Elsevier

Journal of Algorithms

Volume 13, Issue 4, December 1992, Pages 527-545
Journal of Algorithms

How to predict congruential generators

https://doi.org/10.1016/0196-6774(92)90054-GGet rights and content

Abstract

In this paper we show how to predict a large class of pseudorandom number generators. We consider congruential generators which output a sequence of integers s0, s1,…, where si is computed by the recurrence siΣj = 1k αjΦj(s0, s1,…, si−1) (mod m) for integers m and αj, and integer-valued functions Φj, j = 1,…, k. The predictors know the functions Φj in advance and have access to the elements of the sequence prior to the element being predicted, but they do not know the modulus m or the coefficients αj with which the generator actually works. We prove that both the number of mistakes made by the predictors and the time complexity of each prediction are bounded by a polynomial in k and log m, provided that the functions Φj are computble (over the integers) in polynomial time. This extends previous results about the predictability of such generators. In particular, we prove that multivariate polynomial generators, i.e., generators where siP(sin,…, si−1) (mod m), for a polynomial P of known degree in n variables, are efficiently predictable.

References (22)

  • B Chor et al.

    On the power of two-point based sampling

    J. Complexity

    (1989)
  • W Alexi et al.

    RSA and Rabin functions: Certain parts are as hard as the whole

    SIAM J. Comput.

    (1988)
  • E Bach

    Realistic analysis of some randomized algorithms

  • J Boyar

    Inferring sequences produced by pseudo-random number generators

    J. Assoc. Comput. Mach.

    (1989)
  • M Blum et al.

    How to generate cryptographically strong sequences of pseudo-random bits

    SIAM J. Comput.

    (1984)
  • L Blum et al.

    A simple unpredictable pseudo-random number generator

    SIAM J. Comput.

    (1986)
  • A.T Butson et al.

    Systems of linear congruences

    Can. J. Math.

    (1955)
  • J Edmonds

    Systems of distinct representatives and linear algebra

    J. Res. Nat. Bur. Stand. (B)

    (1967)
  • A.M Frieze et al.

    Reconstructing truncated integer variables satisfying linear congruences

    SIAM J. Comput.

    (1988)
  • O Goldreich et al.

    On the existence of pseudorandom generators

  • R Impagliazzo et al.

    Pseudo-random generation from one-way functions

  • Cited by (55)

    • On pseudorandom numbers from multivariate polynomial systems

      2010, Finite Fields and their Applications
    • Evaluation of splittable pseudo-random generators

      2015, Journal of Functional Programming
    • Quantum attacks on pseudorandom generators

      2013, Mathematical Structures in Computer Science
    View all citing articles on Scopus

    This research was supported by Grant No. 86-00301 from the United States-Israel Binational Science Foundation (BSF), Jerusalem, Israel. Current address: IBM T. J. Watson Research Center, P.O. Box 704, Yorktown Heights, NY 10598.

    View full text