## Predicting Nonlinear Pseudorandom Number Generators (2004)

Venue: | MATH. COMPUTATION |

Citations: | 8 - 5 self |

### BibTeX

@ARTICLE{Blackburn04predictingnonlinear,

author = {Simon R. Blackburn and Domingo Gomez-perez and Jaime Gutierrez and Igor E. Shparlinski},

title = {Predicting Nonlinear Pseudorandom Number Generators},

journal = {MATH. COMPUTATION},

year = {2004},

volume = {74},

pages = {2004}

}

### OpenURL

### Abstract

Let p be a prime and let a and b be elements of the finite field Fp of p elements. The inversive congruential generator (ICG) is a sequence (un) of pseudorandom numbers defined by the relation un+1 ≡ au−1 n +b mod p. We show that if sufficiently many of the most significant bits of several consecutive values un of the ICG are given, one can recover the initial value u0 (even in the case where the coefficients a and b are not known). We also obtain similar results for the quadratic congruential generator (QCG), vn+1 ≡ f(vn) modp, where f ∈ Fp[X]. This suggests that for cryptographic applications ICG and QCG should be used with great care. Our results are somewhat similar to those known for the linear congruential generator (LCG), xn+1 ≡ axn + b mod p, but they apply only to much longer bit strings. We also estimate limits of some heuristic approaches, which still remain much weaker than those known for LCG.