Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DCC
2007
IEEE
2007
IEEE
Inferring sequences produced by a linear congruential generator on elliptic curves missing high-order bits
Let p be a prime and let E(IFp) be an elliptic curve defined over the finite field IFp of p elements. For a given point G E(IFp) the linear congruential genarator on elliptic curves (EC-LCG) is a sequence (Un) of pseudorandom numbers defined by the relation Un = Un-1 G = nG U0, n = 1, 2, . . . , where denote the group operation in E(IFp) and U0 E(IFp) is the initial value or seed. We show that if G and sufficiently many of the most significants bits of two consecutive values Un, Un+1 of the EC-LCG are given, one can recover the seed U0 (even in the case where the elliptic curve is private) provided that the former value Un does not lie in a certain small subset of exceptional values. We also estimate limits of a heuristic approach for the case where G is also unknown. This suggests that for cryptographic applications EC-LCG should be used with great care. Our results are somewhat similar to those known for the linear and non-linear pseudorandom number congruential generator.
Real-time Traffic| Added | 25 Dec 2009 |
| Updated | 25 Dec 2009 |
| Type | Conference |
| Year | 2007 |
| Where | DCC |
| Authors | Jaime Gutierrez, Álvar Ibeas |
Comments (0)
Researcher Info
|
