x_n+1 = f( x_n )

with perhaps some hidden state information, s_n, so

(x_n+1, s_n+1) = f( x_n, s_n )

1. The multiplcative (or linear) congruential generator is defined by

   x_n+1 = a * x_n + b mod M

   For example, lrand48() (available on our Unix systems) is defined by a = 2736731631558, b = 138, and M = 2⁴⁸

2. The power generator is defined by

   x_n+1 = x_n^d mod N

   Special case: if N is the product of two primes, this is called the RSA generator, and the randomness of the bits is related to the security of the RSA public-key cryptosystem, which depends on the difficulty of factoring N.

3. The discrete exponential generator is defined by

   x_n+1 = g ^x_n mod N

   If N is prime and g is a generator (so all integers between 0 and N-1 are obtained as powers of g mod N) then the randomness of this generator depends on the difficulty of the discrete logarithm problem. This generator is related to the Diffie-Hellman key exchange protocol.

4. The kneading map is defined by

   (x_n+1, y_n+1) = (y_n, x_n + f( y_n, z_n) )

   The z values are often constant or a repeating series of values. This is related to the DES cryptosystem.This can be inverted (even if f cannot) by

   (x_n, y_n) = (x_n+1 - f( x_n+1, z_n), x_n+1 )