Abstract: Let p be a prime and Fp the finite field with p elements. We show how, when given an superelliptic curve Y n + f(X) ? Fp[X, Y ] and an approximation to (v0, v1) ? F2 p such that vn 1 = ?f(v0), one can recover (v0, v1) efficiently, if the approximation is good enough. As consequence we provide an upper bound on the number of roots of such bivariate polynomials where the roots have certain restrictions. The results has been motivated by the predictability problem for non-linear pseudorandom number generators and, other potential applications to cryptography.

Authorship

Download reference