|
|
| (One intermediate revision by one other user not shown) |
| Line 1: |
Line 1: |
| {{more footnotes|date=September 2013}}
| | My name is Moises (38 years old) and my hobbies are Shooting sport and Table football.<br>my site:[http://www.duketakeout.com/fake-oakleys/Fake-Oakley-Crosslink.html Oakley Crosslink Sunglasses] |
| {{primary sources|date=September 2013}}
| |
| '''Blum Blum Shub''' ('''B.B.S.''') is a [[pseudorandom number generator]] proposed in 1986 by [[Lenore Blum]], [[Manuel Blum]] and [[Michael Shub]].<ref name=blum1986>
| |
| {{cite journal
| |
| |last=Blum
| |
| |first=Lenore
| |
| |coauthors=Blum, Manuel; Shub, Mike
| |
| |title=A Simple Unpredictable Pseudo-Random Number Generator
| |
| |journal=SIAM Journal on Computing
| |
| |date=1 May 1986
| |
| |volume=15
| |
| |issue=2
| |
| |pages=364–383
| |
| |doi=10.1137/0215025
| |
| |url=http://epubs.siam.org/doi/abs/10.1137/0215025}}
| |
| </ref>
| |
| | |
| Blum Blum Shub takes the form:
| |
| | |
| :<math>x_{n+1} = x_n^2 \bmod M</math>
| |
| | |
| where ''M''=''pq'' is the product of two large [[prime number|primes]] ''p'' and ''q''. At each step of the algorithm, some output is derived from ''x''<sub>''n''+1</sub>; the output is commonly either the [[parity bit|bit parity]] of ''x''<sub>''n''+1</sub> or one or more of the least significant bits of ''x''<sub>''n''+1''</sub>.
| |
| | |
| The [[random seed|seed]] ''x''<sub>0</sub> should be an integer that is co-prime to ''M'' (i.e. ''p'' and ''q'' are not factors of ''x''<sub>0</sub>) and not 1 or 0.
| |
| | |
| The two primes, ''p'' and ''q'', should both be [[Congruence relation|congruent]] to 3 (mod 4) (this guarantees that each [[quadratic residue]] has one [[square root]] which is also a quadratic residue) and [[greatest common divisor|gcd]]([[Euler's totient function|''φ'']](''p''-1), ''φ''(''q''-1)) should be small (this makes the cycle length large).
| |
| | |
| An interesting characteristic of the Blum Blum Shub generator is the possibility to calculate any ''x''<sub>''i''</sub> value directly (via [[Euler's Theorem]]):
| |
| | |
| :<math>x_i = \left( x_0^{2^i \bmod \lambda(M)} \right) \bmod M</math>
| |
| | |
| where <math>\lambda</math> is the [[Carmichael function]]. (Here we have <math>\lambda(M) = \lambda(p\cdot q) = \operatorname{lcm}(p-1, q-1)</math>).
| |
| | |
| ==Security==
| |
| The generator is very slow. However, there is a proof reducing its security to the [[Computational complexity theory|computational difficulty]] of the computing modular square roots, a problem whose difficulty is equivalent to factoring. When the primes are chosen appropriately, and [[big O notation|O]]([[logarithm|log]] log ''M'') lower-order bits of each ''x<sub>n</sub>'' are output, then in the limit as ''M'' grows large, distinguishing the output bits from random should be at least as difficult as factoring ''M''.
| |
| | |
| ==Example==
| |
| Let <math>p=11</math>, <math>q=19</math> and <math>s=3</math> (where <math>s</math> is the seed.) We can expect to get a large cycle length for those small numbers, because <math>{\rm gcd}(\varphi(p-1), \varphi(q-1))=2</math>.
| |
| The generator starts to evaluate <math>x_0</math> by using <math>x_{-1}=s</math> and creates the sequence <math>x_0</math>, <math>x_1</math>, <math>x_2</math>, <math>\ldots</math> <math>x_5</math> = 9, 81, 82, 36, 42, 92. The following table shows the output (in bits) for the different bit selection methods used to determine the output.
| |
| | |
| {| class="wikitable"
| |
| |-
| |
| ! Even parity bit
| |
| ! Odd parity bit
| |
| ! [[Least significant bit]]
| |
| |-
| |
| | 0 1 1 0 1 0
| |
| | 1 0 0 1 0 1
| |
| | 1 1 0 0 0 0
| |
| |}
| |
| | |
| ==References==
| |
| {{Reflist}}
| |
| | |
| ;General
| |
| * {{cite journal|last=Blum|first=Lenore|coauthors=Blum, Manuel; Shub, Mike|title=Comparison of Two Pseudo-Random Number Generators|series=Advances in Cryptology: Proceedings of CRYPTO '82|pages=61--78|publisher=Plenum|year=1982|url=http://www.iacr.org/cryptodb/data/paper.php?pubkey=1751}}
| |
| * {{cite journal|last=Geisler|first=Martin|coauthors=Krøigård, Mikkel; Danielsen, Andreas|title=About Random Bits|date=December 2004|url=http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.90.3779}} available as [http://www.daimi.au.dk/~mg/mamian/random-bits.pdf PDF] and [http://daimi.au.dk/~mg/mamian/random-bits.ps.gz Gzipped Postscript]
| |
| *
| |
| | |
| ==External links==
| |
| * [http://web.archive.org/web/20090524070627/http://firefly.is-a-geek.org/gmpbbs/ GMPBBS] (archived 2009-05-24 at the [[Wayback Machine]]), a [[GNU General Public License|GPL]]'ed [[GNU Multi-Precision Library|GMP]]-based implementation of Blum Blum Shub by Mark Rossmiller. Retrieved 2011-09-05.
| |
| * [http://code.google.com/p/javarng/ An implementation in Java]
| |
| * [http://www.ciphersbyritter.com/NEWS2/TESTSBBS.HTM Randomness tests]
| |
| | |
| [[Category:Pseudorandom number generators]]
| |
| [[Category:Cryptographically secure pseudorandom number generators]]
| |
My name is Moises (38 years old) and my hobbies are Shooting sport and Table football.
my site:Oakley Crosslink Sunglasses