|
Blum Blum Shub (B.B.S.) is a pseudorandom number generator proposed in 1986 by Lenore Blum, Manuel Blum and Michael Shub 〔 〕 that is derived from Michael O. Rabin's oblivious transfer mapping. Blum Blum Shub takes the form :, where ''M'' = ''pq'' is the product of two large primes ''p'' and ''q''. At each step of the algorithm, some output is derived from ''x''''n''+1; the output is commonly either the bit parity of ''x''''n''+1 or one or more of the least significant bits of ''x''''n''+1''. The seed ''x''0 should be an integer that is co-prime to ''M'' (i.e. ''p'' and ''q'' are not factors of ''x''0) and not 1 or 0. The two primes, ''p'' and ''q'', should both be congruent to 3 (mod 4) (this guarantees that each quadratic residue has one square root which is also a quadratic residue) and gcd(''φ''(''p'' − 1), ''φ''(''q'' − 1)) should be small (this makes the cycle length large). An interesting characteristic of the Blum Blum Shub generator is the possibility to calculate any ''x''''i'' value directly (via Euler's Theorem): :, where is the Carmichael function. (Here we have ). ==Security== There is a proof reducing its security to the computational difficulty of solving the Quadratic residuosity problem.〔 When the primes are chosen appropriately, and O(log log ''M'') lower-order bits of each ''xn'' are output, then in the limit as ''M'' grows large, distinguishing the output bits from random should be at least as difficult as solving the Quadratic residuosity problem modulo ''M''. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Blum Blum Shub」の詳細全文を読む スポンサード リンク
|