cryptanalysis of Linear Congruence Generators

what is it

generating random numbers by repeatedly calculating:
X[n+1] = X[n] * a + b (mod m)

see http://mathworld.wolfram.com/LinearCongruenceMethod.html

Cryptanalyses of Linear Congruential Generators:

Reeds, J. (1977), "Cracking" a Random Number Generator. Cryptologia. 1(1). (Also [41: 509-515].)

Vahle, M. and L. Tolendino. (1982), Breaking a Pseudo Random Number Based Cryptographic Algorithm. Cryptologia. 6: 319-328.

Frieze A. and Kannan R. and Lagarias J. (1984), Linear Congruential Generators Do Not Produce Random Sequences, FOCS 1984

Håstad J. and Shamir A. (1985), The Cryptographic Security of Truncated Linearly Related Variables, STOC 1985

Knuth, D. (1985), Deciphering a Linear Congruential Encryption. IEEE Transactions on Information Theory. IT-31: 49-52.

Stern J. (1987), Secret Linear Congruential Generators are not Cryptographically Secure, Proc of the IEEE Symposium on Foundations of Computer Science

Frieze A. and Håstad J. and Kannan R. and Lagarias J. and Shamir A. (1988), Reconstructing Truncated Integer Variables Satisfying Linear Congruences, SIAM J. Comput. 17

online lcg analysis

http://www.uni-mainz.de/~pommeren/Kryptologie/Bitstrom/2_Analyse/lcgc.html
how does it work: http://www.uni-mainz.de/~pommeren/Kryptologie/Bitstrom/2_Analyse/lkgunbek.pdf

schrage's algorithm

useful: multiply 2 nrs without overflows


# calc  a * x mod m
sub schragesmult { my ($a, $x, $m)=@_;
    my $q= int($m/$a);
    my $r= $m % $a;

    my $left= $a * ($x % $q);
    my $right= $r * int($x/$q);
    return $left-$right+($left<$right)?$m:0;
}