Concrete Security of the Blum-Blum-Shub Pseudorandom Generator

14 years 19 days ago
Concrete Security of the Blum-Blum-Shub Pseudorandom Generator
Abstract. The asymptotic security of the Blum-Blum-Shub (BBS) pseudorandom generator has been studied by Alexi et al. and Vazirani and Vazirani, who proved independently that O(log log N) bits can be extracted on each iteration, where N is the modulus (a Blum integer). The concrete security of this generator has been analyzed previously by Fischlin and Schnorr and by Knuth. In this paper we continue to analyse the concrete security the BBS generator. We show how to select both the size of the modulus and the number of bits extracted on each iteration such that a desired level of security is reached, while minimizing the computational effort per output bit. We will assume a concrete lower bound on the hardness of integer factoring, which is obtained by extrapolating the best factorization results to date. While for asymptotic security it suffices to give a polynomial time reduction a successful attack to factoring, we need for concrete security a reduction that is as efficient as possi...
Andrey Sidorenko, Berry Schoenmakers
Added 27 Jun 2010
Updated 27 Jun 2010
Type Conference
Year 2005
Where IMA
Authors Andrey Sidorenko, Berry Schoenmakers
Comments (0)