Presentation is loading. Please wait.

Presentation is loading. Please wait.

On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升."— Presentation transcript:

1 On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升

2 Abstract Some possible applications of random functions Some possible applications of random functions Storageless distribution of secret IDs Storageless distribution of secret IDs Dynamic hashing Dynamic hashing Message authentication and time-stamping Message authentication and time-stamping An identify friend or foe system An identify friend or foe system

3 Outline Pseudorandom generators Pseudorandom functions 4 applications of random functions Solving Blum Blum & Shub open problem

4 Pseudorandom Generators Informally, a pseudorandom generator is a polynomial time algorithm that, on a random input, outputs a long sequence such that the next bit in the sequence cannot be predicted in polynomial time. Pseudorandom generator secret random input 010111001111010……….. ? next bit

5 Pseudorandom Functions Informally, a function is pseudorandom if any polynomial time algorithm, which asks for the values of the function at various points, cannot distinguish the values of the function from the outcome of independent coin flips. Pseudorandom function f x f(x) Compare f(x) with the outcome of independent coin flips →indistinguishable Polynomial algorithm

6 Poly-Random Collections A poly-random collection F={F k } has the following properties –Indexing each function in F k has a unique k-bit index. –Poly-time evaluation exist a polynomial time algorithm that given an index of a function f in F k an input x, computes f(x). –Pseudo-Randomness No probabilistic algorithm can distinguish the functions in F k from a truly random function. FkFk f …...

7 Applications of random functions 1.Storageless Distribution of Secret IDs 2.Dynamic Hashing 3.Message Authentication and Time- Stamping 4.An Identify Friend or Foe System

8 Storageless Distribution of Secret IDs -the problem The problem in distributing secret id numbers –every user should receive a secret ID from the system, which is easily verifiable by the system, but hard to compute by anyone else.

9 Storageless Distribution of Secret IDs -a possible solution A possible solution could assign each user U a secret r, and store the pair(U,r) in a protected data base. –This solution requires storage proportional to the number of users.

10 Storageless Distribution of Secret IDs -a storageless solution The server pick f in F k at random and assigns each user U, f(U) as her secret number. To verify whether (U,n) is a legal pair, the server computes f(U) and compares it with n. ServerAlice Alice, n Verify n ?= f(Alice)

11 Storageless Distribution of Secret IDs -a storageless solution (conti.) Suppose that Alice has such a secret ID and that all of her relatives (A 1,A 2,…,A q ), who possess their own secret ID’s gang up to discover Alice’s ID. For f picked form a poly-random collection, they could not compute f(Alice) given f(A 1 ), f(A 2 ), …,f(A q ).

12 Dynamic Hashing -the problem The problem of hashing a few long keys into shorter addresses with a very small probability of collisions.

13 Dynamic Hashing -a possible solution Universal Hashing –H is a finite collection of hash functions that map universe U into {0,1,…,m-1} and

14 Dynamic Hashing -a solution using generalized poly-random collection A generalized poly-random collection F={F p1(k),p2(k) } is a similar poly-random collection of functions from I p1(k) into I p2(k). Our solution uses a function f chosen at random from F p1(k),p2(k) as a hash function.

15 Dynamic Hashing -a solution using generalized poly-random collection (conti.) This hashing function is more robust with respect to polynomial time computation than the Universal Hashing. –In their scheme, the adversary picks an arbitrary key distribution and the hashing performance is analyzed with respect to this fixed distribution. –Our scheme allows the adversary dynamically change the key distribution during the hashing process upon seeing the previous hashing function values. (adaptively)

16 Message Authentication and Time-Stamping -the Problem Assume that all the employees of a large bank communicate through a public network. The employees need to authenticate the messages they send to each other.

17 Message Authentication and Time-Stamping -solution Let all employees have access to authentication machines which compute a function f s in a poly-random collection. The tag associated with a message m is f s (m). To avoid playback attack, it is common practice to use time-stamps. employees authentication machine m f s (m) m, f s (m)

18 An Identify Friend or Foe System -the problem The members of a large but exclusive society are well known for their brotherhood spirit. They face the danger of imposters trying to take advantage of their generosity. Upon meeting each other, they must execute a protocol for establishing membership.

19 An Identify Friend or Foe System -the solution Each member receives a computer which calculates f s. When member A meets B, he asks “z?”. Only if B answers f s (z), will member A be convinced that B is a member. z f s (z) A B

20 Solving Blum Blum & Shub Open Problem Problem: Whether direct access to exponentially far away bits in their pseudo- random pad is a “randomness preserving” oepration. Pseudorandom generator random input010111……………..01111011 exponentially far away ? next bit

21 Solving Blum Blum & Shub Open Problem (conti.) Having constructed pseudorandom function f, we have virtually constructed the k2 k -bit long string s f =f(1)f(2)…f(2 k ).

22 Conclusion Pseudorandom generators Pseudorandom generators Pseudorandom functions Pseudorandom functions 4 applications of random functions 4 applications of random functions Solving Blum Blum & Shub open problem Solving Blum Blum & Shub open problem

Download ppt "On The Cryptographic Applications of Random Functions Oded Goldreich Shafi Goldwasser Silvio Micali Advances in Cryptology-CRYPTO ‘ 84 報告人 : 陳昱升."

Similar presentations

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 11 Lecturer: Moni Naor.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
CIS 5371 Cryptography 3b. Pseudorandomness.

CIS 5371 Cryptography 3b. Pseudorandomness.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 5 Lecturer: Moni Naor.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 12 Lecturer: Moni Naor.
Computability and Complexity 20-1 Computability and Complexity Andrei Bulatov Random Sources.

Computability and Complexity 20-1 Computability and Complexity Andrei Bulatov Random Sources.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Foundations of Cryptography Lecture 5: Signatures and pseudo-random generators Lecturer: Moni Naor.

Foundations of Cryptography Lecture 5: Signatures and pseudo-random generators Lecturer: Moni Naor.
ACT1 Slides by Vera Asodi & Tomer Naveh. Updated by : Avi Ben-Aroya & Alon Brook Adapted from Oded Goldreich’s course lecture notes by Sergey Benditkis,

ACT1 Slides by Vera Asodi & Tomer Naveh. Updated by : Avi Ben-Aroya & Alon Brook Adapted from Oded Goldreich’s course lecture notes by Sergey Benditkis,
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Similar presentations

Ads by Google