Abstract
Multiple recursive generators are an important class of pseudorandom number generators which are widely used in cryptography. Methods to predict the whole sequences by the truncated high-order bits of the sequences are not only a crucial aspect of evaluating the security of pseudorandom number generators but also important concerns in the design of pseudorandom number generators. This paper improves the work of Sun et al. (Des Codes Cryptogr 88:1083–1102, 2020) on the predictability of truncated multiple recursive generators with unknown parameters. Given a few truncated digits of high-order bits output by a multiple recursive generator, we first apply the resultant to recover the modulus, then use the Chinese Remainder Theorem and the idea of recovering p-adic coordinates of the coefficients layer by layer to recover the coefficients, and finally employ Kannan’s embedding technique to recover the initial state. Experimental results show that our new method is superior to that of Sun et al. (2020), no matter in terms of the running time or the number of truncated digits required.
Similar content being viewed by others
Data availability
Data openly available in a public repository.
Notes
In the sixth (2021) National Crypto-Math Challenge, Jing-Hui Wang, Ming-Hao Xu and Xiao-Yue Hu (mentor: Zheng-Fu Lu) from Yunnan University also independently pointed that the modulus m can be recovered by computing the resultants of polynomials in \(I_{m}(\underline{a})\).
In the sixth (2021) National Crypto-Math Challenge, Jia-Le Fang (mentor: Hua Zhong) from Hangzhou Dianzi University also independently proposed the strategy of balancing each coordinate of the target vector.
References
Ajtai M., Kumar R., Sivakumar D.: A sieve algorithm for the shortest lattice vector problem. In: Proceedings of the Thirty-Third Annual ACM Symposium on Theory of Computing, pp. 601–610. Association for Computing Machinery, New York, NY, USA (2001).
Ajtai M.: Generating random lattices according to the invariant distribution (2006). Draft of March.
Albrecht M.R., Heninger N.: On bounded distance decoding with predicate: Breaking the “lattice barrier" for the hidden number problem. In: Canteaut A., Standaert F. (eds.) Advances in Cryptology - EUROCRYPT 2021, pp. 528–558. Springer, Berlin, Heidelberg (2021).
Albrecht M.R., Ducas L., Herold G., Kirshanova E., Postlethwaite E.W., Stevens M.: The general sieve kernel and new records in lattice reduction. In: Ishai Y., Rijmen V. (eds.) Advances in Cryptology - EUROCRYPT 2019, pp. 717–746. Springer, Cham (2019).
Berlekamp E.R.: Algebraic Coding Theory. McGraw-Hill, New York (1968).
Boyar J.: Inferring sequences produced by a linear congruential generator missing low-order bits. J. Cryptol. 1(3), 177–184 (1989).
Boyar J.: Inferring sequences produced by pseudo-random number generators. J. ACM 36(1), 129–141 (1989).
Chen H.J., Qi W.F.: On the distinctness of maximal length sequences over \(\mathbb{Z} /(pq)\) modulo 2. Finite Fields Appl. 15(2), 23–39 (2009).
Contini S., Shparlinski I.E.: On stern’s attack against secret truncated linear congruential generators. In: Information Security and Privacy, pp. 52–60. Springer, Berlin (2005).
Coppersmith D.: Finding a small root of a univariate modular equation. In: Advances in Cryptology – EUROCRYPT’96, pp. 155–165. Springer, Berlin (1996).
Coveyou R.R., MacPherson R.D.: Fourier analysis of uniform random number generators. J. ACM 14, 100–119 (1967).
David G.C., Erich K.: On fast multiplication of polynomials over arbitrary algebras. Acta Informatica 28, 693–701 (1991).
Deng L.: Efficient and portable multiple recursive generators of large order. ACM Trans. Model. Comput. Simul. 15(1), 1–13 (2005).
Deng L., Xu H.Q.: A system of high-dimensional, efficient, long-cycle and portable uniform random number generators. ACM Trans. Model. Comput. Simul. 13(4), 299–309 (2003).
Deng L., Shiau J.H., Lu H.H., Bowman D.: Secure and fast encryption (safe) with classical random number generators. ACM Trans. Math. Softw. 44(4), 1–17 (2018).
development team T.F.: Fplll, a Lattice Reduction Library, version 5.4.1. http://github.com/fplll/fplll.
ETSI/SAGE: Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification (2011).
Frieze A.M., Hastad J., Kannan R., Lagarias J.C., Shamir A.: Reconstructing truncated integer variables satisfying linear congruences. SIAM J. Comput. 17(2), 262–280 (1988).
Gama N., Nguyen P.Q.: Predicting lattice reduction. In: Smart N. (ed.) Advances in Cryptology - EUROCRYPT 2008, pp. 31–51. Springer, Berlin (2008).
Gomez D., Gutierrez J., Ibeas Á., Sevilla D.: Common factors of resultants modulo \(p\). Bull. Aust. Math. Soc. 79(2), 299–302 (2009).
Hallgren S.: Linear congruential generators over elliptic curves. In: Preprint CS94 -143, Department of Computer Science, Cornegie Mellon University, pp. 1–10 (1994).
Hess F., Shparlinski I.E.: On the linear complexity and multidimensional distribution of congruential generators over elliptic curves. Des. Codes Cryptogr. 35(1), 111–117 (2005).
Huang M.Q.: Analysis and cryptologic evaluation of primitive sequences over an integer residue ring. Doctoral Dissertation of Graduate School of USTC, Academia Sinica (1988).
Josh A., Virginia V.W.: A refined laser method and faster matrix multiplication. In: Proceedings of the 2021 ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 522–539. Society for Industrial and Applied Mathematics, USA (2021).
Joux A., Stern J.: Lattice reduction: a toolbox for the cryptanalyst. J. Cryptol. 11(3), 161–185 (1998).
Kannan R.: Improved algorithms for integer programming and related lattice problems. In: Proceedings of the Fifteenth Annual ACM Symposium on Theory of Computing, pp. 193–206. Association for Computing Machinery, New York, NY, USA (1983).
Kannan R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987).
Knuth D.E.: Seminumerical algorithms. In: The Art of Computer Programming, vol. 2. Addison-Wesley, Canada (1981).
Knuth D.E.: Deciphering a linear congruential encryption. IEEE Trans. Inf. Theory 31(1), 49–52 (1985).
Kuzmin A.S., Nechaev A.A.: Linear recurring sequences over galois ring. Russ. Math. Surv. 48, 171–172 (1993).
Kuzmin A.S., Nechaev A.A.: Reconstruction of a linear recurrence of maximal period over a galois ring from its highest coordinate sequence. Discret. Math. Appl. 21(2), 145–178 (2011).
Kuzmin A.S., Marchalko G.B., Nechaev A.A.: Reconstruction of a linear recurrence over a primary residue ring. Mem. Discret. Math. 12, 155–194 (2009).
L’Ecuyer P., Touzin R.: Fast combined multiple recursive generators with multipliers of the form \(a=\pm 2^q\pm 2^r\). In: Proceedings of the 32nd Conference on Winter Simulation, pp. 683–689. Society for Computer Simulation International, San Diego, CA, USA (2000).
L’Ecuyer P.: Good parameters and implementations for combined multiple recursive random number generators. Oper. Res. 47(1), 159–164 (1999).
Lehmer D.H.: Mathematical methods in large-scale computing units. Ann. Comput. Lab. Harvard Univ. 26, 141–146 (1951).
Lenstra A.K., Lenstra H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982).
Massey J.L.: Shift register synthesis and bch decoding. IEEE Trans. Inf. Theory 15(1), 122–127 (1969).
Mérai L.: Predicting the elliptic curve congruential generator. Appl. Algebra Eng. Commun. Comput. 28(3), 193–203 (2017).
Mills W.H.: Continued fractions and linear recurrences. Math. Comput. 29(129), 173–180 (1975).
Nguyen P.Q.: Hermite’s constant and lattice algorithms. In: Nguyen P.Q., Vallée B. (eds.) The LLL Algorithm, pp. 19–69. Springer, Berlin, Heidelberg (2010).
Nguyen P.Q., Stehlé D.: LLL on the average. In: Hess F., Pauli S., Pohst M. (eds.) Algorithmic Number Theory, pp. 238–256. Springer, Berlin, Heidelberg (2006).
Plumstead J.B.: Inferring a sequence generated by a linear congruence. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982), pp. 153–159. IEEE, Chicago, IL, USA (1982).
Reeds A., Sloane N.J.A.: Shift-register synthesis (mod \(m\)). SIAM J. Comput. 14, 505–513 (1985).
Schnorr C.P., Euchner M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(2), 181–199 (1994).
Shoup V.: Number Theory C++ Library (NTL), version 11.4.3. http://www.shoup.net/ntl/.
Stern J.: Secret linear congruential generators are not cryptographically secure. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science (sfcs 1987), pp. 421–426. IEEE, Los Angeles (1987).
Sugiyama Y., Kasahara M., Hirasawa S., Namekawa T.: A method for solving key equation for decoding goppa codes. Inf. Control 27(1), 87–99 (1975).
Sun H.Y., Zhu X.Y., Zheng Q.X.: Predicting truncated multiple recursive generators with unknown parameters. Des. Codes Cryptogr. 88, 1083–1102 (2020).
Von zur Gathen J., Gerhard J.: Modern Computer Algebra. Cambridge University Press, Cambridge (2013).
Ward M.: The arithmetical theory of linear recurring series. Trans. Am. Math. Soc. 35, 600–628 (1933).
William C.B.: Matrices over Commutative Rings. Marcel Dekker, New York (1993).
Yang J.B.: Reconstructing Truncated Sequences Derived from Primitive Sequences over Inter Residue Rings. PLA Information Engineering University, Zhengzhou (2017).
Zhou J.J., Qi W.F.: On some properties of linear recurring sequences over \(\mathbb{Z} /(m)\). Chin. Q. J. Math. 5(1–2), 166–171 (1990).
Zhu X.Y.: Some Results on Injective Mappings of Primitive Sequences Modulo Prime Powers. PLA Information Engineering University, Zhengzhou (2004).
Zierler N.: Linear recurring sequences. J. Soc. Ind. Appl. Math. 7(1), 31–48 (1959).
Acknowledgements
We thank the anonymous reviewers for their careful reading and many helpful comments. We thank Dr. Jing Yang for correcting and polishing the use of English language. We thank all the members of the organizing committee of National Crypto-Math Challenge and Topsec Technologies Group Inc. for providing a platform for communication and discussion, which finally promotes the birth of this paper. This work was supported by NSF of China (No. 61872383) and by the Fundamental Research Funds for the Central Universities (Grant No. 2021RC29) and by National Key R &D Program of China (Grant No. 2021YFB3100200).
Author information
Authors and Affiliations
Corresponding authors
Additional information
Communicated by C. Padro.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Yu, HB., Zheng, QX., Liu, YJ. et al. An improved method for predicting truncated multiple recursive generators with unknown parameters. Des. Codes Cryptogr. 91, 1713–1736 (2023). https://doi.org/10.1007/s10623-022-01175-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-022-01175-4