...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Designs, Codes and Crytography >Inferring sequences produced by a linear congruential generator on elliptic curves missing high-order bits
【24h】

Inferring sequences produced by a linear congruential generator on elliptic curves missing high-order bits

机译:线性同余生成器在椭圆曲线上推断缺失高阶位的序列

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Let p be a prime and let E(F_p) be an elliptic curve defined over the finite field F_p of p elements. For a given point G ∈ E(F_p) the linear congruential genarator on elliptic curves (EC-LCG) is a sequence (U_n) of pseudorandom numbers defined by the relation: U_n = U_(n-1) ⊕ G = nG ⊕ U_0, n = 1, 2,…, where ⊕ denote the group operation in E(F_p) and U_0 ∈ E(F_p) is the initial value or seed. We show that if G and sufficiently many of the most significants bits of two consecutive values U_n, U_(n+1) of the EC-LCG are given, one can recover the seed U_0 (even in the case where the elliptic curve is private) provided that the former value U_n does not lie in a certain small subset of exceptional values. We also estimate limits of a heuristic approach for the case where G is also unknown. This suggests that for cryptographic applications EC-LCG should be used with great care. Our results are somewhat similar to those known for the linear and non-linear pseudorandom number congruential generator.
机译:设p为素数,设E(F_p)为在p个元素的有限域F_p上定义的椭圆曲线。对于给定的点G∈E(F_p),椭圆曲线上的线性同余恒变器(EC_LCG)是由以下关系定义的伪随机数序列(U_n):U_n = U_(n-1)⊕G = nG⊕U_0 ,n = 1,2,…,其中,表示E(F_p)中的分组运算,而U_0∈E(F_p)是初始值或种子。我们表明,如果给出G和EC-LCG的两个连续值U_n,U_(n + 1)的足够多的最高有效位,则可以恢复种子U_0(即使在椭圆曲线是私有的情况下) ),前提是前一个值U_n不在例外值的某个小子集中。我们还估计了在G也未知的情况下启发式方法的局限性。这表明对于加密应用,应格外小心地使用EC-LCG。我们的结果与线性和非线性伪随机数同余生成器的已知结果有些相似。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号