xn+1 = f( xn )
with perhaps some hidden state information, sn, so
(xn+1, sn+1) = f( xn, sn )
xn+1 = a * xn + b mod M
For example, lrand48() (available on our Unix systems) is defined by a = 2736731631558, b = 138, and M = 248
xn+1 = xnd mod N
Special case: if N is the product of two primes, this is called the RSA generator, and the randomness of the bits is related to the security of the RSA public-key cryptosystem, which depends on the difficulty of factoring N.
xn+1 = g xn mod N
If N is prime and g is a generator (so all integers between 0 and N-1 are obtained as powers of g mod N) then the randomness of this generator depends on the difficulty of the discrete logarithm problem. This generator is related to the Diffie-Hellman key exchange protocol.
(xn+1, yn+1) = (yn, xn + f( yn, zn) )
The z values are often constant or a repeating series of values. This is related to the DES cryptosystem.This can be inverted (even if f cannot) by
(xn, yn) = (xn+1 - f( xn+1, zn), xn+1 )