Minkowski's convex body theorem and integer programming
Mathematics of Operations Research
A sieve algorithm for the shortest lattice vector problem
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Complexity of Lattice Problems
Complexity of Lattice Problems
Lattice Reduction in Cryptology: An Update
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Dynamical systems generated by rational functions
AAECC'03 Proceedings of the 15th international conference on Applied algebra, algebraic algorithms and error-correcting codes
Designs, Codes and Cryptography
Inferring sequences produced by nonlinear pseudorandom number generators using coppersmith's methods
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
| Hi-index | 0.01 |
Let p be a prime and let a and c be integers modulo p. The quadratic congruential generator (QCG) is a sequence (vn) of pseudorandom numbers defined by the relation $v_{n+1}\equiv av^{2}_{n}+c mod p$. We show that if sufficiently many of the most significant bits of several consecutive values vn of the QCG are given, one can recover in polynomial time the initial value v0 (even in the case where the coefficient c is unknown), provided that the initial value v0 does not lie in a certain small subset of exceptional values.