A simple unpredictable pseudo random number generator
SIAM Journal on Computing
RSA and Rabin functions: certain parts are as hard as the whole
SIAM Journal on Computing - Special issue on cryptography
Handbook of Applied Cryptography
Handbook of Applied Cryptography
An Improved Pseudo-random Generator Based on Discrete Log
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Efficiency improvements for signature schemes with tight security reductions
Proceedings of the 10th ACM conference on Computer and communications security
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Efficient And Secure Pseudo-Random Number Generation
SFCS '84 Proceedings of the 25th Annual Symposium onFoundations of Computer Science, 1984
On the security of a practical identification scheme
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
More efficient DDH pseudorandom generators
Designs, Codes and Cryptography
On the provable security of an efficient RSA-Based pseudorandom generator
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Another look at “provable security”. II
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Splittable pseudorandom number generators using cryptographic hashing
Proceedings of the 2013 ACM SIGPLAN symposium on Haskell
| Hi-index | 0.00 |
The asymptotic security of the Blum-Blum-Shub (BBS) pseudorandom generator has been studied by Alexi et al. and Vazirani and Vazirani, who proved independently that O(log log N) bits can be extracted on each iteration, where N is the modulus (a Blum integer). The concrete security of this generator has been analyzed previously by Fischlin and Schnorr and by Knuth. In this paper we continue to analyse the concrete security the BBS generator. We show how to select both the size of the modulus and the number of bits extracted on each iteration such that a desired level of security is reached, while minimizing the computational effort per output bit. We will assume a concrete lower bound on the hardness of integer factoring, which is obtained by extrapolating the best factorization results to date. While for asymptotic security it suffices to give a polynomial time reduction a successful attack to factoring, we need for concrete security a reduction that is as efficient as possible. Our reduction algorithm relies on the techniques of Fischlin and Schnorr, as well as ideas of Vazirani and Vazirani, but combining these in a novel way for the case that more than one bit is output on each iteration.