
PCG generators are easily “crackable” - vigna
Melissa O&#x27;Neill&#x27;s PCG generators are LCGs&#x2F;MCGs with power-of-two moduli over which some scrambling is applied. The author has claimed that while not fully cryptographic PRNGs, predicting the output of a PCG generator is &quot;challenging&quot;.<p>I have already previously published a C program that discovers the internal state of a PCG generator with 64 bits of state and 32 bits of output in a few seconds (exhaustive search would require centuries).<p>I am now providing a C++ program that will discover in a few seconds the internal state of a PCG generator with <i>128</i> bits of state and 64 bits of output, even faster, looking at a few outputs of the generator. You will need Victor Shoup&#x27;s amazing NTL library to compile it.<p>The programs can be found here: http:&#x2F;&#x2F;pcg.di.unimi.it&#x2F;pcg.php#claims<p>Both programs use the same logic: guessing exhaustively a few bits, deriving a lot of other bits, and solving a simple modular equation. However, in the 64-bit case the equation can be solved by trying all possible solutions, whereas in the 128-bit case I use a standard technique based on lattice reduction: as a result, discovering initial state takes usually _less_ time than in the 64-bit case (in fact, the computation time can be brought down to well below a second if you are willing to examine more outputs).<p>This settles once and for all, negatively, the question &quot;have PCG generators any cryptographic strength?&quot;.<p>PS: I&#x27;m purposely putting quotes around &quot;crackable&quot; because you cannot &quot;crack&quot; a non-cryptographic generator in the same way cannot crack a fig. But in view of the claims of the author of PCG generators, it seems appropriate.
======
rurban
Not impressed by the claim. With the secret state it's of course trivial to
derive a sequence. I wouldn't call that "easy". In most cases this called
secure, because the state is a secret.

His own PRNG is of course much weaker, we don't need any state to predict the
next number.

