Efficient and Secure Pseudo-Random Number Generation (Extended Abstract)

Cryptographically secure pseudo-random number generators known so far suffer from the handicap of being inefficient; the most efficient ones can generate only one bit on each modular multiplication (n/sup 2/ steps). Blum, Blum and Shub ask the open problem of outputting even two bits securely. We state a simple condition, the XOR-Condition, and show that any generator satisfying this condition can output logn bits on each multiplication. We also show that the logn least significant bits of RSA, Rabin's Scheme, and the x/sup 2/ mod N generator satisfy boolean predicates of these bits are secure. Furthermore, we strengthen the security of the x/sup 2/ mod N generator, which being a Trapdoor Generator, has several applications, by proving it as hard as Factoring.

[1]  Adi Shamir,et al.  On the Generation of Cryptographically Strong Pseudo-Random Sequences , 1981, ICALP.

[2]  Oded Goldreich,et al.  RSA/Rabin Bits are 1/2 + 1/poly(log N) Secure , 1984, FOCS.

[3]  Umesh Vazirani,et al.  RSA bits are .732 + ε secure , 1984 .

[4]  Claus-Peter Schnorr,et al.  RSA-Bits are 0.5 + epsilon Secure , 1985, EUROCRYPT.

[5]  Manuel Blum,et al.  How to Generate Cryptographically Strong Sequences of Pseudo Random Bits , 1982, FOCS.

[6]  M. Blum,et al.  A simple secure pseudo-random number generator , 1982 .

[7]  Vijay V. Vazirani,et al.  Trapdoor pseudo-random number generators, with applications to protocol design , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[8]  Silvio Micali,et al.  Why and how to establish a private code on a public network , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[9]  Oded Goldreich,et al.  On the Number of Close-and-Equal Pairs of Bits in a String , 1984, EUROCRYPT.

[10]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[11]  Avi Wigderson,et al.  How discreet is the discrete log? , 1983, STOC.

[12]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[13]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .