On the Period of the Linear Congruential and Power Generators Pär Kurlberg and Carl Pomerance

This sequence was first considered as a pseudorandom number generator by D. H. Lehmer. For the power generator we are given integers e, n > 1 and a seed u0 > 1, and we compute the sequence ui+1 = u e i (mod n) so that ui = u ei 0 (mod n). A popular case is e = 2, which is called the Blum–Blum–Shub (BBS) generator. Both of these generators are periodic sequences, and it is of interest to compute the periods. To be useful, a pseudorandom number generator should have a long period. In this paper we consider the problem of the period statistically as n varies, either over all integers, or over certain subsets of the integers that are used in practice, namely the set of primes and the set of “RSA moduli,” namely numbers which are the product of two primes of the same magnitude. If (e, n) = 1, then the sequence e (mod n) is purely periodic and its period is the least positive integer k with e ≡ 1 (mod n). We denote this order as ord(e, n). If (e, n) > 1, the sequence e (mod n) is still (ultimately) periodic, with the period given by ord(e, n), where n is the largest divisor of n that is coprime to e. (The aperiodic lead-in to such a sequence has length bounded by the binary logarithm of n.) In this paper we shall denote ord(e, n) by ord(e, n). The periods of both the linear congruential and power generators may be described in