Inferring sequences produced by pseudo-random number generators
TL;DR: Efficient algorithms are given for inferring sequences produced by certain pseudo-random number generators and specific examples of generators having this form are shown to be cryptographically insecure.
Abstract: In this paper, efficient algorithms are given for inferring sequences produced by certain pseudo-random number generators. The generators considered are all of the form Xn = Σkj-l αjφj(Xo, Xl, . . ., Xn-l) (mod m). In each case, we assume that the functions φj are known and polynomial time computable, but that the coefficients aj and the modulus m are unknown. Using this general method, specific examples of generators having this form, the linear congruential method, linear congruences with n terms in the recurrence, and quadratic congruences are shown to be cryptographically insecure.
Citations
More filters
TL;DR: It is shown how to construct a pseudorandom generator from any one-way function, and it is shown that there is a Pseudorandom Generator if and only ifthere is a one- way function.
Abstract: Pseudorandom generators are fundamental to many theoretical and applied aspects of computing. We show how to construct a pseudorandom generator from any one-way function. Since it is easy to construct a one-way function from a pseudorandom generator, this result shows that there is a pseudorandom generator if and only if there is a one-way function.
1,841 citations
Cites background from "Inferring sequences produced by pse..."
...However, [Boyar89] and[K92] show that there is a polynomial time statistical test which the output from thisgenerator does not pass....
[...]
IBM1
TL;DR: A new construction of a pseudorandom generator based on a simple combination of two LFSRs is presented, suitable for practical implementation of efficient stream cipher cryptosystems.
Abstract: We present a new construction of a pseudorandom generator based on a simple combination of two LFSRs. The construction has attractive properties as simplicity (conceptual and implementation-wise), scalability (hardware and security), proven minimal security conditions (exponential period, exponential linear complexity, good statistical properties), and resistance to known attacks. The construction is suitable for practical implementation of efficient stream cipher cryptosystems.
338 citations
Cites background from "Inferring sequences produced by pse..."
...For the linear congruential number generator outputting all of the bits of a generated number makes the task of breaking it a very easy one [5]....
[...]
TL;DR: This paper focuses mainly on efficient and recently proposed techniques for generating uniform pseudorandom numbers, and aims to design more robust generators without having to pay too much in terms of portability, flexibility, and efficiency.
Abstract: In the mind of the average computer user, the problem of generating uniform variates by computer has been solved long ago. After all, every computer :system offers one or more function(s) to do so. Many software products, like compilers, spreadsheets, statistical or numerical packages, etc. also offer their own. These functions supposedly return numbers that could be used, for all practical purposes, as if they were the values taken by independent random variables, with a uniform distribution between 0 and 1. Many people use them with faith and feel happy with the results. So, why bother?Other (less naive) people do not feel happy with the results and with good reasons. Despite renewed crusades, blatantly bad generators still abound, especially on microcomputers [55, 69, 85, 90, 100]. Other generators widely used on medium-sized computers are perhaps not so spectacularly bad, but still fail some theoretical and/or empirical statistical tests, and/or generate easily detectable regular patterns [56, 65].Fortunately, many applications appear quite robust to these defects. But with the rapid increase in desktop computing power, increasingly sophisticated simulation studies are being performed that require more and more “random” numbers and whose results are more sensitive to the quality of the underlying generator [28, 40, 65, 90]. Sometimes, using a not-so-good generator can give totally misleading results. Perhaps this happens rarely, but can be disastrous in some cases. For that reason, researchers are still actively investigating ways of building generators. The main goal is to design more robust generators without having to pay too much in terms of portability, flexibility, and efficiency. In the following sections, we give a quick overview of the ongoing research. We focus mainly on efficient and recently proposed techniques for generating uniform pseudorandom numbers. Stochastic simulations typically transform such numbers to generate variates according to more complex distributions [13, 25]. Here, “uniform pseudorandom” means that the numbers behave from the outside as if they were the values of i.i.d. random variables, uniformly distributed over some finite set of symbols. This set of symbols is often a set of integers of the form {0, . . . , m - 1} and the symbols are usually transformed by some function into values between 0 and 1, to approximate the U(0, 1) distribution. Other tutorial-like references on uniform variate generation include [13, 23, 52, 54, 65, 84, 89].
274 citations
TL;DR: In this article, a solution to the problem of finding all the determinants of a rectangular matrix of given dimensions is given, given the values of the determinant of any rectangular matrix.
Abstract: The present communication relates to the theory of the solution, in positive and negative integral numbers, of systems of linear indeterminate equations, having integral coefficients. In connexion with this theory, a solution is also given of certain problems relating to rectangular matrices, composed of integral numbers, which are of frequent use in the higher arithmetic. Of this kind are the two following:—1. 1. \"Given (in integral numbers) the values of the determinants of any rectangular matrix of given dimensions, to find all the matrices, the constituents of which are integers, and the determinants of which have those given values.
149 citations
TL;DR: Three methods for attacking keystream generators are reviewed, and three techniques for designing them are considered, focusing on how they fail or how their weakness is exposed under the attacks previously described.
Abstract: Progress in the design and analysis of pseudorandom bit generators over the last decade is surveyed. Background information is provided, and the linear feedback shift registers that serve as building blocks for constructing the generators are examined. Three methods for attacking keystream generators are reviewed, and three techniques for designing them are considered, focusing on how they fail or how their weakness is exposed under the attacks previously described. These techniques are nonlinear feedforward transformation, step control, and multiclocking. >
146 citations
References
More filters
Book•
01 Jan 1968
TL;DR: The arrangement of this invention provides a strong vibration free hold-down mechanism while avoiding a large pressure drop to the flow of coolant fluid.
Abstract: A fuel pin hold-down and spacing apparatus for use in nuclear reactors is disclosed. Fuel pins forming a hexagonal array are spaced apart from each other and held-down at their lower end, securely attached at two places along their length to one of a plurality of vertically disposed parallel plates arranged in horizontally spaced rows. These plates are in turn spaced apart from each other and held together by a combination of spacing and fastening means. The arrangement of this invention provides a strong vibration free hold-down mechanism while avoiding a large pressure drop to the flow of coolant fluid. This apparatus is particularly useful in connection with liquid cooled reactors such as liquid metal cooled fast breeder reactors.
17,939 citations
Book•
01 Jan 19813,793 citations
Journal Article•
2,636 citations
04 Oct 2019
TL;DR: A general algorithmic scheme for constructing polynomial-time deterministic algorithms that stretch a short secret random input into a long sequence of unpredictable pseudo-random bits is presented.
Abstract: Much effort has been devoted in the second half of this century to make precise the notion of Randomness. Let us informally recall one of these definitions due to Kolmogorov []. A sequence of bits A =all a2••.•• at is random if the length of the minimal program outputting A is at least k We remark that the above definition is highly non constructive and rules out the possibility of pseudo random number generators. Also. the length of a program, from a Complexity Theory point of view, is a rather unnatural measure. A more operative definition of Randomness should be pursued in the light of modern Complexity Theory.
1,216 citations
"Inferring sequences produced by pse..." refers background in this paper
...In order to solve this problem, Blum and Micali [2] give a pseudo-random bit generator, a generator that produces only one bit, rather than an entire number, at each step....
[...]
...[I] have proved that the generators in [2], [3], and [8] are strong even if improved slightly to produce log, y1 bits of output for operations on n bit numbers....
[...]
Proceedings Article•
01 Jan 1982
990 citations