Cryptology ePrint Archive: Report 2006/190

Cryptanalysis of the Dual Elliptic Curve Pseudorandom Generator

Berry Schoenmakers and Andrey Sidorenko

Abstract: The Dual Elliptic Curve Pseudorandom Generator (DEC PRG) is proposed by Barker and Kelsey in a draft NIST Special Publication. It is claimed that the pseudorandom generator is secure unless the adversary can solve the elliptic curve discrete logarithm problem (ECDLP) for the corresponding elliptic curve. The claim is supported only by an informal discussion. No security reduction is given, that is, it is not shown that an adversary that breaks the pseudorandom generator implies a solver for the ECDLP.

Our experimental results and also empirical argument show that the DEC PRG is insecure. The attack does not imply solving the ECDLP for the corresponding elliptic curve. The attack is very efficient.

Category / Keywords: Pseudorandomness, indistinguishability

Date: received 7 Jun 2006, last revised 15 Sep 2006

Contact author: a sidorenko at tue nl

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: Several small corrections have been made.

Version: 20060915:153341 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]