You may have access to the free features available through My Research. You can save searches, save documents, create alerts and more. Please log in through your library or institution to check if you have access.
If you log in through your library or institution you might have access to this article in multiple languages.
Styles include MLA, APA, Chicago and many more. This feature may be available for free if you log in through your library or institution.
You may have access to it for free by logging in through your library or institution.
You may have access to different export options including Google Drive and Microsoft OneDrive and citation management tools like RefWorks and EasyBib. Try logging in through your library or institution to get access to these tools.
The predictability problem of congruential generator, that is, whether the parameters and initial state of the generator can be reconstructed by a truncated sequence, and then accurately predict the subsequent sequence, is an important research topic for evaluating the security of the generator. This work studies the predictability problem of the second-order linear congruential generator xi+2=axi+1+bxi mod m, under the conditions that the modulus m=2k is known and the coefficients a,b are unknown. Based on the lattice reduction algorithm, a method to reconstruct the coefficients a,b and the initial state x0,x1 is presented under the condition that a consecutive truncated sequence of leading s bits is known. When the modulus m=232 and the sequence generated by the generator is a primitive sequence of order 2 over the integer residue ring Z/mZ, the experimental results show that the coefficients a,b and the initial state x0,x1 can be reconstructed by 140 consecutive truncated digits of leading 6 bits. This study explores the anti-predictive ability of second-order linear congruential generators from the perspective of reconstruction, aiming to provide reference and guidance for its application in cryptography.
