| 逆同余发生器的密码分析 |
| |
| 引用本文: | 赵耀东,戚文峰.逆同余发生器的密码分析[J].武汉大学学报(理学版),2007,53(3):279-282. |
| |
| 作者姓名: | 赵耀东 戚文峰 |
| |
| 作者单位: | 郑州信息工程大学,信息工程学院,河南,郑州,450002 |
| |
| 基金项目: | 国家自然科学基金;国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 使用格中的最短向量对未知向量进行逼近的方法,证明了在已知乘子a和模数p的条件下,若连续的wi满足|ui-wi|是一个很小的数时,在多项式时间内可以恢复出逆同余发生器的移位B. 本文的结论表明将逆同余发生器直接应用于密码学必须十分慎重.
|
| 关 键 词: | 逆同余发生器 密码分析 格攻击 |
| 文章编号: | 1671-8836(2007)03-0279-04 |
| 修稿时间: | 2006-11-11 |
On Cryptanalysis of the Inversive Generator |
| |
| ZHAO Yaodong,QI Wenfeng.On Cryptanalysis of the Inversive Generator[J].JOurnal of Wuhan University:Natural Science Edition,2007,53(3):279-282. |
| |
| Authors: | ZHAO Yaodong QI Wenfeng |
| |
| Institution: | Institute of Information Engineering, Zhengzhou Information Engineering University, Zhengzhou 450002, Henan, China |
| |
| Abstract: | In this paper, we prove that given the multiplier a, modular p and sufficiently many of the most significant bits of three consecutive outputs of the inversive generator, one can disclose the shift b and the initial value if those outputs do not lie in a small set, by the method of using the shortest vector in the lattice to approximate the unknown vector. The result of this paper shows that we should be careful when we use the inversive generator in a cryptosystem. |
| |
| Keywords: | inversive generator cryptanalysis lattice attack |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
