Skip to main content
Springer Nature Link
Log in

Concrete Security of the Blum-Blum-Shub Pseudorandom Generator

  • Conference paper
Cryptography and Coding (Cryptography and Coding 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3796))

Included in the following conference series:

Abstract

The asymptotic security of the Blum-Blum-Shub (BBS) pseudorandom generator has been studied by Alexi et al. and Vazirani and Vazirani, who proved independently that O(log log N) bits can be extracted on each iteration, where N is the modulus (a Blum integer). The concrete security of this generator has been analyzed previously by Fischlin and Schnorr and by Knuth.

In this paper we continue to analyse the concrete security the BBS generator. We show how to select both the size of the modulus and the number of bits extracted on each iteration such that a desired level of security is reached, while minimizing the computational effort per output bit. We will assume a concrete lower bound on the hardness of integer factoring, which is obtained by extrapolating the best factorization results to date.

While for asymptotic security it suffices to give a polynomial time reduction a successful attack to factoring, we need for concrete security a reduction that is as efficient as possible. Our reduction algorithm relies on the techniques of Fischlin and Schnorr, as well as ideas of Vazirani and Vazirani, but combining these in a novel way for the case that more than one bit is output on each iteration.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Alexi, W., Chor, B., Goldeich, O., Schnorr, C.P.: RSA and Rabin functions: certain parts are as hard as the whole. SIAM Journal on Computing 17, 194–209 (1988)

    Article  MATH  MathSciNet  Google Scholar 

  2. Blum, L., Blum, M., Shub, M.: A Simple Unpredictable Pseudo-Random Number Generator. SIAM Journal on Computing 15, 364–383 (1986)

    Article  MATH  MathSciNet  Google Scholar 

  3. Bellare, M., Rogaway, P.: The exact security of digital signatures how to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)

    Google Scholar 

  4. ECRYPT Yearly Report on Algorithms and Keysizes (2004), Available at http://www.ecrypt.eu.org/documents/D.SPA.10-1.1.pdf

  5. Fischlin, R., Schnorr, C.P.: Stronger Security Proofs for RSA and Rabin Bits. Journal of Cryptology 13, 221–244 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  6. Gennaro, R.: An improved pseudo-random generator based on discrete log. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 469–481. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  7. Goldreich, O.: Three XOR-Lemmas – An Exposition. Technical report, ECCC TR95-056 (1995), Available at ftp://ftp.eccc.uni-trier.de/pub/eccc/reports/1995/TR95-056/Paper.pdf

  8. Hoeffding, W.: Probability in Equations for Sums of Bounded Random Variables. Journal of the American Statistical Association 56, 13–30 (1963)

    Article  MathSciNet  Google Scholar 

  9. Knuth, D.E.: Seminumerical Algorithms, 3rd edn. Addison-Wesley, Reading (1997)

    Google Scholar 

  10. Katz, J., Wang, N.: Efficiency Improvements for Signature Schemes with Tight Security Reductions. In: CCS 2003, Washington, DC, USA, October 27-30 (2003)

    Google Scholar 

  11. Lenstra, A.K., Verheul, E.R.: Selecting Cryptographic Key Sizes. Journal of Cryptology 14, 255–293 (2001)

    MATH  MathSciNet  Google Scholar 

  12. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Appied Cryptography. CRC Press series on discrete mathematics and its applications (2000)

    Google Scholar 

  13. Rabin, M.O.: Digitalized signatures and public-key functions as intractible as factorization. Technical report, TR-212. MIT Laboratory for Computer Science (1979)

    Google Scholar 

  14. Shoup, V.: On the security of a practical identification scheme. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 344–353. Springer, Heidelberg (1996)

    Google Scholar 

  15. Vazirani, U.V., Vazirani, V.V.: Efficient and Secure Pseudo-Random Number Generation. In: Proceedings 25th Symposium on Foundations of Computing Science IEEE, pp. 458–463 (1984)

    Google Scholar 

  16. Yao, A.C.: Theory and Application of Trapdoor Functions. In: Proceedings of IEEE Symposium on Foundations of Computer Science, pp. 80–91 (1982)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Eindhoven University of Technology, P.O. Box 513, 5600MB, Eindhoven, The Netherlands

    Andrey Sidorenko & Berry Schoenmakers

Authors
  1. Andrey Sidorenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Berry Schoenmakers
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. Computer Science, University of Bristol, Woodland Road, BS8 1UB, Bristol, United Kingdom

    Nigel P. Smart

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sidorenko, A., Schoenmakers, B. (2005). Concrete Security of the Blum-Blum-Shub Pseudorandom Generator. In: Smart, N.P. (eds) Cryptography and Coding. Cryptography and Coding 2005. Lecture Notes in Computer Science, vol 3796. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11586821_24

Download citation

  • DOI: https://doi.org/10.1007/11586821_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30276-6

  • Online ISBN: 978-3-540-32418-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics