Advertisement

Journal of Cryptology

, Volume 1, Issue 3, pp 177–184 | Cite as

Inferring sequences produced by a linear congruential generator missing low-order bits

  • Joan Boyar
Article

Abstract

An efficient algorithm is given for inferring sequences produced by linear congruential pseudorandom number generators when some of the low-order bits of the numbers produced are unavailable. These generators have the formXn=aXn−1+b (modm). We assume that the constantsa,b, andm are unknown, and thatt=O(log logm) of the low-order bits are not used.

Key words

Cryptography Pseudorandom number generators Linear congruential method 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Boyar, J., Inferring sequences produced by pseudo-random number generators,J. Assoc. Comput. Mach., Vol. 36, No. 1, January 1989, pp. 129–141.Google Scholar
  2. [2]
    Frieze, A. M., Hastad, J., Kannan, R., Lagarias, J. C., and Shamir, A., Reconstructing truncated integer variables satisfying linear congruences,SIAM J. Comput., Vol. 17, No. 2, April 1988, pp. 262–280.Google Scholar
  3. [3]
    Frieze, A. M., Kannan, R., and Lagarias, J. C., Linear congruential generators do not produce random sequences,Proc. 25th IEEE Symp. on Foundations of Computer Science, 1984, pp. 480–484.Google Scholar
  4. [4]
    Knuth, D. E.,Seminumerical Algorithms, The Art of Computer Programming, Volume 2, Addison-Wesley, Reading, MA, 1969.Google Scholar
  5. [5]
    Knuth, D. E., Deciphering a linear congruential encryption,IEEE Trans. Inform. Theory, Vol. 31, 1985, pp. 49–52.Google Scholar
  6. [6]
    Lagarias, J. C., and Reeds, J. A., Unique extrapolation of polynomial recurrences,SIAM J. Comput., Vol. 17, No. 2, April 1988, pp. 342–362.Google Scholar
  7. [7]
    Plumstead, J. B., Inferring a sequence generated by a linear congruence,Proc. 23rd IEEE Symp. on Foundations of Computer Science, 1982, pp. 153–159.Google Scholar
  8. [8]
    Stern, J., Secret linear congruential generators are not cryptographically secure,Proc. 28th IEEE Symp. on Foundations of Computer Science, 1987, pp. 421–426.Google Scholar

Copyright information

© International Association for Cryptologic Research 1988

Authors and Affiliations

  • Joan Boyar
    • 1
  1. 1.Computer Science DepartmentUniversity of ChicagoChicagoU.S.A.

Personalised recommendations