Predicting the elliptic curve congruential generator

Original Paper


Let p be a prime and let \(\mathbf {E}\) be an elliptic curve defined over the finite field \(\mathbb {F}_p\) of p elements. For a point \(G\in \mathbf {E}(\mathbb {F}_p)\) the elliptic curve congruential generator (with respect to the first coordinate) is a sequence \((x_n)\) defined by the relation \(x_n=x(W_n)=x(W_{n-1}\oplus G)=x(nG\oplus W_0)\), \(n=1,2,\ldots \), where \(\oplus \) denotes the group operation in \(\mathbf {E}\) and \(W_0\) is an initial point. In this paper, we show that if some consecutive elements of the sequence \((x_n)\) are given as integers, then one can compute in polynomial time an elliptic curve congruential generator (where the curve possibly defined over the rationals or over a residue ring) such that the generated sequence is identical to \((x_n)\) in the revealed segment. It turns out that in practice, all the secret parameters, and thus the whole sequence \((x_n)\), can be computed from eight consecutive elements, even if the prime and the elliptic curve are private.


Elliptic curve Congruential generator Pseudorandom sequence Cryptography 

Mathematics Subject Classification

11Y50 11Y55 11T71 14H52 94A60 



The author would like to thank Harald Niederreiter for suggesting the problem. The authors would also like to thank the reviewers for their perceptive and useful comments that significantly improved the work.


  1. 1.
    Beelen, P.H.T., Doumen, J.M.: Pseudorandom sequences from elliptic curves. In: Mullen, G.L., Stichtenoth, H., Tapia-Recillas, H. (eds.) Finite Fields with Applications to Coding Theory, Cryptography and Related Areas (Oaxaca, 2001), pp. 37–52. Springer, Berlin (2002)Google Scholar
  2. 2.
    Chen, Z.: Elliptic curve analogue of Legendre sequences. Monatsh. Math. 154(1), 1–10 (2008)MathSciNetCrossRefMATHGoogle Scholar
  3. 3.
    Chen, Z., Gomez-Perez, D., Pirsic, G.: On lattice profile of the elliptic curve linear congruential generators. Period. Math. Hungar. 68(1), 1–12 (2014)MathSciNetCrossRefMATHGoogle Scholar
  4. 4.
    Chen, Z., Li, S., Xiao, G.: Construction of pseudo-random binary sequences from elliptic curves by using discrete logarithm. In: Gong, G., Helleseth, T., Song H.-Y., Yang, K. (eds.) Sequences and Their Applications–SETA 2006. Lecture Notes in Computer Science, vol. 4086, pp. 285–294. Springer, Berlin (2006)Google Scholar
  5. 5.
    El Mahassni, E., Shparlinski, I.: On the uniformity of distribution of congruential generators over elliptic curves. In: Helleseth, T., Kumar, P.V., Yang, K. (eds.) Sequences and Their Applications (Bergen. 2001), Discrete Mathematics and Theoretical Computer Science (London), pp. 257–264. Springer, London (2002)Google Scholar
  6. 6.
    Gong, G., Berson, T.A., Stinson, D.R.: Elliptic curve pseudorandom sequence generators. In: Heys, H., Adams, C. (eds.) Selected Areas in Cryptography (Kingston. ON, 1999), Lecture Notes in Computer Science, vol. 1758, pp. 34–48. Springer, Berlin (2000)Google Scholar
  7. 7.
    Gutierrez, J., Ibeas, Á.: Inferring sequences produced by a linear congruential generator on elliptic curves missing high-order bits. Des. Codes Cryptogr. 45(2), 199–212 (2007)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Hess, F., Shparlinski, I.E.: On the linear complexity and multidimensional distribution of congruential generators over elliptic curves. Des. Codes Cryptogr. 35(1), 111–117 (2005)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Hu, H., Hu, L., Feng, D.: On a class of pseudorandom sequences from elliptic curves over finite fields. IEEE Trans. Inform. Theory 53(7), 2598–2605 (2007)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Lenstra Jr., H.W.: Elliptic curves and number-theoretic algorithms. In: Proceedings of the International Congress of Mathematicians, vols. 1, 2 (Berkeley, Calif., 1986), pp. 99–120. American Mathematical Society, Providence (1987)Google Scholar
  11. 11.
    Liu, H.: A family of elliptic curve pseudorandom binary sequences. Des. Codes Cryptogr. 73(1), 251–265 (2014)MathSciNetCrossRefMATHGoogle Scholar
  12. 12.
    Liu, H., Zhan, T., Wang, X.: Large families of elliptic curve pseudorandom binary sequences. Acta Arith. 140(2), 135–144 (2009)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
    Mérai, L.: Construction of pseudorandom binary sequences over elliptic curves using multiplicative characters. Publ. Math. Debrecen 80(1–2), 199–213 (2012)MathSciNetMATHGoogle Scholar
  14. 14.
    Mérai, L.: Remarks on pseudorandom binary sequences over elliptic curves. Fund. Inform. 114(3–4), 301–308 (2012)MathSciNetMATHGoogle Scholar
  15. 15.
    Shparlinski, I.E.: Pseudorandom points on elliptic curves over finite fields. In: Chaumine, J., Hirschfeld, J., Rolland, R. (eds.) Algebraic Geometry and Its Applications, Series Number Theory Application, vol. 5, pp. 116–134. World Scientific Publishing, Hackensack (2008)Google Scholar
  16. 16.
    Topuzoğlu, A., Winterhof, A.: Pseudorandom sequences. In: Garcia, A., Stichtenoth, H. (eds.) Topics in Geometry, Coding Theory and Cryptography, Algebra Application, vol. 6, pp. 135–166. Springer, Dordrecht (2007)Google Scholar
  17. 17.
    Washington, L.C.: Elliptic Curves. Number theory and cryptography. Discrete mathematics and its applications, 2nd edn. Chapman & Hall/CRC, Boca Raton (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Johann Radon Institute for Computational and Applied MathematicsAustrian Academy of SciencesLinzAustria

Personalised recommendations