Abstract
Let p be a prime and let a and b be elements of the finite field Fp of p elements. The inversive congruential generator (ICG) is a sequence (u n ) of pseudorandom numbers defined by the relation u n+1 ≡ au -1 n +b mod p. We show that if sufficiently many of the most significant bits of several consecutive values u n of the ICG are given, one can recover the initial value u 0 (even in the case where the coefficients a and b are not known). We also obtain similar results for the quadratic congruential generator (QCG), v n+1 ≡ f(v n ) mod p, where f ∈ F p [X]. This suggests that for cryptographic applications ICG and QCG should be used with great care. Our results are somewhat similar to those known for the linear congruential generator (LCG), x n+1 ≡ ax n + b mod p, but they apply only to much longer bit strings. We also estimate limits of some heuristic approaches, which still remain much weaker than those known for LCG.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
