On 2009-06-07, Phoenix <ribeiroalvo@xxxxxxxxx> wrote:
Is this algorithm, cryptographically secure pseudo-random number

No, I don't think so. For one thing, it seems it should be possible
to recover the cipher state (and thereby predict future outputs) with
high probability by observing just three consecutive outputs.

(Call the outputs x, y and z. By definition, we have y = frac(ax) for
some a, and z = frac(by) = frac((a+x)y) = frac(frac(ay) + xy). Let w
= frac(ay) = frac(z - xy + 1). Then we have a = (y + r)/x = (w + s)/y
for some integers r and s, which we should be able to solve for using
a form of Euclid's algorithm. There may be some issues with roundoff,
but I do believe the basic idea should work.)

Ilmari Karonen
To reply by e-mail, please replace ".invalid" with ".net" in address.

Relevant Pages