Abstract
The asymptotic security of the Blum-Blum-Shub (BBS) pseudorandom generator has been studied by Alexi et al. and Vazirani and Vazirani, who proved independently that O(log log N) bits can be extracted on each iteration, where N is the modulus (a Blum integer). The concrete security of this generator has been analyzed previously by Fischlin and Schnorr and by Knuth.
In this paper we continue to analyse the concrete security the BBS generator. We show how to select both the size of the modulus and the number of bits extracted on each iteration such that a desired level of security is reached, while minimizing the computational effort per output bit. We will assume a concrete lower bound on the hardness of integer factoring, which is obtained by extrapolating the best factorization results to date.
While for asymptotic security it suffices to give a polynomial time reduction a successful attack to factoring, we need for concrete security a reduction that is as efficient as possible. Our reduction algorithm relies on the techniques of Fischlin and Schnorr, as well as ideas of Vazirani and Vazirani, but combining these in a novel way for the case that more than one bit is output on each iteration.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alexi, W., Chor, B., Goldeich, O., Schnorr, C.P.: RSA and Rabin functions: certain parts are as hard as the whole. SIAM Journal on Computing 17, 194–209 (1988)
Blum, L., Blum, M., Shub, M.: A Simple Unpredictable Pseudo-Random Number Generator. SIAM Journal on Computing 15, 364–383 (1986)
Bellare, M., Rogaway, P.: The exact security of digital signatures how to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)
ECRYPT Yearly Report on Algorithms and Keysizes (2004), Available at http://www.ecrypt.eu.org/documents/D.SPA.10-1.1.pdf
Fischlin, R., Schnorr, C.P.: Stronger Security Proofs for RSA and Rabin Bits. Journal of Cryptology 13, 221–244 (2000)
Gennaro, R.: An improved pseudo-random generator based on discrete log. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 469–481. Springer, Heidelberg (2000)
Goldreich, O.: Three XOR-Lemmas – An Exposition. Technical report, ECCC TR95-056 (1995), Available at ftp://ftp.eccc.uni-trier.de/pub/eccc/reports/1995/TR95-056/Paper.pdf
Hoeffding, W.: Probability in Equations for Sums of Bounded Random Variables. Journal of the American Statistical Association 56, 13–30 (1963)
Knuth, D.E.: Seminumerical Algorithms, 3rd edn. Addison-Wesley, Reading (1997)
Katz, J., Wang, N.: Efficiency Improvements for Signature Schemes with Tight Security Reductions. In: CCS 2003, Washington, DC, USA, October 27-30 (2003)
Lenstra, A.K., Verheul, E.R.: Selecting Cryptographic Key Sizes. Journal of Cryptology 14, 255–293 (2001)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Appied Cryptography. CRC Press series on discrete mathematics and its applications (2000)
Rabin, M.O.: Digitalized signatures and public-key functions as intractible as factorization. Technical report, TR-212. MIT Laboratory for Computer Science (1979)
Shoup, V.: On the security of a practical identification scheme. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 344–353. Springer, Heidelberg (1996)
Vazirani, U.V., Vazirani, V.V.: Efficient and Secure Pseudo-Random Number Generation. In: Proceedings 25th Symposium on Foundations of Computing Science IEEE, pp. 458–463 (1984)
Yao, A.C.: Theory and Application of Trapdoor Functions. In: Proceedings of IEEE Symposium on Foundations of Computer Science, pp. 80–91 (1982)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sidorenko, A., Schoenmakers, B. (2005). Concrete Security of the Blum-Blum-Shub Pseudorandom Generator. In: Smart, N.P. (eds) Cryptography and Coding. Cryptography and Coding 2005. Lecture Notes in Computer Science, vol 3796. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11586821_24
Download citation
DOI: https://doi.org/10.1007/11586821_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30276-6
Online ISBN: 978-3-540-32418-8
eBook Packages: Computer ScienceComputer Science (R0)