Two closely-related pseudo-random sequence generators are presented: The \/P-generatort with input P a prime, outputs the quotient digits obtained on dividing 1 by P. The x2 mod ^-generator with inputs N, x0 (where N = P-Q is a product of distinct primes, each congruent to 3 mod 4, and Xq is a quadratic residue mod N), outputs &o&i^2 ' ' ' where 6^ =parityfe) and *i+i = x\ Tnod N. From short seeds each generator efficiently produces long well-distributed sequences. Moreover, both generators have computationally hard problems at their core. The first generator's sequences, however, are completely inferable (from any small segment of 2|.P|+1 consecutive digits one can infer the "seed," P), while the second, on the other hand, is cryptographically secure (no polynomial (| N \ )-time statistical test can distinguish such sequences from ran dom uniformly-distributed sequences). The second generator has additional interesting properties: from knowledge of x0 and N but not P or Q, one can generate the sequence forwards but not backwards. From the additional knowledge of P and Q, one can generate the sequence backwards. Yet more knowledge about N, including the factors of P—1 and Q-l, enable one to "jump" about from any point in the sequence to any other. Because of these properties, the x2 mod jV-generator promises many interesting applications, e.g., to publickey cryptography. To use these generators in practice, an analysis is needed of various properties of these sequences such as their periods. This analysis is begun here. Keywords, random, pseudo-random, Monte Carlo, computational complex ity, secure transactions, public-key encryption, cryptography, one-time pad, Jacobi symbol, quadratic residuocity. What do we want from a pseudo-random sequence generator? Ideally, we would like a pseudo-random sequence generator to quickly produce, from short seeds, long sequences (of bits) that appear in every way to be generated by suc cessive flips of a fair coin. J Department of Mathematics and Computer Science, Mills College, Oakland. CA. 94613, and Department of Mathematics. Universityof California at Berkeley, CA. 94720. Thiswork was supported in part by the Letts-Villard Chair, Mills College. 8 Department of Electrical Engineering and Computer Sciences, University of California at Berkeley, CA. 94720. This work was supported in part by NSFgrant MCS 82-04506. 3 Department of Mathematics, Queens College, Flushing, NY 11367, and Graduate Center of CUNY, New York, NY, 10036. This work was supported in part by NSP grant MCS 82-01267.
[1]
L. Dickson.
History of the Theory of Numbers
,
1924,
Nature.
[2]
D. Shanks.
Solved and Unsolved Problems in Number Theory
,
1964
.
[3]
Stephen C. Pohlig,et al.
An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance
,
2022,
IEEE Trans. Inf. Theory.
[4]
Gary L. Miller,et al.
Riemann's Hypothesis and tests for primality
,
1975,
STOC.
[5]
M. Rabin.
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
,
1979
.
[6]
Justin M. Reyneri,et al.
Coin flipping by telephone
,
1984,
IEEE Trans. Inf. Theory.
[7]
J. Boyar.
Inferring a Sequence Generated by a Linear Congruence
,
1982,
FOCS.
[8]
Manuel Blum,et al.
How to generate cryptographically strong sequences of pseudo random bits
,
1982,
23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).
[9]
Gilles Brassard,et al.
On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys
,
1982,
CRYPTO.
[10]
D. Bernstein.
DISTINGUISHING PRIME NUMBERS FROM COMPOSITE NUMBERS
,
2022
.