstract

The invention relates to a distributed network with a distributed integrated random number generator, in particular to a distributed network with a distributed integrated random number generator with higher random bit data rate, which is used for ensuring network security and robustness. The subject of the invention is a distributed network consisting of a plurality of nodes, each of which has a respective hardware-based quantum random number generator. Such a quantum random number generator comprises an entropy source made in a monolithic manner in a semiconductor substrate, which entropy source comprises a photon source and a single photon detector, which are arranged perpendicular to each other and to the surface of the relevant semiconductor substrate, enabling particularly high random number data rates. The respective quantum random number generator comprises means for operating the entropy source and means for generating a quantum random number from an entropy source output signal of the entropy source. These quantum random number generators generate true random numbers discretely at a high random bit rate without the need for a central node for generation and management. These random numbers are used to ensure the security, availability and robustness of the network.

Inventors

  • Axel Fuli
  • Bennett Burchard
  • THOMAS ROTTER
  • Yulia Colbert

Assignees

  • 艾尔默斯半导体欧洲股份公司
  • 艾迪量子股份公司

Dates

Publication Date
20260505
Application Date
20240919
Priority Date
20230920

Claims (20)

  1. 1. A distributed network comprising a plurality of nodes, Wherein each node of the plurality of nodes has at least one hardware-based quantum random number generator having at least one entropy source, Wherein the quantum random number generator on each node is adapted to generate a true random number, The network and/or a sub-device of the network is adapted to use the random number to ensure security, availability and robustness of the network, and The network and/or a sub-network of the network and/or a sub-device of the network is adapted to perform the random number generation in a decentralized manner, such that a central node is not required to generate or manage random numbers, Wherein the quantum random number generator comprises an entropy source, The entropy source is implemented monolithically in a semiconductor substrate having a surface, The entropy source comprises a photon source, which is adapted to emit photons when fed with a current, The entropy source comprises a single photon detector adapted to detect photons of the photon source and to generate an entropy source output signal, The photon source is arranged between the surface of the semiconductor substrate and the single photon detector or the single photon detector is arranged between the surface of the semiconductor substrate and the single photon source, The photon source and the single photon detector of the monolithic entropy source are vertically stacked on each other, and The quantum random number generator includes means for generating one or more quantum random numbers from the entropy source output signal.
  2. 2. Network according to claim 1, wherein at least two, preferably all, of the plurality of nodes of the network are adapted to generate encryption keys and Initialization Vectors (IVs) using random numbers generated by their respective quantum random number generator and/or another quantum random number generator in the network.
  3. 3. Network according to claim 1 or 2, wherein at least two, preferably all, of the plurality of nodes of the network are adapted to use their respective random numbers and/or the random numbers of other nodes in the network to generate one-time passwords (OTPs) for authenticating communication partners.
  4. 4. A network according to any of the preceding claims, wherein the network or at least two, preferably all, of the plurality of nodes of the network are adapted to support a secure communication protocol, such as TLS or IPsec, with their respective random numbers and/or the random numbers of other nodes in the network and/or random numbers in the network.
  5. 5. A network according to any one of the preceding claims, wherein at least two, preferably all, of the network or nodes of the network are adapted to use their respective random numbers and/or the random numbers of other nodes in the network and/or random numbers in the network to perform a security protocol that ensures secure communication between the nodes.
  6. 6. A network according to any of the preceding claims, wherein at least two, preferably all, of the network or nodes of the network are adapted to enhance and filter the random numbers generated by them by means of an entropy collecting unit in order to avoid systematic errors or predictability.
  7. 7. A network as claimed in any preceding claim, wherein the network is configured in such a way as to evenly distribute the random number generated load over the nodes.
  8. 8. Network according to any of the preceding claims, wherein at least two, preferably all, of the plurality of nodes of the network each comprise a security module adapted to securely store the random number of the respective node and to use it and/or to provide it to one or more different security-related applications.
  9. 9. Network according to any of the preceding claims, wherein at least two, preferably all, of the plurality of nodes of the network each comprise a control means adapted to store the random number in a protected memory area of the control means of the respective node, which memory area is accessible only to authorized processes in the network.
  10. 10. The network of claim 9, wherein the respective control means are adapted to identify anomalies in the random number generation and to implement respective recovery procedures.
  11. 11. A network according to claim 9 or 10, wherein the respective control means are adapted to post-process the generated random numbers by means of a hash or exclusive or technique or the like.
  12. 12. A network according to any preceding claim, wherein the respective control means is adapted to manage and use a digital certificate with the random number, the certificate being necessary for authentication and establishment of a secure connection.
  13. 13. A network according to any preceding claim, wherein the network has a computer and/or machine implemented error recognition and recovery mechanism to ensure that the network remains functional even when a single node fails and/or when a single quantum random number generator fails, for example by exchanging random numbers.
  14. 14. Network according to any of the preceding claims, wherein the network is adapted to prevent the use of unauthenticated vehicle components or spare parts and/or software components, in particular in that a random number based authentication process is implemented upon installation or start-up of such components or components, the random numbers being generated by hardware based quantum random number generators in nodes of the network.
  15. 15. The network of claim 14, wherein the authentication process includes generating, by the quantum random number generator of a node, an encryption key that is subsequently used to verify a digital certificate that validates the authenticity and integrity of the part to be installed or the software component.
  16. 16. The network of any of the preceding claims, wherein the network is adapted to identify a breach of one or more nodes by implementing an Intrusion Detection System (IDS) that continuously monitors random numbers of hardware-based quantum random number generators of the nodes and identifies statistical anomalies in the random number generation that indicate breach.
  17. 17. The network of claim 16 wherein the IDS performs a continuous entropy analysis on random numbers generated by the quantum random number generator and sends alert information to a central control node in an in-vehicle network when deviations from expected entropy values are determined.
  18. 18. Network according to any of the preceding claims, wherein for communication between different pairs of nodes in the network different encryption keys and/or encryption methods are used, which are dynamically selected and generated by random numbers generated by the quantum random number generator.
  19. 19. The network of claim 20, wherein each node of the network is adapted to use a unique encryption method and key combination at each communication, the combination being different from the combination of other node pairs.
  20. 20. Network according to any of the preceding claims, wherein upon determining that one or more nodes are destroyed, the network is adapted to initiate defensive actions of one or more nodes, in that the involved nodes are disconnected from communication in the network and their quantum random number generator is reinitialized for additional security checks.

Description

Distributed network with distributed integrated random number generator Technical Field The invention relates to a distributed network with a distributed integrated random number generator, in particular to a distributed network with a distributed integrated random number generator with higher random bit data rate, which is used for ensuring network security and robustness. A distributed network is proposed in which each node is equipped with a respective, preferably integral, hardware-based quantum random number generator with a particularly high random bit data rate. In today's networked world, it is becoming increasingly important to generate random numbers securely and reliably, especially in distributed networks where nodes do not have a central monitoring mechanism. In such networks, security often depends directly on the quality and unpredictability of random numbers used for encryption, authentication, and other security-related operations. However, a centralized quantum random number generator may be an attractive target for attack, which may lead to serious security vulnerabilities. These weaknesses are eliminated by the present invention by dispersing and distributing the random number generating means over each node of the network. Such quantum random number generators with respective nodes of the distributed entropy generating network preferably each comprise an entropy source monolithically fabricated in the respective semiconductor substrate of the respective node (i.e. the means suitable for the network on the respective node), said entropy source comprising a photon source and a single photon detector arranged perpendicular to each other and to the surface of the respective semiconductor substrate, thereby enabling particularly high random number data rates. The respective quantum random number generator preferably comprises respective means for operating the respective entropy source, and preferably comprises respective means for generating a quantum random number from the respective entropy source output signal of the entropy source. These quantum random number generators are characterized in that the respective photon source and the respective single photon detector of the respective entropy source of the respective quantum random number generator are arranged vertically relative to each other in the semiconductor substrate of the quantum random number generator, which ensures that the generated random numbers are in fact random, unpredictable and have a high entropy. By distributing these quantum random number generators over all nodes of the network, a decentralized architecture is achieved, which architecture has significant advantages in terms of security, robustness and scalability of the network. The respective quantum random number generators are preferably all of one-piece embodiments. The respective semiconductor substrate of the respective quantum random number generator preferably comprises a respective entropy source fabricated in the respective semiconductor substrate of the respective quantum random number generator and means for converting an entropy source signal of the entropy source into a random bit data stream. The means preferably comprise one or more of the following device components, one or more analog amplifiers and/or filter circuits for processing the entropy output signal for subsequent analog-to-digital conversion, one or more bit analog-to-digital converters, which may be implemented by comparators in terms of one or more bit analog-to-digital converters, one or more time-to-digital converters and/or one or more pseudo-random number converters for corresponding unique binary numbers to the time intervals of the two pulses of the entropy source, one or more entropy extraction means for extracting one or more random bits from these binary numbers, one or more finite automata (so-called finite state machines) for converting the data stream of random bits into random numbers, one or more interfaces for providing one or more external computer systems to access these random numbers and/or control the quantum random number generator, one or more means for implementing and/or supporting health checks of the one or more device components and their cooperation, and one or more device components for operating the quantum random number generator within the quantum random number generator to operate the random number generator and the random number generator. The corresponding quantum random number generator is preferably an integrated quantum random number generator (english "INTEGRATED QUANTUM RANDOM NUMBER GENERATOR, iQRNG"), in particular a photon QRNG which is monolithically constructed in a scalable and fully integrated manner in a common semiconductor substrate in the same material system, and which consists of a photon source and a detector for individual photons directly coupled thereto, is implemented in a particularly compact and attack-proof manner on a techn