# Predicting the elliptic curve congruential generator

Original Paper

## Abstract

Let p be a prime and let $$\mathbf {E}$$ be an elliptic curve defined over the finite field $$\mathbb {F}_p$$ of p elements. For a point $$G\in \mathbf {E}(\mathbb {F}_p)$$ the elliptic curve congruential generator (with respect to the first coordinate) is a sequence $$(x_n)$$ defined by the relation $$x_n=x(W_n)=x(W_{n-1}\oplus G)=x(nG\oplus W_0)$$, $$n=1,2,\ldots$$, where $$\oplus$$ denotes the group operation in $$\mathbf {E}$$ and $$W_0$$ is an initial point. In this paper, we show that if some consecutive elements of the sequence $$(x_n)$$ are given as integers, then one can compute in polynomial time an elliptic curve congruential generator (where the curve possibly defined over the rationals or over a residue ring) such that the generated sequence is identical to $$(x_n)$$ in the revealed segment. It turns out that in practice, all the secret parameters, and thus the whole sequence $$(x_n)$$, can be computed from eight consecutive elements, even if the prime and the elliptic curve are private.

### Keywords

Elliptic curve Congruential generator Pseudorandom sequence Cryptography

### Mathematics Subject Classification

11Y50 11Y55 11T71 14H52 94A60

### References

1. 1.
Beelen, P.H.T., Doumen, J.M.: Pseudorandom sequences from elliptic curves. In: Mullen, G.L., Stichtenoth, H., Tapia-Recillas, H. (eds.) Finite Fields with Applications to Coding Theory, Cryptography and Related Areas (Oaxaca, 2001), pp. 37–52. Springer, Berlin (2002)Google Scholar
2. 2.
Chen, Z.: Elliptic curve analogue of Legendre sequences. Monatsh. Math. 154(1), 1–10 (2008)
3. 3.
Chen, Z., Gomez-Perez, D., Pirsic, G.: On lattice profile of the elliptic curve linear congruential generators. Period. Math. Hungar. 68(1), 1–12 (2014)
4. 4.
Chen, Z., Li, S., Xiao, G.: Construction of pseudo-random binary sequences from elliptic curves by using discrete logarithm. In: Gong, G., Helleseth, T., Song H.-Y., Yang, K. (eds.) Sequences and Their Applications–SETA 2006. Lecture Notes in Computer Science, vol. 4086, pp. 285–294. Springer, Berlin (2006)Google Scholar
5. 5.
El Mahassni, E., Shparlinski, I.: On the uniformity of distribution of congruential generators over elliptic curves. In: Helleseth, T., Kumar, P.V., Yang, K. (eds.) Sequences and Their Applications (Bergen. 2001), Discrete Mathematics and Theoretical Computer Science (London), pp. 257–264. Springer, London (2002)Google Scholar
6. 6.
Gong, G., Berson, T.A., Stinson, D.R.: Elliptic curve pseudorandom sequence generators. In: Heys, H., Adams, C. (eds.) Selected Areas in Cryptography (Kingston. ON, 1999), Lecture Notes in Computer Science, vol. 1758, pp. 34–48. Springer, Berlin (2000)Google Scholar
7. 7.
Gutierrez, J., Ibeas, Á.: Inferring sequences produced by a linear congruential generator on elliptic curves missing high-order bits. Des. Codes Cryptogr. 45(2), 199–212 (2007)
8. 8.
Hess, F., Shparlinski, I.E.: On the linear complexity and multidimensional distribution of congruential generators over elliptic curves. Des. Codes Cryptogr. 35(1), 111–117 (2005)
9. 9.
Hu, H., Hu, L., Feng, D.: On a class of pseudorandom sequences from elliptic curves over finite fields. IEEE Trans. Inform. Theory 53(7), 2598–2605 (2007)
10. 10.
Lenstra Jr., H.W.: Elliptic curves and number-theoretic algorithms. In: Proceedings of the International Congress of Mathematicians, vols. 1, 2 (Berkeley, Calif., 1986), pp. 99–120. American Mathematical Society, Providence (1987)Google Scholar
11. 11.
Liu, H.: A family of elliptic curve pseudorandom binary sequences. Des. Codes Cryptogr. 73(1), 251–265 (2014)
12. 12.
Liu, H., Zhan, T., Wang, X.: Large families of elliptic curve pseudorandom binary sequences. Acta Arith. 140(2), 135–144 (2009)
13. 13.
Mérai, L.: Construction of pseudorandom binary sequences over elliptic curves using multiplicative characters. Publ. Math. Debrecen 80(1–2), 199–213 (2012)
14. 14.
Mérai, L.: Remarks on pseudorandom binary sequences over elliptic curves. Fund. Inform. 114(3–4), 301–308 (2012)
15. 15.
Shparlinski, I.E.: Pseudorandom points on elliptic curves over finite fields. In: Chaumine, J., Hirschfeld, J., Rolland, R. (eds.) Algebraic Geometry and Its Applications, Series Number Theory Application, vol. 5, pp. 116–134. World Scientific Publishing, Hackensack (2008)Google Scholar
16. 16.
Topuzoğlu, A., Winterhof, A.: Pseudorandom sequences. In: Garcia, A., Stichtenoth, H. (eds.) Topics in Geometry, Coding Theory and Cryptography, Algebra Application, vol. 6, pp. 135–166. Springer, Dordrecht (2007)Google Scholar
17. 17.
Washington, L.C.: Elliptic Curves. Number theory and cryptography. Discrete mathematics and its applications, 2nd edn. Chapman & Hall/CRC, Boca Raton (2008)Google Scholar