An Improved Pseudo-random Generator Based on Discrete Log
Under the assumption that solving the discrete logarithm problem modulo an n-bit prime p is hard even when the exponent is a small c-bit number, we construct a new and improved pseudo-random bit generator. This new generator outputs n - c - 1 bits per exponentiation with a c-bit exponent.
Using typical parameters, n = 1024 and c = 160, this yields roughly 860 pseudo-random bits per small exponentiations. Using an implementation with quite small precomputation tables, this yields a rate of more than 20 bits per modular multiplication, thus much faster than the the squaring (BBS) generator with similar parameters.
- 1.L. Adleman. A Subexponential Algorithm for the Discrete Logarithm Problem with Applications to Cryptography. IEEE FOCS, pp. 55–60, 1979.Google Scholar
- 2.W. Alexi, B. Chor, O. Goldreich and C. Schnorr. RSA and Rabin Functions: Certain Parts are as Hard as the Whole. SIAM J. Computing, 17(2):194–209, April 1988.Google Scholar
- 3.L. Blum, M. Blum and M. Shub. A Simple Unpredictable Pseudo-Random Number Generator. SIAM J.Computing, 15(2):364–383, May 1986.Google Scholar
- 4.M. Blum and S. Micali. How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits. SIAM J.Computing, 13(4):850–864, November 1984.Google Scholar
- 5.W. Diffie and M. Hellman. New Directions in Cryptography. IEEE Trans. Inf. Theory, IT-22:644–654, November 1976.Google Scholar
- 9.J. Håstad and M. Näslund. The Security of Individual RSA Bits. IEEE FOCS, pp. 510–519, 1998.Google Scholar
- 12.D. Knuth. The Art of Computer Programming (vol.3): Sorting and Searching. Addison-Wesley, 1973.Google Scholar
- 13.C.H. Lim and P.J. Lee. More Flexible Exponentiation with Precomputation. CRYPTO’94, LNCS 839, pp. 95–107.Google Scholar
- 15.M. Naor and O. Reingold. Number-Theoretic Constructions of Efficient Pseudo-Random Functions. IEEE FOCS, pp. 458–467, 1997.Google Scholar
- 16.S. Patel and G. Sundaram. An Efficient Discrete Log Pseudo Random Generator. CRYPTO’98, LNCS 1462, pp. 304–317, 1998.Google Scholar
- 17.R. Peralta. Simultaneous Security of Bits in the Discrete Log. EUROCRYPT’85, LNCS 219, pp. 62–72, 1986.Google Scholar
- 19.C. Schnorr Security of Allmost ALL Discrete Log Bits. Electronic Colloquium on Computational Complexity. Report TR98-033. Available at http://www.eccc.uni-trier.de/eccc/.
- 20.A. Yao. Theory and Applications of Trapdoor Functions. IEEE FOCS, 1982.Google Scholar