Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Modern Cryptography, Lecture 15

Published bySucianty Oesman Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Modern Cryptography, Lecture 15"— Presentation transcript:

1 Introduction to Modern Cryptography, Lecture 15
Some more stuff, more formal then previously. See “Foundations of Cryptography, Basic tools”, by Oded Goldreich

2 Strong One-Way Functions
A function f:{0,1}*  {0,1}* is called strongly one way if the following hold: Easy to compute f in polynomial time Hard to invert: For every probabilistic polynomial time algorithm A’, every positive polynomial p(), and all sufficiently large n’s:

3 Weak One-Way Functions
A function f:{0,1}*  {0,1}* is called weakly one way if the following hold: Easy to compute f in polynomial time Slightly hard to invert: there exists a positive polynomial p(), such that for every probabilistic polynomial time algorithm A’, and all sufficiently large n’s:

4 Weak One-way functions imply strong one-way functions
f is a weak one way function, and p() is the polynomial such that for every probabilistic polynomial time algorithm A’, and all sufficiently large n’s:

5 Weak One-way functions imply strong one-way functions
f is a weak one way function, let p() be the polynomial for which we define t(n)=n p(n) and define g as follows: Inverting g on g(y1,y2,…, yt(n)) involves finding f--1(yj)

6 Weak One-way functions imply strong one-way functions
f is a weak one way function, we want to argue that g is a strong one way function. Alternately, we will show that if g is not a strong one way function, then f is not a weak one way function.

7 Weak One-way functions imply strong one-way functions
if g is not a strong one way function: there exists a probabilistic polynomial time algorithm B’ and a polynomial q() such that for infinitely many m’s:

8 Weak One-way functions imply strong one-way functions
Using B’, we now show that f is not weakly one way, one input y, n=|y|: Repeat a(n)=2n2 q(n2p(n)) times: for i=1 to t(n) do select x1,… , xt(n) from Un replace the i’th x with y feed the conactenated xi’s to B’ check if f-1(y) was computed

9 Hard core predicates f is one-way does not say that we cannot learn some partial information about f-1(y) A polynomial time computable predicate b:{0,1}*  {0,1}* is called a hard core of a function f if for every probabilistic polynomial time algorithm A’, every positive polynomial p(), and all sufficiently large n’s:

10 Hard core predicates for any one way function
Let f be an arbitrary one-way function, and let g be defined by g(x,r) = f(x) || r. Let b(x,r) denote the inner product of the binary vectors x and r, then b is a hard core for the function g. Generalization: hard core functions (indistinguishable)

11 Psuedorandom generators
Let f be a length preserving 1-1 strongly one way function, and let b a hard core predicate for f. Then The seqeunce (b(s), b(f(s)), b(f(f(s)), … is psuedorandom

12 What does this mean? You assume that AES is weakly one way:
You want a provably psuedorandom sequence for stream encryption. You start by producing a strongly one way function which involves polynomially many applications of AES You take the total output and xor it with a random string r, this gives you one bit of your stream You then apply the strong one way function again, and repeat. This is very expensive (obviously), but then, it suffices that AES be only weakly one way for you to be safe.

Download ppt "Introduction to Modern Cryptography, Lecture 15"

Similar presentations

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:

Computational Privacy. Overview Goal: Allow n-private computation of arbitrary funcs. –Impossible in information-theoretic setting Computational setting:
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Foundations of Cryptography Lecture 2: One-way functions are essential for identification. Amplification: from weak to strong one-way function Lecturer:

Foundations of Cryptography Lecture 2: One-way functions are essential for identification. Amplification: from weak to strong one-way function Lecturer:
1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…

1 Complexity ©D.Moshkovitz Cryptography Where Complexity Finally Comes In Handy…
Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
1 Introduction to Computability Theory Lecture4: Non Regular Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture4: Non Regular Languages Prof. Amos Israeli.
Analysis of Security Protocols (V) John C. Mitchell Stanford University.

Analysis of Security Protocols (V) John C. Mitchell Stanford University.
ACT1 Slides by Vera Asodi & Tomer Naveh. Updated by : Avi Ben-Aroya & Alon Brook Adapted from Oded Goldreich’s course lecture notes by Sergey Benditkis,

ACT1 Slides by Vera Asodi & Tomer Naveh. Updated by : Avi Ben-Aroya & Alon Brook Adapted from Oded Goldreich’s course lecture notes by Sergey Benditkis,
Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking.

Introduction to Modern Cryptography, Lecture ?, 2005 Broadcast Encryption, Traitor Tracing, Watermarking.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
1 Introduction to Computability Theory Lecture4: Non Regular Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture4: Non Regular Languages Prof. Amos Israeli.
Lecturer: Moni Naor Weizmann Institute of Science

Lecturer: Moni Naor Weizmann Institute of Science
Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.

Stream Ciphers 1 Stream Ciphers. Stream Ciphers 2 Stream Ciphers  Generalization of one-time pad  Trade provable security for practicality  Stream.
ON THE PROVABLE SECURITY OF HOMOMORPHIC ENCRYPTION Andrej Bogdanov Chinese University of Hong Kong Bertinoro Summer School | July 2014 based on joint work.

ON THE PROVABLE SECURITY OF HOMOMORPHIC ENCRYPTION Andrej Bogdanov Chinese University of Hong Kong Bertinoro Summer School | July 2014 based on joint work.
Foundations of Cryptography Lecture 9 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 9 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 8 Lecturer: Moni Naor.
Foundations of Cryptography Lecture 2 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 2 Lecturer: Moni Naor.
Block and Stream Ciphers1 Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.

Block and Stream Ciphers1 Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.
Computational Complexity Theory Lecture 2: Reductions, NP-completeness, Cook-Levin theorem Indian Institute of Science.

Computational Complexity Theory Lecture 2: Reductions, NP-completeness, Cook-Levin theorem Indian Institute of Science.

Similar presentations

Ads by Google