How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
Almost all primes can be quickly certified
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
Expanders, randomness, or time versus space
Proc. of the conference on Structure in complexity theory
Canonical representatives for residue classes of a polynomial ideal
SYMSAC '76 Proceedings of the third ACM symposium on Symbolic and algebraic computation
A theoretical basis for the reduction of polynomials to canonical forms
ACM SIGSAM Bulletin
Randomized algorithms and pseudorandom numbers
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
On the randomness of Legendre and Jacobi sequences
CRYPTO '88 Proceedings on Advances in cryptology
Small-bias probability spaces: efficient constructions and applications
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
How to predict congruential generators
CRYPTO '89 Proceedings on Advances in cryptology
On Generation of Probable Primes By Incremental Search
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
On constructing 1-1 one-way functions
Studies in complexity and cryptography
| Hi-index | 0.00 |
Many problems such as primality testing can be solved efficiently using a source of independent, identically distributed random numbers. It is therefore customary in the theory of algorithms to assume the availability of such a source. However, probabilistic algorithms often work well in practice with pseudo-random numbers; the point of this paper is to offer a justification for this fact.The results below apply to sequences generated by iteratively applying functions of the form ƒ (&khgr;) = &agr;&khgr; + &bgr; (mod p) to a randomly chosen seed x, and estimate the probability that a predetermined number of trials of an algorithm will fail. In particular, the following bounds hold:For finding square roots modulo a prime p, a failure probability of &Ogr; (log p/√p).For testing p for primality, a failure probability of &Ogr; (p-1/4+&egr;), for any &egr;0.(In both cases, the number of trials is about 1/2 log p.) The analysis uses results of André Weil concerning the number of points on algebraic varieties over finite fields.