# CHAPTER 16

# Pseudo-Random-Sequence Generators and Stream Ciphers

## 16.1 LINEAR CONGRUENTIAL GENERATORS

**Linear congruential generators** are pseudo-random-sequence generators of the form

*X*_{n} = (*aX*_{n − 1} + *b*) mod *m*

in which *X*_{n} is the *n*th number of the sequence, and *X*_{n − 1} is the previous number of the sequence. The variables *a, b*, and *m* are constants: *a* is the **multiplier**, *b* is the **increment**, and *m* is the modulus. The key, or seed, is the value of *X*_{0}.

This generator has a period no greater than *m*. If *a*, *b*, and *m* are properly chosen, then the generator will be a **maximal period generator** (sometimes called maximal length) and have period of *m*. (For example, *b* should be relatively prime to *m*.) Details on choosing constants to ensure maximal period can be found in [863,942]. Another good article on linear congruential generators and their theory is [1446].

Table 16.1, taken from [1272], gives a list of good constants for linear congruential generators. They all produce maximal period generators and even more important, pass the spectral test for randomness for dimensions 2, 3, 4, 5, and 6 [385,863]. They are organized by the largest product that does not overflow a specific word length.

The advantage of linear congruential generators is that they are fast, requiring few operations per bit.

Unfortunately, linear congruential generators cannot be used for cryptography; they are predictable. Linear congruential generators were first broken by Jim Reeds [1294,1295,1296] and then by Joan Boyar [ ...