题注
在整理我自己Cryptography I答案的时候,我发现以前旧博客里面很多的代码都是不能用的… 这实在是对不起广大朋友们啊!而且旧答案真正的源代码已经基本都找不到了,因此我有的代码就干脆重新整理甚至重写,以保证答案的正确性。这次应该是没问题了~
题目
Weak PRG
The PRG described below uses a 56-bit secret seed. Running the program generates the following first nine outputs of the PRG:
output #1: 210205973
output #2: 22795300
output #3: 58776750
output #4: 121262470
output #5: 264731963
output #6: 140842553
output #7: 242590528
output #8: 195244728
output #9: 86752752
Show that this PRG is insecure by computing the next output. What is the next output (output #10) of the PRG? Note that you are not given the seed.
Hint: there is an algorithm that takes time approximately 2^28 to predict the next output.
Here is the Python script that implements the PRG:
import random
P = 295075153L # about 2^28
class WeakPrng(object):
def __init__(self, p): # generate seed with 56 bits of entropy
self.p = p
self.x = random.randint(0, p)
self.y = random.randint(0, p)
def next(self):
# x_{i+1} = 2*x_{i}+5 (mod p)
self.x = (2*self.x + 5) % self.p
# y_{i+1} = 3*y_{i}+7 (mod p)
self.y = (3*self.y + 7) % self.p
# z_{i+1} = x_{i+1} xor y_{i+1}
return (self.x ^ self.y)
prng = WeakPrng(P)
for i in range(1, 10):
print "output #%d: %d" % (i, prng.next())
分析
PRG
PRG(伪随机数生成器)是密码学中非常重要的一个原型函数。实际上,当今的计算机是没有办法获得真正的随机数的,计算机产生随机数的方法无非两种:(1)用一些可以预估,但是几乎