The Blum Blum Shub generator is a deterministic Pseudo-Random Bit Generator with security demonstrably reducible to that of integer factorization.
Reference: section 5.5.2 in chapter 5 of the Handbook of Applied Cryptography
Questions tagged [blum-blum-shub]
20 questions
32
votes
2 answers
Blum Blum Shub vs. AES-CTR or other CSPRNGs
Following on from D.W.'s comments on a previous question, what properties does Blum Blum Shub have that make it better / worse than other PRNGs? Are there significant implementation difficulties or security issues with BBS?
Polynomial
- 3,577
- 4
- 30
- 45
8
votes
1 answer
How did SHA-1 'feed' Blum Blum Shub
One of the most (in)famous hardware derived random number generators was Lavarand (patent). It did it with funky lava lamps. An image of the lamps was hashed and fed into Blum Blum Shub (BBS) to produce a cryptographic bit stream.
How? The patent…
Paul Uszak
- 15,905
- 2
- 32
- 83
7
votes
2 answers
Are factorization algorithms parallelizable?
I was reading about the Blum-Blum-Shub random number generator, and its security depends on the hardness of factoring very large numbers (like many things in crypto do).
I'm just wondering, if I have 10 computers, can I break Blum-Blum-Shub 10 times…
Maestro
- 1,069
- 1
- 10
- 17
6
votes
2 answers
Blum Blum Shub Pseudo-Random Generator Requirements
I am trying to understand the Blum Blum Shub pseudo-random generator originally described in A Simple Unpredictable Pseudo-random Number Generator
As best I can tell the requirements are:
For any $x_i$, only $x_i^2 \bmod 2$ is used (only the least…
ben rudgers
- 163
- 6
6
votes
2 answers
How many bits can be safely extracted from the BBS generator at each step?
The Blum-Blum-Shub generator is a deterministic Pseudo-Random Bit Generator with security reducible to that of integer factorization.
Setup: Secretly chose random primes $P$, $Q$, with $P\equiv Q\equiv 3\pmod4$, and compute $N=P\cdot Q$. Secretly…
fgrieu
- 149,326
- 13
- 324
- 622
4
votes
1 answer
Blum Blum Shub Hash
Will this algorithm make a cryptographically secure hash function? Can it be used to generate passwords? Is it secure enough for use as a MAC?
Divide the message into blocks.
The initial state is $h=314159265358979323846$.
For each message block…
user43678
- 43
- 4
3
votes
2 answers
How big does M need to be in Blum Blum Shub?
I've read that Blum Blum Shub is a CSPRNG, defined by $x_{n+1} = x_n^2 \bmod M$. I didn't understand that, and couldn't find any sources on how big $M$ should be.
Are 32 bits enough? 64 bits? Or are even more bits required?
Command Master
- 351
- 3
- 11
3
votes
2 answers
Is the Blum Blum Shub PRNG suitable to create initialization vectors?
Is it a good idea to use a Blum Blum Shub Generator to create my initialization Vector (IV) in AES-OFB (Output Feedback Mode)?
goldroger
- 1,737
- 8
- 33
- 41
3
votes
2 answers
Advantages to knowing $p$ and $q$ in Blum Blum Shub?
Do you gain any advantage by knowing the factorization of $M$ (over just knowing $M$ itself) in the Blum Blum Shub generator?
The only advantage I see is being able to calculate the $i$-th number directly, as opposed to iterating to it. This…
Jaws212
- 133
- 2
3
votes
1 answer
Why is $-1$ an illegal message in the Goldwasser-Micali Encryption Scheme
I'm not sure why in the Goldwasser-Micali encryption scheme with a Blum integer $N$, the message $-1$ is always a illegal message.
Can you give me some direction for starting?
What is illegal message's meaning?
user9189
- 41
- 3
3
votes
1 answer
Period of Blum-Blum-Shub
Reading about Blum-Blum-Shub, I have found that everyone has stressed the importance of $gcd(p-1, q-1)$ being a small number, as this leads to a large period.
I found it really difficult to find a formula for the period of Blum-Blum-Shub. I…
Giorgos Mitropoulos
- 45
- 5
2
votes
1 answer
Significance of having remainder $3$ when divided by $4$ for both $p$ and $q$ in BBS
In the Blum Blum Shub random number generator, we take two random prime numbers $p$ and $q$ such that both have a remainder of $3$ when divided by $4$. My question is why can't we just take any $2$ random primes? What is significance of having…
swarna islam
- 21
- 2
1
vote
1 answer
Understanding $\varepsilon$-advantage in cryptographically secure deterministic RNG
In Efficient and Secure Pseudo-Random Number Generation by Vazirani & Vazirani, it is stated that every pseudorandom number generator which satisfies the XOR Condition can securely output $\log n$ bits (where $\ n = |N|$). Such a condition is…
Antonio Frighetto
- 11
- 3
1
vote
1 answer
Stream cipher -- Are all random bit generators suitable for stream cipher?
I learned the stream cipher using LFSR in the book. I wonder whether all random bit generators (i.e. BBS, Rabin generator) are suitable for stream cipher. I search using keywords "stream cipher" and "BBS", and there are few results.
Evian
- 163
- 3
1
vote
2 answers
If Blum Blum Shub is modified to use a prime modulus, is it still secure?
The definition of the Blum Blum Shub cryptographically secure pseudorandom number generator is $x=x^2 \mod N$ where $N=p \times q$, $p \in \mathbb P$, and $q \in \mathbb P$. Supposedly, the security comes from an attacker not knowing the factors of…
Melab
- 4,178
- 4
- 24
- 49