Paper 2011/007

KISS: A Bit Too Simple

Greg Rose


KISS (`Keep it Simple Stupid') is an efficient pseudo-random number generator specified by G. Marsaglia and A. Zaman in 1993. G. Marsaglia in 1998 posted a C version to various USENET newsgroups, including \texttt{sci.crypt}. Marsaglia himself has never claimed cryptographic security for the KISS generator, but many others have made the intellectual leap and claimed that it is of cryptographic quality. In this paper we show a number of reasons why the generator does not meet the KISS authors' claims, why it is not suitable for use as a stream cipher, and that it is not cryptographically secure. Our best attack requires about 70 words of generated output and a few hours of computation to recover the initial state.

Note: Minor updates to paper based on recieved comments.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Might be submitted to SAC'11
PRNGstream ciphercryptanalysis
Contact author(s)
ggr @ qualcomm com
2011-10-20: last of 3 revisions
2011-01-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Greg Rose},
      title = {KISS: A Bit Too Simple},
      howpublished = {Cryptology ePrint Archive, Paper 2011/007},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.