Results 1  10
of
27
PseudoRandom Generation from OneWay Functions
 PROC. 20TH STOC
, 1988
"... Pseudorandom generators are fundamental to many theoretical and applied aspects of computing. We show howto construct a pseudorandom generator from any oneway function. Since it is easy to construct a oneway function from a pseudorandom generator, this result shows that there is a pseudorandom gene ..."
Abstract

Cited by 756 (22 self)
 Add to MetaCart
Pseudorandom generators are fundamental to many theoretical and applied aspects of computing. We show howto construct a pseudorandom generator from any oneway function. Since it is easy to construct a oneway function from a pseudorandom generator, this result shows that there is a pseudorandom generator iff there is a oneway function.
The Foundations of Modern Cryptography
, 1998
"... In our opinion, the Foundations of Cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. In this essay, we survey some of these paradigms, approaches and techniques as well as some of the fundamental result ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
In our opinion, the Foundations of Cryptography are the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. In this essay, we survey some of these paradigms, approaches and techniques as well as some of the fundamental results obtained using them. Special effort is made in attempt to dissolve common misconceptions regarding these paradigms and results. c flCopyright 1998 by Oded Goldreich. Permission to make copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that new copies bear this notice and the full citation on the first page. Abstracting with credit is permitted. A preliminary version of this essay has appeared in the proceedings of Crypto97 (Springer's Lecture Notes in Computer Science, Vol. 1294). 0 Contents 1 Introduction 2 I Basic Tools 6 2 Central Paradigms 6 2.1 Computati...
Pseudorandom number generation within cryptographic algorithms: the dss case
 in Proceedings of advances in cryptology’97, Lecture Notes in Computer Science
, 1997
"... The DSS signature algorithm requires the signer to generate a new random number with every signature. We show that if random numbers for DSS are generated using a linear congruential pseudorandom number generator (LCG) then the secret key can be quickly recovered after seeing a few signatures. This ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
(Show Context)
The DSS signature algorithm requires the signer to generate a new random number with every signature. We show that if random numbers for DSS are generated using a linear congruential pseudorandom number generator (LCG) then the secret key can be quickly recovered after seeing a few signatures. This illustrates the high vulnerability of the DSS to weaknesses in the underlying random number generation process. It also con rms, that a sequence produced by LCG is not only predictable as has been known before, but should be used with extreme caution even within cryptographic applications that would appear to protect this sequence. The attack we present applies to truncated linear congruential generators as well, and can be extended to any pseudo random generator that can be described via modular linear equations.
Predicting Nonlinear Pseudorandom Number Generators
 MATH. COMPUTATION
, 2004
"... Let p be a prime and let a and b be elements of the finite field Fp of p elements. The inversive congruential generator (ICG) is a sequence (un) of pseudorandom numbers defined by the relation un+1 ≡ au−1 n +b mod p. We show that if sufficiently many of the most significant bits of several consecut ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
(Show Context)
Let p be a prime and let a and b be elements of the finite field Fp of p elements. The inversive congruential generator (ICG) is a sequence (un) of pseudorandom numbers defined by the relation un+1 ≡ au−1 n +b mod p. We show that if sufficiently many of the most significant bits of several consecutive values un of the ICG are given, one can recover the initial value u0 (even in the case where the coefficients a and b are not known). We also obtain similar results for the quadratic congruential generator (QCG), vn+1 ≡ f(vn) modp, where f ∈ Fp[X]. This suggests that for cryptographic applications ICG and QCG should be used with great care. Our results are somewhat similar to those known for the linear congruential generator (LCG), xn+1 ≡ axn + b mod p, but they apply only to much longer bit strings. We also estimate limits of some heuristic approaches, which still remain much weaker than those known for LCG.
Efficient prediction of MarsagliaZaman random number generators
 IEEE Transactions on Information Theory
, 1993
"... Abstract—We show that the random number generator of Marsaglia and Zaman produces the successive digits of a rationaladic number. (Theadic number system generalizesadic numbers to an arbitrary integer base.) Using continued fractions, we derive an efficient prediction algorithm for this generator ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract—We show that the random number generator of Marsaglia and Zaman produces the successive digits of a rationaladic number. (Theadic number system generalizesadic numbers to an arbitrary integer base.) Using continued fractions, we derive an efficient prediction algorithm for this generator. Index Terms — Continued fractions, inductive inference,adic numbers, pseudorandom sequences.
About PolynomialTime "unpredictable" Generators
"... Socalled "perfect" or "unpredictable" pseudorandom generators have been proposed recently by people from the area of cryptology. Many people got aware of them from an optimistic article in the New York Times (Gleick (1988)). These generators are usually based on nonlinear recurr ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Socalled "perfect" or "unpredictable" pseudorandom generators have been proposed recently by people from the area of cryptology. Many people got aware of them from an optimistic article in the New York Times (Gleick (1988)). These generators are usually based on nonlinear recurrences modulo some integer m. Under some (yet unproven) complexity assumptions, it has been proven that no polynomialtime statistical test can distinguish a sequence of bits produced by such a generator from a sequence of truly random bits. In this paper, we give some theoretical background concerning this class of generators and we look at the practicality of using them for simulation applications. We examine in particular their ease of implementation, their efficiency, periodicity, the ease of jumping ahead in the sequence, the minimum size of modulus that should be used, etc. 1. INTRODUCTION In the recent years, a growing interest has raised for "cryptographically strong" (or "perfect", or "unpredictable "...
On sufficient randomness for secure publickey cryptosystems
 In Proc. 5th PKC
, 2002
"... Abstract. In this paper, we consider what condition is sufficient for random inputs to secure probabilistic publickey encryption schemes. Although a framework given in [16] enables us to discuss uniformly and comprehensively security notions of publickey encryption schemes even for the case where ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. In this paper, we consider what condition is sufficient for random inputs to secure probabilistic publickey encryption schemes. Although a framework given in [16] enables us to discuss uniformly and comprehensively security notions of publickey encryption schemes even for the case where cryptographically weak pseudorandom generator is used as random nonce generator to encrypt single plaintext messages, the results are rather theoretical. Here we naturally generalize the framework in order to handle security for the situation where we want to encrypt many messages with the same key. We extend some results w.r.t. single message security in [16] – separation results between security notions and a nontrivial sufficient condition for the equivalence between security notions – to multiple messages security. Besides the generalization, we show another separation between security notions for ktuple messages and for (k + 1)tuple messages. The natural generalization, obtained here, rather improves to understand the security of publickey encryption schemes and eases the discussion of the security of practical publickey encryption schemes. In other words, the framework contributes to elucidating the role of randomness in publickey encryption scheme. As application of results in the generalized framework, we consider compatibility between the ElGamal encryption scheme and some sequence generators. Especially, we consider the applicability of the linear congruential generator (LCG) to the ElGamal encryption scheme. 1
Article SpencerBrown vs. Probability and Statistics: Entropy’s Testimony on Subjective and Objective Randomness
, 2011
"... information ..."
(Show Context)
Security evaluation of email encryption using random noise generated by LCGs. 15 th CCSC:CS
, 2005
"... Theoretically, using any Linear Congruence Generator (LCG) to generate pseudorandom numbers for cryptographic purposes is problematic because of its predictableness. On the other hand, due to its simplicity and efficiency, we think that the LCG should not be completely ignored. Since the random num ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Theoretically, using any Linear Congruence Generator (LCG) to generate pseudorandom numbers for cryptographic purposes is problematic because of its predictableness. On the other hand, due to its simplicity and efficiency, we think that the LCG should not be completely ignored. Since the random numbers generated by the LCG are predictable, it is clear that we cannot use them directly. However, we shall not introduce too much complication in the implementation which will compromise the reasons, simplicity and efficiency, of choosing the LCG. Thus, we propose an easy encryption method using an LCG for email encryption. To see how practical in predicting random numbers produced by an LCG, we implement Plumstead’s inference algorithm [2] and run it on some numbers generated by the easiest congruence: Xn+1 = aXn+ b mod m. Based on the result, we confirm the theoretical fault of the LCG, that is, simply increasing the size of the modulus does not significantly increase the difficulty of breaking the sequence. Our remedy is to break a whole random number into pieces and use them separately (with interference from another source, in our case, English text). We use 16bytes random numbers and embed each byte of the random number as noise in one text character. In such a way, we can avoid revealing enough numbers for the attacker to predict.
Group Monitoring in Mobile AdHoc Networks
"... Abstract. Maintaining bonds of cohesion between members of small groups in densely populated venues (e.g., a family in an amusement park, or some friends in a stadium) is increasingly gaining interest, both as a safety measure against malicious activity and as a convenient tool to prevent group spli ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Maintaining bonds of cohesion between members of small groups in densely populated venues (e.g., a family in an amusement park, or some friends in a stadium) is increasingly gaining interest, both as a safety measure against malicious activity and as a convenient tool to prevent group splitting. Note that the use of mobile phones is often ruled out in such scenarios, due to extreme network load. Current solutions are typically based on custom installations of antennas, centralized control, and user devices with high transmission power. In this work we propose a novel method for anonymously spreading presence information among group members in dense environments, based on a completely decentralized mobile ad hoc network approach. Our system operates independently of any infrastructure and is targetted at resource constrained, inexpensive and expendable user devices. Quite importantly, our system protects the privacy of its users, both for their safety and for ethical reasons. Key words: Ad hoc, MANET, group monitoring, presence management 1