Predicting    nonlinear pseudorandom number generators

Blackburn, Simon R.; Gómez-Pérez, Domingo; Gutiérrez, Jaime; Shparlinski, Igor E.

doi:10.1090/s0025-5718-04-01698-9

Cited by 42 publications

(45 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We note that our results resemble those about predictability of various recursive pseudorandom number generators; see [2,3,4,5,8,9,10] and references therein.…”

Section: Introductionsupporting

confidence: 78%

Predicting Subset Sum Pseudorandom Generators

Gathen

Shparlinski

2004

Selected Areas in Cryptography

Self Cite

View full text Add to dashboard Cite

show abstract

“…We note that our results resemble those about predictability of various recursive pseudorandom number generators; see [2,3,4,5,8,9,10] and references therein.…”

Section: Introductionsupporting

confidence: 78%

Predicting Subset Sum Pseudorandom Generators

Gathen

Shparlinski

2004

Selected Areas in Cryptography

Self Cite

View full text Add to dashboard Cite

show abstract

“…These attacks show that the RSA PRG is insecure when the number of bits output per iteration r is larger than about 2 3 n [5] for e = 2, and about (1 − 1 e(e+1)/2+2 )n [4] in the general case (these results are obtained for r MS bits output per iteration and prime moduli, but we believe that with appropriate modifications they hold also for r LS bits and RSA moduli). We remark that the general case attacks in [4] use low-dimension lattices and are rigorously proven.…”

Section: Additional Related Workmentioning

confidence: 74%

“…Finally, we also wish to mention the lattice-based attacks of Blackburn et al [5,4] on a class of PRGs having the same iterative structure as our RSA PRG. These attacks show that the RSA PRG is insecure when the number of bits output per iteration r is larger than about 2 3 n [5] for e = 2, and about (1 − 1 e(e+1)/2+2 )n [4] in the general case (these results are obtained for r MS bits output per iteration and prime moduli, but we believe that with appropriate modifications they hold also for r LS bits and RSA moduli).…”

Section: Additional Related Workmentioning

confidence: 99%

On the Provable Security of an Efficient RSA-Based Pseudorandom Generator

Steinfeld

Pieprzyk

Wang

2006

Advances in Cryptology – ASIACRYPT 2006

View full text Add to dashboard Cite

Abstract. Pseudorandom Generators (PRGs) based on the RSA inversion (one-wayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, despite extensive study, the most efficient provably secure RSA-based generators output asymptotically only at most O(log n) bits per multiply modulo an RSA modulus of bitlength n, and hence are too slow to be used in many practical applications. To bring theory closer to practice, we present a simple modification to the proof of security by Fischlin and Schnorr of an RSA-based PRG, which shows that one can obtain an RSA-based PRG which outputs Ω(n) bits per multiply and has provable pseudorandomness security assuming the hardness of a well-studied variant of the RSA inversion problem, where a constant fraction of the plaintext bits are given. Our result gives a positive answer to an open question posed by Gennaro (J. of Cryptology, 2005) regarding finding a PRG beating the rate O(log n) bits per multiply at the cost of a reasonable assumption on RSA inversion.

show abstract

“…Jao, D. Jetchev and R. Venkatesan [13, Conjecture 4.1] have conjectured that there exists a positive constant δ > 0 such that for any N ≥ (log q) 2 and any points P = Q the bound…”

Section: Resultsmentioning

confidence: 99%

“…Many standard pseudorandom number generators based on finite fields and residue rings have proved to be insecure, see [1,2,3,4,5,7,8,9,10,14,15,16]. Partially motivated by this and partially because this is of intrinsic interest for elliptic curve cryptography, several constructions of pseudorandom generators from elliptic curves have been proposed, see [18] for a survey of such constructions and results.…”

Section: Motivationmentioning

confidence: 99%

Pseudorandom Bits From Points on Elliptic Curves

Farashahi

Shparlinski

2012

IEEE Trans. Inform. Theory

Self Cite

View full text Add to dashboard Cite

Let E be an elliptic curve over a finite field IF q of q elements, with gcd(q, 6) = 1, given by an affine Weierstraß equation. We also use x(P ) to denote the x-component of a point P = (x(P ), y(P )) ∈ E. We estimate character sums of the formon average over all IF q rational points P , Q and R on E, where χ is a quadratic character, ψ is a nontrivial additive character in IF q and (c 1 , . . . , c k ) ∈ IF k q is a non-zero vector. These bounds confirm several recent conjectures of D. Jao, D. Jetchev and R. Venkatesan, related to extracting random bits from various sequences of points on elliptic curves.

show abstract

Predicting nonlinear pseudorandom number generators

Cited by 42 publications

References 33 publications

Predicting Subset Sum Pseudorandom Generators

Predicting Subset Sum Pseudorandom Generators

On the Provable Security of an Efficient RSA-Based Pseudorandom Generator

Pseudorandom Bits From Points on Elliptic Curves

Contact Info

Product

Resources

About