Annual International Cryptology Conference

CRYPTO 1998: Advances in Cryptology — CRYPTO '98 pp 304-317

An efficient discrete log pseudo random generator

  • Sarvar Patel
  • Ganapathy S. Sundaram
Conference paper

DOI: 10.1007/BFb0055737

Volume 1462 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Patel S., Sundaram G.S. (1998) An efficient discrete log pseudo random generator. In: Krawczyk H. (eds) Advances in Cryptology — CRYPTO '98. CRYPTO 1998. Lecture Notes in Computer Science, vol 1462. Springer, Berlin, Heidelberg


The exponentiation function in a finite field of order p (a prime number) is believed to be a one-way function. It is well known that O(log log p) bits are simultaneously hard for this function. We consider a special case of this problem, the discrete logarithm with short exponents, which is also believed to be hard to compute. Under this intractibility assumption we show that discrete exponentiation modulo a prime p can hide nΩ(log n) bits (n = [log p] and p=2q+1, where q is also a prime). We prove simultaneous security by showing that any information about the nΩ(log n) bits can be used to discover the discrete log of gs mod p where s has Ω(log n) bits. For all practical purposes, the size of s can be a constant c bits. This leads to a very efficient pseudo-random number generator which produces nc bits per iteration. For example, when n = 1024 bits and c = 128 bits our pseudo-random number generator produces a little less than 900 bits per exponentiation.

Download to read the full conference paper text

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • Sarvar Patel
    • 1
  • Ganapathy S. Sundaram
    • 1
  1. 1.Bell LabsWhippanyUSA