A simple unpredictable pseudo random number generator
SIAM Journal on Computing
The bit security of modular squaring given partial factorization of the modulos
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
RSA and Rabin functions: certain parts are as hard as the whole
SIAM Journal on Computing - Special issue on cryptography
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The art of computer programming, volume 2 (3rd ed.): seminumerical algorithms
The Magic Words are Squeamish Ossifrage
ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
On the Linear Complexity of the Power Generator
Designs, Codes and Cryptography
On the power generator and its multivariate analogue
Journal of Complexity
| Hi-index | 0.00 |
Let N and &agr; be integers larger than 1. Define an orbit to be thecollection of residues in _N^* generated byiteratively applying x → x ^α mod N to an element x∈ Z_N^* which eventually maps back to itself.An orbit‘s length is the number of distinct residues in the orbit. When N isa large bicomposite integer, such as is commonly used in many cryptographicapplications, and when certain prime factorizations related to N are known,all orbit lengths and the number of orbits of each possible length can beefficiently computed using the results presented. If the required integerfactorizations are only partially known, the risk that a randomly selectedperiodic element might produce an orbit shorter than some (typically large)divisor of (&phis;(N)) can be bounded. The information needed to producesuch a bound is fully available when the prime factors of N are generatedusing the prime generation algorithm defined in Maurer maur. Resultspresented can assist in choosing wisely a modulus N for the Blum, Blum, andShub pseudo-random bit generator. If N is a bicomposite RSA modulus, theanalysis shows how to quantify the risk posed by an iterated encryptionattack.