applied cryptography - protocols, algorithms, and source code in c

# Or you can use a block cipher in ofb or cfb to get a

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: b is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth) Go! Keyword Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book: Go! Previous Table of Contents Next ----------- The theory behind the BBS generator has to do with quadratic residues modulo n (see Section 11.3). Here’s how it works. First find two large prime numbers, p and q, which are congruent to 3 modulo 4. The product of those numbers, n, is a Blum integer. Choose another random integer, x, which is relatively prime to n. Compute x0 = x2 mod n That’s the seed for the generator. Now you can start computing bits. The ith pseudo-random bit is the least significant bit of xi, where xi = xi-12 mod n The most intriguing property of this generator is that you don’t have to iterate through all i - 1 bits to get the ith bit. If you know p and q, you can compute the ith bit directly. bi is the least significant bit of xi, where xi = x0(2i) mod ((p-1)(q-1)) This property means you can use this cryptographically strong pseudo-random-bit generator as a stream cryptosystem for a random-access file. The security of this scheme rests on the difficulty of factoring n. You can make n public, so anyone can generate bits using the generator. However, unless a cryptanalyst can factor n, he can never predict the output of the generator—not even with a statement like: “The next bit has a 51 percent chance of being a 1.” More strongly, the BBS generator is unpredictable to the left and unpredictable to the right. This means that given a sequence generated by the generator, a cryptanalyst cannot predict the next bit in the sequence nor the previous bit in the sequence. This is not security based on some complicated bit generator that no one understands, but the mathematics behi...
View Full Document

## This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online