Abstract. We study a class of problems called Modular Inverse Hidden Number Problems (MIHNPs). The basic problem in this class is the following: Given many pairs � � � � −1 xi, msbk (α + xi) mod p for random xi ∈ Zp the problem is to find α ∈ Zp (here msbk(x) refers to the k most significant bits of x). We describe an algorithm for this problem when k> (log 2 p)/3 and conjecture that the problem is hard whenever k < (log 2 p)/3. We show that assuming hardness of some variants of this MIHNP problem leads to very efficient algebraic PRNGs and MACs.

kept secret. Anyone wishing to send a message to a person in the directory can simply look up the public encryption key for that person and use it to encrypt the message. Then, assuming the decryption key is known only to the intended receiver of the message, only that person can decrypt the message. Of course in such a public-key system it must be computationally infeasible to deduce the decryption key (or the decryption algorithm) from the public key (or the public encryption algorithm), even when general information about the system and how it operates is known. This leads to the idea of one-way functions. A function f is called a one-way function if for any x in the necessarily large domain of f , f(x) can be e#ciently computed but for virtually all y in the range of f , it is computationally infeasible to find any x such that f(x) = y. Pu