Prediciendo el generador cuadratico (in Spanish)
Domingo Gomez-Perez, Jaime Gutierrez, Alvar Ibeas, David Sevilla
TL;DR
This paper demonstrates that knowing enough most significant bits of two consecutive outputs of a quadratic pseudorandom generator allows polynomial-time recovery of the initial seed, with few exceptions.
Contribution
It proves that partial information about consecutive outputs enables efficient seed recovery in quadratic pseudorandom generators, highlighting potential vulnerabilities.
Findings
Seed can be recovered in polynomial time with partial output bits.
Recovery is possible for all but a small set of exceptional values.
The method applies to quadratic generators over prime fields.
Abstract
Let p be a prime and a, c be integers such that a<>0 mod p. The quadratic generator is a sequence (u_n) of pseudorandom numbers defined by u_{n+1}=a*(u_n)^2+c mod p. In this article we probe that if we know sufficiently many of the most significant bits of two consecutive values u_n, u_{n+1}, then we can compute the seed u_0 except for a small number of exceptional values. ----- Sean p un primo, a y c enteros tales que a<>0 mod p. El generador cuadratico es una sucesion (u_n) de numeros pseudoaleatorios definidos por la relacion u_{n+1}=a*(u_n)^2+c mod p. En este trabajo demostramos que si conocemos un numero suficientemente grande de los bits mas significativos para dos valores consecutivos u_n, u_{n+1}, entonces podemos descubrir en tiempo polinomial la semilla u_0, excepto para un conjunto pequeno de valores excepcionales.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptography and Data Security · semigroups and automata theory · Logic, programming, and type systems