Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering

Volume 2014 (2014), Article ID 630421, 11 pages

http://dx.doi.org/10.1155/2014/630421
Research Article

A Digital Signature Scheme Based on MST3 Cryptosystems

Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China

Received 5 December 2013; Revised 13 March 2014; Accepted 14 March 2014; Published 20 May 2014

Academic Editor: Wang Xing-yuan

Copyright © 2014 Haibo Hong et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

As special types of factorization of finite groups, logarithmic signature and cover have been used as the main components of cryptographic keys for secret key cryptosystems such as PGM and public key cryptosystems like , , and . Recently, Svaba et. al proposed a revised encryption scheme with greater security. Meanwhile, they put forward an idea of constructing signature schemes on the basis of logarithmic signatures and random covers. In this paper, we firstly design a secure digital signature scheme based on logarithmic signatures and random covers. In order to complete the task, we devise a new encryption scheme based on cryptosystems.

1. Introduction

With the interdisciplinary development of information science, physical science, and biological science, a lot of new technology appeared in the field of cryptography and has made new progress. The new branches of cryptography mainly consist of quantum cryptography, chaotic cryptography, DNA cryptography, and so forth. The security of quantum cryptography is based on the Heisenberg uncertainty principle. Quantum cryptography is the only one that can realize unconditional security at present [14]. Matthews [5] firstly applied chaos theory in cryptography and proposed a chaotic stream cipher scheme based on revised logistic map. From then on, chaotic cryptography has attracted wide attention [6, 7]. Most of the researches in chaotic cryptography focus on secret key cryptography. With the recent constructions due to Wang et al. [814], chaos-based public key cryptographic protocols come to us. DNA cryptography, which utilizes DNA computing, is a new branch of cryptography in recent years [15, 16]. Using the high storage density and high parallelism of DNA molecular, DNA cryptography can realize the encryption, authentication, signature, and so forth [17].

Meanwhile, cryptographers look forward to applying new intractable mathematical problems in classical cryptography. Currently, most public cryptographic primitives are based on the perceived intractability of certain mathematical problems in very large finite abelian groups [18]. Prominent hard problems consist of the problem of factoring large integers, the discrete logarithm problem over a finite field or an elliptic curve, and so forth. However, due to quantum algorithms for factoring integer and solving the discrete logarithm problem, most known public-key cryptosystems will be insecure when quantum computers become practical. Therefore, it is an imminent work to design effective cryptographic schemes which can resist quantum attacks. Actually, since the 1980s, several experts have been trying to design new cryptography schemes based on difficult problems in group theory. In 1985, Wagner and Magyarik [19] proposed an approach to designing public-key cryptosystems based on groups and semigroups with undecidable word problem. In 2000, Ko et al. [20] developed the theory of braid-based cryptography based on the hardness of the conjugator search problem (CSP) in braid groups. In 2004, Eick and Kahrobaei [21] proposed a new cryptosystem based on polycyclic groups. In 2005, Shpilrain and Ushakov [22] suggested that Thompson’s group may be a good platform for constructing public-key cryptosystems. Recently, Kahrobaei et al. [23] proposed a public key exchange on the basis of matrices over group rings. Meanwhile, an active branch of noncommutative cryptography based on the hardness of group factorization problem has achieved great success during the last two decades. In 1986, Magliveras [24] proposed a symmetric cryptosystem based on a special type of factorization of finite groups named logarithmic signatures for finite permutation groups. Then, the algebraic properties of logarithmic signatures and cryptosystem were specifically discussed in [25, 26]. In 2002, Magliveras et al. [27] put forward two public key cryptosystems and . In 2009, Lempken et al. [18] designed a new public key cryptosystem on the basis of random covers and logarithmic signatures for nonabelian finite groups. Meanwhile, there are some interesting papers studying attacks on , , and [2833]. In 2010, Svaba and van Trung [34] constructed an cryptosystem by adding a homomorphism as a component of secret key. However, until now, there is no paper on constructing digital signature schemes on the basis of cryptosystem. Hence, Svaba and van Trung put forward an open problem on constructing digital signature schemes based on random covers and logarithmic signatures.

Our main contribution is to devise a digital signature scheme based on random covers and logarithmic signatures. In this process, we also construct a secure and more efficient encryption scheme based on cryptosystems.

The rest of contents are organized as follows. Necessary preliminaries are given in Section 2. In Section 3, we specifically describe a new encryption scheme and give corresponding security analysis. In Section 4, we propose a digital signature scheme based on random covers and logarithmic signatures; The related comparisons and illustrations are presented in Section 5.

2. Preliminaries

2.1. Cover and Logarithmic Signature

Let be a finite abstract group and let and be two elements in . Then If , denotes the element in the group ring .

Definition 1 (cover and logarithmic signature [18, 27]). Suppose that is a sequence of , such that is bounded by a polynomial in . Let

Let be a subset of . Then is (i)a cover for (or ) if for all ( ),(ii)a logarithmic signature for (or ) if for every ( ).

The sequences are called the blocks; the vector with is the type of and the length of is defined to be .

More generally, if is a logarithmic signature (cover) for , then each element can be expressed uniquely (at least one way) as a product of the form [18] for . is called tame (factorizable) if the factorization above can be achieved in polynomial in the width of .

Definition 2 (cover (logarithmic signature) mappings [35]). Let be a cover (logarithmic signature) of type for with , where . Let and for . Let denote the canonical bijection

Then the surjective (bijection) mapping induced by is where .

2.2. MST3 Cryptosystems and Suzuki 2-Groups

In [18], Lempken et al. utilized logarithmic signatures and random covers to construct a generic encryption scheme. In this scheme, the public key consists of a tame logarithmic signature as well as some random numbers, and the secret key is composed of a random cover and a sandwich transformation of the cover [27]. The intractability assumptions of this scheme are group factorization problem on nonabelian groups.

Furthermore, motivated by attacks in [31], Svaba and van Trung devised an enhanced version of the generic scheme [34] named cryptosystems. In this scheme, they introduced a secret homomorphism to mask the secret logarithmic signature with a transformation of a random cover. Meanwhile, they proposed a new setup with random encryption.

Until now, the only instantiation of cryptosystems is a Suzuki 2-group of order with ( ) [18, 34]. From [34], the Suzuki 2-group of order can be denoted by , where is an automorphism of with an odd order. Moreover, the group can be represented by a matrix group and where is a matrix over . Hence, is of order and the center . Besides, to store the group elements conveniently, can be denoted by , so the product of two elements in group is and the computation of the product just requires a single multiplication and four additions in .

Furthermore, the inverse of an element in group is and it also requires a single multiplication and one addition in . If and , then and can be denoted by and , respectively. Hence, , where and are the corresponding projections of along the first and second coordinates.

3. Building Block: A New MST3 Encryption Scheme

Through comparison and analysis, we find that it is rather difficult to devise signature schemes based on the two encryption schemes [18, 34]. Therefore, in order to complete the task, we design a new encryption scheme based on logarithmic signatures and random covers. In our scheme, the original secret key becomes a component of public key, and the encryption process is also simplified. Meanwhile, compared with original schemes, our scheme has a bit improvement in efficiency.

3.1. Description of the Scheme

Key Generation

Input: a large group , .Output: a public key with corresponding private key .(1) Choose a tame logarithmic signature of type for , where and .(2) Select a random cover of the same type as for a certain subset of such that , where , , and .(3) Choose .(4) Construct a homomorphism defined by .(5) Compute , where .(6) Output public key and private key .

EncryptionInput: a message and the public key .Output: a ciphertext of the message .(1) Choose a random .(2) Compute (3) Output .

DecryptionInput: a ciphertext pair and the private key .Output: the message corresponding to ciphertext .(1) Compute .(2) Compute .(3) Output .

CorrectnessFor and , we have then using we can recover the random number by Consequently, using we can recover message by

3.2. Security Analysis
3.2.1. Attack on Private Key

(a) In general, the adversary tries to obtain and from the equation where , , , and .

The adversary mainly attempts to compute enough values in order to construct using the corresponding conclusion in [27]. If is of type , then one can construct a logarithmic signature equivalent to by using selected values , where . Let be a collection of random numbers chosen by the adversary. Then where , , and . Note that in the equation above, and are known and ; then we have Since , there are possibilities for . If is chosen, from , there are possibilities for . Hence, there are suitable pairs . Besides, for each solution pair , there are equivalent solutions with . Consequently, there are different solutions, so the success probability of the attacker is .

(b) In this attack, an adversary mainly wants to utilize equivalent secret key to replace the real secret key . From [34], we can see that the adversary only needs to let ( ) and ( ) for . So for the first block of , we have Let ; then ; we have We can get that for all . If we denote , then . Consider Let , , and for ; then Since is tame, so the adversary can use forgery secret key to recover the random number . Meanwhile, from conclusions in [31], as there are possible choices for in , the complexity for this attack is . Since the center of Suzuki 2-group has a large order , so the attack is computationally infeasible.

3.2.2. Attack on Ciphertext

OW (onewayness). In the stage of encryption, from the equation , we can get that . Hence, if the adversary wants to recover message , he either directly seeks the random number or recovers from . However, since is large enough and is a one-way map, so the attack is computationally infeasible.

IND (indistinguishability). Although we cannot give a formal proof on the indistinguishability of the scheme, we would like to analyse it in a heuristic manner. Suppose that is the ciphertext of or , where , , or 1, , and are randomly selected by the adversary. Then we can analyse the following two cases: Since and are randomly selected, and they admit the same distribution, thus, and are statistically indistinguishable for the adversary. It can be denoted by . Meanwhile, since and are both one-way maps, so we can get that and . Besides, since , so . Consequently, we can get that .

4. A Digital Signature Scheme Based on the New MST3 Cryptosystem

In this section, we utilize the encryption scheme above to construct a digital signature scheme based on random covers and logarithmic signatures.

4.1. Description of the Scheme

Key GenerationInput: a large group and .Output: a public key with corresponding private key .(1) Choose a tame logarithmic signature of type for , where and .(2) Select a random cover of the same type as for a certain subset of such that , where , , and .(3) Choose .(4) Construct a homomorphisms defined by .(5) Compute , where .(6) Define a hash function .(7) Output public key and private key .

SignatureInput: a message and private key .Output: signature .(1) Randomly select and compute a random element . Let , .(2) Compute and .(3) Output .

VerificationInput: the message , signature , and public key .Output: 0 or 1.(1) Compute and .(2) If , output 1; otherwise output 0.

Correctness. For a given message ,

Meanwhile, and .

Hence, Consequently, we have

4.2. Security Analysis
4.2.1. Attack on Private Key

(a) Compared with the encryption scheme in Section 3, we add a secure hash function in the signature scheme. Hence, analysis of the security of the signature scheme is similar to that in the encryption scheme. In the signature scheme, the goal of the general attack is also to determine and from the equation where , , and . Let be a collection of random numbers chosen by the adversary. Then we have where , , and . Then As described in Section 3, there are different solutions; the success probability of the adversary is .

(b) In our signature scheme, we construct a ciphertext pair then obtain the signature by decrypting the pair . Therefore, analysis of the equivalent key is similar to that in Section 3. In this attack, an adversary mainly wants to utilize equivalent secret key to replace the real secret key . As described in Section 3, for a random number , Let and , ; then Consequently, the complexity for this attack is . While, due to the center of Suzuki 2-group having a large order , so the attack is computationally infeasible.

4.2.2. Unforgeability

Suppose that Eve attempts to forge a message-signature pair such that

Case 1. Eve chooses a random number and then computes and . If Eve can get a message satisfying the above equation, then he can answer the preimage of hash function , but it is infeasible since is a secure cryptographic hash function.

Case 2. Eve randomly selects two elements and and computes . In order to obtain a valid , Eve selects and computes . Getting a right such that is equivalent to solving the equations and . Since and are both one-way functions, so Eve cannot answer right by considering the corresponding ciphertext .

Case 3. Eve randomly chooses one pair and then computes . If , then Eve can forge one valid signature. Note that the probability of this case is for . Since is large enough, this attack is computationally infeasible.

5. Comparisons and Illustrations

5.1. Comparisons

In this subsection, we compare encryption scheme in [34] and our encryption scheme on number of basic operations. Then, we make further efforts to show the performance of our signature scheme. We summarize the number of basic operations (addition (ADD), multiplication (MULT), exponentiation with ( ), etc.).

Table 1 shows the number of operations required for scheme and our scheme. The corresponding operations are namely addition (ADD), multiplication (MULT), exponentiation with ( ), generation of m-bit random R (PRNG) [36], and factorization of with respect to a logarithmic signature using the Algorithms 9, 10, and 11 (FACTOR) [34].

tab1
Table 1: Number of basic operations for one encryption/decryption.

Table 2 presents the number of operations required for public key and secret key. The corresponding operations are, namely, addition (ADD) and multiplication (MULT) generation of -bit random (PRNG) [36].

tab2
Table 2: Number of basic operations for public key generation.

For example, when , , the number of multiplication for secret key is 1792 and the number of generation of -bit random is 760; when , , the number of multiplication for secret key is 2688 and the number of generation of -bit random is 948; when , , the number of multiplication for secret key is 4864 and the number of generation of -bit random is 712.

Table 3 indicates the performance of the signature scheme. Table 4 indicates parameter size in our schemes. Here, we mainly analyse the number of elements in Suzuki 2-group.

tab3
Table 3: Number of basic operations for digital signature scheme.
tab4
Table 4: Parameter size.

Remark 3. In the community of cryptography based on chaos theory, a lot of efforts were focused on secret key cryptography in early years [57]. Recently, Wang et al. [814] made progress on building public key agreement protocols by using chaos theory. The corresponding schemes also have high efficiency and strong security. Being different from quantum cryptography, chaotic cryptography, and DNA cryptography, cryptosystem is a public key cryptosystem of classical cryptography. The hardness of our encryption scheme is based on a type of intractable mathematical problem called group factorization problem. Meanwhile, our encryption scheme and signature scheme are efficient in classical computer.

5.2. A Toy Example

In this subsection, we present a toy example of signing a random element . In fact, our method is universal in the sense that it can be used to sign documents or realize authentication protocols based on images.

Key GenerationInput: a Suzuki 2-group with , and .Output: public key and private key .

In general, let a pair denote an element of group . For simplicity, we use a binary number of an element to present and a binary numbers pair to present .

(i) For simplicity, we use a one-way function as the hash function in our scheme. That is, : is given by Actually, one can also use standard hash functions like SHA1 and so forth.

(ii) A factorizable logarithmic signature of type for .

(1) We first construct canonical logarithmic signature of type in standard form:

(2) Fuse blocks , to construct the product and let . That is, , is the logarithmic signature of type ( )

(i) A random cover of the same type as

(ii) Select :

(iii) Construct a homomorphism : : .

(iv) Compute , , and :

Signature

(i) Choose a message , .

(ii) Sample , ( ) and compute

(iii) Signature :

Verification

(i) Compute

(ii) Compute

Since and , so we can get that .

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgments

This work is partially supported by the National Natural Science Foundation of China (NSFC) (nos. 61103198, 61121061, 61370194) and the NSFC A3 Foresight Program (no. 61161140320).

References

  1. C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossingin,” in Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, pp. 175–179, Bangalore, India, 1984.
  2. C. H. Bennett, “Quantum cryptography using any two nonorthogonal states,” Physical Review Letters, vol. 68, no. 21, pp. 3121–3124, 1992. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  3. C. H. Bennett, G. Brassard, and N. D. Mermin, “Quantum cryptography without Bell's theorem,” Physical Review Letters, vol. 68, no. 5, pp. 557–559, 1992. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  4. N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum cryptography,” Reviews of Modern Physics, vol. 74, no. 1, pp. 146–195, 2002. View at Publisher · View at Google Scholar · View at Scopus
  5. R. Matthews, “On the derivation of a “chaotic” encryption algorithm,” Cryptologia, vol. 13, no. 1, pp. 29–42, 1989. View at Publisher · View at Google Scholar · View at MathSciNet
  6. M. S. Baptista, “Cryptography with chaos,” Physics Letters A, vol. 240, no. 1-2, pp. 50–54, 1998. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  7. G. Alvarez, G. Pastor, F. Montoya, and M. Romera, “Chaotic cryptosystems,” in Proceedings of the IEEE International Carnahan Conference on Security Technology, pp. 332–338, 1999.
  8. X.-Y. Wang and Q. Yu, “Block encryption algorithm based on dynamic sequences of multiple chaotic systems,” Communications in Nonlinear Science and Numerical Simulation, vol. 14, no. 2, pp. 574–581, 2009. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  9. X. Wang and J. Zhao, “An improved key agreement protocol based on chaos,” Communications in Nonlinear Science and Numerical Simulation, vol. 15, no. 12, pp. 4052–4057, 2010. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  10. Y. Niu and X. Wang, “An anonymous key agreement protocol based on chaotic maps,” Communications in Nonlinear Science and Numerical Simulation, vol. 16, no. 4, pp. 1986–1992, 2011. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  11. L. Hongjun, W. Xingyuan, and K. Abdurahman, “Image encryption using DNA complementary rule and chaotic maps,” Applied Soft Computing, vol. 12, no. 5, pp. 1457–1466, 2012. View at Publisher · View at Google Scholar
  12. X. Wang and D. Luan, “A novel image encryption algorithm using chaos and reversible cellular automata,” Communications in Nonlinear Science and Numerical Simulation, vol. 18, no. 11, pp. 3075–3085, 2013. View at Publisher · View at Google Scholar · View at MathSciNet
  13. W. Xingyuan and L. Dapeng, “A secure key agreement protocol based on chaotic maps,” Chinese Physics B, vol. 22, no. 11, Article ID 110503, 2013. View at Google Scholar
  14. Y.-Q. Zhang and X.-Y. Wang, “Spatiotemporal chaos in mixed linear—nonlinear coupled logistic map lattice,” Physica A: Statistical Mechanics and Its Applications, vol. 402, pp. 104–118, 2014. View at Publisher · View at Google Scholar · View at MathSciNet
  15. L. M. Adleman, “Molecular computation of solutions to combinatorial problems,” Science, vol. 266, no. 5187, pp. 1021–1024, 1994. View at Publisher · View at Google Scholar · View at Scopus
  16. D. Boneh, C. Dunworth, R. J. Lipton, and J. Sgall, “On the computational power of DNA,” Discrete Applied Mathematics, vol. 71, no. 1–3, pp. 79–94, 1996. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  17. G. Cui, L. Qin, Y. Wang, and X. Zhang, “An encryption scheme using DNA technology,” in Proceedings of the 3rd International Conference on Bio-Inspired Computing: Theories and Applications (BICTA '08), pp. 37–41, October 2008. View at Publisher · View at Google Scholar · View at Scopus
  18. W. Lempken, T. van Trung, S. S. Magliveras, and W. Wei, “A public key cryptosystem based on non-abelian finite groups,” Journal of Cryptology, vol. 22, no. 1, pp. 62–74, 2009. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  19. N. R. Wagner and M. R. Magyarik, “A public-key cryptosystem based on the word problem,” in Advances in Cryptology, vol. 196 of Lecture Notes in Computer Science, pp. 19–36, Springer, Berlin, Germany, 1985. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  20. K. H. Ko, S. J. Lee, J. H. Cheon, J. W. Han, J. Kang, and C. Park, “New public-key cryptosystem using braid groups,” in Advances in cryptology—CRYPTO 2000, vol. 1880 of Lecture Notes in Computer Science, pp. 166–183, Springer, Berlin, Germany, 2000. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  21. B. Eick and D. Kahrobaei, “Polycyclic groups: a new platform for cryptology?” http://arxiv.org/abs/math/0411077.
  22. V. Shpilrain and A. Ushakov, “Thompsons group and public key cryptography,” in Applied Cryptography and Network Security, vol. 3531 of Lecture Notes in Computer Science, pp. 151–164, 2005. View at Publisher · View at Google Scholar
  23. D. Kahrobaei, C. Koupparis, and V. Shpilrain, “Public key exchange using matrices over group rings,” Groups, Complexity, and Cryptology, vol. 5, no. 1, pp. 97–115, 2013. View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  24. S. S. Magliveras, “A cryptosystem from logarithmic signatures of finite groups,” in Proceedings of the 29th Midwest Symposium on Circuits and Systems, pp. 972–975, Elsevier Publishing, Amsterdam, The Netherlands, 1986.
  25. S. S. Magliveras and N. D. Memon, “Algebraic properties of cryptosystem PGM,” Journal of Cryptology, vol. 5, no. 3, pp. 167–183, 1992. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  26. A. Caranti and F. Dalla Volta, “The round functions of cryptosystem PGM generate the symmetric group,” Designs, Codes and Cryptography, vol. 38, no. 1, pp. 147–155, 2006. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  27. S. S. Magliveras, D. R. Stinson, and T. van Trung, “New approaches to designing public key cryptosystems using one-way functions and trapdoors in finite groups,” Journal of Cryptology, vol. 15, no. 4, pp. 285–297, 2002. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  28. M. I. González Vasco and R. Steinwandt, “Obstacles in two public key cryptosystems based on group factorizations,” Tatra Mountains Mathematical Publications, vol. 25, pp. 23–37, 2002. View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  29. J.-M. Bohli, R. Steinwandt, M. I. González Vasco, and C. Martínez, “Weak keys in MST1,” Designs, Codes and Cryptography, vol. 37, no. 3, pp. 509–524, 2005. View at Publisher · View at Google Scholar · View at MathSciNet
  30. M. I. González Vasco, C. Martínez, and R. Steinwandt, “Towards a uniform description of several group based cryptographic primitives,” Designs, Codes and Cryptography, vol. 33, no. 3, pp. 215–226, 2004. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  31. S. S. Magliveras, P. Svaba, T. van Trung, and P. Zajac, “On the security of a realization of cryptosystem MST3,” Tatra Mountains Mathematical Publications, vol. 41, pp. 65–78, 2008. View at Google Scholar · View at MathSciNet
  32. S. R. Blackburn, C. Cid, and C. Mullan, “Cryptanalysis of the MST3 public key cryptosystem,” Journal of Mathematical Cryptology, vol. 3, no. 4, pp. 321–338, 2009. View at Publisher · View at Google Scholar · View at MathSciNet
  33. M. I. G. Vasco, A. L. P. del Pozo, and P. T. Duarte, “A note on the security of MST3,” Designs, Codes and Cryptography, vol. 55, no. 2-3, pp. 189–200, 2010. View at Publisher · View at Google Scholar · View at MathSciNet
  34. P. Svaba and T. van Trung, “Public key cryptosystem MST3 cryptanalysis and realization,” Journal of Mathematical Cryptology, vol. 4, no. 3, pp. 271–315, 2010. View at Publisher · View at Google Scholar · View at MathSciNet
  35. W. Lempken and T. van Trung, “On minimal logarithmic signatures of finite groups,” Experimental Mathematics, vol. 14, no. 3, pp. 257–269, 2005. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet
  36. P. Marquardt, P. Svaba, and T. van Trung, “Pseudorandom number generators based on random covers for finite groups,” Designs, Codes and Cryptography, vol. 64, no. 1-2, pp. 209–220, 2012. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet