Results 1  10
of
18
Reconstructing noisy polynomial evaluation in residue rings
 J. Algorithms
"... 1 Let q> 1 be an integer and let a and b be elements of the residue ring ZZq of integers modulo q. We show how, when given a polynomial f ∈ ZZq[X] and approximations to v0, v1 ∈ ZZq such that v1 ≡ f(v0) mod q one can recover v0 and v1 efficiently. This result has direct applications to predicting ..."
Abstract

Cited by 11 (7 self)
 Add to MetaCart
1 Let q> 1 be an integer and let a and b be elements of the residue ring ZZq of integers modulo q. We show how, when given a polynomial f ∈ ZZq[X] and approximations to v0, v1 ∈ ZZq such that v1 ≡ f(v0) mod q one can recover v0 and v1 efficiently. This result has direct applications to predicting the polynomial congruential generator: a sequence (vn) of pseudorandom numbers defined by the relation vn+1 ≡ f(vn) mod q for some polynomial f ∈ ZZq[X]. The applications lead to analogues of results known for the linear congruential generator xn+1 ≡ axn + b mod q, although the results are much more restrictive due to nonlinearity of the problem.
Predicting the inversive generator
 Cryptography and Coding, LNCS 2898
, 2003
"... Abstract. Let p be a prime and let a and b be integers modulo p. The inversive congruential generator (ICG) is a sequence (un) of pseudorandom numbers defined by the relation un+1 ≡ au−1n + b mod p. We show that if b and sufficiently many of the most significant bits of three consecutive values un ..."
Abstract

Cited by 11 (9 self)
 Add to MetaCart
(Show Context)
Abstract. Let p be a prime and let a and b be integers modulo p. The inversive congruential generator (ICG) is a sequence (un) of pseudorandom numbers defined by the relation un+1 ≡ au−1n + b mod p. We show that if b and sufficiently many of the most significant bits of three consecutive values un of the ICG are given, one can recover in polynomial time the initial value u0 (even in the case where the coefficient a is unknown) provided that the initial value u0 does not lie in a certain small subset of exceptional values. 1
On the Provable Security of an Efficient RSABased Pseudorandom Generator
, 2006
"... Pseudorandom Generators (PRGs) based on the RSA inversion (onewayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, de ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
(Show Context)
Pseudorandom Generators (PRGs) based on the RSA inversion (onewayness) problem have been extensively studied in the literature over the last 25 years. These generators have the attractive feature of provable pseudorandomness security assuming the hardness of the RSA inversion problem. However, despite extensive study, the most efficient provably secure RSAbased generators output asymptotically only at most O(log n) bits per multiply modulo an RSA modulus of bitlength n, and hence are too slow to be used in many practical applications. To bring theory closer to practice, we present a simple modification to the proof of security by Fischlin and Schnorr of an RSAbased PRG, which shows that one can obtain an RSAbased PRG which outputs Ω(n) bits per multiply and has provable pseudorandomness security assuming the hardness of a wellstudied variant of the RSA inversion problem, where a constant fraction of the plaintext bits are given. Our result gives a positive answer to an open question posed by Gennaro (J. of Cryptology, 2005) regarding finding a PRG beating the rate O(log n) bits per multiply at the cost of a reasonable assumption on RSA inversion.
On the degree growth in some polynomial dynamical systems and nonlinear pseudorandom number generators
 MATH. COMP
, 2010
"... In this paper we study a class of dynamical systems generated by iterations of multivariate polynomials and estimate the degree growth of these iterations. We use these estimates to bound exponential sums along the orbits of these dynamical systems and show that they admit much stronger estimates ..."
Abstract

Cited by 6 (6 self)
 Add to MetaCart
(Show Context)
In this paper we study a class of dynamical systems generated by iterations of multivariate polynomials and estimate the degree growth of these iterations. We use these estimates to bound exponential sums along the orbits of these dynamical systems and show that they admit much stronger estimates than in the general case and thus can be of use for pseudorandom number generation.
Pseudorandom numbers and hash functions from iterations of multivariate polynomials’, Cryptography and Communications
"... Abstract. Dynamical systems generated by iterations of multivariate polynomials with slow degree growth have proved to admit good estimates of exponential sums along their orbits which in turn lead to rather stronger bounds on the discrepancy for pseudorandom vectors generated by these iterations. H ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Dynamical systems generated by iterations of multivariate polynomials with slow degree growth have proved to admit good estimates of exponential sums along their orbits which in turn lead to rather stronger bounds on the discrepancy for pseudorandom vectors generated by these iterations. Here we add new arguments to our original approach and also extend some of our recent constructions and results to more general orbits of polynomial iterations which may involve distinct polynomials as well. Using this construction we design a new class of hash functions from iterations of polynomials and use our estimates to motivate their “mixing ” properties. Subject Classification (2000). 11K45; 11T23; 11T71; 94A60 1.
Optimal routing in double loop networks
, 2007
"... In this paper, we study the problem of finding the shortest path in circulant graphs with an arbitrary number of jumps. We provide algorithms specifically tailored for weighted undirected and directed circulant graphs with two jumps which compute the shortest path. Our method only requires O(log N) ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In this paper, we study the problem of finding the shortest path in circulant graphs with an arbitrary number of jumps. We provide algorithms specifically tailored for weighted undirected and directed circulant graphs with two jumps which compute the shortest path. Our method only requires O(log N) arithmetic operations and the total bit complexity is O(log2 N log log N log log log N), where N is the number of the graph’s vertices. This elementary and efficient shortest path algorithm has been derived from the Closest Vector Problem (CVP) of lattices in dimension two and with an `1 norm.
CAYLEY DIGRAPHS OF FINITE ABELIAN GROUPS AND MONOMIAL IDEALS∗
"... Abstract. In the study of doubleloop computer networks, the diagrams known as Lshapes arise as a graphical representation of an optimal routing for every graph’s node. The description of these diagrams provides an efficient method for computing the diameter and the average minimum distance of the ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. In the study of doubleloop computer networks, the diagrams known as Lshapes arise as a graphical representation of an optimal routing for every graph’s node. The description of these diagrams provides an efficient method for computing the diameter and the average minimum distance of the corresponding graphs. We extend these diagrams to multiloop computer networks. For each Cayley digraph with a finite abelian group as vertex set, we define a monomial ideal and consider its representations via its minimal system of generators or its irredundant irreducible decomposition. From this last piece of information, we can compute the graph’s diameter and average minimum distance. That monomial ideal is the initial ideal of a certain lattice with respect to a graded monomial ordering. This result permits the use of Gröbner bases for computing the ideal and finding an optimal routing. Finally, we present a family of Cayley digraphs parametrized by their diameter d, all of them associated to irreducible monomial ideals.
Cryptanalysis of the Quadratic Generator
 Progress in Criptology  INDOCRYPT 2005, LNCS 3797 (2005
"... Abstract. Let p be a prime and let a and c be integers modulo p. The quadratic congruential generator (QCG) is a sequence (vn) of pseudorandom numbers defined by the relation vn+1 ≡ av2n +c mod p. We show that if sufficiently many of the most significant bits of several consecutive values vn of th ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Let p be a prime and let a and c be integers modulo p. The quadratic congruential generator (QCG) is a sequence (vn) of pseudorandom numbers defined by the relation vn+1 ≡ av2n +c mod p. We show that if sufficiently many of the most significant bits of several consecutive values vn of the QCG are given, one can recover in polynomial time the initial value v0 (even in the case where the coefficient c is unknown), provided that the initial value v0 does not lie in a certain small subset of exceptional values. 1
Analysis of PseudoRandom Properties of Nonlinear Congruential Generators with Power of Two Modulus by Numerical Computing of the badic
"... Abstract—We consider two nonlinear methods for generating uniform pseudorandom numbers in [0, 1), namely quadratic congruential generator and inversive congruential generator. The combinations of the Van der Corput sequence with the considered nonlinear generators are proposed. We simplify the mixe ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—We consider two nonlinear methods for generating uniform pseudorandom numbers in [0, 1), namely quadratic congruential generator and inversive congruential generator. The combinations of the Van der Corput sequence with the considered nonlinear generators are proposed. We simplify the mixed sequences by a restriction of the badic representation of the points. We study numerically the badic diaphony of the nets obtained through quadratic congruential generator, inversive congruential generator, their combinations with the Van der Corput sequence, and the simplification of the mixed sequences. The value of the badic diaphony decreases with the increase of the number of the points of the simplified sequences which proves that the points of the simplified sequences are pseudorandom numbers. The analysis of the results shows that the combinations of the Van der Corput sequence with these nonlinear generators have good pseudorandom properties as well as the generators. I.
Analyzing a Class of PseudoRandom Bit Generator through Inductive Machine Learning Paradigm
"... Abstract. Random number generation is an integral part of strong cipher systems. If a pseudorandom sequence can be predicted with better than chance probability then the generator is considered to be cryptographically weak. This paper deals with next bit prediction of pseudorandom binary sequences ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Random number generation is an integral part of strong cipher systems. If a pseudorandom sequence can be predicted with better than chance probability then the generator is considered to be cryptographically weak. This paper deals with next bit prediction of pseudorandom binary sequences generated by Linear Feedback Shift Register (LFSR) and LFSRbased pseudorandom bit generators (PRBG), using Inductive Machine Learning (ML) paradigm, namely C4.5 the most common and widely used inductive data mining algorithm. This machine learning technique has been introduced to convert the theoretical prediction problem into a classification problem, which we coined as Classificatory Prediction problem. We further extended the use of 2 Corresponding Author 1 this technique to predict next bit without having any knowledge of subsequent bits of the PRBG and can be termed as true Next Bit Predictor. The technique used is independent of the parameters and domain knowledge of the pseudorandom bit generators. The present study is a comprehensive extension of the work done by Hernandez et al [15]. We performed meticulous experiments (over wide range of LFSRs) and came out with a more explanatory analysis. Our classificatory prediction results paved the way for the evolution of the next bit prediction model.