Pseudo-random binary sequence generators (p.r.b.s. generators) are well known and reference should be made to the book "Cypher Systems" by Beker and Piper, 1982, published by Northwood Books, London for a description of the construction and operation of such generators. In particular, such generators can take the form of linear-feedback shift registers (LFSRs) and particular reference should be made to LFSRs of the "Galois" or "dual" kind. P.r.b.s. generators comprise essentially an n stage recirculatory shift register and one or more associated logic gates in the loop for combining the output of at least two register stages. By appropriate choice of the logic gates a repeating sequence can be obtained of length 2 ⁿ - 1 bits. If n is a suitably large number this sequence is very long indeed, and the bits can be regarded as random; hence the term "pseudo random".

There may be applications where it is desired to reduce the possibilities of mimicking the generator output, and thus to increase the unpredicability of both the output signal and also the contents of the shift register stages, even when the contents of some of the shift register stages may be known.

The invention in its various aspects is- defined in the appended claims to which reference should now be made. The invention will be described by way of example with reference to the drawings, in which

Figures 1, 2 and 3 each show a block circuit diagram of a respective p.r.b.s. generator embodying the invention, and

Figure 4 is a block diagram of a circuit for modifying the input to the p.r.b.s. generator shown in Figure 1, 2 or 3.

Figure 1 shows a p.r.b.s. generator which comprises two LFSRs, S and T. The register S has 29 stages So>..S28 ^{anα tne} register T has 31 stages TQ . . . T^Q . In each case the output of the final stage is during normal running applied as the input to the first stage in a recirculating loop. The loop also includes a plurality of logic

gates G, in the form of exclusive-OR circuits, which combine the output of the final stage with the output of one shift register stage for application to the next shift register stage.

The positions of the gates G are chosen so that the sequence generated by the register is of maximum possible length.

Conventionally, the positions of the gates are described in the form of a polynomial, of the form: f(X) - 1 + C X + C2 X ² + • •.Ci ¹ -*- ... + C _tt -j ¹¹ - ¹ +

Using this notation, it is seen that p.r.b.s. generator S is of the form

1 + χ2 + χ3 + χ4 + χ5 + _x 7 + _x ll + χl3 _{+ X} 14 + _x 20 _{+ x} 29 which means that gates are located at the. inputs to stages S2, S3, S4, S5, S7, S11, S 3, Sχ and S20 _* Thus, there are nine such gates, and each gate introduces an additional term into the polynomial.

Similarly, p.r.b.s. generator T has gates G at the inputs to stages Ti, T ₂ , T3, T5, T(, , T7, T9, Tχo, Tu, T ₁₅ , ^9, T ₂ 3 and T27- In this case there are 13 gates.

The circuit of Figure 1 also includes a multiplexer M, or selector circuit. This has 5 address inputs A-j_ and 32 data inputs

B. and operates to select one of the data inputs for application to the output in dependence upon the address word applied to the address inputs. More generally, where there are p data inputs there will be q address inputs where q takes the lowest value consistent with 2°. _>_ p. The data inputs receive the outputs of the stages of the register T such that:

T- _j _ is connected to B- _j _ for i » 0, 1, ... 30 and T30 is also connected to B31.

The address inputs receive the outputs of the first five stages of the register S, i.e.:

S^ is connected to A^ for i ^β 0, 1, 2, 3, 4. Thus q outputs are taken from register S _*

In use the two registers S and T are clocked simultaneously. The 31-bits of the pseudo-random sequence held in register T are applied to the data inputs of the selector M. One of these bits is

selected as the output bit at any instant. The bit selected is determined by the contents of the first five stages of the register S. In this way the output number is difficult to predict even if the contents of register T were to be known. It should be noted that the total number of shift register stages involved, which is 60, is greater than is required solely to provide the q-bit address and p data bits. If the total number of register stages is r, then: r > p + q. ^' We have appreciated that it is desirable to provide a number of

"unused" stages, in the sense that the outputs of these stages are not applied to the selector M, and that this number should be large in relation to the number of address bits. Preferably therefore: r p + q ² . The. rovision.of these unused stages increases the unpredictability of the address word and hence makes it difficult to predict the generator output even if the contents of register T are known. It will also be seen that the shift registers use a large number of logic gates G, twenty two in fact. As noted above, these gates are chosen in each case to give a maximal length sequence. However, the use of such a large number of gates is not necessary for that purpose alone.

We have appreciated, however, that the more gates there are the more the contents of the shift registers will be difficult to predict, because a given sequence will not simply travel from the beginning of the register to the end but will be liable to change at many points.

Accordingly we propose a minimum of s such logic gates where: 2 ^S > r2, thus providing a high degree of unpredictability in relation to the total number of register stages involved. For a total number of register stages equal to 60, a minimum of 12 logic gates should be provided, preferably with a minimum for each register substantially proportionate to the number of register stages. Normally also s will be less than r/2.

As seen-in the figure, switches SW1, SW2, S 3 and S 4 are

provided which in normal operation ("RUN") complete the two recirculating loops around registers S and T. However, these four switches can be changed over from the positions shown to the LOAD positions, in which the output of register S is applied as the Input of register T, and the gates G all receive a zero at that input which is normally connected to the register output. A 60-bit initialisation word can then be applied to the LOAD input of the switch SW1 which is clocked through all the 60 shift register stages. This re-initialisation operation takes place regularly during normal operation of the generator on receipt of a defined cue and may take place in a manner such as will be described later with regard to Figure 4. This again assists in making the output unpredictable even if the contents of the registers become known at any instant.

It may be desirable, after the initialisation word is received, to clock the generator though several cycles before utilizing the generator output.

Figure 2 shows a modification of the generator of Figure 1. Much of the apparatus Is the same as Figure 1 and only the differences will be described.

Again register S has 29 stages and register T has 31 stages. Gates are now coupled to the inputs of the following stages: in register S - S2, S3, S4, Sg, S _X , S^ , and S ₂ 0 in register T - T]_, T2, T3, T7, Tχ4, T^g and 25«

Thus there are 60 register stages altogether, 32 data Inputs and 5 address inputs to the selector M, and 14 gates.

In this instance, however, some of the stages of each register are respectively connected to some of each of the data and address Inputs. That is to say the connections are as follows:

Al - Si

A ₂ - T ₀

A ₃ " Ti

Bg to B7 - S2 to S9 respectively Bg to B31 - T3 to T26 respectively.

By mixing the outputs of the shift registers and the inputs of the selector M in this way it is again made more difficult to predict the operation of the generator even when a great deal about its state is known.

Figure 3 shows a further variant in which the two shift registers of Figures 1 and 2 are replaced by a single shift register S having 61 stages SQ to S60 _* There are 25 logic gates G connected as shown to the inputs of the following stages: S2. S3, S7, Sg, S9, S ₁₀ , Sχ ₂ , S15, l9> ^s 20» ^s 22> S ₂ 4, S25, S2 , ^s 30 _> S33, S34, S37, S40, S43, S44, S46, S54, S56 and S$o* The five address bits A0....A4 are taken from the outputs of stages S4, S9, Sχ4, S 9 and S24 _> and the 32 data bits are taken from the outputs of stages S29 to SgQ _* I this way a single recirculatory loop provides outputs to both the data and the address inputs of the multiplexer M. In this case only two switches SW1 and SW2 are required for re-initialisation with a 61 bit initialisation word.

The generator of Figure 3 again uses a single recirculatory loop to provide both address and data input bits to the multiplexer M. In accordance with conventional practice in this technology the generators have been described and illustrated in terms of discrete circuitry. It will be appreciated however that the description and .claims are equally applicable to implementations of the invention in the form of computer programs, where the generator polynomials may be reproduced mathematically or by logical steps to produce the same resultant sequences as the generators described.

The outputs of the p.r.b.s. generators can be used to scramble the components of a conditional access (or subscription) television signal, such as a DBS signal (direct broadcasting by satellite). Returning to the re-initialisation operation described above, for scrambling a video signal a new code is preferably transmitted say -every ten seconds, but the code is repeated-many times during that ten second period, as the maximum time for a decoder to lock-in should be much less than one second. However, this means that the picture information is scrambled with repetitions of the same sequence. This is relatively insecure because correlations between different pieces of the scrambled picture can then be made.

An eight-bit frame count word (FCNT) could be transmitted with a television signal, such as a DBS signal, for the purpose of counting television frames. The count is incremented every 40ms (every frame) and repeats after a predetermined number of frames e.g. every 256 frames (approx.10 seconds).

Now, this frame count word (FCNT) can then be applied as an input to the p.r.b.s. generator at the transmitter, and to the corresponding generator in the decoder at the receiver. Thus both the frame count signal and a secret control word are fed to the p.r.b.s. generator at the transmitter at the beginning of each television frame. The effect upon the generator of using the frame count signal is to cause it to generate a different output during each loading of the same control word value. This means that the picture signal is always scrambled with a different keystream, which is more secure. Furthermore, since each sequence now begins every - television frame (40ms), fast access may be obtained to the video information at the decoder. The frame count word may be combined with the control word in any suitable manner. Simple modulo-two. addition is an obvious example.

The above described operation will be more readily understood from the following description with reference to Figure 4.

A frame counter 10 produces an output in the form of, say, an 8-bit word which increments every frame. Every time the frame counter is incremented, an output 10a is fed to a dividing circuit

11 which divides by a number equivalent to the desired length of the repetition period, in this case by 256 which gives a repetition

period of 10 seconds. The dividing circuit provides an output for clocking a control word generator 12 and causing the generator to produce a different long control word e.g. a 60-bit control word. The 8-bit output of the frame counter is the frame count word

5 (FCNT) and this is fed through a divide-by-2 inverting circuit 14 where every alternate 8-bit FCNT word is complemented. The output of the inverting circuit 12 is then fed to a modulo-2 adder represented by an EX-OR gate 15 where each FCNT word is modulo-2 added to a byte of the 60-bit. control word. Thus the first 8-bit , 10 byte of the control word is modulo-2 added to the first FCNT word,

_% the second byte added to the complement of the second FCNT word, the third byte added to the third FCNT word and so on until the last byte, which for a 60-bit control word is only 4-bi s, the las.t byte being added to the least significant four bits of the complement of

15 the eighth FCNT word. The output of the gate 15 is fed as the initialisation input to the p.r.b.s. generator 16 and loaded into the generator every frame count i.e. every time the frame counter 10 increments. The generator 16 may be any of the generators illustrated, though is preferably that of Figure 2.

20 Thus two signals are applied to the input of the p.r.b.s. generator; one (the frame icount) is known but the other (the control word) is not. In these circumstances knowledge of both the known input and the generator output will still not allow the unknown input to be found. Thus the same control word can be repeatedly

25 loaded into the p.r.b.s. generator but its output is prevented from repeating the same sequence, thereby improving the security.

The above processing can be carried out on a word by word basis or on a serial basis.

The frame count is the preferred periodic sequence for these purposes but it may not be the only available sequence. For

30 example, a suitable count may be derived from an associated data signal, such as a date/time signal, or from another count such as the line count, or from a combination of counts.