L. Blum, M. Blum and M. Shub, "A simple unpredictable pseudo-random number generator, " SIAM Journal on Computing Vol. 15, No. 2, 364-383, May 1986.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....It was the first provably secure public key encryption and signature scheme that is, the underlying problem of the scheme is provably as di#cult as some computational problem that is widely believed to be di#cult, such as FACTORING or DLP. The Blum Blum Shub (BBS) pseudorandom bit generator [BBS86] is based on the assumption that integer factorization is intractable. It works in a similar way to the RSA PRBG, using f(x) x (mod n) where n is a Blum integer. The BBS generator forms the basis for the Blum Goldwasser probabilistic public key encryption scheme [BG85] The scheme uses the ....

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364--383, 1986.

....has three parts: a mathematical argument tracing our RNG s randomness to a formal definition of turbulence s unpredictability, a novel use of the FFT as an unbiasing algorithm, and a sanity check data analysis. I Introduction Secure PRNG design commonly rests on computational complexity [2, 5, 6, 13, 24], but none of the underlying problems has been proven to be hard. Specialized hardware can provide naturally random physical noise, but has disadvantages: dedicated devices tend to be expensive; natural noise tends to be biased and correlated; hardware failure can silently suppress randomness; and ....

L. Blum, M. Blum, and M. Shub, "A simple unpredictable pseudo-random number generator," SIAM J. Cornput., 15(2) (1986). pp. 364-83.

.... layer threats are typically countered by frequency hopping or spread spectrum communication [25] and MAC layer attacks can be alleviated by using a less susceptible protocol (Slotted Aloha [26] for example) good entropy management, and a cryptographically secure pseudo random number generator [27]. It is possible for adversaries to exploit weaknesses in these layers to mount attacks whose goals are similar to those discussed in Section VI (for example, an adversary could try to corrupt packets selectively by well timed collisions or jamming) but we will not consider attacks on the ....

M.Blum and S. Micali, "A simple unpredictable pseudo-random number generator," SIAM J. Computing, vol. 15, no. 2, pp. 364--383, May 1986.

....a Blum integer, i.e. N = p 1 p 2 , where p 1 and p 2 are distinct primes each congruent to 3 mod 4. Recall the notion of a Blum Blum Shub (BBS) sequence x 0 ; x 1 ; Delta Delta Delta ; x n , with x 0 = g (mod N) for a random g 2 ZN , and x i = x i Gamma1 (mod N ) 1 i n. It is shown in [BBS86] that the sequence defined by taking the least significant bit of the elements above is polynomial time unpredictable (unpredictable to the left and to the right) provided the quadratic residuosity assumption (QRA) holds. Recall also that these sequences are periodic (although not always purely ....

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364--383, May 1986.

....O(log q) such as a 2 3 tree (there are tree schemes that achieve O(log log q) performance, but they are of mostly theoretical interest) The operation Extract(S, n) returns and simultaneously removes the n th smallest element in S. We generate a pseudo random sequence a1 , a2 , using BBS [4], with seed a0 = H(k, i, p0 , p1 , pq 1 ) Then, for each j = q 1, q 2, 1, 0 we set b j = Extract(S, a j mod (j 1) It is easy to prove that , b1 , bq 1 is a uniformly distributed permutation of S. We use the random permutation to re order the pointers as R = p ....

....of the message. 3. SECURITY Other than tampering with the document, Mallory may try to retrieve the secret message, the key, or both. We show that if the adversary could determine some bits of the secret message then he would be able to break a crypto secure pseudo random generator (e.g. BBS [4]) which is extremely unlikely (hence it is just as unlikely that the adversary can get the secret message bits) Suppose that the adversary knows an algorithm to retrieve the watermarks from the LZS 77 compressed text. We now describe how to design a method that correctly guesses the next bit ....

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM J. Comput., 15(2):364--383, May 1986.

....to Gennaro [9] which is based on the problem of discrete log with small exponent. The generator of [9] generates approximately one pseudorandom bit per multiplication. Furthermore, Gennaro s generator uses a much larger prime eld. Other algebraic generators, such as the Blum Blum Shub generator [2], generate a small number of pseudorandom bits per multiplication modulo a much larger modulus than the one we use. The exact comparison of our generator to BBS depends on the number of bits per round output by the BBS generator. Even faster variants We can increase the speed even further by ....

L. Blum, M. Blum, M. Shub, \A simple unpredictable pseudo-random number generator", SIAM J. Comput. 15, 2 (1986) 364-383.

....relevance to our work. Almost all of the proposed constructions (starting with discrete logarithm based one of [BM84] consisted of repeatedly applying some one way function and outputting its hardcore bits. The first generator based on the factoring assumption was proposed by Blum, Blum and Shub [BBS86]. It iterated modular squaring with an n bit modulus, extracted one bit of output per iteration, and was originally proven secure based on the quadratic residuosity assumption. This was later improved by [ACGS88] who showed that that only the factoring assumption is needed and that O(log n) bits ....

....if the hardcore bits are a projection of the input onto a subspace of Z 2 , and the non hardcore bits are a projection onto the orthogonal subspace, then we are fine. the e#ciency gains in our generator and those of [Gen00, GR00] and also applies to other pseudorandom generators (such as [BBS86]) In particular, it explains how Gennaro s generator is obtained from Patel s and Sundaram s [PS98] providing a simpler proof than the one in [Gen00] 2 An E#cient Pseudorandom Generator . x denote the length of a string x, and x i denote the i th bit of x; P, Q of equal length be ....

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364--383, May 1986.

....of f # is otherwise lost. Let N be the product of two large primes P, Q, such that N n. Define a candidate one way function f : x x mod N and an associated pseudorandom bit generator by G : x lsb(x) lsb(f(x) lsb(f(f(x) lsb(f (x) due to Blum, Blum and Shub [4], where lsb stands for least significant bit . Denote G j i (x) the bits from positions i to j of G(x) and define recursively functions f # : for 0 i n and words w of length i as follows: f # (#) #, f 1 (f # (w) f n 1 (f # (w) The pseudo random function is ....

Blum, M., L. Blum and Shub, "A simple unpredictable pseudo-random number generator", SIAM J. Computing, 15(2):364--383, May 1986.

....bit commitment [38] the strong committer variant, which allows zero knowledge proofs [21] and succinct secret sharing [31] Cryptographically strong pseudo random generators were defined by Blum and Micali [5] who constructed a pseudo random generator based on discrete log. Blum, Blum and Shub [4] constructed a pseudo random generator based on quadratic residuosity. Yao [47] showed that the definition given above is equivalent to that of Blum and Micali, and gave a general construction that can be based on any one way permutation. An essential part in these and other constructions is a ....

L. Blum, M. Blum and M. Shub, A simple Unpredictable Pseudo-Random Number Generator, Siam J. on Comput., 1986.

....of course, is always allowed to use any extra structure that might be present, although not explicitly assumed. If extra structure is explicitly assumed, it is at least available to the scheme designer as well. Indeed, factoring (properly modified ) yields a specific trapdoor permutation [W] [BBS], with some rich algebraic properties. However, once we must resort to making assumptions, we better make the smallest ones. Trapdoor permutations may exist, but trapdoor permutations enjoying specific algebraic properties may not. In order to establish the existence of the basic cryptographic ....

....f0; 1g z n by F (x 1 ; x n ) f(x 1 ) f(x n ) F is still a permutation, and Yao shows that by choosing n to be an appropriate polynomial in k, it can be made to satisfy (2) of definition 4.1. The same construction works for the trapdoor permutations of [BBS]. In general, the construction can be applied whenever ffl the domain of f is a subset of f0; 1g of size at least a polynomial fraction of f0; 1g ffl there is a (polynomial time) algorithm to determine whether a given point lies in the domain. 5 An Overview of the Scheme We present here ....

Blum, L., M. Blum, and M. Shub, "A Simple Unpredictable Pseudo-Random Number Generator," SIAM Journal on Computing 15(2), 364-383, May 1986.

....is used to perform timed commitments to arbitrary strings. Thus, what we call a (commitment to a) time line is a simpler building block: given the time line the committed value is xed; we elaborate on this onwards. 3 a random g 2 ZN , and x i = x i 1 2 (mod N ) 1 i n. It is shown in [BBS86] that the sequence de ned by taking the least signi cant bit of the elements above is polynomial time unpredictable (unpredictable to the left and to the right) provided the quadratic residuosity assumption (QRA) holds. The generalized BBS assumption. In [BN00] Boneh and Naor postulate the ....

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364-383, May 1986.

....use of message indices entirely. Rather than deriving the MAC for m i through knowledge of i, More ecient use of f is possible for general pseudorandom generator constructions involving one way permutations and hard core bits. For example, it is possible to use the Blum Blum Shub generator [8], regarding the state of the generator as the output of f1 and a sequence of hardcore bits as the output of f2 . This is more ecient than the scheme described above, in which it is implied that the output of f1 itself consists of hard core bits. The authors wish to thank an anonymous reviewer for ....

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364-383, 1986.

....with different technique. Alexi et al. 1] showed that RSA Rabin function can hide O(logk) bits under the intractability assumption of RSA encryption and factoring. Vazirani and Vazirani [22] showed that O(logk) bits can be securely extracted from the x 2 mod N generator of Blum, Blum and Shub [2] as well as from the RSA Rabin functions. Recently Micali and Schnorr [14] developed a very efficient polynomial random number generator which can be based on an arbitrary prime modulus as well as on RSA modulus. This generator can produce more than k=2 bits per iteration at a cost of about one ....

....the Euler phi function. Let h be a one way hash function hashing arbitrary input strings into output values less than e A . Let G(n; s) be the same as before. But it can be based on the modulus NA of the receiver, such as the RSA Rabin scheme based generators [1] 14] or the x 2 mod N generator [2] [22] Of course, a common, possibly standardized, pseudorandom number generator may be used independently of the individual modulus. Assume that user B wants to send user A an n bit message m. Then the enciphering and deciphering algorithms are as follows. Enciphering Algorithm (user B) i) ....

L.Blum, M.Blum and M.Shub, "A simple unpredictable pseudo-random number generator, " SIAM J. Computing vol.15 no. 2 (1986), 364-383.

....if c = c 0 ,c 1 , c n 1 )isann element pattern of symbols, then by an occurrence of c in a we mean an index i such that 0 # i # L 1, and c = a i ,a i 1, a i n 1 ) That is, we allow the n element pattern to extend into the second period, as long as it starts in the first period. In [1] it was shown that if a is a binary # sequence based on a prime connection number q then the number of occurrences of any two n element patterns c di#er at most by one. This result was extended [6] to the slightly more general notion of # sequence for which the connection number q is a power of a ....

L. Blum, M. Blum, and M. Shub, A simple unpredictable pseudorandom number generator, SIAM J. Comp. 15 (1986) 364-383.

.... for nonlinear polynomials f(X) # IF q [X] One of such frequently used generators of this type is the power generator which produces sequences R = r n ) # n=0 satisfying the relation r n = r e n 1 , n = 1, 2, with an initial value r 0 = # # IF # q and an exponent e # 2 (see [1], 3] 16] 34] We remark that in cryptography this generator is used with RSA moduli which are products of two large primes. One can easily verify that r n = # e n , n = 0, 1, Lower bounds on the linear complexity and the linear complexity profile of the power generator have ....

L. Blum, M. Blum, and M. Shub, "A simple unpredictable pseudo-random number generator", SIAM J. Comput., vol. 15, pp. 364--383, 1986.

....will be omitted. Please see Blum and Micali s paper [5] for the proof. 7 Examples of CSPRBG s Now that we have seen the basic design of CSPRBG, this section will present some examples of them. One of the first practical generators was the Blum, Blum, Shub (BBS) generator named after its creators [3]. It is based on the difficulty of the Quadratic Residue problem. Some preliminary definitions are required. Definition 7.1 Let n be a positive integer. An integer x 0 is said to be a quadratic residue modulo n if there is an integer y 2 f1; n Gamma 1g so that y 2 j x (mod n) The set ....

....idea is to show that if we have a previous bit predictor with a certain probability of accuracy, then we can construct a probabilistic polynomial time algorithm which can solve the Quadratic Residue Problem. The proof is omitted here, but can be found in the original paper by Blum, Blum, and Shub [3]. For further reading on quadratic residues, Stinson s book [16] would be very enlightening. The second generator we will look at is called the RSA Rabin generator which is based on the well known RSA cryptosystem. To setup this system, choose two k=2 bit primes p and q, and a number 2 e n ....

L. Blum, M. Blum, and M. Shub. A Simple Unpredictable Pseudorandom Number Generator. SIAM Journal on Computing. 15(1986), 364-383.

....k such that xy mod 2 = v and obtains the ciphertext as c = f(x)y, the concatentation of f(x) and y. How ecent are the probabilistic schemes In the schemes described so far, the ciphertext is longer than the cleartext by a factor proportional to the security parameter. However, it has been shown [23, 27] using later ideas on pseudo random number generation how to start with trapdoor functions and build a probabilistic encryption scheme that is polynomial time secure for which the ciphertext is longer than the cleartext by only an additive factor. The most ecient probabilistic encryption scheme is ....

....to be 1 if index g;p (x) p 1) 2, and 0 otherwise, where p is a prime, g is a generator of Z p , and x 2 Z p , and de ne f(x) f g;p (x) g x mod p. If computing discrete logarithms modulo p is indeed dicult, then the sequences produced will be unpredictable. Blum, Blum, and Shub [23] propose another generator, called the x 2 mod n generator , which is simpler to implement and also provably secure (assuming that the quadratic residuousity problem is hard) This generator follows the Blum Micali general method, with B(x) 1 i x is odd, and f(x) x 2 mod n. Alexi, Chor, ....

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM J. Computing, 15(2):364-383, May 1986.

....uniform random string. Unfortunately, most of these random functions are block ciphers burdened by the unnecessary constraint of invertibility. See the books [27] and [19] for descriptions of many block ciphers and random access stream ciphers. 4 DANIEL J. BERNSTEIN Blum, Blum, and Shub in [12] constructed a fast short random function with a small input, and proved that any fast algorithm to predict that function could be turned into a surprisingly fast algorithm to factor integers. Naor and Reingold in [21] constructed fast random functions with large inputs and with similar guarantees ....

Lenore Blum, Manuel Blum, Michael Shub, A simple unpredictable pseudorandom number generator, SIAM Journal on Computing 15 (1986), 364-383. MR 87k:65007. PROTECTING COMMUNICATIONS AGAINST FORGERY 7

....algorithm G from strings to strings satisfying the following two conditions: 1) There exists a function l : N # N such that l(n) n for all n # N , and G(x) l( x ) for all x # 0, 1 # . 2) The ensemble G(U n ) n#N is pseudorandom. For example, Blum, Blum, and Shub [2] proposed the following BBS [2] pseudorandom generator. Example 1 Let both p and q be distinct primes congruent to 3 mod 4, N = pq, and l(n) n be a polynomial. For each number x N and i # l(log N) let x 1 = x, x i 1 = x 2 i mod N and b i =parity(x i ) where parity(y) denotes the least ....

....to strings satisfying the following two conditions: 1) There exists a function l : N # N such that l(n) n for all n # N , and G(x) l( x ) for all x # 0, 1 # . 2) The ensemble G(U n ) n#N is pseudorandom. For example, Blum, Blum, and Shub [2] proposed the following BBS [2] pseudorandom generator. Example 1 Let both p and q be distinct primes congruent to 3 mod 4, N = pq, and l(n) n be a polynomial. For each number x N and i # l(log N) let x 1 = x, x i 1 = x 2 i mod N and b i =parity(x i ) where parity(y) denotes the least significant bit of y. Then the ....

[Article contains additional citation context not shown here]

L. Blum, M. Blum and M. Shub. A simple unpredictable pseudo-random number generator. SIAM J. Comput., 15(2):364--383, 1986.

....N was computed from two K=2 bit primes chosen uniformly at random; and x 2R Z 1 N means drawing x uniformly at random from Z 1 N . In [1] it was shown that even when poly(K) many QNR s are given, it is still as dicult to compute QRN (x) as without QNR s. Many cryptographic protocols, like [59, 31], were based upon this assumption. 14 2.1.5 Trapdoor Predicates In this section, we de ne the notion of trapdoor predicates, which is in some sense generalization of quadratic residuosity predicate. Informally, a one way predicate is a predicate B, such that given x it is hard to compute B(x) ....

M. Blum,M. Blum, and M. Shum. A simple unpredictable pseudo-random number generator. In SIAM Journal on Computing, vol 15, 1986, pp 364-383.

....3.3. 1 Confidentiality of M in TE(M; t) We assume that Alice has implemented properly our security requirements on the large magnitudes of Order OE(n) 2) and Order n (a) Then we observe that the mapping from a e to a e (t) is random (which follows the Blum Blum Shub random sequence generator [2]) in a large subset of the quadratic residues modulo n. Thus, given the difficulty of extracting the e th root of a random element in the RSA group, a successful extraction of a(t) from a e (t) will constitute a grand breakthrough if it is done at a cost less than t squarings modulo n. The ....

Blum, L., Blum, M. and Shub, M. A simple unpredictable pseudo-random number generator, SIAM J. Comput. 15(2): 364-383 (1986).

.... Generator (QRG) The Energy Scalable Encryption Processor that is used to demonstrate the notion of energy scalability utilizes a symmetric stream cipher known as the Quadratic Residue Generator (QRG) The QRG is based on Blum, Blum, and Shub s cryptographically secure pseudo random bit generator [19]. The QRG operates by performing repeated modular squarings of an initial seed value x 0 (4 1) where the modulus N is the product of two distinct prime values p and q with the property that . The least significant log 2 log 2 N bits of each result are then extracted and serialized to form a ....

....4 1. The security of the generator is derived from the difficulty of determining whether or not a number is a square root modulo N (i.e. determining quadratic residuosity) This problem has been proven to be equivalent to that of factoring the modulus N into its constituent prime factors p and q [19], which is just the IF problem defined in Section 5.1.2, and restated here for convenience. Given an n bit modulus (n = the amount of computation required to factor N can be expressed in terms of asymptotic time complexity as (4 3) where c and v are dependent on the factoring algorithm used, ....

L. Blum, M. Blum, and M. Shub, "A simple unpredictable pseudorandom number generator, " SIAM Journal on Computing, vol. 15, no. 2, pp. 364-383, May 1986.

....0 ; c 1 ; c n 1 ) is an n element pattern of symbols, then by an occurrence of c in a we mean an index i such that 0 i L 1, and c = a i ; a i 1; a i n 1 ) That is, we allow the n element pattern to extend into the second period, as long as it starts in the rst period. In [1] it was shown that if a is a binary sequence based on a prime connection number q then the number of occurrences of any two n element patterns c di er at most by one. This result was extended [6] to the slightly more general notion of sequence for which the connection number q is a power of a ....

L. Blum, M. Blum, and M. Shub, A simple unpredictable pseudorandom number generator, SIAM J. Comp. 15 (1986) 364-383.

....then almost n=2 pseudo random bits can be extracted per modular exponentiation. Better efficiency can be gained by looking at the quadratic residuosity problem in Z N where N is a Blum integer (i.e. product of two primes of identical size and both j 3 mod 4. Under this assumption, Blum et al. [3] construct a secure PRBG for which each iteration consists of a single A preliminary version of this paper appeared in the proceedings of CRYPTO 2000 [7] The main differences between the two versions are summarized in Section 1.2 1 squaring in Z N and outputs a pseudo random bit. Alexi et al. ....

....to be able to say that the PRBG is secure we need to make sure that the complexity of this reduction is smaller than the time to break c DLSE with the best known algorithm (which we know today is 2 c=2 ) Comparison with the BBS generator. The BBS generator was introduced by Blum et al. in [3] under the assumption that deciding quadratic residuosity modulo a composite is hard. The generator works by repeatedly squaring modN a random seed in Z N where N is a Blum integer (N = PQ with P; Q both primes of identical size and j 3 mod 4. At each iteration it outputs the least significant ....

L. Blum, M. Blum and M. Shub. A Simple Unpredictable Pseudo-Random Number Generator. SIAM J.Computing, 15(2):364--383, May 1986.

....problems are believed to be hard (cf. 13] 12] We now describe our basic protocol in more detail. For this purpose we combine the multiplicative threshold scheme of Boyd [17] the ElGamal [18] threshold scheme of Desmedt Frankel [19] and add time dependency using ideas from Blum Blum Shub [20]. For verification we adapt Pedersen scheme [21] A. The protocol A.1 Setting The parties involved: the sender Alice, the receiver Bob, a Court, the Law Enforcement Agency LEA, and the Escrow Agents EA i , i = 1; 2; l. The parameters: A Discrete Logarithm setting is used. Bob chooses a ....

....LEA, and the Escrow Agents EA i , i = 1; 2; l. The parameters: A Discrete Logarithm setting is used. Bob chooses a prime p such that p Gamma 1 has two large prime factors p 1 ; p 2 , with p 1 j p 2 j 3 (mod4) so ( Gamma1 j p 1 ) Gamma1 j p 2 ) Gamma1 (p 1 p 2 is a Blum integer [20]) and an element g 2 Z p whose order is p 1 p 2 . Bob publishes p; g. The number l of agents must be polynomially bounded in the length of p. Bob has a long term public key which is known to all parties concerned. This key is used for authenticating (signing) Bob s encryption keys and the ....

L. Blum, M. Blum, and M. Shub, "A simple unpredictable pseudo-random number generator," Siam J. Comput., vol. 15, no. 2, pp. 364--383, 1986.

....encryptions with earlier keys is related to two problems: the problem of finding elements of large order in Z p and the symmetric Diffie Hellman decision problem. Both problems are believed to be hard (cf. 1, 23] We first describe our basic protocol in more detail. This combines ideas from [6, 7, 14, 26]. Setting The parties involved: the sender Alice, the receiver Bob, a Court, the Law Enforcement Agency LEA, and the Escrow Agents EA i , i = 1; 2; The parameters: A Discrete Logarithm setting is used. Bob chooses a prime p such that p Gamma 1 has two large prime factors p 1 ; p 2 , ....

....LEA, and the Escrow Agents EA i , i = 1; 2; The parameters: A Discrete Logarithm setting is used. Bob chooses a prime p such that p Gamma 1 has two large prime factors p 1 ; p 2 , with p 1 j p 2 j 3 (mod 4) so ( Gamma1 j p 1 ) Gamma1 j p 2 ) Gamma1 (p 1 p 2 is a Blum integer [6]) and an element g 2 Z p whose order is p 1 p 2 . Bob gives p; g to all the agents EA i , i = 1; 2; and to Alice. Bob has a long term public key which is known to all parties concerned. This key is used for authenticating (signing) Bob s encryption keys and the parameters p; g, if ....

Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2) (1986) 364--383

No context found.

L. Blum, M. Blum, and M. Shub, A simple unpredictable pseudo-random number generator, SIAM J. Computing, 15 (1986), pp. 364--383.

....secrecy between communicating parties without the need to distribute secret keys. The most famous public key cryptosystem is that devised by Rivest, Shamir, and Adleman (RSA) 1] Another lesser known public key cryptosystem is the Quadratic Residue Cipher (QRC) introduced by Blum, Blum, and Shub [2], which relies on the ease of squaring an integer, mod n, as compared to the intractability of finding the square root of a number, mod n when n is large. As with RSA the valid recipient publishes the prime factors of n, where n = pq and p and q are strong primes. The sender scrambles his message ....

....this paper this o#set is incorporated into BBS generation without cost, and further simplification is made possible by considering the generation of BBS like sequences. 4 2 Blum Blum Shub Sequence (BBS) and QRC Let n = pq, where p and q are primes satisfying p = 4k p 3, q = 4k q 3. The BBS [2, 5] of integer a, mod n, is given by, BBS n (a) L(BS n (a) where BS n (a) a, a 2 , a 4 , a 2 t 1 ) mod n, t # n (1) where the order i of BBS n (a) is n = lcm ii ( p , q ) p = ord ordp (a) 2) q = ord ordq (a) 2) and L means concatenate the h ....

[Article contains additional citation context not shown here]

Blum,L., Blum,M., Shub,M.: "A Simple Unpredictable PseudoRandom Number Generator", SIAM J. Comput, May 1986,15,(2), pp. 364-383

No context found.

L. Blum, M. Blum and M. Shub, "A simple unpredictable pseudo-random number generator, " SIAM Journal on Computing Vol. 15, No. 2, 364-383, May 1986.

No context found.

Blum L. Blum, M and M. Shub. A simple unpredictable pseudorandom number generator. SIAM J. Computing, 15(2), May 1986.

No context found.

L. Blum, M. Blum, and M. Shub. A Simple Unpredictable Pseudo-Random Number Generator. SIAM Journal on Computing, 15:364--383, 1986.

No context found.

Blum L. Blum, M. and Shub M. (1986) `A simple unpredictable pseudo random number generator', SIAM Journal of Computing, 15:364--383.

No context found.

L. Blum, M. Blum, M. Shub, A Simple Unpredictable Pseudo-Random Number Generator, SIAM J. Comput. 15(2): 364-383 (1986).

No context found.

Blum, Leonore, Blum, Manuel, and Shub, M., A Simple Unpredictable Pseudo-random Number Generator, SIAM Journal of Computing, vol. 15, no. 2, May 1986, pp 364-383

No context found.

L. Blum, M. Blum, and M. Shub. A Simple Unpredictable Pseudo-Random Number Generator. SICOMP, Vol. 15, pp. 364--383, 1986.

No context found.

L. Blum, M. Blum, and M. Shub, "A simple unpredictable pseudorandom number generator," SIAM J. Comput., vol. 15, no. 2, pp. 364--383, May 1986.

No context found.

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364-383, May 1986.

No context found.

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364--383, May 1986.

No context found.

L. Blum, M. Blum, and M. Shub, \A Simple Unpredictable PseudoRandom Number Generator," SIAM Journal of Computing, v. 15, n. 2, 1986, pp. 364-383.

No context found.

L. Blum, M. Blum, M. Shub, A simple unpredictable pseudo-random number generator , SIAM J. Comput. 15 (1986), 364--383.

No context found.

L. Blum, M. Blum, and M. Shub, A simple unpredictable pseudo-random number generator, SIAM J. Comput., vol. 15, 1986, pp. 364--383.

No context found.

M. Blum, M. Blum, and M. Shum. A simple unpredictable pseudorandom number generator. SIAM Jour. on computing, 15:364--383, 1986.

No context found.

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364--383, May 1986.

No context found.

Blum, L., M. Blum and M. Schub (1986). A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, Vol. 15, No. 2, pp. 364--383.

No context found.

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15 (1986), 364-381.

No context found.

L. Blum, M. Blum, and M. Shub, A simple unpredictable pseudorandom number generator, SIAM J. Comp. 15 (1986), pp. 364-383.

No context found.

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudo-random number generator. SIAM Journal on Computing, 15(2):364-383, 1986.

No context found.

L. Blum, M. Blum, and M. Shub. A simple unpredictable pseudorandom number generator. Siam Journal of Computing, 15(2), 1986.

No context found.

L. Blum, M. Blum and M. Shub, "A simple unpredictable pseudo-random number generator," SIAM Journal on Computing Vol. 15, No. 2, 364-383, May 1986.

No context found.

L Blum, M. Blum, and M Shub, A Simple Unpredictable Pseudo-Random Number Generator, In SICOMP, vol. 15, pp 364-383, 1986.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC