Properties of the x2 mod N pseudorandom number generator

In 1986, L. Blum, R.I. Blum, and M. Shub introduced the x² mod N generator of pseudorandom bit strings and showed, given certain plausible but unproved hypotheses, that it has the desirable cryptographic property of unpredictability. They also studied the period length of the sequences produced by this generator and proposed a way to guarantee that these sequences will have maximum possible period. In this correspondence we prove that it is very likely that for many values of N the sequences produced by the x² mod N generator are usually not balanced (that is, having equal frequency of 0´s and 1´s). We further prove that the proposed method for guaranteeing long periods is also very likely to guarantee relatively large imbalances between the frequencies of 0´s and 1´s. However, we also prove that the average imbalance for these sequences is no worse than what would be expected in a truly random bit string of the same length. Thus our results provide further support for the use of the x² mod N generator in cryptographic applications