HiveBrain v1.2.0
Get Started
← Back to all entries
snippetMinor

How can I prove that a cryptography algorithm is a pseudo-random number generator?

Submitted by: @import:stackexchange-cs··
0
Viewed 0 times
randomcannumberpseudogeneratoralgorithmprovethathowcryptography

Problem

I have read about cryptography prgs.
If I have a generator G(x1,x2...,xn)= x1,x2,...,xn, x1&x2...&xn , how can I prove that it is a prg or prove it is not?

Is there some principles I have to be based on while proving prgs?

Solution

We don't know how to prove that a cryptographic PRNG exists. There are some candidate constructions, but they have not been proved to work. There are some results of the form "if X exists then so does a cryptographic PRNG", where X is some other cryptographic primitive, and the PRNG can be constructed explicitly from X. However, none of these other cryptographic primitives are known to exist. A particularly intriguing open question is to construct such a primitive which works merely under the assumption that P differs from NP.

On the other hand, proving that a generator is not a PRNG is much easier. You just need to give a distinguisher which has a non-negligible advantage in comparing the output of the generator to truly random output (as in the definition of a cryptographic PRNG).

Context

StackExchange Computer Science Q#69492, answer score: 4

Revisions (0)

No revisions yet.