Blum–Blum–Shub pseudorandom number generator

E118448

The Blum–Blum–Shub pseudorandom number generator is a cryptographically secure generator based on the hardness of factoring large composite numbers, widely studied in theoretical computer science and cryptography.

All labels observed (1)

Label Occurrences
Blum–Blum–Shub pseudorandom number generator canonical 2

How this entity was disambiguated

Statements (46)

Predicate Object
instanceOf cryptographic primitive
pseudorandom number generator
stream cipher primitive
advantage strong theoretical security guarantees
application randomness generation in cryptographic protocols
theoretical constructions of digital signatures
theoretical constructions of secure encryption schemes
basedOn Blum integer
hardness of integer factorization
category cryptographically secure pseudorandom number generator
comparedTo MersenneTwister
surface form: Mersenne Twister

linear congruential generator
complexityClassRelation security reducible to factoring problem
describedIn SIAM Journal on Computing
designGoal cryptographic security
unpredictability of output bits
disadvantage relatively slow in software
field cryptography
theoretical computer science
introducedBy Lenore Blum
Manuel Blum
Michael Shub
modulusType Blum integer
namedAfter Lenore Blum
Manuel Blum
Michael Shub
outputFunction least significant bit of x_i
selected bits of x_i
periodProperty maximum period related to order of x_0 modulo n
primeCondition p ≡ 3 (mod 4)
q ≡ 3 (mod 4)
provableProperty next-bit test hardness equivalent to factoring n
publicationYear 1986
relatedConcept one-way function
pseudorandom bit generator
quadratic residue
relatedToProblem integer factorization problem
securityAssumption factoring Blum integers is hard
securityProperty next-bit unpredictability under factoring assumption
provable security under factoring assumption
seedRequirement gcd(x_0, n) = 1
x_0 is quadratic residue modulo n
stateUpdateFunction x_{i+1} = x_i^2 mod n
typicalUse benchmark for provable security of PRNGs
research and teaching in cryptography
usesModulus n = p · q

How these facts were elicited

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

Manuel Blum notableWork Blum–Blum–Shub pseudorandom number generator
Blum–Micali pseudorandom number generator relatedTo Blum–Blum–Shub pseudorandom number generator