Frieze, A. M., Kannan, R., and Lagarias, J. C., Linear congruential generators do not produce random sequences. Technical Report CMU-CS-84-146, Carnegie Mellon University, 1984.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....Curves The linear congruential generator is commonly used in practice. The seed consists of a list of constants a, b, n, and x 0 . The numbers output are x 0 , x 1 , x 2 , where x i is determined by the recurrence x i 1 = ax i b (mod n) However, this generator is unsecure ( Plu82] [FKL84]) In [Plu82] it is first shown that computing the constants a, b and n is reducible to computing an a 0 and n such that y k 1 = a 0 y k (mod n) which generates a sequence of differences (i.e. y k = x k Gamma x k Gamma1 ) Then the following algorithm gives a and b. If y 1 = 0 then a = 1. ....

Frieze, A. M., Kannan, R., and Lagarias, J. C., Linear congruential generators do not produce random sequences. Technical Report CMU-CS-84-146, Carnegie Mellon University, 1984.

....such prg s is only guaranteed asymptotically. In a particular example, one cannot compute exact bounds on the size of the seed needed. Third, most such generators are too inefficient to be used in practice. Linear congruential generators, although known not to be cryptographically secure (see e.g. [FKL], P] continue to be used in practice. Because of these disadvantages, work has been done to construct good generators for more specific tasks. For example, Santha [Sa] and Sipser [Si] introduced the notion of a quasi perfect pseudo random generator. A quasi perfect prg can be used to decrease ....

D. Frieze, R. Kannan, and J. C. Lagarias, "Linear Congruential Generators Do Not Produce Random Sequences," 25th FOCS, 1984.

.... by linear congruential generators, even when the multiplier, increment and modulus are unknown, by looking at the first few numbers generated (Plumstead (1982) Discarding the low order bits of the numbers in the output still fails to assure unpredictability (Boyar (1989a) Stern (1987) Frieze et al. 1984, 1988) Finally, general results for multiple linear congruential recurrences and for oneterm polynomial congruential recurrences of an arbitrary degree with unknown coefficients have been established which provide efficient inference methods for predicting the sequences of numbers produced ....

Frieze, A. M., Kannan, R. and Lagarias, J. C. (1984). Linear Congruential Generators Do Not Produce Random Sequences. Proceedings of the 25th IEEE Symposium on Foundations of Computer Science, 480-- 484.

....registers. Some results on congruential generators are as follows. Marsaglia [74] questions the claims of sufficient random behavior for sequences produced using linear congruential generators and Reeds [102] Knuth [68] Plumstead [99] Hastad and Shamir [56] and Frieze, Kannan and Lagarias [37] have all cast considerable doubt on the cryptographic value of sequences generated using the multiplicative congruential generator. A paper by Frieze, Hastad, 14 Stream Ciphers Kannan, Lagarias and Shamir [36] and one by Boyar (Plumstead) 13] undermine confidence in techniques to use fragments ....

A.M. Frieze, R. Kannan, and J.C. Lagarias. Linear congruential generators do not produce random sequences. IEEE Symposium on Foundations of Computer Science, 480--484, 1984.

....are unknown the sequence of numbers produced by a linear congruential generator is still predictable given some of the X i . Truncated LCG were suggested by Knuth [12] as a possible way to make a linear congruential generator secure. However these generators have also been shown to be predictable [5, 9, 19] as have more general congruential generators [4, 13] However, as indicated above, this predictability does not directly mean a cryptographic algorithm using the generator is breakable, since it is possible none of the bits of the random numbers used by the algorithm are ever made public. DSS is ....

A. M. Frieze, R. Kannan, and J. C. Lagarias. Linear congruential generators do not produce random sequences. In Proc. 25th IEEE Symp. on Foundations of Comp. Science, pages 480-- 484, Singer Island, 1984. IEEE.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC