Results 1 
7 of
7
Random number generation
"... Random numbers are the nuts and bolts of simulation. Typically, all the randomness required by the model is simulated by a random number generator whose output is assumed to be a sequence of independent and identically distributed (IID) U(0, 1) random variables (i.e., continuous random variables dis ..."
Abstract

Cited by 136 (30 self)
 Add to MetaCart
Random numbers are the nuts and bolts of simulation. Typically, all the randomness required by the model is simulated by a random number generator whose output is assumed to be a sequence of independent and identically distributed (IID) U(0, 1) random variables (i.e., continuous random variables distributed uniformly over the interval
Lattice Reduction: a Toolbox for the Cryptanalyst
 Journal of Cryptology
, 1994
"... In recent years, methods based on lattice reduction have been used repeatedly for the cryptanalytic attack of various systems. Even if they do not rest on highly sophisticated theories, these methods may look a bit intricate to the practically oriented cryptographers, both from the mathematical ..."
Abstract

Cited by 55 (7 self)
 Add to MetaCart
In recent years, methods based on lattice reduction have been used repeatedly for the cryptanalytic attack of various systems. Even if they do not rest on highly sophisticated theories, these methods may look a bit intricate to the practically oriented cryptographers, both from the mathematical and the algorithmic point of view. The aim of the present paper is to explain what can be achieved by lattice reduction algorithms, even without understanding of the actual mechanisms involved. Two examples are given, one of them being the attack devised by the second named author against Knuth's truncated linear congruential generator, which has been announced a few years ago and appears here for the first time in journal version.
How to Stretch Random Functions: The Security of Protected Counter Sums
 Journal of Cryptology
, 1999
"... . Let f be an unpredictable random function taking (b + c)bit inputs to bbit outputs. This paper presents an unpredictable random function f 0 taking variablelength inputs to bbit outputs. This construction has several advantages over chaining, which was proven unpredictable by Bellare, Ki ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
. Let f be an unpredictable random function taking (b + c)bit inputs to bbit outputs. This paper presents an unpredictable random function f 0 taking variablelength inputs to bbit outputs. This construction has several advantages over chaining, which was proven unpredictable by Bellare, Kilian, and Rogaway, and cascading, which was proven unpredictable by Bellare, Canetti, and Krawczyk. The highlight here is a very simple proof of security. 1.
Predicting Nonlinear Pseudorandom Number Generators
 MATH. COMPUTATION
, 2004
"... Let p be a prime and let a and b be elements of the finite field Fp of p elements. The inversive congruential generator (ICG) is a sequence (un) of pseudorandom numbers defined by the relation un+1 ≡ au−1 n +b mod p. We show that if sufficiently many of the most significant bits of several consecut ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
Let p be a prime and let a and b be elements of the finite field Fp of p elements. The inversive congruential generator (ICG) is a sequence (un) of pseudorandom numbers defined by the relation un+1 ≡ au−1 n +b mod p. We show that if sufficiently many of the most significant bits of several consecutive values un of the ICG are given, one can recover the initial value u0 (even in the case where the coefficients a and b are not known). We also obtain similar results for the quadratic congruential generator (QCG), vn+1 ≡ f(vn) modp, where f ∈ Fp[X]. This suggests that for cryptographic applications ICG and QCG should be used with great care. Our results are somewhat similar to those known for the linear congruential generator (LCG), xn+1 ≡ axn + b mod p, but they apply only to much longer bit strings. We also estimate limits of some heuristic approaches, which still remain much weaker than those known for LCG.
unknown title
"... The literature of cryptography has a curious history. Secrecy, of course, has always played a central role, but until the First World War, important developments appeared in print in a more or less timely fashion and the field moved forward in much the same way as other specialized disciplines. As l ..."
Abstract
 Add to MetaCart
The literature of cryptography has a curious history. Secrecy, of course, has always played a central role, but until the First World War, important developments appeared in print in a more or less timely fashion and the field moved forward in much the same way as other specialized disciplines. As late as 1918, one of the most influential cryptanalytic papers of the twentieth century, William F. Friedman’s monograph The Index of Coincidence and Its Applications in Cryptography, appeared as a research report of the private Riverbank Laboratories [577]. And this, despite the fact that the work had been done as part of the war effort. In the same year Edward H. Hebern of Oakland, California filed the first patent for a rotor machine [710], the device destined to be a mainstay of military cryptography for nearly 50 years. After the First World War, however, things began to change. U.S. Army and Navy organizations, working entirely in secret, began to make fundamental advances in cryptography. During the thirties and forties a few basic papers did appear in the open literature and several treatises on the subject were published, but the latter were farther and farther behind the state of the art. By the end of the war the transition was complete. With one notable exception, the public literature had died. That exception was Claude Shannon’s paper “The Communication Theory of Secrecy Systems, ” which