Recovering zeros of polynomials modulo a prime

Let $p$ be a prime and $\mathbb{F}_p$ the finite field with $p$ elements. We show how, when given an irreducible bivariate polynomial $F \in \mathbb{F}_p[X,Y]$ and an approximation to a zero, one can recover the root efficiently, if the approximation is good enough. The strategy can be generalized to polynomials in the variables $X_1,\ldots ,X_m$ over the field $\mathbb{F}_p$. These results have been motivated by the predictability problem for nonlinear pseudorandom number generators and other potential applications to cryptography

A strategy for recovering roots of bivariate polynomials modulo a prime

Let $p$ be a prime and \F_p the finite field with $p$ elements. We show how, when given an irreducible bivariate polynomial f \in \F_p[X,Y] and approximations to (v_0,v_1) \in \F_p^2 such that $f(v_0,v_1)=0$, one can recover $(v_0,v_1)$ efficiently, if the approximations are good enough. This result has been motivated by the predictability problem for non-linear pseudorandom number generators and, other potential applications to cryptography

On the Degree Growth in Some Polynomial Dynamical Systems and Nonlinear Pseudorandom Number Generators

In this paper we study a class of dynamical systems generated by iterations of multivariate polynomials and estimate the degreegrowth of these iterations. We use these estimates to bound exponential sums along the orbits of these dynamical systems and show that they admit much stronger estimates than in the general case and thus can be of use for pseudorandom number generation.Comment: Mathematics of Computation (to appear

An improved method for predicting truncated multiple recursive generators with unknown parameters

Multiple recursive generators are an important class of pseudorandom number generators which are widely used in cryptography. The predictability of truncated sequences that predict the whole sequences by the truncated high-order bits of the sequences is not only a crucial aspect of evaluating the security of pseudorandom number generators but also serves an important role in the design of pseudorandom number generators. This paper improves the work of Sun et al on the predictability of truncated multiple recursive generators with unknown parameters. Given a few truncated digits of high-order bits output by a multiple recursive generator, we adopt the resultant, the Chinese Remainder Theorem and the idea of recovering $p$-adic coordinates of the coefficients layer by layer, and Kannan\u27s embedding technique to recover the modulus, the coefficients and the initial state, respectively. Experimental results show that our new method is superior to that of the work of Sun et al, no matter in terms of the running time or the number of truncated digits required

SP 800-22 and GM/T 0005-2012 Tests: Clearly Obsolete, Possibly Harmful

When it comes to cryptographic random number generation, poor understanding of the security requirements and ``mythical aura\u27\u27 of black-box statistical testing frequently leads it to be used as a substitute for cryptanalysis. To make things worse, a seemingly standard document, NIST SP 800-22, describes 15 statistical tests and suggests that they can be used to evaluate random and pseudorandom number generators in cryptographic applications. The Chinese standard GM/T 0005-2012 describes similar tests. These documents have not aged well. The weakest pseudorandom number generators will easily pass these tests, promoting false confidence in insecure systems. We strongly suggest that SP 800-22 be withdrawn by NIST; we consider it to be not just irrelevant but actively harmful. We illustrate this by discussing the ``reference generators\u27\u27 contained in the SP 800-22 document itself. None of these generators are suitable for modern cryptography, yet they pass the tests. For future development, we suggest focusing on stochastic modeling of entropy sources instead of model-free statistical tests. Random bit generators should also be reviewed for potential asymmetric backdoors via trapdoor one-way functions, and for security against quantum computing attacks

Arithmetic Geometry

The focus of the workshop was the connection between algebraic geometry and arithmetic. Most lectures were on p-adic topics, underlining the importance of Fontaine’s theory in the field, namely it gives a relation between “coherent” and “´etale” invariants. Lectures on other topics ranged from anabelian geometry to general algebraic geometry (although with number theoretic applications) and to results on global Shimura varieties

Advances in Discrete Differential Geometry

Differential Geometr