Usage of LCG/CLCG numbers for electronic gambling applications



Similar documents
Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur

Luby s Alg. for Maximal Independent Sets using Pairwise Independence

PSYCHOLOGICAL RESEARCH (PYC 304-C) Lecture 12

Recurrence. 1 Definitions and main statements

An Alternative Way to Measure Private Equity Performance

Section 5.4 Annuities, Present Value, and Amortization

Extending Probabilistic Dynamic Epistemic Logic

benefit is 2, paid if the policyholder dies within the year, and probability of death within the year is ).

Joe Pimbley, unpublished, Yield Curve Calculations

Examensarbete. Rotating Workforce Scheduling. Caroline Granfeldt

Simple Interest Loans (Section 5.1) :

CHAPTER 14 MORE ABOUT REGRESSION

1 Example 1: Axis-aligned rectangles

What is Candidate Sampling

1. Math 210 Finite Mathematics

Forecasting the Direction and Strength of Stock Market Movement

On the Optimal Control of a Cascade of Hydro-Electric Power Stations

SIMPLE LINEAR CORRELATION

Lecture 3: Force of Interest, Real Interest Rate, Annuity

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by

8 Algorithm for Binary Searching in Trees

1. Measuring association using correlation and regression

How Sets of Coherent Probabilities May Serve as Models for Degrees of Incoherence

Nordea G10 Alpha Carry Index

Support Vector Machines

The Application of Fractional Brownian Motion in Option Pricing

How To Calculate The Accountng Perod Of Nequalty

VRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT-09105, Phone: (370-5) , Fax: (370-5) , info@teltonika.

Brigid Mullany, Ph.D University of North Carolina, Charlotte

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

Finite Math Chapter 10: Study Guide and Solution to Problems

NON-CONSTANT SUM RED-AND-BLACK GAMES WITH BET-DEPENDENT WIN PROBABILITY FUNCTION LAURA PONTIGGIA, University of the Sciences in Philadelphia

How Much to Bet on Video Poker

Answer: A). There is a flatter IS curve in the high MPC economy. Original LM LM after increase in M. IS curve for low MPC economy

BERNSTEIN POLYNOMIALS

7.5. Present Value of an Annuity. Investigate

Implied (risk neutral) probabilities, betting odds and prediction markets

Chapter 4 ECONOMIC DISPATCH AND UNIT COMMITMENT

DEFINING %COMPLETE IN MICROSOFT PROJECT

Lecture 3: Annuity. Study annuities whose payments form a geometric progression or a arithmetic progression.

The Greedy Method. Introduction. 0/1 Knapsack Problem

Forecasting the Demand of Emergency Supplies: Based on the CBR Theory and BP Neural Network

Can Auto Liability Insurance Purchases Signal Risk Attitude?

STAMP DUTY ON SHARES AND ITS EFFECT ON SHARE PRICES

Using Series to Analyze Financial Situations: Present Value

RequIn, a tool for fast web traffic inference

General Auction Mechanism for Search Advertising

POLYSA: A Polynomial Algorithm for Non-binary Constraint Satisfaction Problems with and

1. Fundamentals of probability theory 2. Emergence of communication traffic 3. Stochastic & Markovian Processes (SP & MP)

A statistical approach to determine Microbiologically Influenced Corrosion (MIC) Rates of underground gas pipelines.

CHOLESTEROL REFERENCE METHOD LABORATORY NETWORK. Sample Stability Protocol

14.74 Lecture 5: Health (2)

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently.

The OC Curve of Attribute Acceptance Plans

Efficient Project Portfolio as a tool for Enterprise Risk Management

A hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm

EXAMPLE PROBLEMS SOLVED USING THE SHARP EL-733A CALCULATOR

Institute of Informatics, Faculty of Business and Management, Brno University of Technology,Czech Republic

Vision Mouse. Saurabh Sarkar a* University of Cincinnati, Cincinnati, USA ABSTRACT 1. INTRODUCTION

Single and multiple stage classifiers implementing logistic discrimination

Analysis of Energy-Conserving Access Protocols for Wireless Identification Networks

Traffic-light a stress test for life insurance provisions

Causal, Explanatory Forecasting. Analysis. Regression Analysis. Simple Linear Regression. Which is Independent? Forecasting

Implementation of Deutsch's Algorithm Using Mathcad

A Replication-Based and Fault Tolerant Allocation Algorithm for Cloud Computing

Proceedings of the Annual Meeting of the American Statistical Association, August 5-9, 2001

NPAR TESTS. One-Sample Chi-Square Test. Cell Specification. Observed Frequencies 1O i 6. Expected Frequencies 1EXP i 6

Number of Levels Cumulative Annual operating Income per year construction costs costs ($) ($) ($) 1 600,000 35, , ,200,000 60, ,000

How To Understand The Results Of The German Meris Cloud And Water Vapour Product

AN APPOINTMENT ORDER OUTPATIENT SCHEDULING SYSTEM THAT IMPROVES OUTPATIENT EXPERIENCE

Product-Form Stationary Distributions for Deficiency Zero Chemical Reaction Networks

The Mathematical Derivation of Least Squares

A frequency decomposition time domain model of broadband frequency-dependent absorption: Model II

"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *

J. Parallel Distrib. Comput.

How Large are the Gains from Economic Integration? Theory and Evidence from U.S. Agriculture,

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis

THE DISTRIBUTION OF LOAN PORTFOLIO VALUE * Oldrich Alfons Vasicek

Estimation of Dispersion Parameters in GLMs with and without Random Effects

Hollinger Canadian Publishing Holdings Co. ( HCPH ) proceeding under the Companies Creditors Arrangement Act ( CCAA )

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression

1.1 The University may award Higher Doctorate degrees as specified from time-to-time in UPR AS11 1.

Feature selection for intrusion detection. Slobodan Petrović NISlab, Gjøvik University College

An Empirical Study of Search Engine Advertising Effectiveness

Fuzzy Set Approach To Asymmetrical Load Balancing In Distribution Networks

An Evaluation of the Extended Logistic, Simple Logistic, and Gompertz Models for Forecasting Short Lifecycle Products and Services

FREQUENCY OF OCCURRENCE OF CERTAIN CHEMICAL CLASSES OF GSR FROM VARIOUS AMMUNITION TYPES

A Secure Password-Authenticated Key Agreement Using Smart Cards

ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING

How To Know The Components Of Mean Squared Error Of Herarchcal Estmator S

8.4. Annuities: Future Value. INVESTIGATE the Math Annuities: Future Value

Transition Matrix Models of Consumer Credit Ratings

Student Performance in Online Quizzes as a Function of Time in Undergraduate Financial Management Courses

Exhaustive Regression. An Exploration of Regression-Based Data Mining Techniques Using Super Computation

Availability-Based Path Selection and Network Vulnerability Assessment

Traffic State Estimation in the Traffic Management Center of Berlin

Ring structure of splines on triangulations

Transcription:

Usage of LCG/CLCG numbers for electronc gamblng applcatons Anders Knutsson Smovts Consultng, Wenner-Gren Center, Sveavägen 166, 113 46 Stockholm, Sweden anders.knutsson@smovts.com Abstract. Several attacks and weaknesses aganst the Lnear Congruental Generator (LCG) have been shown n lterature, but not descrptons how these attacks successfully can be used n practce aganst gamng applcatons that use LCG values. Ths paper presents results from mplementatons of dfferent attack methods aganst an nternet casno roulette game usng an LCG. It s shown that the casno cannot prevent attacks by decreasng the nterval of reseedng the generator wthn reasonable lmts. The attack methods dscussed are the attack by Freze et al, a brute force attack and an attack called the chosen gap method, the latter ntroduced n ths paper. 1. Introducton Pseudo random numbers are often used nstead of real random values when speed to create numbers s mportant as s the case for electronc gamblng applcatons. One popular pseudo random generator s the Lnear Congruental Generator (LCG). Ths generator s suggested to be used when mplementng casno games by the Swedsh lottery authorty [7]. The LCG has been shown to be unsafe by several publcatons. Boyar [1] and Krawczyk [4] showed that a generator value can be predcted gven a polynomal bounded number of earler values wthout the knowledge of the LCG constants a, b and m. Freze, Hastad, Kannan, Lagaras and Shamr [] showed that truncated values generated by an LCG, wth known a and m, may n many cases be restored when gven the most sgnfcant bts, the least sgnfcant bts or any other wndow of bts. The probablty of a successful reconstructon ncreases wth more knowledge, as more bts of each value or more values. Stern [8] showed that the knowledge of a and m could be omtted, as long as more knowledge n the form of bts of values and number of values can be had. Ths paper wll show the results of an mplementaton of the work of Freze et al. n a casno envronment and show that these attacks cannot be prevented by decreasng the nterval of reseedng, as long as the casno demands that many more bts n the form of pseudo randomness shall be produced than bts of real randomness s gven to the generator. Comparsons are made to a brute force attack and a method called the chosen gap attack.

Anders Knutsson. Prerequstes The lnear congruence generator, LCG produces a sequence X accordng to the mathematcal functon (1). Let X 0 be the seed,.e. the frst value n the sequence and a real random nteger value. The LCG has three postve ntegers a, b and m. X = ( ax 1 + b) mod m (1) The sequence X has values n the nterval [0, m-1] and the perod wll at a maxmum be m. The LCG passes the usual statstcal tests when ntalzed and used properly. How the ntegers a, b and m should be chosen s nvestgated by Knuth [3]. Roulette s used as an example of a gamblng applcaton n ths paper. A partcpant n the game chooses one or several numbers out of 37 or 38 (Amercan roulette). A wnnng gves a proft of 35 tmes the wager. Snce the chance of wnnng s 1 of 37 and the reward s just 36 to 1, the player wll on average lose.7% of the wagered money n each game. Roulette values s created by takng the sequence X wth values n the nterval [0, m-1] and produce the sequence Y wth values between 0 and 36 by: Y mod 37 () X Ths corresponds to usng the least sgnfcant bts of the pseudo random value. Another alternatve s to use the most sgnfcant bts: X Y 37 In ths paper the method () s used for the examples. If m s not dvsble by 37 the hghest values are dscarded to not make the dstrbuton dstorted. The value Y s output by the roulette and publcly known. It s assumed that a, b and m are known or correctly guessed by the attacker. To guess a, b and m s not too dffcult, snce there exsts lsts of known good constants and mplementatons are lkely to use one of these confguratons. Values for other games could be retreved n much the same way. A slot machne wth 0 dfferent symbols on each wheel could use () but wth mod 0 nstead of mod 37. Two LCGs can be combned to create a combned lnear congruence generator, CLCG. Wth good constants n the underlyng LCGs the generator has a perod that s the product of the perod of each LCG. The frst CLCG presented was the Wchmann and Hll generator [9]. The equvalence between ths generator and an LCG was shown by Zesel [10]. Later L Ecuyer [6] presented another CLCG defnton. Ths generator s not equvalent to, but can be approxmated by, an LCG. The Freze et. al. algorthm can be used to predct CLCGs of the Wchmann-Hll type, whle the added nose n the L Ecuyer CLCG prevents us from usng the algorthm, when the known bts of the values are the least sgnfcant bts. However f the known bts are the most sgnfcant bts, the L Ecuyer CLCG can be exposed, snce the nose s n the least sgnfcant bts and the L Ecuyer CLCG would gve the (3)

Usage of LCG/CLCG numbers for electronc gamblng applcatons 3 same truncated sequence as a correspondng LCG. Ths s also true f a wndow of bts s used, and no part of the wndow ncludes any of the nosy bts. Also other forms of congruental generators can be predcted by the Freze et al. attack, such as a multvarate lnear congruence. Whle polynomal congruental generators cannot be predcted, snce the attack method demands lnear congruences. A brute force attack may stll be used dependng on the sze of the perod. 3. Results of mplementatons Ths secton presents results about how many seen values n a roulette game that wll suffce to do a correct predcton by the method by Freze et al [] and a brute force attack. What we are nterested n s to compare the number of bts that have been presented by the roulette when ths happens to the number of bts needed to seed the generator and calculate a quotent of these values n the followng manner: btsobserved Quotent = bts n seed If ths quotent s no more than 1 no more bts could be extracted from the generator before a reseedng s needed, than the number of bts of real randomness gven to the generator as seed. The nterval between reseedngs s then so small that t would be better to use the real randomness drectly to create roulette values. (4) 3.1. Freze et al. attack method The Freze et al. method requres the knowledge of a and m, whle b may stay unknown. The reason why b may be unknown s that the sequence of dfferences between consecutve values can be predcted as well as the sequence of values. The sequence s defned as: X X (5) X +1 Snce the actual values of X are not known but Y, only a part of X wll be known. Ths part s here denoted Y. The sequence Y s created by subtractng consecutve values n the sequence Y wth each other. Usng values n the Y sequence to reconstruct the values n the X sequence accordng to the attack method, a predcton for the value Y +1 can be done: Y + 1 Y + X mod 37 or Y+ 1 Y + X m mod 37 (6) The left alternatve s true f X + X m (7) < Otherwse the rght alternatve s true. Snce t s always true that

4 Anders Knutsson X + X < m (8) there are only two optons. We cannot know whch of these optons s true, snce we cannot calculate X, lackng the knowledge of b. Therefore we bet on both numbers. Equaton (9) below shows the Rpley LCG generator, recommended as a good generator for casno mplementatons [7]. 3 = ( 158901355X 1 + 1) mod X (9) The Rpley generator s ntalzed wth the seed 760611 and the method () s used to create roulette values. The twelve frst output values are 15, 1, 3, 3, 5, 1, 5, 19, 9, 7, 4 and 4. The attacker tres to make predctons after havng seen sx values and the attempts are shown n table 1. It s unlkely to fnd a unque reconstructon before ths snce t takes at least sx values to be lkely to have a unque followng value. Ths can be shown by nvestgatng how many values between 0 tll 36 that can be represented by 3 bts: 1 n (10) 3 = 1 n = log37 3 n 6.14 37 The formula above also shows how many roulette values that could be created by the seed of 3 bts that the Rpley generator uses. Table 1. Predcton of roulette values created from a Rpley LCG and transformed usng (). Predctng Predcton Real Value Result 7 16 or 3 5 Faled 8 or 9 19 Faled 9 or 9 9 Succeeded 10 0 or 7 7 Succeeded 11 4 or 31 4 Succeeded 1 4 or 31 4 Succeeded Fgure 1 shows how often the predctons succeed. The 6 th consecutve value s predcted after seeng the fve earler, the 7 th after seeng the sx earler values and so on. Ths s done three tmes wth 1000 sequences n each test batch. The 3000 seeds are chosen pseudo randomly. If the sequence were truly random we ought to wn around of 37 5.4% of the games. The test shows that there s a great chance to get a correct predcton for the 8 th value, demandng a reseedng after seven values to not gve an attacker a statstcal advantage. Knowng that a real random value of 3 bts was used to seed the sequence and that seven values correspond to 36.5 bts, the quotent of how many tmes more bts that can be used of the generator s output than the seed, s 1.14,.e. only 1.14 tmes more nformaton can be receved from the Rpley generator than was put n.

Usage of LCG/CLCG numbers for electronc gamblng applcatons 5 Number of correct predctons 1000 900 800 700 600 500 400 300 00 100 0 6 7 8 9 10 11 1 13 Predctng value no. Random Test1 Test Test3 Fg. 1. How many of 1000 sequences that were rghtly predcted for the Rpley LCG (9), and the expected number of wnnngs f the sequences were truly random. The value m s qute small for the Rpley generators and a brute force attack could be used just as well as the Freze et al. method. The next test uses an LCG wth a much larger m. Ths LCG s taken from [5]: X = 19684071571654650X 1 mod 4611685301167870637 (11) By the same reasonng as n equaton (10) 1 values are probably needed to get a unque reconstructon. n 1 (1) 4611685301167870637 = 1 n 11.9 37 The generator needs 6 bts of real randomness to be confgured wth each value n the sequence havng the same chance of beng the seed. The results presented n fgure show that more than 14 values should not be output. Ths corresponds to 7.9 bts and a quotent of 1.18. It can thereby be seen that also for ths larger generator no or not much hgher percentage of bts can be output than was gven to t as seed.

6 Anders Knutsson Number of correct predctons 1000 900 800 700 600 500 400 300 00 100 0 1 13 14 15 16 17 18 19 0 1 Predctng value no. Random Test1 Test Test3 Fg.. How many of 1000 sequences were rghtly predcted for the generator of (11), and the expected number of wnnngs f the sequences were truly random. 3.. Brute force approach Wth the knowledge of Y as defned by (), many values for X cannot be true. Only m/37 dfferent values for X are possble. A brute force approach s to test for every possble X f the followng value X +1 mod 37 s equal to Y +1. If that s true we contnue to test for X + and so on. If t s not, we nvestgate the next possble value for X and se f we have better luck. Ths takes rather long tme even for such a small m as defned by the Rpley generator. The tme can be bettered wth a constant by dong some observatons. Take two values X and X +1 that match Y and Y +1 after a modular reducton wth 37. We wll call the next matchng values nextmatch(x ) and nextmatch(x +1 ). We can make a calculaton on how much larger nextmatch(x ) must be than X. Let nextmatch( X ) = X + 37k (13), then nextmatch( X + 1 ) = ax + 37ka + b X + 1 + 37ka mod m (14) We now calculate the smallest k that fulfls the followng congruence: X + 1 mod 37 = ( X + 1 + 37ka modm) mod37 (15) The next value to be tested s 37k larger than the last one. Ths decreases the nvestgaton tme, but snce the decrease s by a constant the method wll take to much tme to be of any use f the perod s much larger than the m of the Rpley generator.

Usage of LCG/CLCG numbers for electronc gamblng applcatons 7 From equaton (10) we are nclned to suspect that 6 values ought to be enough to have a great chance for a unque suggeston for the next value output by the Rpley generator. But t s not necessary for the attacker to be absolutely sure what the next value s. If we collect statstcs on how large the probablty s for every value from 0 to 36 to be next, we know that t wll be proftable n the long run to play on any value that has larger probablty than 1/36 to be next. Therefore statstcal advantage s had even when predctng the 6 th value, gvng a quotent below 1, meanng fewer bts can safely be used of the generators values than were used n the seed. It would therefore be better to use the real randomness from the seed to decde the roulette values. 4. Chosen Gap Method For the chosen gap method, based on some known weaknesses of the LCG, the attacker must be able to choose a gap n the sequence when he s not playng. Ths gap must not be as large as a perod; then t would be trval to do the predcton. For ths secton t s convenent to rewrte the LCG n the followng way: X = a X + 1 0 j=0 The method s shown usng a small LCG: j a b mod m ( 106 1 +183) mod 6075 = X (16) X (17) The perod s 6075, a full-perod. But f b s changed to be 0, whle keepng the same a and m, the perod s just 405. Ths means that the followng s true. 405 t a 1 mod 6075 for any t (18) Two values at a dstance of 405t are related n the followng way: X = X 405t 1 j 405t + j= 0 a b mod m (19) Wth a, b and m known the dfference between the two values can be calculated. When workng wth the truncated sequence Y as defned by (), the dfference to a value 405t later s calculated to be 405t 1 j a j= 0 When the value 405t 1 b mod m mod 37 or j a b mod m + m mod 37 j= 0 405t 1 j j= 0 a b mod m (0) (1)

8 Anders Knutsson s close to 0 or m one of the possble values has a greater possblty to be the correct one. But we can always cover both choces by placng a double bet. The method can be used also for CLCG. The problem for the attacker wth the CLCG compared to the LCG s that the whole prevous values are not enough to be able to predct the next value, snce two sequences cover each other. Let a CLCG be made of generators producng sequences V and W respectvely. The output X from the CLCG s defned accordng wth () wth m x as the modulus of sequence X: X = ( V W ) mod m () A usual confguraton of the constants s those presented n [5] or [6]. For these generators t s true that two values half the perod apart added together gve m. Ths follows from Fermat s theorem. a m 1 m 1 m 1 mod m 1 a a x mod m 1 A value half a perod away from X can be calculated to be: X m 1 + = a m 1 X mod m X ( m 1) mod m X mod m = m X If we have two values that are half the perod of the W sequence apart, we add these two values wth m w, the constant m of generator W, to get rd of the nfluence of the W sequence. The result s denoted T. As mw 1 w x mw 1 + + x (3) (4) T = X + X + m mod m V + V mod m (5) V mw 1 + a mw 1 v V mod m, V can be calculated to be one of three alternatves dependng on how many modular reductons that have occurred n (5), whch s no more than two. ( T + tm V m a x w 1 v mod m + 1 v ) mod m v v,0 t Therefore the whole sequence V can be calculated and by the same method W can also be calculated. However, n the gamblng applcaton we do not get the sequence X but nstead Y as defned by (). The same procedure s used, but as we only get a part of each value more values are needed to be able to make the reconstructon. T s calculated as: T = X + X m 1 mw mod m w + x + mod 37 (6) (7) (8)

Usage of LCG/CLCG numbers for electronc gamblng applcatons 9 As before modular reductons wll play a role and the real dfference between two values may be tm x mod 37, for 0 t. Gettng several dfferences a total search could be deployed to go through the complete sequence V taken mod 37 and see f these dfferences could be found somewhere. Havng a number of values at a chosen gap for the CLCG wll therefore enable us to use a total search on the underlyng LCG to fnd future values. The number of values needed on both sdes of the half perod, n, should satsfy the followng: 37 3 n > m The same prncple can be used for CLCGs consstng of more generators. From ths aspect we fnd that t s better to have fewer larger generators than many small generators for the CLCG even f they end up to around the same perod for the CLCG, snce a small generator has a shorter half perod. We must conclude that ths method s of mnor mportance at least for the CLCGs presented n [5] and [6], snce half a perod s a bllon values and the attacker would have to wat a long tme for ths to happen and the applcaton can surely reseed before ths wll happen. x (9) 5. Problems for an attacker Whle the casno cannot stop the attacks by reseedng more often, there are several problems for the attacker that must be taken nto consderaton as the followng lst shows: Values are mssng n the observed sequence. The Freze et. al method demands that the relatons between the values are known. They do not have to be n consecutve order but ther relatve postons must be known,.e. f there are any gaps n the sequence. Gaps can occur for several reasons as for nstance that a value s dsmssed after a certan tme nterval when the game s not used. If the gaps are not known the attacker has to guess. Ths s possble f the gaps are ether small or a short nterval that the gaps are wthn s known. Values are modfed before they are used. The gamblng applcaton may make modfcaton of values as a way of makng t harder for an attacker to predct. A smple substtuton between the values s a possblty as well as a double truncaton of the values. Unknown a and m. It has been assumed that the attacker has knowledge of a and m. If the attacker uses the method by Sterner [9] the knowledge of a and m can also be omtted, wth the cost that more bts are needed for the predcton. Ths method has not been mplemented and how well t performs and how many more bts that are needed can not be gven.

10 Anders Knutsson 6. Conclusons In ths paper t has been shown through tests how dangerous LCG/CLCG s to use n an electronc gamblng applcaton. Not much more bts can be receved from the generator than was gven as nput as a seed before a reseedng s necessary to keep the attacker from gettng a statstcally advantage. It can also be concluded that for small generators such as the classcal Rpley generator a brute force method could be used gvng statstcally advantage even earler. The chosen gap method based on weaknesses of the LCG, showed another way of predctng values. It dd however not mprove the results compared to the other methods. Ths paper was motvated by the recommendaton n [7] to use the Rpley generator for gamng mplementatons. Nothng s sad about how many f any real casnos use ths knd of generator. 7. References [1] J. Boyar, Inferrng Sequences Produced by Pseudo-Random Number Generators, Journal of ACM, Vol. 36, p 19-141, 1989 [] A.M Freze, J. Håstad, R. Kannan, J. C. Lagaras and A. Shamr, Reconstructng Truncated Integer Varables Satsfyng Lnear Congruences, Sam J. of Computng, Vol 17, p 6-80, 1988 [3] D.E. Knuth, The Art of Computer Programmng, Volume : Semnumercal Algorthms Addson-Wesley Publshng, 1980 [4] H. Krawczyk, How to Predct Congruental Generators, CRYPTO 89, Sprngers Verlag, 1990 [5] P. L Ecuyer, S. Tezuka, Structural Propertes for two classes of combned random number generators, 1991. [6] P. L Ecuyer, Effcent and portable combned number generators, Comm. ACM 31, p 74-749, 774, 1989 [7] Lotternspektonen (Swedsh Lottery Authorty), Lotternspektonens vllkor för lotter och slumptalsgeneratorer (The Swedsh Lottery Authortes condtons for lotteres and random number generators), 00 [8] J. Stern, Secret Lnear Congruental Generators Are Not Cryptographcally secure, Proceedng of the 8 th Symposum of FOCS 1987 [9] B.A. Wchmann and I.D. Hll, An effcent and portable pseudo-random number generator, Appled Statstcs 31, 188-190, 1984 [10] H. Zesel, A remark on algorthm AS183, Appled Statstcs35, 1986

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information