need is to define \emph{secure} generators able to withstand malicious
attacks. Roughly speaking, an attacker should not be able in practice to make
the distinction between numbers obtained with the secure generator and a true random
-sequence. \begin{color}{red} Or, in an equivalent formulation, he or she should not be
+sequence. \begin{color}{red} However, in an equivalent formulation, he or she should not be
able (in practice) to predict the next bit of the generator, having the knowledge of all the
binary digits that have been already released. ``Being able in practice'' refers here
to the possibility to achieve this attack in polynomial time, and to the exponential growth
\PCH{
{\bf Main contributions.} In this paper a new PRNG using chaotic iteration
-is defined. From a theoretical point of view, it is proved that it has fine
+is defined. From a theoretical point of view, it is proven that it has fine
topological chaotic properties and that it is cryptographically secured (when
-the based PRNG is also cryptographically secured). From a practical point of
+the initial PRNG is also cryptographically secured). From a practical point of
view, experiments point out a very good statistical behavior. Optimized
original implementation of this PRNG are also proposed and experimented.
-Pseudo-random numbers are generated at a rate of 20GSamples/s which is faster
+Pseudorandom numbers are generated at a rate of 20GSamples/s, which is faster
than in~\cite{conf/fpga/ThomasHL09,Marsaglia2003} (and with a better
-statistical behavior). Experiments are also provided using BBS as the based
+statistical behavior). Experiments are also provided using BBS as the initial
random generator. The generation speed is significantly weaker but, as far
as we know, it is the first cryptographically secured PRNG proposed on GPU.
-Note too that an original qualitative comparison between topological chaotic
+Note also that an original qualitative comparison between topological chaotic
properties and statistical test is also proposed.
}
\end{proposition}
\begin{proof}
-The proposition is proved by contraposition. Assume that $X$ is not
+The proposition is proven by contraposition. Assume that $X$ is not
secure. By Definition, there exists a polynomial time probabilistic
algorithm $D$, a positive polynomial $p$, such that for all $k_0$ there exists
$N\geq \frac{k_0}{2}$ satisfying
where $M$ is the length of the output ($M=100$ in
our example), and $L(N)$ is equal to
$$
-2.8\times 10^{-3} exp \left(1.9229 \times (N ~ln(2)^\frac{1}{3}) \times ln(N~ln 2)^\frac{2}{3}\right)
+2.8\times 10^{-3} exp \left(1.9229 \times (N ~ln~ 2)^\frac{1}{3} \times (ln(N~ln~ 2))^\frac{2}{3}\right)
$$
is the number of clock cycles to factor a $N-$bit
integer.