The Blum Blum Shub generator is a deterministic Pseudo-Random Bit Generator with security demonstrably reducible to that of integer factorization.
Reference: section 5.5.2 in chapter 5 of the Handbook of Applied Cryptography
Questions tagged [blum-blum-shub]
21 questions
6
votes
2 answers
Blum Blum Shub Pseudo-Random Generator Requirements
I am trying to understand the Blum Blum Shub pseudo-random generator originally described in A Simple Unpredictable Pseudo-random Number Generator
As best I can tell the requirements are:
For any $x_i$, only $x_i^2 \bmod 2$ is used (only the least…
ben rudgers
- 163
- 6
3
votes
2 answers
Advantages to knowing $p$ and $q$ in Blum Blum Shub?
Do you gain any advantage by knowing the factorization of $M$ (over just knowing $M$ itself) in the Blum Blum Shub generator?
The only advantage I see is being able to calculate the $i$-th number directly, as opposed to iterating to it. This…
Jaws212
- 133
- 2
3
votes
1 answer
Period of Blum-Blum-Shub
Reading about Blum-Blum-Shub, I have found that everyone has stressed the importance of $gcd(p-1, q-1)$ being a small number, as this leads to a large period.
I found it really difficult to find a formula for the period of Blum-Blum-Shub. I…
Giorgos Mitropoulos
- 45
- 5
1
vote
2 answers
If Blum Blum Shub is modified to use a prime modulus, is it still secure?
The definition of the Blum Blum Shub cryptographically secure pseudorandom number generator is $x=x^2 \mod N$ where $N=p \times q$, $p \in \mathbb P$, and $q \in \mathbb P$. Supposedly, the security comes from an attacker not knowing the factors of…
Melab
- 3,655
- 2
- 22
- 44
1
vote
1 answer
Why is knowing M not enough to break Blum Blum Shub?
In Blum Blum Shub, the generator is $x_{n+1}={x_n}^2 \mod M$ where $M=p \cdot q$, $p \in \mathbb P$, and $q \in \mathbb P$. Supposedly, knowing $p$ and $q$ is enough to break the system. But if I know M, I can calculate the next number in the…
Melab
- 3,655
- 2
- 22
- 44