Abstract
Let N be a positive integer and let P ε ℤ [x] be a polynomial that is nonlinear on the set ℤ N of integers modulo N. If, by choosing x at random in an initial segment of ℤ N , P(x) (mod N) appears to be uniformly distributed in ℤ N to any polynomial-time observer, then it is possible to construct very efficient pseudorandom number generators that pass any polynomial-time statistical test. We analyse this generator from two points of view. A complexity theoretic analysis relates the perfectness of the generator to the security of the RSA-scheme. A statistical analysis proves that the least-significant bits of P(x) (mod N) are statistically random.
Article PDF
Similar content being viewed by others
References
Alexi, W., Chor, B., Goldreich, O., and Schnorr, C. P.: RSA and Rabin functions: certain parts are as hard as the whole. Proceeding of the 25th Symposium on Foundations of Computer Science (1984), pp. 449–457; also: SIAM J. Comput., 17 (1988), 194–208.
Blum, M., and Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. Proceedings of the 25th IEEE Symposium on Foundations of Computer Science, New York (1982); also SIAM J. Comput., 13 (1984), 850–864.
Blum, L., Blum, M., and Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput., 15 (1986), 364–383.
Goldreich, O., Goldwasser, S., and Micali, S.: How to construct random functions. Proceedings of the 25th IEEE Symposium on Foundations of Computer Science, New York (1984); also J. Assoc. Comput. Mach., 33 (1986), 792–807.
Knuth, D. E.: The Art of Computer Programming, Vol. 2, 2nd edn. Addison-Wesley, Reading, MA (1981).
Lenstra, A. K., Lenstra, H. W., Jr., Manasse, M. S., and Pollard, J. M.: The number field sieve. Proceedings of the 22nd ACM Symposium on Theory of Computing, Baltimore (1990).
Micali, S., and Schnorr, C. P.: Super-efficient perfect random number generators. Proceedings Crypto '88. Lecture Notes in Computer Science, Vol. 403. Springer-Verlag, Berlin (1988).
Niederreiter, H.: Statistical independence of nonlinear congruential pseudorandom numbers. Mh. Math., 106(1988), 149–159.
Niederreiter, H.: Private communication (1990).
Pollard, J.: Private communication (1988).
Santa, M., and Vazirani, U. V.: Generating quasi-random sequences from slightly random sources. Proceedings of the 25th Annual IEEE Symposium on Foundations of Computer Science, Singer Island (1984), 434–440.
Solovay, R., and Strassen, V.: A fast Monte Carlo test for primality. SIAM J. Comput., 6 (1977), 84–85, erratum 7 (1978), 118.
Yao, A. C.: Theory and applications of trapdoor functions. Proceedings of the 25th IEEE Symposium on Foundations of Computer Science, New York (1982), 80–91.
Author information
Authors and Affiliations
Additional information
This research was performed while C. P. Schnorr was visiting the Department of Computer Science of the University of Chicago, who also supported his research. A U.S. patent, based on this work, has been granted.
Rights and permissions
About this article
Cite this article
Micali, S., Schnorr, C.P. Efficient, perfect polynomial random number generators. J. Cryptology 3, 157–172 (1991). https://doi.org/10.1007/BF00196909
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00196909