How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
A simple unpredictable pseudo random number generator
SIAM Journal on Computing
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
On the cryptographic security of single RSA bits
STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
Reconstructing noisy polynomial evaluation in residue rings
Journal of Algorithms
Finding a small root of a univariate modular equation
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Finding a small root of a bivariate integer equation; factoring with high bits known
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
On the provable security of an efficient RSA-Based pseudorandom generator
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Improved cryptanalysis of the multi-prime φ-hiding assumption
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Maximizing small root bounds by linearization and applications to small secret exponent RSA
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
A unified framework for small secret exponent attack on RSA
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Inferring sequences produced by nonlinear pseudorandom number generators using coppersmith's methods
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
RSA vulnerabilities with small prime difference
WEWoRC'11 Proceedings of the 4th Western European conference on Research in Cryptology
On optimal bounds of small inverse problems and approximate GCD problems with higher degree
ISC'12 Proceedings of the 15th international conference on Information Security
Predicting masked linear pseudorandom number generators over finite fields
Designs, Codes and Cryptography
Hi-index | 0.00 |
We look at iterated power generators $s_i = s_{i-1}^e {\rm mod} N$ for a random seed s 0 *** *** N that in each iteration output a certain amount of bits. We show that heuristically an output of $(1-\frac 1 e)\log N$ most significant bits per iteration allows for efficient recovery of the whole sequence. This means in particular that the Blum-Blum-Shub generator should be used with an output of less than half of the bits per iteration and the RSA generator with e = 3 with less than a $\frac 1 3$-fraction of the bits. Our method is lattice-based and introduces a new technique, which combines the benefits of two techniques, namely the method of linearization and the method of Coppersmith for finding small roots of polynomial equations. We call this new technique unravelled linearization .