uniform and independent Xo,XIE[p] fori∈[p] Y=(Xo+i·X1)modp uniformity:Y i,a∈pl PrYi=a =Pr[(Xo+i·X1)modp=a =>Pr[X1=j]Pr [(Xo+ij)modp=a] j∈[p] ∑Pr[Xo=(a-i)(mod p)] j∈[p] 1 pfor i 2 [p] Yi = (X0 + i · X1) mod p uniformity: 8i, a 2 [p] uniform and independent X0, X1 2 [p] Pr[Yi = a] = Pr [(X0 + i · X1) mod p = a] = X j2[p] Pr[X1 = j] · Pr [(X0 + ij) mod p = a] = 1 p X j2[p] Pr [X0 ⌘ (a ￾ ij) (mod p)] = 1 p