Lower Bounds on the Period of Some Pseudorandom Number Generators
نویسندگان
چکیده
We are interested in obtaining lower bounds on the periods of two standard pseudorandom number generators from number theory—the linear congruential generator, first introduced by D. H. Lehmer, and the so called power generator. For the former, given integers e, b, n (with e, n > 1) and a seed u = u0, we compute the sequence ui+1 = eui + b (mod n). For the power generator, given integers e, n > 1 and a seed u = u0 > 1, we compute the sequence ui+1 = u e i (mod n) so that ui = u ei (mod n). The particular case e = 2 is known as the Blum–Blum–Shub (BBS) generator [1]. This generator is not only simple to compute, but it has certain attractive aspects from a cryptographic perspective, especially when n is the product of two large primes that are both congruent to 3 modulo 4. These two generators give rise to (ultimately) periodic sequences, and it is of interest to compute the periods—a useful pseudorandom number generator should have a long period. Further, to show that the sequence satisfies various equidistribution properties, exponential sum techniques are often applicable provided that the period is sufficiently large. Moreover, if the period is very short when n is a product of two primes, certain cycling attacks on the RSA public key system apply. In this note we consider the problem of the period statistically as n varies, either over all integers, or over certain subsets of the integers that are used in practice, namely the set of primes and the set of “RSA moduli,” that is, numbers which are the product of two primes of the same magnitude.
منابع مشابه
Lattice Structure of Nonlinear Pseudorandom Number Generators in Parts of the Period
Recently, we showed that an extension of Marsaglia’s lattice test for segments of sequences over arbitrary fields and the linear complexity profile provide essentially equivalent quality measures for the intrinsic structure of pseudorandom number sequences. More precisely, the knowledge of the linear complexity profile yields a value S such that the largest dimension for passing the above latti...
متن کاملLower Bounds for Subset Cover Based Broadcast Encryption
In this paper, we prove lower bounds for a large class of Subset Cover schemes (including all existing schemes based on pseudorandom sequence generators). In particular, we show that – For small r, bandwidth is Ω(r) – For some r, bandwidth is Ω(n/ log(s)) – For large r, bandwidth is n− r where n is the number of users, r is the number of revoked users, and s is the space required per user. Thes...
متن کاملRecent Developments in Parallel Pseudorandom Number Generation
We summarize some of the recent developments of our research group and of other groups in the design and analysis of pseudorandom number generators for massively parallel computers. The three parallelization techniques we will consider in detail for mapping pseudorandom streams onto distinct parallel processes are: 1. Splitting maximal-period generators' full period into nonoverlapping subse-qu...
متن کاملOn cryptographic properties of LFSR-based pseudorandom generators
Pseudorandom generators (PRGs) are used in modern cryptography to transform a small initial value into a long sequence of seemingly random bits. Many designs for PRGs are based on linear feedback shift registers (LFSRs), which can be constructed in such a way as to have optimal statistical and periodical properties. This thesis discusses construction principles and cryptanalytic attacks against...
متن کاملOn the linear complexity profile of explicit nonlinear pseudorandom numbers
Bounds on the linear complexity profile of a general explicit nonlinear pseudorandom number generator are obtained. For some special explicit nonlinear generators including the explicit inversive generator these results are improved. 2002 Elsevier Science B.V. All rights reserved.
متن کامل