Re: Selecting parameters for LCGs

Greg Rose (ggr@qualcomm.com)
Wed, 03 Feb 1999 05:58:39 +1000

• Next message: Enzo Michelangeli: "Re: Selecting parameters for LCGs"
• Previous message: bram: "Re: selling random bits"
• In reply to: Mike Rosing: "selling random bits"
• Next in thread: Robert Hettinga: "Re: Selecting parameters for LCGs"
• Reply: Robert Hettinga: "Re: Selecting parameters for LCGs"

At 08:52 2/02/99 -0500, Perry E. Metzger wrote:
>That's what I've always thought -- if there is *any* bad property from
>a Monte Carlo point of view it will be far worse from a cryptography
>point of view.

When a monte-carlo simulation has problems, it is usually because of
correlations between the generated values in some high-order dimension
(like all points falling on a particular k-1 dimensional hyperplane in
k-dimensional space). Such a problem is closely related to
lattice-reduction methods, so I think it would lead more-or-less directly
to an attack on the cryptosystem.

Greg.

Greg Rose INTERNET: ggr@Qualcomm.com
Qualcomm Australia VOICE: +61-2-9181-4851 FAX: +61-2-9181-5470
Suite 410, Birkenhead Point, http://people.qualcomm.com/ggr/
Drummoyne NSW 2047 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C

• Next message: Enzo Michelangeli: "Re: Selecting parameters for LCGs"
• Previous message: bram: "Re: selling random bits"
• In reply to: Mike Rosing: "selling random bits"
• Next in thread: Robert Hettinga: "Re: Selecting parameters for LCGs"
• Reply: Robert Hettinga: "Re: Selecting parameters for LCGs"