skip to main content
article
Free Access

Inferring sequences produced by pseudo-random number generators

Published:01 January 1989Publication History
Skip Abstract Section

Abstract

In this paper, efficient algorithms are given for inferring sequences produced by certain pseudo-random number generators. The generators considered are all of the form Xn = Σkj-l αjφj(Xo, Xl, . . ., Xn-l) (mod m). In each case, we assume that the functions φj are known and polynomial time computable, but that the coefficients aj and the modulus m are unknown. Using this general method, specific examples of generators having this form, the linear congruential method, linear congruences with n terms in the recurrence, and quadratic congruences are shown to be cryptographically insecure.

References

  1. 1 ALEXl, W., CHOR, B., GOLDREICH, O., AND SCHNORR, C. P. RSA/rabin bits are 1/2 + I/poly(log N) secure. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 449-457.Google ScholarGoogle Scholar
  2. 2 BLUM, M., AND MICALI, S. HOW to generate cryptographicaUy strong sequences of pseudo-random bits. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. i 12-117.Google ScholarGoogle Scholar
  3. 3 BLUM, L., BLUM, M., AND SNUB, M. A simple secure pseudo-random number generator. In Advances in Cryptography: Proceedings of CRYPTO 82. Plenum Press, New York, 1983, pp. 61-78.Google ScholarGoogle Scholar
  4. 4 BOYAR, j. Inferring sequences produced by pseudo-random number generators. Tech. Rep. 86- 002. Univ. of Chicago, Chicago, Ill., 1986. Google ScholarGoogle Scholar
  5. 5 BOYAR, J. Missing low order bits in a linear congruential generator. J. Crypt., to appear.Google ScholarGoogle Scholar
  6. 6 FLOYD, R. Nondeterministic algorithms. J. ACM 14, 4 (Oct. 1967), pp. 636-644. Google ScholarGoogle Scholar
  7. 7 FRIEZE, A. M., KANNAN, R., AND I~AGARIAS, J.C. Linear congruential generators do not produce random sequences. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 480-484.Google ScholarGoogle Scholar
  8. 8 GOLDWASSER, S., MICALI, S., AND TONG, P. Why and how to establish a private code on a public network. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. 132-144.Google ScholarGoogle Scholar
  9. 9 HASTAD, J., AND SHAMIR, A. The cryptographic security of truncated linearly related variables. In Proceedings of the 17th ACM Symposium on Theory of Computing (Providence, R.I., May 6-8). ACM, New York, 1985, pp. 356-362. Google ScholarGoogle Scholar
  10. 10 KANNAN, R., AND BACHEM, A. Polynomial algorithms for computing the Smith and Hermite normal forms of an integer matrix. SIAM J. Comput. 8, 4 (1979), 499-507.Google ScholarGoogle Scholar
  11. 11 KNUTH, D.E. Seminumerical Algorithms, The Art of Computer Programming, vol. 2. Addison- Wesley, Reading, Mass., 1969. Google ScholarGoogle Scholar
  12. 12 KNUTH, D.E. Deciphering a linear congruential encryption. Tech. Rep. 024800. Stanford Univ., Stanford, Calif., 1980.Google ScholarGoogle Scholar
  13. 13 LAGARIAS, J. C., AND REEDS, J. Unique extrapolation of polynomial recurrences. SIAM J. Comput. 17, 2 (1988), 342-362. Google ScholarGoogle Scholar
  14. 14 LONG, D. L., AND WIGDERSON, A. How discrete is the discrete log? in Proceedings of the 15th ACM Symposium on Theory of Computing (Boston, Mass., Apr. 25-27). ACM, New York, 1983, pp. 413-420. Google ScholarGoogle Scholar
  15. 15 MACLANE, S., AND BIRKHOFE, G. Algebra. The MacMillan Company, New York, 1967.Google ScholarGoogle Scholar
  16. 16 PLUMSTEAD, J.B. Inferring a sequence generated by a linear congruence. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. 153-159.Google ScholarGoogle Scholar
  17. 17 PLUMSTEAD, J.B. Inferring a sequence generated by a linear congruence, abstract, in Advances in Cryptology: Proceedings of CRYPTO 82. Plenum Press, New York, 1983, pp. 317-319.Google ScholarGoogle Scholar
  18. 18 PLUMSTEAD, J. B. Inferring sequences produced by pseudo-random number generators. Ph.D. dissertation. Univ. of California, Berkeley, Berkeley, Calif., 1983. Google ScholarGoogle Scholar
  19. 19 REEDS, J. "Cracking" a random number generator. Cryptologia, 1 (Jan. 1977), 20-26.Google ScholarGoogle Scholar
  20. 20 SHAMIR, A. On the generation of cryptographically strong pseudo-random sequences. In 8th Colloquium on Automata, Languages, and Programming, 1980, 544-550. Google ScholarGoogle Scholar
  21. 21 SMITH, H. J.S. On systems of linear indeterminate equations and congruences. Phil. Trans. Royal Soc. London, A 151 (1861), 293-326.Google ScholarGoogle Scholar
  22. 22 VAZIRANI, U., AND VAZIRANI, V. Efficient and secure pseudo-random number generation. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1984, pp. 458-463.Google ScholarGoogle Scholar
  23. 23 YAO, A. Theory and applications of trapdoor functions. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science. IEEE, New York, 1982, pp. 80-91.Google ScholarGoogle Scholar

Index Terms

  1. Inferring sequences produced by pseudo-random number generators

              Recommendations

              Reviews

              Matthew Allen Bishop

              This research paper presents an algorithm for inferring generators of certain pseudo-random number sequences from a given initial subsequence. The general algorithm is applied to sequences produced by three popular generators—the linear congruential method with 1 and with n terms in the recurrence, and the quadratic congruential method—to show that those pseudo-random number generators are cryptographically nonsecure. Intended for readers familiar with pseudo-random number generation, the paper is well written and clear. The application of the general method demonstrates its usefulness, and when one has finished reading, no doubt remains of the lack of security of any implementation of a cryptographic system that bases its key generation on a pseudo-random number generator of the kind described in the paper. This paper fulfills its aim completely. A minor flaw of the paper is that it does not present an example of a pseudo-random number sequence and apply the algorithm to obtain a generator. The author also makes the tantalizing statement that under certain conditions it is possible to infer generators for sequences produced by the linear congruential method from scattered, rather than successive, numbers in the sequence. Despite the two references given to support this claim (to a technical report and to the author's doctoral thesis), the author's failure to supply details or a proof is maddening. The overall quality of the paper, however, eclipses these problems.

              Access critical reviews of Computing literature here

              Become a reviewer for Computing Reviews.

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              • Published in

                cover image Journal of the ACM
                Journal of the ACM  Volume 36, Issue 1
                Jan. 1989
                207 pages
                ISSN:0004-5411
                EISSN:1557-735X
                DOI:10.1145/58562
                Issue’s Table of Contents

                Copyright © 1989 ACM

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                • Published: 1 January 1989
                Published in jacm Volume 36, Issue 1

                Permissions

                Request permissions about this article.

                Request Permissions

                Check for updates

                Qualifiers

                • article

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!