## Pseudorandom number generation by p-adic ergodic transformations: an addendum (2004)

Venue: | |

Citations: | 14 - 6 self |

### BibTeX

@MISC{Anashin04pseudorandomnumber,

author = {Vladimir Anashin},

title = {Pseudorandom number generation by p-adic ergodic transformations: an addendum},

year = {2004}

}

### OpenURL

### Abstract

The paper study counter-dependent pseudorandom number generators based on m-variate (m> 1) ergodic mappings of the space of 2-adic integers Z2. The sequence of internal states of these generators is defined by the recurrence law xi+1 = H B i (xi) mod 2 n, whereas their output sequence is zi = F B i (xi) mod 2 n; here xj, zj are m-dimensional vectors over Z2. It is shown how the results obtained for a univariate case could be extended to a multivariate case.

### Citations

10903 | Computers and Intractability: A Guide to the Theory of NP-Completeness - Johnson - 1977 |

311 |
Uniform Distribution of Sequences
- Kupiers, Niederreiter
- 1974
(Show Context)
Citation Context ...ces of a in the initial segment of length ℓ in the sequence {si mod pk } of residues modulo pk are asymptotically equal, i.e., limℓ→∞ A(a,ℓ) 1 ℓ = pk , where A(a, ℓ) = |{si ≡ a (mod pk ): i < ℓ}|(see =-=[1]-=- for details). So strictly uniformly distributed sequences are uniformly distributed in the common sence of theory of distributions of sequences. Thus, putting N = Z/2n , M = Z/2m , n = km, and taking... |

310 |
The Art of Computer Programming. Vol. 2. Seminumerical Algorithms
- Knuth
- 1997
(Show Context)
Citation Context ...0 < k ≤ log 2 N, where ν(β0 . . . βk−1) is the number of occurences of a binary word β0 . . . βk−1 in a binary word ε0ε1 . . . εN−1. If a finite sequence is random in a sence of this Definition Q1 of =-=[2]-=-, we shall say that it has a property Q1, or satisfies Q1. We shall also say that an infinite periodic sequence satisfy Q1 iff its exact period satisfies Q1. Note that, constrasting to the case of str... |

188 |
p-adic Numbers, p-adic Analysis and Zeta-Functions
- Koblitz
- 1984
(Show Context)
Citation Context ...roximation is an n-digit positive rational integer v AND(2n − 1); the latter will be denoted also as v mod 2n . For formal introduction to p-adic analysis, precise notions and results see e.g. [3] or =-=[4]-=-. Arithmetic and bitwise logical operations are not independent: Some of them could be expressed via the others. For instance, for all u, v ∈ Z2 (2.0.2) NEG(u) = u XOR(−1); NEG(u) + u = −1; u XORv = u... |

76 |
Vanstone: Handbook of Applied Cryptography
- Menezes, Oorschot, et al.
- 1997
(Show Context)
Citation Context ...e sequences. We postpone these issues to Section 5. A truncation usually makes generators slower but more secure: general methods that predict truncated congruential generators are not known, see [5],=-=[12]-=-. However, such methods exist in some particular cases, for instance, when f is a polynomials26 VLADIMIR ANASHIN over Z of degree 1, and/or a relatively small part of less significant bits are discard... |

50 | Feedback shift registers, 2-adic span, and combiners with memory
- Klapper, Goresky
- 1997
(Show Context)
Citation Context ...nce of its output is exactly Zj for all j = 1, 2, . . .. � With the use of theorem 5.1 it is possible to estimate two other measures of complexity of the coordinate sequence, which were introduced in =-=[10]-=-: namely, 2adic complexity and 2-adic span. Whereas linear complexity (also known as linear span) is the number of cells in a linear feedback shift register outputting a givens42 VLADIMIR ANASHIN sequ... |

43 |
Cryptanalysis: a survey of recent results
- BRICKELL, ODLYZKO
- 1988
(Show Context)
Citation Context ...inate sequences. We postpone these issues to Section 5. A truncation usually makes generators slower but more secure: general methods that predict truncated congruential generators are not known, see =-=[5]-=-,[12]. However, such methods exist in some particular cases, for instance, when f is a polynomials26 VLADIMIR ANASHIN over Z of degree 1, and/or a relatively small part of less significant bits are di... |

40 |
Xorshift rngs
- Marsaglia
(Show Context)
Citation Context ...lternative way is to use linear recurrence sequences of maximum period over Z/2: note that often sequences of this kind could be constructed with the use of XOR’s and left-right shifts only, see e.g. =-=[23]-=-. The above results of this subsection show how to construct a sequence xi+1 = fi mod m(xi) mod 2 n of maximum period length 2 n m in two cases: when m is odd, and when m = 2 k . Now we consider a gen... |

34 |
A.: A New Class of Invertible Mappings
- Klimov, Shamir
- 2003
(Show Context)
Citation Context ...ed by the analogy. 3. Skew shifts and wreath products: a discussion The aim of this section is to make more transparent the core mapping underlying the constructions introduced in [1], [2], [3], [4], =-=[8]-=-, [9], [7], as well as [5] and even [6]. This mapping is wreath product 7 of permutations; wreath product of permutations is a special case of a skew product transformation 8 . We recall the most abst... |

32 |
Reconstructing Truncated Integer Variables Satisfying Linear Congruences
- Frieze, Hastad, et al.
- 1988
(Show Context)
Citation Context ...r, such methods exist in some particular cases, for instance, when f is a polynomials26 VLADIMIR ANASHIN over Z of degree 1, and/or a relatively small part of less significant bits are discarded, see =-=[21]-=-. However, in general truncated congruential generators seem to be rather secure even their state transition function is relatively simple: For instance, an analysis made in [20] shows that for f(x) =... |

31 |
New Cryptographic Primitives Based on Multiword TFunctions
- Klimov, Shamir
(Show Context)
Citation Context ... m-variate mapping. It turnes out, however, that in some cases it is more effective to implement a univariate mapping in its multivariate form to achieve better performance. For instance, recently in =-=[7]-=- there were constructed examples of multivariate T -functions with a single cycle (i.e., of compatible ergodic functions, in our terminology, see [1]), which are very fast (see theorem 6 of [7] and th... |

22 | Factorization of the tenth fermat number
- Brent
- 1999
(Show Context)
Citation Context ... or composite. The complete decomposition of jth Fermat number is not known for j > 11. Assuming for some j ≥ 2 the jth Fermat number is composite, all its factors are of the form t2j+2 + 1, see e.g. =-=[15]-=- for further references. So, the following bounds for 2-adic complexity Φ2(Sj) of the jth coordinate sequence Sj hold: j + 3 ≤ ⌈Φ2(Sj)⌉ ≤ 2 j + 1, yet to prove whether the lower bound is sharp for a c... |

21 |
Foundations of Cryptography, Basic tools. Cambridge University
- Goldreich
- 1990
(Show Context)
Citation Context ...2, Problem ANT-9]. So, at our view, the conjecture that the function F is one-way is as plausible as the one concerning any other “candidate to one-wayness” (for the short list of the latter see e.g. =-=[27]-=-): Nobody today can solve a system of Boolean equations even if it is known that a solution exists (unless the system is of some special form). Proceeding with this plausible conjecture, to each Boole... |

19 | Uniformly distributed sequences of p-adic integers
- Anashin
(Show Context)
Citation Context ...ld be constructed by the analogy. 3. Skew shifts and wreath products: a discussion The aim of this section is to make more transparent the core mapping underlying the constructions introduced in [1], =-=[2]-=-, [3], [4], [8], [9], [7], as well as [5] and even [6]. This mapping is wreath product 7 of permutations; wreath product of permutations is a special case of a skew product transformation 8 . We recal... |

15 |
Cryptographic Applications of T-Functions
- Klimov, Shamir
(Show Context)
Citation Context ...ts are discarded, see [21]. However, in general truncated congruential generators seem to be rather secure even their state transition function is relatively simple: For instance, an analysis made in =-=[20]-=- shows that for f(x) = (x + (x 2 ∨ C)) mod 2 n the corresponding stream cipher is quite strong against a number of attacks. Note also that in generators we study here both the state transition functio... |

10 |
Uniformly distributed sequences over p-adic integers
- Anashin
- 1993
(Show Context)
Citation Context ...tructed by the analogy. 3. Skew shifts and wreath products: a discussion The aim of this section is to make more transparent the core mapping underlying the constructions introduced in [1], [2], [3], =-=[4]-=-, [8], [9], [7], as well as [5] and even [6]. This mapping is wreath product 7 of permutations; wreath product of permutations is a special case of a skew product transformation 8 . We recall the most... |

10 | Guaranteeing the diversity of number generators
- Shamir, Tsaban
- 2001
(Show Context)
Citation Context ...nction) is a skew shift on Ndimensional discrete torus (Z/2) (N) . The skew products seems to become popular in cryptography: Boaz Tsaban noted that a construction of a counter-dependent generator of =-=[11]-=- is just an ergodic-theoretic skew-product of a counter (or any automata) with the given automata. In particular, if the counter is replaced by any ergodic transformation, then the resulting cipher wi... |

8 |
Permutation polynomials modulo 2 w ,” Finite Fields and their
- Rivest
- 2001
(Show Context)
Citation Context ...2 r onto Z/2 r are NOT bijective for all r = 1, 2, . . .: x ↦→ (x+x 2 ) mod 2 r , x ↦→ (x+(x 2 ∧1)) mod 2 r , x ↦→ (x+(x 3 ∨1)) mod 2 r , since they are compatible but not bijectve modulo 2. (4) (see =-=[8]-=-, also [19, Theorem 1]) Let P(x) = a0 + a1x + · · · + adx d be a polynomial with integral coefficients. Then P(x) is a permutation polynomial (i.e., is bijective) modulo 2 n , n > 1 if and only if a1 ... |

8 |
Transitive polynomial transformations of residue rings
- Larin
(Show Context)
Citation Context ... is ergodic (resp., measure preserving) iff it is transitive modulo 8 (resp., iff it is bijective modulo 4). A corresponding assertion holds in general case, for arbitrary prime p. 3.5. Theorem. (See =-=[9]-=-, [16]) A polynomial f(x) ∈ Zp[x] induces an ergodic mapping of Zp onto itself iff it is transitive modulo p 2 for p �= 2, 3, or modulo p 3 , for p = 2, 3. The polynomial f(x) ∈ Zp[x] induces a measur... |

7 |
distributed sequences in computer algebra, or how to construct program generators of random
- Anashin
- 1998
(Show Context)
Citation Context ...ors are flexible enough and could be easily implemented as computer programs. 1. Introduction The study of ergodic, measure-preserving and equiprobable functions on the space Zp of p-adic integers in =-=[6, 16, 7, 11]-=- was mainly motivated by possible applications to pseudorandom number generation for cryptography and simulation. In the present paper we consider generators based on these functions, prove that the p... |

2 |
Cryptographic applications of T -functions
- Klimov, Shamir
(Show Context)
Citation Context ... the analogy. 3. Skew shifts and wreath products: a discussion The aim of this section is to make more transparent the core mapping underlying the constructions introduced in [1], [2], [3], [4], [8], =-=[9]-=-, [7], as well as [5] and even [6]. This mapping is wreath product 7 of permutations; wreath product of permutations is a special case of a skew product transformation 8 . We recall the most abstract ... |

2 |
p-adic numbers and their functions, (2nd edition
- Mahler
- 1981
(Show Context)
Citation Context ...his approximation is an n-digit positive rational integer v AND(2n − 1); the latter will be denoted also as v mod 2n . For formal introduction to p-adic analysis, precise notions and results see e.g. =-=[3]-=- or [4]. Arithmetic and bitwise logical operations are not independent: Some of them could be expressed via the others. For instance, for all u, v ∈ Z2 (2.0.2) NEG(u) = u XOR(−1); NEG(u) + u = −1; u X... |

1 |
Anashin Uniformly distributed sequences in computer algebra, or how to construct program generators of random numbers
- S
- 1998
(Show Context)
Citation Context ... constructed by the analogy. 3. Skew shifts and wreath products: a discussion The aim of this section is to make more transparent the core mapping underlying the constructions introduced in [1], [2], =-=[3]-=-, [4], [8], [9], [7], as well as [5] and even [6]. This mapping is wreath product 7 of permutations; wreath product of permutations is a special case of a skew product transformation 8 . We recall the... |

1 |
Solvable groups with operators and commutative rings admitting transitive polynomials, Algebra and Logic
- Anashin
(Show Context)
Citation Context ...reath products: a discussion The aim of this section is to make more transparent the core mapping underlying the constructions introduced in [1], [2], [3], [4], [8], [9], [7], as well as [5] and even =-=[6]-=-. This mapping is wreath product 7 of permutations; wreath product of permutations is a special case of a skew product transformation 8 . We recall the most abstract definiton: 3.1. Definition. Given ... |

1 |
A study of password sequrity
- Luby, Rackoff
- 1998
(Show Context)
Citation Context ... to put such a question now, yet note that one of one-way candidates, namely, DES with a fixed message, is a composition of skew shifts with a permutation τ. Note that in a corresponding construction =-=[10]-=- DES is assumed to be a family of pseudorandom functions. In [1] we conjectured that a mapping F : Z/2 n → Z/2 k defined by k randomly and independently choosen Boolean polynomials (with polynomially ... |

1 |
private communication. 7 Faculty of Information Security, Russian State University for the Humanities,, Kirovogradskaya Str., 25/2, Moscow 113534, Russia E-mail address: anashin@rsuh.ru, vladimir@anashin.msk.su
- Tsaban
(Show Context)
Citation Context ...odic-theoretic skew-product of a counter (or any automata) with the given automata. In particular, if the counter is replaced by any ergodic transformation, then the resulting cipher will be ergodic, =-=[12]-=-. All these observations lead to a suggestion that there are tight connections between ergodic theory and cryptography. In fact, in this pper we use the notions of ergodicity 7this notion is more comm... |

1 |
Guaranteeing the diversity of number generators. Available from http: //arXiv.org/ abs/ cs.CR
- Shamir, Tsaban
(Show Context)
Citation Context ...emes the only information available to a cryptanalist is that both the output and the state transition functions belong to a 1 The notion of a counter-dependent generator was originally introduced in =-=[13]-=-. However, in our paper we consider this notion in a broader sense: In our counter-dependent generators not only the state transition function, but also the output function depends on i. Moreover, in ... |

1 |
How to predict congruential generators
- Krawczuk
- 1992
(Show Context)
Citation Context ...f(a) ≡ f(b) (mod d) whenever d � � |N|. 4.1. Note. In order to avoid future misunerstanding it is important to emphasize here that our notion of a congruential generator differs from one of Krawczyk, =-=[14]-=-. According to the latter paper, a (general) congruential generator is a number generator for which the i th element si of the sequence is a {0, 1, . . ., m − 1}-valued number computed by the congruen... |

1 |
The RC6 block cipher . Available from http://www.rsa.com/rsalabs/rc6/ 12
- Rivest, Robshaw, et al.
(Show Context)
Citation Context ...∈ Zp[x] induces a measure preserving mapping of Zp onto itself iff it is bijective modulo p 2 .s12 VLADIMIR ANASHIN 3.6. Example. The mapping x ↦→ f(x) ≡ x+2x 2 (mod 2 32 ) (which is used in RC6, see =-=[18]-=-) is bijective, since it is bijective modulo 4: f(0) ≡ 0 (mod 4), f(1) ≡ 3 (mod 4), f(2) ≡ 2 (mod 4), f(3) ≡ 1 (mod 4). Thus, the mapping x ↦→ f(x) ≡ x + 2x 2 (mod 2 n ) is bijective for all n = 1, 2,... |

1 |
A new class of invertible mappings’, in: Cryptographic Hardware and Embedded Systems 2002 (B.S.Kaliski Jr.et
- Klimov, Shamir
(Show Context)
Citation Context ...Z2 and compatible g: Z2 → Z2. Note. The case p = 2 is the only case the converse of the first assertion of the proposition 3.10 holds. 3.11. Example. Proposition 3.10 immediately implies Theorem 2 of =-=[19]-=-: For any composition f of primitive functions, the mapping x ↦→ x + 2f(x) (mod 2 n ) is invertible — just note that a composition of primitive functions is compatible (see [19] for the definition of ... |