Abstract
Pseudorandom sequences are widely used in cryptography. Multiple recursive generators are an important class of pseudorandom sequence generators. A typical application is to obtain truncated sequences by truncating partial bits of the sequences output by the generators. This paper studies the predictability of truncated multiple recursive generators with unknown parameters. Given a few truncated digits of high-order bits output by a multiple recursive generator, we give a method based on lattice reduction to recover the parameters and the initial state of the generator. Our method is an extension of Stern’s algorithm which was proposed to predict the truncated sequences of linear congruential generators.
Similar content being viewed by others
References
Blackburn S.R., Gomez-Perez D., Gutierrez J., Shparlinski I.E.: Predicting the inversive generator. In: Cryptography and Coding, LNCS, vol. 2898, pp. 264–275. Springer, Berlin (2003).
Blackburn S.R., Gomez-Perez D., Gutierrez J., Shparlinski I.E.: Predicting nonlinear pseudorandom number generators. Math. Comput. 74(251), 1471–1494 (2004).
Boyar J.: Inferring sequences produced by pseudo-random number generators. J. ACM 36(1), 129–141 (1989).
Boyar J.: Inferring sequences produced by a linear congruential generator missing low-order bits. J. Cryptol. 1(3), 177–184 (1989).
Chen Y., Nguyen P.Q.: BKZ 2.0: better lattice security estimates. In: Advances in Cryptology–ASIACRYPT 2011, LNCS, vol. 7073, pp. 1–20. Springer, Berlin (2011).
Contini S., Shparlinski I.E.: On Stern’s attack against secret truncated linear congruential generators. In: Information Security and Privacy, LNCS, vol. 3574, pp. 52–60. Springer, Berlin (2005).
Deng L.Y., Lin D.K.J.: Random number generation for the new century. Am. Stat. 54(2), 145–150 (2000).
ETSI/SACG: Specification of the 3GPP confidentiality and integrity algorithms 128–EEA3 & 128–EIA3. Document 4: design and evaluation report, version: 2.0[EB/OL]. http://zuc.dacas.cn/thread.aspx?ID=2304, (2011).
Frieze A.M., Hastad J., Kannan R., Lagarias J.C., Shamir A.: Reconstructing truncated integer variables satisfying linear congruences. SIAM J. Comput. 17(2), 262–280 (1988).
Gomez-Perez, D., Gutierrez, J., Ibeas, A.: Cryptanalysis of the quadratic generator. In: Progress in Cryptology–INDOCRYPT 2005, LNCS, vol. 3797, pp. 118–129. Springer, Berlin (2005).
Gomez-Perez D., Gutierrez J., Ibeas A.: Attacking the pollard generator. IEEE Trans. Inf. Theory 52(12), 5518–5523 (2006).
Gutierrez J., Ibeas A., Gomez-Perez D., Shparlinski I.E.: Predicting masked linear pseudorandom number generators over finite fields. Des. Codes Cryptogr. 67(3), 395–402 (2013).
Huang M.Q.: Analysis and cryptologic evaluation of primitive sequences over an integer residue ring. Doctoral Dissertation of Graduate School of USTC, Academia Sinica (1988).
Joux A., Stern J.: Lattice reduction: a toolbox for the cryptanalyst. J. Cryptol. 11(3), 161–185 (1998).
Knuth D.E.: Seminumerical Algorithms. The Art of Computer Programming. Addison-Wesley, Reading, WA (1969).
Knuth D.E.: Deciphering a linear congruential encryption. IEEE Trans. Inf. Theory 31(1), 49–52 (1985).
Lenstra A.K., Lenstra H.W., Lovasz L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982).
Lidl R., Niederreiter H.: Finite Fields. Addison-Wesley, Reading, WA (1983).
Nguyen P.Q., Stehle D.: LLL on the average. In: Algorithmic Number Theory, LNCS, vol. 4076, pp. 238–256. Springer, Berlin (2006).
Nguyen P.Q., Vallee B.: The LLL Algorithm: Survey and Applications. Springer, Berlin (2009).
Niederreiter H.: Quasi-Monte Carlo methods and pseudo-random numbers. Bull. Am. Math. Soc. 84(6), 957–1041 (1978).
Plumstead, J.B.: Inferring a sequence generated by a linear congruence. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science–SFCS 1982, pp. 153–159. IEEE (1982).
Schnorr C., Euchner M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(2), 181–199 (1994).
Shoup V.: Number Theory C++ Library (NTL) version 9.7.0. http://www.shoup.net/ntl/.
Stern J.: Secret linear congruential generators are not cryptographically secure. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science–SFCS 1987, pp. 421–426. IEEE, Los Angeles (1987).
Tian T., Qi W.F.: Typical primitive polynomials over integer residue rings. Finite Fields Appl. 15(6), 796–807 (2009).
Ward M.: The arithmetical theory of linear recurring series. Trans. Am. Math. Soc. 35(3), 600–628 (1933).
Yang J.B.: Reconstructing Truncated Sequences Derived from Primitive Sequences Over Inter Residue Rings. PLA Information Engineering University, Zhengzhou (2017).
Acknowledgements
This work was supported by NSF of China (Nos. 61872383, 61402524 and 61602510). The work of Qun-Xiong Zheng was also supported by Young Elite Scientists Sponsorship Program by CAST (2016QNRC001) and by National Postdoctoral Program for Innovative Talents (BX201600188) and by China Postdoctoral Science Foundation funded project (2017M611035).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by C. Padro.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Sun, HY., Zhu, XY. & Zheng, QX. Predicting truncated multiple recursive generators with unknown parameters. Des. Codes Cryptogr. 88, 1083–1102 (2020). https://doi.org/10.1007/s10623-020-00729-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-020-00729-8