Cryptanalysis of a Generalized Subset-Sum Pseudorandom Generator

Authors Charles Bouillaguet, Florette Martinez, Damien Vergnaud

Charles Bouillaguet
  • Sorbonne Université, CNRS, LIP6, F-75005 Paris, France
Florette Martinez
  • Sorbonne Université, CNRS, LIP6, F-75005 Paris, France
Damien Vergnaud
  • Sorbonne Université, CNRS, LIP6, F-75005 Paris, France


The authors are grateful to the anonymous reviewers for their insightful comments and valuable suggestions.

Charles Bouillaguet, Florette Martinez, and Damien Vergnaud. Cryptanalysis of a Generalized Subset-Sum Pseudorandom Generator. In 48th International Symposium on Mathematical Foundations of Computer Science (MFCS 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 272, pp. 23:1-23:15, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


We present attacks on a generalized subset-sum pseudorandom generator, which was proposed by von zur Gathen and Shparlinski in 2004. Our attacks rely on a sub-quadratic algorithm for solving a vectorial variant of the 3SUM problem, which is of independent interest. The attacks presented have complexities well below the brute-force attack, making the generators vulnerable. We provide a thorough analysis of the attacks and their complexities and demonstrate their practicality through implementations and experiments.

  • Security and privacy → Cryptography
  • Cryptography
  • pseudo-random generator
  • subset-sum problem
  • 3SUM problem
  • cryptanalysis


