generator is cryptographically secure, then it is the case too for the
generator provided by the post-treatment.
Such a proof leads to the proposition of a cryptographically secure and
-chaotic generator on GPU based on the famous Blum Blum Shum
+chaotic generator on GPU based on the famous Blum Blum Shub
in Section~\ref{sec:CSGPU}, and to an improvement of the
Blum-Goldwasser protocol in Sect.~\ref{Blum-Goldwasser}.
This research work ends by a conclusion section, in which the contribution is
algorithm (Algorithm~\ref{algo:gpu_kernel2}). Due to Proposition~\ref{cryptopreuve},
it simply consists in replacing
the {\it xor-like} PRNG by a cryptographically secure one.
-We have chosen the Blum Blum Shum generator~\cite{BBS} (usually denoted by BBS) having the form:
+We have chosen the Blum Blum Shub generator~\cite{BBS} (usually denoted by BBS) having the form:
$$x_{n+1}=x_n^2~ mod~ M$$ where $M$ is the product of two prime numbers (these
prime numbers need to be congruent to 3 modulus 4). BBS is known to be
very slow and only usable for cryptographic applications.
+\begin{color}{red}
+\subsection{Practical Security Evaluation}
+
+Suppose now that the PRNG will work during
+$M=100$ time units, and that during this period,
+an attacker can realize $10^{12}$ clock cycles.
+We thus wonder whether, during the PRNG's
+lifetime, the attacker can distinguish this
+sequence from truly random one, with a probability
+greater than $\varepsilon = 0.2$.
+We consider that $N$ has 900 bits.
+
+The random process is the BBS generator, which
+is cryptographically secure. More precisely, it
+is $(T,\varepsilon)-$secure: no
+$(T,\varepsilon)-$distinguishing attack can be
+successfully realized on this PRNG, if~\cite{Fischlin}
+$$
+T \leqslant \dfrac{L(N)}{6 N (log_2(N))\varepsilon^{-2}M^2}-2^7 N \varepsilon^{-2} M^2 log_2 (8 N \varepsilon^{-1}M)
+$$
+where $M$ is the length of the output ($M=100$ in
+our example), and $L(N)$ is equal to
+$$
+2.8\times 10^{-3} exp \left(1.9229 \times (N ~ln(2)^\frac{1}{3}) \times ln(N~ln 2)^\frac{2}{3}\right)
+$$
+is the number of clock cycles to factor a $N-$bit
+integer.
+
+A direct numerical application shows that this attacker
+cannot achieve its $(10^{12},0.2)$ distinguishing
+attack in that context.
+
+\end{color}
+
\subsection{Toward a Cryptographically Secure and Chaotic Asymmetric Cryptosystem}
\label{Blum-Goldwasser}
We finish this research work by giving some thoughts about the use of
Furthermore, we have shown that when the inputted generator is cryptographically
secure, then it is the case too for the PRNG we propose, thus leading to
the possibility to develop fast and secure PRNGs using the GPU architecture.
-Thoughts about an improvement of the Blum-Goldwasser cryptosystem, using the
-proposed method, has been finally proposed.
+\begin{color}{red} An improvement of the Blum-Goldwasser cryptosystem, making it
+behaves chaotically, has finally been proposed. \end{color}
-In future work we plan to extend these researches, building a parallel PRNG for clusters or
+In future work we plan to extend this research, building a parallel PRNG for clusters or
grid computing. Topological properties of the various proposed generators will be investigated,
and the use of other categories of PRNGs as input will be studied too. The improvement
of Blum-Goldwasser will be deepened. Finally, we
