Adi Shamir proposed this three-op PRNG:

x+=(x*x) | 5;

x is a k-bit integer, so there's an implicit mod 2**k. For example, if k==16, then in C you'd have

unsigned short x;

or if k==64, you'd have to use

unsigned __int64 x;

Anyway, the high-order bit is all you get from each iteration. Assuming x is too big to brute-force, how do you find the current seed? A three-op PRNG has to have some kind of weakness...

## Bookmarks