Open AccessPractical seed-recovery for the PCG Pseudo-Random Number Generator
Author(s) -
Charles Bouillaguet,
Florette Martinez,
Julia Sauvage
Publication year - 2020
Publication title -
iacr transaction on symmetric cryptology
Language(s) - English
Resource type - Journals
ISSN - 2519-173X
DOI - 10.46586/tosc.v2020.i3.175-196
Subject(s) - random number generation , computer science , random seed , pseudorandom number generator , cryptography , generator (circuit theory) , byte , algorithm , lattice (music) , process (computing) , theoretical computer science , parallel computing , computer engineering , computer hardware , programming language , power (physics) , physics , quantum mechanics , acoustics
The Permuted Congruential Generators (PCG) are popular conventional (non-cryptographic) pseudo-random generators designed in 2014. They are used by default in the NumPy scientific computing package. Even though they are not of cryptographic strength, their designer stated that predicting their output should nevertheless be "challenging".In this article, we present a practical algorithm that recovers all the hidden parameters and reconstructs the successive internal states of the generator. This enables us to predict the next “random” numbers, and output the seeds of the generator. We have successfully executed the reconstruction algorithm using 512 bytes of challenge input; in the worst case, the process takes 20 000 CPU hours.This reconstruction algorithm makes use of cryptanalytic techniques, both symmetric and lattice-based. In particular, the most computationally expensive part is a guessand-determine procedure that solves about 252 instances of the Closest Vector Problem on a very small lattice.