An Improved Pseudorandom Generator Based on Hardness of Factoring

We present a simple to implement and efficient pseudorandom generator based on the factoring assumption. It outputs more than pn/2 pseudorandom bits per p exponentiations, each with the same base and an exponent shorter than n/2 bits. Our generator is based on results by Hastad, Schrift and Shamir [HSS93], but unlike their generator and its improvement by Goldreich and Rosen [GR00], it does not use hashing or extractors, and is thus simpler and somewhat more efficient. In addition, we present a general technique that can be used to speed up pseudorandom generators based on iterating one-way permutations. We construct our generator by applying this technique to results of [HSS93]. We also show how the generator given by Gennaro [Gen00] can be simply derived from results of Patel and Sundaram [PS98a] using our technique.Engineering and Applied Science

Periodic Structure of the Exponential Pseudorandom Number Generator

We investigate the periodic structure of the exponential pseudorandom number generator obtained from the map $x\mapsto g^x\pmod p$ that acts on the set $\{1, \ldots, p-1\}$

Short Cycles in Repeated Exponentiation Modulo a Prime

Given a prime $p$, we consider the dynamical system generated by repeated exponentiations modulo $p$, that is, by the map $u \mapsto f_g(u)$, where $f_g(u) \equiv g^u \pmod p$ and $0 \le f_g(u) \le p-1$. This map is in particular used in a number of constructions of cryptographically secure pseudorandom generators. We obtain nontrivial upper bounds on the number of fixed points and short cycles in the above dynamical system

On the Possibility of a Backdoor in the Micali-Schnorr Generator

In this paper, we study both the implications and potential impact of backdoored parameters for two RSA-based pseudorandom number generators: the ISO-standardized Micali-Schnorr generator and a closely related design, the RSA PRG. We observe, contrary to common understanding, that the security of the Micali-Schnorr PRG is not tightly bound to the difficulty of inverting RSA. We show that the Micali-Schnorr construction remains secure even if one replaces RSA with a publicly evaluatable PRG, or a function modeled as an efficiently invertible random permutation. This implies that any cryptographic backdoor must somehow exploit the algebraic structure of RSA, rather than an attacker\u27s ability to invert RSA or the presence of secret keys. We exhibit two such backdoors in related constructions: a family of exploitable parameters for the RSA PRG, and a second vulnerable construction for a finite-field variant of Micali-Schnorr. We also observe that the parameters allowed by the ISO standard are incompletely specified, and allow insecure choices of exponent. Several of our backdoor constructions make use of lattice techniques, in particular multivariate versions of Coppersmith\u27s method for finding small solutions to polynomials modulo integers

IMPROVING SMART GRID SECURITY USING MERKLE TREES

Abstract—Presently nations worldwide are starting to convert their aging electrical power infrastructures into modern, dynamic power grids. Smart Grid offers much in the way of efficiencies and robustness to the electrical power grid, however its heavy reliance on communication networks will leave it more vulnerable to attack than present day grids. This paper looks at the threat to public key cryptography systems from a fully realized quantum computer and how this could impact the Smart Grid. We argue for the use of Merkle Trees in place of public key cryptography for authentication of devices in wireless mesh networks that are used in Smart Grid applications

Multi-instance publicly verifiable time-lock puzzle and its applications

Time-lock puzzles are elegant protocols that enable a party to lock a message such that no one else can unlock it until a certain time elapses. Nevertheless, existing schemes are not suitable for the case where a server is given multiple instances of a puzzle scheme at once and it must unlock them at different points in time. If the schemes are naively used in this setting, then the server has to start solving all puzzles as soon as it receives them, that ultimately imposes significant computation cost and demands a high level of parallelisation. We put forth and formally define a primitive called “multi-instance time-lock puzzle” which allows composing a puzzle’s instances. We propose a candidate construction: “chained time-lock puzzle” (C-TLP). It allows the server, given instances’ composition, to solve puzzles sequentially, without having to run parallel computations on them. C-TLP makes black-box use of a standard time-lock puzzle scheme and is accompanied by a lightweight publicly verifiable algorithm. It is the first time-lock puzzle that offers a combination of the above features. We use C-TLP to build the first “outsourced proofs of retrievability” that can support real-time detection and fair payment while having lower overhead than the state of the art. As another application of C-TLP, we illustrate in certain cases, one can substitute a “verifiabledelay function” with C-TLP, to gain much better efficiency