Inferring Sequences Produced by Nonlinear Pseudorandom Number Generators Using Coppersmith's Methods

Number-theoretic pseudorandom generators work by iterating an algebraic map F (public or private) over a residue ring ZN on a secret random initial seed value v0 ∈ ZN to compute values vn+1 = F (vn) mod N for n ∈ N. They output some consecutive bits of the state value vn at each iteration and their efficiency and security are thus strongly related to the number of output bits. In 2005, Blackburn, Gomez-Perez, Gutierrez and Shparlinski proposed a deep analysis on the security of such generators. In this paper, we revisit the security of number-theoretic generators by proposing better attacks based on Coppersmith’s techniques for finding small roots on polynomial equations. Using intricate constructions, we are able to significantly improve the security bounds obtained by Blackburn et al..