R. Gennaro. An Improved Pseudo-Random Generator Based on the Discrete-Logarithm Problem. Journal of Cryptology, 18:91--110, 2005.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....one can factor n [C96] Beyond that, no better result is available [C03] Note that if the higher bits of one prime factor are known, then the higher bits of another factor are also exposed. Nevertheless, knowing h ; mod Ni still requires an adversary to compute e 2 in O(2 350 time (see [G00] and the references therein) The main reason that we rely on the hardness of factoring a product of two primes (where one prime is in the aforementioned special form) is only for the purpose of making the scheme more ecient. This is because we use a range proof technique that does not ....

R. Gennaro. An Improved Pseudo-Random Generator Based on the Discrete Logarithm Problem. Crypto'00.

....and 28 multiplications, which is about 11 bits per multiplication. With n = 20 we get 1120 bits for one inversion and 58 multiplications, which is roughly 19 bits per multiplication. Hence, our generator is more ecient than other algebraic generators, e.g. the pseudorandom generator due to Gennaro [9] which is based on the problem of discrete log with small exponent. The generator of [9] generates approximately one pseudorandom bit per multiplication. Furthermore, Gennaro s generator uses a much larger prime eld. Other algebraic generators, such as the Blum Blum Shub generator [2] generate a ....

....bits for one inversion and 58 multiplications, which is roughly 19 bits per multiplication. Hence, our generator is more ecient than other algebraic generators, e.g. the pseudorandom generator due to Gennaro [9] which is based on the problem of discrete log with small exponent. The generator of [9] generates approximately one pseudorandom bit per multiplication. Furthermore, Gennaro s generator uses a much larger prime eld. Other algebraic generators, such as the Blum Blum Shub generator [2] generate a small number of pseudorandom bits per multiplication modulo a much larger modulus than ....

R. Gennaro. An improved pseudo-random generator based on discrete log. In Advances in Cryptology { CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pp. 469-481. Springer-Verlag, 2000.

.... show that our asymptotic notion of observational equivalence between probabilistic polynomial time processes coincides with the traditional notion of indistinguishability by polynomial time statistical tests, a standard way of characterizing cryptographically strong pseudorandom number generators [37,17,16,25,15]. 6.0.1 Pseudorandom Number Generators We begin by recalling several standard notions from cryptographic literature [37,17,16,25,15] Definition 6.1 [function ensemble] A function ensemble f is an indexed family of functions f n : A n n#N . The reader might wish to review defns. 2.4, ....

....notion of indistinguishability by polynomial time statistical tests, a standard way of characterizing cryptographically strong pseudorandom number generators [37,17,16,25,15] 6.0. 1 Pseudorandom Number Generators We begin by recalling several standard notions from cryptographic literature [37,17,16,25,15]. Definition 6.1 [function ensemble] A function ensemble f is an indexed family of functions f n : A n n#N . The reader might wish to review defns. 2.4, 2.5, 2.6, 2.7 and 2.8 for details before proceeding. Definition 6.2 A function ensemble f : A n B n is uniform if there exists a ....

R. Gennaro. An improved pseudo-random generator based on discrete log. In Proc. CRYPTO 2000.

.... of observational equivalence between probabilistic polynomial time processes coincides with the traditional notion of indistinguishability by polynomial time statistical tests, a standard way of characterizing cryptographically strong pseudorandom number generators [Yao82, Gol00, Gol99, Lub96, Gen00] 6.1 Pseudorandom Number Generators For the remainder of this section, let S refer to an arbitrary scheduler. We begin by recalling several standard notions from cryptographic literature [Yao82, Gol00, Gol99, Lub96, Gen00] Definition 6.1 (function ensemble) A function ensemble f is an ....

....strong pseudorandom number generators [Yao82, Gol00, Gol99, Lub96, Gen00] 6.1 Pseudorandom Number Generators For the remainder of this section, let S refer to an arbitrary scheduler. We begin by recalling several standard notions from cryptographic literature [Yao82, Gol00, Gol99, Lub96, Gen00] Definition 6.1 (function ensemble) A function ensemble f is an indexed family of functions f n : A n n#N . The reader might wish to review defns. 2.5, 2.6, 2.7, 2.8 and 2.9 for details before proceeding. Definition 6.2. A function ensemble f : A n B n is uniform if there exists a ....

R. Gennaro. An improved pseudo-random generator based on discrete log. In Proc. CRYPTO 2000, pages 469--481. Springer LNCS 1880, 2000. Revised version available on www.research.ibm.com/people/r/rosario/.

....and somewhat more e#cient. In addition, we present a general technique that can be used to speed up pseudorandom generators based on iterating one way permutations. We construct our generator by applying this technique to results of [HSS93] We also show how the generator given by Gennaro [Gen00] can be simply derived from results of Patel and Sundaram [PS98] using our technique. 1 Introduction Blum and Micali [BM84] and Yao [Yao82] introduced the notion of a pseudorandom generator secure against all polynomial time adversaries. Since then, multiple constructions have been proposed. ....

.... obtains n 2 O(log n) bits of randomness per half of a fixed base modular exponentiation (to be precise, our exponent is n 2 O(log n) bits long) The resulting construction is thus simpler and faster than the ones of [HSS93] and [GR00] Our generator is quite similar to the one of Gennaro [Gen00]: it also essentially repeatedly raises a fixed base to a short exponent, outputs some bits of the result, and uses the rest as an exponent for the next iteration. The main di#erence is that Gennaro s generator, while more e#cient than ours, works modulo a prime and requires the nonstandard ....

[Article contains additional citation context not shown here]

Rosario Gennaro. An improved pseudo-random generator based on discrete log. In Mihir Bellare, editor, Advances in Cryptology---CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 469--481. Springer-Verlag, 20--24 August 2000.

.... of observational equivalence between probabilistic polynomialtime processes coincides with the traditional notion of indistinguishability by polynomial time statistical tests, a standard way of characterizing cryptographically strong pseudorandom number generators [Yao82, Gol00, Gol99, Lub96, Gen00] 20 6.0.1 Pseudorandom Number Generators We begin by recalling several standard notions from cryptographic literature [Yao82, Gol00, Gol99, Lub96, Gen00] De nition 6.1 (function ensemble) A function ensemble f is an indexed family of functions ff n : A n B n g n2N . The reader might ....

....statistical tests, a standard way of characterizing cryptographically strong pseudorandom number generators [Yao82, Gol00, Gol99, Lub96, Gen00] 20 6.0. 1 Pseudorandom Number Generators We begin by recalling several standard notions from cryptographic literature [Yao82, Gol00, Gol99, Lub96, Gen00] De nition 6.1 (function ensemble) A function ensemble f is an indexed family of functions ff n : A n B n g n2N . The reader might wish to review defns. 2.4, 2.5, 2.6, 2.7 and 2.8 for details before proceeding. De nition 6.2. A function ensemble f : A n B n is uniform if there exists a ....

R. Gennaro. An improved pseudo-random generator based on discrete log. In Proc. CRYPTO

....logarithm problem. Later Luby et al. ILL89] used the Goldreich Levin hard core bit theorem[GL89] to show that existence of pseudo random generators follow from existence of any one way functions. Also, more e#cient generators have been proposed, based on specific assumptions, see for instance [GR00,HSS93,Gen00]. In this paper, we propose a new generator based on Paillier s composite degree residuosity assumption (DCRA) This generator expands a uniformly chosen bit string r of length k 2 bits, where k is the security parameter, into a pseudo random bit string of length 2k log 2 (k) using one ....

Rosario Gennaro. An improved pseudo-random generator based on discrete log. In Mihir Bellare, editor, Advances in Cryptology - Crypto 2000, pages 469--481, Berlin, 2000. Springer-Verlag. Lecture Notes in Computer Science Volume 1880.

No context found.

R. Gennaro. An Improved Pseudo Random Generator Based on Discrete Log. In Crypto '00, pages 469-481, 2000. LNCS No. 1880.

No context found.

R. Gennaro. An Improved Pseudo-Random Generator Based on the Discrete-Logarithm Problem. Journal of Cryptology, 18:91--110, 2005.

No context found.

Gennaro, R. An improved pseudo-random generator based on discrete log. CRYPTO

No context found.

R. Gennaro, An Improved Pseudo-random Generator Based on the Discrete Logarithm Problem , Journal of Cryptology, 18(2), pp.91-110, Spring 2005. Early version appeared in CRYPTO'2000.

No context found.

Gennaro, R. An improved pseudo-random generator based on discrete log. In Proc. CRYPTO

No context found.

Gennaro, R. An improved pseudo-random generator based on discrete log. In Proc. CRYPTO

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC