# Predicting the elliptic curve congruential generator

- 142 Downloads

## Abstract

Let *p* be a prime and let \(\mathbf {E}\) be an elliptic curve defined over the finite field \(\mathbb {F}_p\) of *p* elements. For a point \(G\in \mathbf {E}(\mathbb {F}_p)\) the elliptic curve congruential generator (with respect to the first coordinate) is a sequence \((x_n)\) defined by the relation \(x_n=x(W_n)=x(W_{n-1}\oplus G)=x(nG\oplus W_0)\), \(n=1,2,\ldots \), where \(\oplus \) denotes the group operation in \(\mathbf {E}\) and \(W_0\) is an initial point. In this paper, we show that if some consecutive elements of the sequence \((x_n)\) are given as integers, then one can compute in polynomial time an elliptic curve congruential generator (where the curve possibly defined over the rationals or over a residue ring) such that the generated sequence is identical to \((x_n)\) in the revealed segment. It turns out that in practice, all the secret parameters, and thus the whole sequence \((x_n)\), can be computed from eight consecutive elements, even if the prime and the elliptic curve are private.

## Keywords

Elliptic curve Congruential generator Pseudorandom sequence Cryptography## Mathematics Subject Classification

11Y50 11Y55 11T71 14H52 94A60## Notes

### Acknowledgments

The author would like to thank Harald Niederreiter for suggesting the problem. The authors would also like to thank the reviewers for their perceptive and useful comments that significantly improved the work.

## References

- 1.Beelen, P.H.T., Doumen, J.M.: Pseudorandom sequences from elliptic curves. In: Mullen, G.L., Stichtenoth, H., Tapia-Recillas, H. (eds.) Finite Fields with Applications to Coding Theory, Cryptography and Related Areas (Oaxaca, 2001), pp. 37–52. Springer, Berlin (2002)Google Scholar
- 2.Chen, Z.: Elliptic curve analogue of Legendre sequences. Monatsh. Math.
**154**(1), 1–10 (2008)MathSciNetCrossRefMATHGoogle Scholar - 3.Chen, Z., Gomez-Perez, D., Pirsic, G.: On lattice profile of the elliptic curve linear congruential generators. Period. Math. Hungar.
**68**(1), 1–12 (2014)MathSciNetCrossRefMATHGoogle Scholar - 4.Chen, Z., Li, S., Xiao, G.: Construction of pseudo-random binary sequences from elliptic curves by using discrete logarithm. In: Gong, G., Helleseth, T., Song H.-Y., Yang, K. (eds.) Sequences and Their Applications–SETA 2006. Lecture Notes in Computer Science, vol. 4086, pp. 285–294. Springer, Berlin (2006)Google Scholar
- 5.El Mahassni, E., Shparlinski, I.: On the uniformity of distribution of congruential generators over elliptic curves. In: Helleseth, T., Kumar, P.V., Yang, K. (eds.) Sequences and Their Applications (Bergen. 2001), Discrete Mathematics and Theoretical Computer Science (London), pp. 257–264. Springer, London (2002)Google Scholar
- 6.Gong, G., Berson, T.A., Stinson, D.R.: Elliptic curve pseudorandom sequence generators. In: Heys, H., Adams, C. (eds.) Selected Areas in Cryptography (Kingston. ON, 1999), Lecture Notes in Computer Science, vol. 1758, pp. 34–48. Springer, Berlin (2000)Google Scholar
- 7.Gutierrez, J., Ibeas, Á.: Inferring sequences produced by a linear congruential generator on elliptic curves missing high-order bits. Des. Codes Cryptogr.
**45**(2), 199–212 (2007)MathSciNetCrossRefMATHGoogle Scholar - 8.Hess, F., Shparlinski, I.E.: On the linear complexity and multidimensional distribution of congruential generators over elliptic curves. Des. Codes Cryptogr.
**35**(1), 111–117 (2005)MathSciNetCrossRefMATHGoogle Scholar - 9.Hu, H., Hu, L., Feng, D.: On a class of pseudorandom sequences from elliptic curves over finite fields. IEEE Trans. Inform. Theory
**53**(7), 2598–2605 (2007)MathSciNetCrossRefMATHGoogle Scholar - 10.Lenstra Jr., H.W.: Elliptic curves and number-theoretic algorithms. In: Proceedings of the International Congress of Mathematicians, vols. 1, 2 (Berkeley, Calif., 1986), pp. 99–120. American Mathematical Society, Providence (1987)Google Scholar
- 11.Liu, H.: A family of elliptic curve pseudorandom binary sequences. Des. Codes Cryptogr.
**73**(1), 251–265 (2014)MathSciNetCrossRefMATHGoogle Scholar - 12.Liu, H., Zhan, T., Wang, X.: Large families of elliptic curve pseudorandom binary sequences. Acta Arith.
**140**(2), 135–144 (2009)MathSciNetCrossRefMATHGoogle Scholar - 13.Mérai, L.: Construction of pseudorandom binary sequences over elliptic curves using multiplicative characters. Publ. Math. Debrecen
**80**(1–2), 199–213 (2012)MathSciNetMATHGoogle Scholar - 14.Mérai, L.: Remarks on pseudorandom binary sequences over elliptic curves. Fund. Inform.
**114**(3–4), 301–308 (2012)MathSciNetMATHGoogle Scholar - 15.Shparlinski, I.E.: Pseudorandom points on elliptic curves over finite fields. In: Chaumine, J., Hirschfeld, J., Rolland, R. (eds.) Algebraic Geometry and Its Applications, Series Number Theory Application, vol. 5, pp. 116–134. World Scientific Publishing, Hackensack (2008)Google Scholar
- 16.Topuzoğlu, A., Winterhof, A.: Pseudorandom sequences. In: Garcia, A., Stichtenoth, H. (eds.) Topics in Geometry, Coding Theory and Cryptography, Algebra Application, vol. 6, pp. 135–166. Springer, Dordrecht (2007)Google Scholar
- 17.Washington, L.C.: Elliptic Curves. Number theory and cryptography. Discrete mathematics and its applications, 2nd edn. Chapman & Hall/CRC, Boca Raton (2008)Google Scholar