Abstract
Under the assumption that solving the discrete logarithm problem modulo an n-bit prime p is hard even when the exponent is a small c-bit number, we construct a new and improved pseudo-random bit generator. This new generator outputs n - c - 1 bits per exponentiation with a c-bit exponent.
Using typical parameters, n = 1024 and c = 160, this yields roughly 860 pseudo-random bits per small exponentiations. Using an implementation with quite small precomputation tables, this yields a rate of more than 20 bits per modular multiplication, thus much faster than the the squaring (BBS) generator with similar parameters.
Chapter PDF
Similar content being viewed by others
References
L. Adleman. A Subexponential Algorithm for the Discrete Logarithm Problem with Applications to Cryptography. IEEE FOCS, pp. 55–60, 1979.
W. Alexi, B. Chor, O. Goldreich and C. Schnorr. RSA and Rabin Functions: Certain Parts are as Hard as the Whole. SIAM J. Computing, 17(2):194–209, April 1988.
L. Blum, M. Blum and M. Shub. A Simple Unpredictable Pseudo-Random Number Generator. SIAM J.Computing, 15(2):364–383, May 1986.
M. Blum and S. Micali. How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits. SIAM J.Computing, 13(4):850–864, November 1984.
W. Diffie and M. Hellman. New Directions in Cryptography. IEEE Trans. Inf. Theory, IT-22:644–654, November 1976.
R. Fischlin and C. Schnorr. Stronger Security Proofs for RSA and Rabin Bits. J.Crypt., 13(2):221–244, Spring 2000.
S. Goldwasser and S. Micali. Probabilistic Encryption. JCSS, 28:270–299, 1988.
J. Håstad, R. Impagliazzo, L. Levin and M. Luby. A Pseudo-Random Generator from any One-Way Function. SIAM J.Computing, 28(4):1364–1396, 1999.
J. Håstad and M. Näslund. The Security of Individual RSA Bits. IEEE FOCS, pp. 510–519, 1998.
J. Håstad, A. Schrift and A. Shamir. The Discrete Logarithm Modulo a Composite Hides O(n) Bits. JCSS, 47:376–404, 1993.
R. Impagliazzo and M. Naor. Efficient Cryptographic Schemes Provably as Secure as Subset Sum. J.Crypt., 9(4):199–216, 1996.
D. Knuth. The Art of Computer Programming (vol.3): Sorting and Searching. Addison-Wesley, 1973.
C.H. Lim and P.J. Lee. More Flexible Exponentiation with Precomputation. CRYPTO’94, LNCS 839, pp. 95–107.
D. Long and A. Wigderson. The Discrete Log Hides O(logn) Bits. SIAM J.Computing, 17:363–372, 1988.
M. Naor and O. Reingold. Number-Theoretic Constructions of Efficient Pseudo-Random Functions. IEEE FOCS, pp. 458–467, 1997.
S. Patel and G. Sundaram. An Efficient Discrete Log Pseudo Random Generator. CRYPTO’98, LNCS 1462, pp. 304–317, 1998.
R. Peralta. Simultaneous Security of Bits in the Discrete Log. EUROCRYPT’85, LNCS 219, pp. 62–72, 1986.
J. Pollard. Monte-Carlo Methods for Index Computation (mod p). Mathematics of Computation, 32(143):918–924, 1978.
C. Schnorr Security of Allmost ALL Discrete Log Bits. Electronic Colloquium on Computational Complexity. Report TR98-033. Available at http://www.eccc.uni-trier.de/eccc/.
A. Yao. Theory and Applications of Trapdoor Functions. IEEE FOCS, 1982.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gennaro, R. (2000). An Improved Pseudo-random Generator Based on Discrete Log. In: Bellare, M. (eds) Advances in Cryptology — CRYPTO 2000. CRYPTO 2000. Lecture Notes in Computer Science, vol 1880. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44598-6_29
Download citation
DOI: https://doi.org/10.1007/3-540-44598-6_29
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67907-3
Online ISBN: 978-3-540-44598-2
eBook Packages: Springer Book Archive