A Simple Unpredictable Pseudo-Random Number Generator (original) (raw)

1986, SIAM Journal on Computing

Two closely-related pseudo-random sequence generators are presented: The lIP generator, with input P a prime, outputs the quotient digits obtained on dividing by P. The x mod N generator with inputs N, Xo (where N P. Q is a product of distinct primes, each congruent to 3 mod 4, and x 0 is a quadratic residue mod N), outputs bob1 b2" where bi parity (xi) and xi+ x mod N. From short seeds each generator efficiently produces long well-distributed sequences. Moreover, both generators have computationally hard problems at their core. The first generator's sequences, however, are completely predictable (from any small segment of 21PI + consecutive digits one can infer the "seed," P, and continue the sequence backwards and forwards), whereas the second, under a certain intractability assumption, is unpredictable in a precise sense. The second generator has additional interesting properties: from knowledge of Xo and N but not P or Q, one can generate the sequence forwards, but, under the above-mentioned intractability assumption, one can not generate the sequence backwards. From the additional knowledge of P and Q, one can generate the sequence backwards; one can even "jump" about from any point in the sequence to any other. Because of these properties, the x mod N generator promises many interesting applications, e.g., to public-key cryptography. To use these generators in practice, an analysis is needed of various properties of these sequences such as their periods. This analysis is begun here.