(1) | H0 = Q, | ||||||
  | H1 = D·H0 + B1² | (mod N), | |||||
  | H2 = D·H1 + B2² | (mod N), | |||||
  | ... | ||||||
  | Hk = D·Hk-1 + Bk² | (mod N), | |||||
  | H = Hk. |
(2) |   DkQ + Dk-1B1² + Dk-2B2² + ... + DBk-1² + Bk²   |   (mod N) |
(3) | H0 = Q, | ||||||
  | H1 = D·H0 + S1 | (mod N), | |||||
  | H2 = D·H1 + S2 | (mod N), | |||||
  | ... | ||||||
  | Hk = D·Hk-1 + Sk | (mod N), | |||||
  | H = Hk. |
    Si = |   Bi² | if Bi < N/2, |
    Si = | N-Bi² | if Bi > N/2. |
1 | L. Blum, M. Blum and M. Shub 1986. A Simple Unpredictable Pseudorandom Number Generator. SIAM Journal on Computing 15(2): 364-383. | ||||||||||||||
2 | F. Rubin 1995. The Quadratic Residue and Double Quadratic Residue Ciphers. Cryptologia 19(3): 275-284. | ||||||||||||||
3 | C. Ruland 1993. Realizing Digital Signatures with One-Way Hash Functions. Cryptologia 17(3): 285-300. | ||||||||||||||
4 | S. J. Shepherd, P. W. Sanders and C. T. Stockel 1993. The Quadratic Residue Cipher and Some Notes on Implementation. Cryptologia 17(3): 264-282. |