/* Generate cryptographically-strong pseudorandom numbers using the  */
/* algorithm of Blum, Blum, and Shub.  Take advantage of the result  */
/* by Alexi et al that the log(log(N)) lsb's are secure.             */


/* Inputs:   p,q    large primes ... (p*q) should have >200digits    */
/*           s      seed                                             */
/*           b      bitcount     ... number of bits to output        */

/* Output:   a pseudorandom stream of bits, length>=b, formatted     */
/*           l bits per line, where l = log(log(p*q))                */



/* ASSUME: prior computations have validated that p,q are Blum       */
/*         primes and that s is a quadratic residue modulo (p*q)     */



define g(p,q,s,b) {
	auto n,x,l,m,i,z

	n = p * q
	/* calculate a lower-bound approximation of log2(log2(n)) */
	x = n
	l = 0
	while(x>1) { x = x/2 ; l = l+1 }
	x = l
	l = 0
	while(x>1) { x = x/2 ; l = l+1 }
	m = 2^l
l   /* print out the number of significant bits per line of output */


	/* main loop follows ..... x = (x^2) mod n */
	i = 0
	x = s
	while(i<b) {
		x = (x * x) % n
		i = i+l
x % m   /* print out the  l  lsbs */
	}

}