Predicting truncated multiple recursive generators with unknown parameters


Pseudorandom sequences are widely used in cryptography. Multiple recursive generators are an important class of pseudorandom sequence generators. A typical application is to obtain truncated sequences by truncating partial bits of the sequences output by the generators. This paper studies the predictability of truncated multiple recursive generators with unknown parameters. Given a few truncated digits of high-order bits output by a multiple recursive generator, we give a method based on lattice reduction to recover the parameters and the initial state of the generator. Our method is an extension of Stern’s algorithm which was proposed to predict the truncated sequences of linear congruential generators.

This is a preview of subscription content, access via your institution.


  1. 1.

    Blackburn S.R., Gomez-Perez D., Gutierrez J., Shparlinski I.E.: Predicting the inversive generator. In: Cryptography and Coding, LNCS, vol. 2898, pp. 264–275. Springer, Berlin (2003).

  2. 2.

    Blackburn S.R., Gomez-Perez D., Gutierrez J., Shparlinski I.E.: Predicting nonlinear pseudorandom number generators. Math. Comput. 74(251), 1471–1494 (2004).

    MathSciNet  Article  Google Scholar 

  3. 3.

    Boyar J.: Inferring sequences produced by pseudo-random number generators. J. ACM 36(1), 129–141 (1989).

    MathSciNet  Article  Google Scholar 

  4. 4.

    Boyar J.: Inferring sequences produced by a linear congruential generator missing low-order bits. J. Cryptol. 1(3), 177–184 (1989).

    MathSciNet  Article  Google Scholar 

  5. 5.

    Chen Y., Nguyen P.Q.: BKZ 2.0: better lattice security estimates. In: Advances in Cryptology–ASIACRYPT 2011, LNCS, vol. 7073, pp. 1–20. Springer, Berlin (2011).

  6. 6.

    Contini S., Shparlinski I.E.: On Stern’s attack against secret truncated linear congruential generators. In: Information Security and Privacy, LNCS, vol. 3574, pp. 52–60. Springer, Berlin (2005).

  7. 7.

    Deng L.Y., Lin D.K.J.: Random number generation for the new century. Am. Stat. 54(2), 145–150 (2000).

    Google Scholar 

  8. 8.

    ETSI/SACG: Specification of the 3GPP confidentiality and integrity algorithms 128–EEA3 & 128–EIA3. Document 4: design and evaluation report, version: 2.0[EB/OL]., (2011).

  9. 9.

    Frieze A.M., Hastad J., Kannan R., Lagarias J.C., Shamir A.: Reconstructing truncated integer variables satisfying linear congruences. SIAM J. Comput. 17(2), 262–280 (1988).

    MathSciNet  Article  Google Scholar 

  10. 10.

    Gomez-Perez, D., Gutierrez, J., Ibeas, A.: Cryptanalysis of the quadratic generator. In: Progress in Cryptology–INDOCRYPT 2005, LNCS, vol. 3797, pp. 118–129. Springer, Berlin (2005).

  11. 11.

    Gomez-Perez D., Gutierrez J., Ibeas A.: Attacking the pollard generator. IEEE Trans. Inf. Theory 52(12), 5518–5523 (2006).

    MathSciNet  Article  Google Scholar 

  12. 12.

    Gutierrez J., Ibeas A., Gomez-Perez D., Shparlinski I.E.: Predicting masked linear pseudorandom number generators over finite fields. Des. Codes Cryptogr. 67(3), 395–402 (2013).

    MathSciNet  Article  Google Scholar 

  13. 13.

    Huang M.Q.: Analysis and cryptologic evaluation of primitive sequences over an integer residue ring. Doctoral Dissertation of Graduate School of USTC, Academia Sinica (1988).

  14. 14.

    Joux A., Stern J.: Lattice reduction: a toolbox for the cryptanalyst. J. Cryptol. 11(3), 161–185 (1998).

    MathSciNet  Article  Google Scholar 

  15. 15.

    Knuth D.E.: Seminumerical Algorithms. The Art of Computer Programming. Addison-Wesley, Reading, WA (1969).

    MATH  Google Scholar 

  16. 16.

    Knuth D.E.: Deciphering a linear congruential encryption. IEEE Trans. Inf. Theory 31(1), 49–52 (1985).

    MathSciNet  Article  Google Scholar 

  17. 17.

    Lenstra A.K., Lenstra H.W., Lovasz L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982).

    MathSciNet  Article  Google Scholar 

  18. 18.

    Lidl R., Niederreiter H.: Finite Fields. Addison-Wesley, Reading, WA (1983).

    MATH  Google Scholar 

  19. 19.

    Nguyen P.Q., Stehle D.: LLL on the average. In: Algorithmic Number Theory, LNCS, vol. 4076, pp. 238–256. Springer, Berlin (2006).

  20. 20.

    Nguyen P.Q., Vallee B.: The LLL Algorithm: Survey and Applications. Springer, Berlin (2009).

    MATH  Google Scholar 

  21. 21.

    Niederreiter H.: Quasi-Monte Carlo methods and pseudo-random numbers. Bull. Am. Math. Soc. 84(6), 957–1041 (1978).

    MathSciNet  Article  Google Scholar 

  22. 22.

    Plumstead, J.B.: Inferring a sequence generated by a linear congruence. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science–SFCS 1982, pp. 153–159. IEEE (1982).

  23. 23.

    Schnorr C., Euchner M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(2), 181–199 (1994).

    MathSciNet  Article  Google Scholar 

  24. 24.

    Shoup V.: Number Theory C++ Library (NTL) version 9.7.0.

  25. 25.

    Stern J.: Secret linear congruential generators are not cryptographically secure. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science–SFCS 1987, pp. 421–426. IEEE, Los Angeles (1987).

  26. 26.

    Tian T., Qi W.F.: Typical primitive polynomials over integer residue rings. Finite Fields Appl. 15(6), 796–807 (2009).

    MathSciNet  Article  Google Scholar 

  27. 27.

    Ward M.: The arithmetical theory of linear recurring series. Trans. Am. Math. Soc. 35(3), 600–628 (1933).

    MathSciNet  Article  Google Scholar 

  28. 28.

    Yang J.B.: Reconstructing Truncated Sequences Derived from Primitive Sequences Over Inter Residue Rings. PLA Information Engineering University, Zhengzhou (2017).

    Google Scholar 

Download references


This work was supported by NSF of China (Nos. 61872383, 61402524 and 61602510). The work of Qun-Xiong Zheng was also supported by Young Elite Scientists Sponsorship Program by CAST (2016QNRC001) and by National Postdoctoral Program for Innovative Talents (BX201600188) and by China Postdoctoral Science Foundation funded project (2017M611035).

Author information



Corresponding author

Correspondence to Qun-Xiong Zheng.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Communicated by C. Padro.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Sun, HY., Zhu, XY. & Zheng, QX. Predicting truncated multiple recursive generators with unknown parameters. Des. Codes Cryptogr. 88, 1083–1102 (2020).

Download citation


  • Multiple recursive generator
  • Truncated sequence
  • Lattice reduction
  • Predictability

Mathematics Subject Classification

  • 11H06
  • 11K45
  • 11B50
  • 94A60