Inferring sequences produced by pseudo-random number generators
Journal of the ACM (JACM)
Inferring sequences produced by a linear congruential generator missing low-order bits
Journal of Cryptology
Finding Small Roots of Univariate Modular Equations Revisited
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Reconstructing noisy polynomial evaluation in residue rings
Journal of Algorithms
Secret linear congruential generators are not cryptographically secure
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
Toward a Rigorous Variation of Coppersmith's Algorithm on Three Variables
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Attacking Power Generators Using Unravelled Linearization: When Do We Output Too Much?
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Finding a small root of a univariate modular equation
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Finding a small root of a bivariate integer equation; factoring with high bits known
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Cryptanalysis of the quadratic generator
INDOCRYPT'05 Proceedings of the 6th international conference on Cryptology in India
A tool kit for finding small roots of bivariate polynomials over the integers
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Attacking the Pollard Generator
IEEE Transactions on Information Theory
Hi-index | 0.00 |
Number-theoretic pseudorandom generators work by iterating an algebraic map F (public or private) over a residue ring ℤN on a secret random initial seed value v 0 ∈ℤN to compute values $v_{n+1} = F(v_n) \bmod{N}$ for n ∈ℕ. They output some consecutive bits of the state value v n at each iteration and their efficiency and security are thus strongly related to the number of output bits. In 2005, Blackburn, Gomez-Perez, Gutierrez and Shparlinski proposed a deep analysis on the security of such generators. In this paper, we revisit the security of number-theoretic generators by proposing better attacks based on Coppersmith's techniques for finding small roots on polynomial equations. Using intricate constructions, we are able to significantly improve the security bounds obtained by Blackburn et al. .