Linear Congruential Generator (LCG) is an algorithm that yields a sequence of pseudo-randomized numbers calculated with a discontinuous piecewise linear equation. (source: wikipedia)
Anyway, here's the fomula:
function f(Si) {
return (a * Si + b) mod N
}
In short, a, b, and N are the coefficients of the random number generator (RNG).
So in round 1, S1 will be plugged in, and produce the output S2. Then in the next round, S2 will become the input and produce S3, so on and so forth. By gathering all the outputs, we got a sequence of random numbers!
The question is, can we crack this RNG? That is, can we determine the coefficients (a, b, and N) by simply observing the output sequence? Let's check it out!
a = , b = , N =
Calculate
(2
*
+
7)
mod
23:
Or calculate anything:
1. We already leaked two of them, a = 12349876 and N = 43216789 , please help us figure out b!
Si = 34425850 Si+1 = 19828421 Si+2 = 40149722
Once we figured out b, ALL the consecutive numbers generated would no longer be random anymore (aka cracked)!
If you think you've cracked it, please provide the next random number:
Si+3 =
2. This time, we only leaked N = 87879487 , but I somehow feel that it's still crackable...
Si = 30296335 Si+1 = 60248031 Si+2 = 23522917
If you think you've cracked it, please provide the next random number:
Si+3 =
3. This time we had no luck and leaked none of them. To compensate that, we've gathered more outputs, which might help in cracking it :-)
Anyway, here are the outputs we've gathered:Si = 67405306 Si+1 = 38737998 Si+2 = 21870365 Si+3 = 72754763 Si+4 = 32045724 Si+5 = 48184566 Si+6 = 54253663
If you think you've cracked it, please provide the next random number:
Si+7 =
Hint: Crack N first by using the fact that the probability of k randomly chosen integers being coprime is 1/zeta(k).