foundation of cryptography 0368 4162 01 lecture 2
play

Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom - PowerPoint PPT Presentation

Jan 09, 2023 •599 likes •1.38k views

Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel Aviv University Tel Aviv University. February 25, 2014 Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 1 / 26 Part I

  1. Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel Aviv University Tel Aviv University. February 25, 2014 Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 1 / 26

  2. Part I Statistical Vs. Computational distance Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 2 / 26

  3. Section 1 Distributions and Statistical Distance Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 3 / 26

  4. Distributions and Statistical Distance Let P and Q be two distributions over a finite set U . Their statistical distance (also known as, variation distance) is defined as SD ( P , Q ) := 1 � | P ( x ) − Q ( x ) | = max S⊆U ( P ( S ) − Q ( S )) 2 x ∈U We will only consider finite distributions. Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 4 / 26

  5. Distributions and Statistical Distance Let P and Q be two distributions over a finite set U . Their statistical distance (also known as, variation distance) is defined as SD ( P , Q ) := 1 � | P ( x ) − Q ( x ) | = max S⊆U ( P ( S ) − Q ( S )) 2 x ∈U We will only consider finite distributions. Claim 1 For any pair of (finite) distribution P and Q , it holds that SD ( P , Q ) = max D { Pr x ← P [ D ( x ) = 1 ] − Pr x ← Q [ D ( x ) = 1 ] } , where D is any algorithm. Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 4 / 26

  6. Some useful facts Let P , Q , R be finite distributions, then Triangle inequality: SD ( P , R ) ≤ SD ( P , Q ) + SD ( Q , R ) Repeated sampling: SD (( P , P ) , ( Q , Q )) ≤ 2 · SD ( P , Q ) Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 5 / 26

  7. Distribution ensembles and statistical indistinguishability Definition 2 (distribution ensembles) P = { P n } n ∈ N is a distribution ensemble, if P n is a (finite) distribution for any n ∈ N . P is efficiently samplable (or just efficient), if ∃ PPT Samp with Sam ( 1 n ) ≡ P n . Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 6 / 26

  8. Distribution ensembles and statistical indistinguishability Definition 2 (distribution ensembles) P = { P n } n ∈ N is a distribution ensemble, if P n is a (finite) distribution for any n ∈ N . P is efficiently samplable (or just efficient), if ∃ PPT Samp with Sam ( 1 n ) ≡ P n . Definition 3 (statistical indistinguishability) Two distribution ensembles P and Q are statistically indistinguishable, if SD ( P n , Q n ) = neg ( n ) . Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 6 / 26

  9. Distribution ensembles and statistical indistinguishability Definition 2 (distribution ensembles) P = { P n } n ∈ N is a distribution ensemble, if P n is a (finite) distribution for any n ∈ N . P is efficiently samplable (or just efficient), if ∃ PPT Samp with Sam ( 1 n ) ≡ P n . Definition 3 (statistical indistinguishability) Two distribution ensembles P and Q are statistically indistinguishable, if SD ( P n , Q n ) = neg ( n ) . � � � ∆ D Alternatively, if ( P , Q ) ( n ) � = neg ( n ) , for any algorithm D, where � � ∆ D x ← P n [ D ( 1 n , x ) = 1 ] − Pr x ← Q n [ D ( 1 n , x ) = 1 ] ( P , Q ) ( n ) := Pr (1) Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 6 / 26

  10. Section 2 Computational Indistinguishability Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 7 / 26

  11. Computational Indistinguishability Definition 4 (computational indistinguishability) Two distribution ensembles P and Q are computationally � � � ∆ D indistinguishable, if ( P , Q ) ( n ) � = neg ( n ) , for any PPT D. � � Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 8 / 26

  12. Computational Indistinguishability Definition 4 (computational indistinguishability) Two distribution ensembles P and Q are computationally � � � ∆ D indistinguishable, if ( P , Q ) ( n ) � = neg ( n ) , for any PPT D. � � Can it be different from the statistical case? Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 8 / 26

  13. Computational Indistinguishability Definition 4 (computational indistinguishability) Two distribution ensembles P and Q are computationally � � � ∆ D indistinguishable, if ( P , Q ) ( n ) � = neg ( n ) , for any PPT D. � � Can it be different from the statistical case? Non uniform variant Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 8 / 26

  14. Computational Indistinguishability Definition 4 (computational indistinguishability) Two distribution ensembles P and Q are computationally � � � ∆ D indistinguishable, if ( P , Q ) ( n ) � = neg ( n ) , for any PPT D. � � Can it be different from the statistical case? Non uniform variant Sometime behaves differently then expected! Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 8 / 26

  15. Repeated sampling Question 5 Assume that P and Q are computationally indistinguishable, is it always true that P 2 = ( P , P ) and Q 2 = ( Q , Q ) are? Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 9 / 26

  16. Repeated sampling Question 5 Assume that P and Q are computationally indistinguishable, is it always true that P 2 = ( P , P ) and Q 2 = ( Q , Q ) are? � � � ∆ D Let D be an algorithm and let δ ( n ) = ( P 2 , Q 2 ) ( n ) � � � Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 9 / 26

  17. Repeated sampling Question 5 Assume that P and Q are computationally indistinguishable, is it always true that P 2 = ( P , P ) and Q 2 = ( Q , Q ) are? � � � ∆ D Let D be an algorithm and let δ ( n ) = ( P 2 , Q 2 ) ( n ) � � � δ ( n ) = | Pr [ D ( x ) = 1 ] − Pr [ D ( x ) = 1 ] | x ← P 2 x ← Q 2 n n � � � � ≤ � Pr [ D ( x ) = 1 ] − x ← ( P n , Q n ) [ D ( x ) = 1 ] Pr � � x ← P 2 � n � � � � + x ← ( P n , Q n ) [ D ( x ) = 1 ] − Pr Pr [ D ( x ) = 1 ] � � x ← Q 2 � � n Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 9 / 26

  18. Repeated sampling Question 5 Assume that P and Q are computationally indistinguishable, is it always true that P 2 = ( P , P ) and Q 2 = ( Q , Q ) are? � � � ∆ D Let D be an algorithm and let δ ( n ) = ( P 2 , Q 2 ) ( n ) � � � δ ( n ) = | Pr [ D ( x ) = 1 ] − Pr [ D ( x ) = 1 ] | x ← P 2 x ← Q 2 n n � � � � ≤ � Pr [ D ( x ) = 1 ] − x ← ( P n , Q n ) [ D ( x ) = 1 ] Pr � � x ← P 2 � n � � � � + x ← ( P n , Q n ) [ D ( x ) = 1 ] − Pr Pr [ D ( x ) = 1 ] � � x ← Q 2 � � n � � � � � ∆ D � ∆ D = ( P 2 , ( P , Q ) ( n ) � + (( P , Q ) , Q 2 ) ( n ) � � � � � Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 9 / 26

  19. Repeated sampling Question 5 Assume that P and Q are computationally indistinguishable, is it always true that P 2 = ( P , P ) and Q 2 = ( Q , Q ) are? � � � ∆ D Let D be an algorithm and let δ ( n ) = ( P 2 , Q 2 ) ( n ) � � � δ ( n ) = | Pr [ D ( x ) = 1 ] − Pr [ D ( x ) = 1 ] | x ← P 2 x ← Q 2 n n � � � � ≤ � Pr [ D ( x ) = 1 ] − x ← ( P n , Q n ) [ D ( x ) = 1 ] Pr � � x ← P 2 � n � � � � + x ← ( P n , Q n ) [ D ( x ) = 1 ] − Pr Pr [ D ( x ) = 1 ] � � x ← Q 2 � � n � � � � � ∆ D � ∆ D = ( P 2 , ( P , Q ) ( n ) � + (( P , Q ) , Q 2 ) ( n ) � � � � � So either | ∆ D ( P 2 , ( P , Q ) ( n ) | ≥ δ ( n ) / 2, or | ∆ D (( P , Q ) , Q 2 ) ( n ) | ≥ δ ( n ) / 2 Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 9 / 26

  20. � � � ∆ D Assume D is a PPT and that ( P 2 , Q 2 ) ( n ) � ≥ 1 / p ( n ) for some � � p ∈ poly and infinitely many n ’s, and assume wlg. that � � � ∆ D P 2 , ( P , Q ) ( n ) � ≥ 1 / 2 p ( n ) for infinitely many n ’s. � � Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 10 / 26

  21. � � � ∆ D Assume D is a PPT and that ( P 2 , Q 2 ) ( n ) � ≥ 1 / p ( n ) for some � � p ∈ poly and infinitely many n ’s, and assume wlg. that � � � ∆ D P 2 , ( P , Q ) ( n ) � ≥ 1 / 2 p ( n ) for infinitely many n ’s. � � Can we use D to contradict the fact that P and Q are computationally close? Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 10 / 26

  22. � � � ∆ D Assume D is a PPT and that ( P 2 , Q 2 ) ( n ) � ≥ 1 / p ( n ) for some � � p ∈ poly and infinitely many n ’s, and assume wlg. that � � � ∆ D P 2 , ( P , Q ) ( n ) � ≥ 1 / 2 p ( n ) for infinitely many n ’s. � � Can we use D to contradict the fact that P and Q are computationally close? Assuming that P and Q are efficiently samplable Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 10 / 26

  23. � � � ∆ D Assume D is a PPT and that ( P 2 , Q 2 ) ( n ) � ≥ 1 / p ( n ) for some � � p ∈ poly and infinitely many n ’s, and assume wlg. that � � � ∆ D P 2 , ( P , Q ) ( n ) � ≥ 1 / 2 p ( n ) for infinitely many n ’s. � � Can we use D to contradict the fact that P and Q are computationally close? Assuming that P and Q are efficiently samplable Non-uniform settings Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 10 / 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach Haitner, Tel Aviv University November 1, 2011 Administration Course Topics Part I Administration and Course Overview Administration Course Topics

714 views • 24 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel

Message Authentication Code (MAC) Constructions Signature Schemes OWFs = Signatures Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel Aviv University December 27, 2011 Message Authentication

1.25k views • 89 slides
Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function

Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function

The Information Theoretic Case The Computational Case Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function Iftach Haitner, Tel Aviv University November 22, 2011 The Information Theoretic Case The

1.03k views • 85 slides
Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Function Families PRF from OWF PRP from PRF Applications Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel Aviv University November 29, 2011 Function Families PRF from OWF PRP from PRF

1.17k views • 58 slides
Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Definitions Constructions Active Adversaries Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv University January 3 17, 2012 Definitions Constructions Active Adversaries Section 1

1.33k views • 112 slides
Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv

Notation One Way Functions Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv University November 1-8, 2011 Notation One Way Functions Section 1 Notation Notation One Way Functions Notation I

988 views • 67 slides
Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach Haitner, Tel Aviv University Tel Aviv University. February 18, 2014 Iftach Haitner (TAU) Foundation of Cryptography February 18, 2014 1 / 16 Part I

763 views • 34 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University

Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University

Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University Tel Aviv University. March 17, 2013 Iftach Haitner (TAU) Foundation of Cryptography March 17, 2013 1 / 39 Part I Message Authentication Codes

1.41k views • 113 slides
Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner,

Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner,

Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner, Tel Aviv University Tel Aviv University. April 1, 2014 Iftach Haitner (TAU) Foundation of Cryptography April 1, 2014 1 / 33 Part I

1.79k views • 152 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from previous slides by Prof. Gene Tsudik] 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and

478 views • 23 slides
Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy: Secret-Sharing Secrecy Secrecy Cryptography is all about controlling access to information Access to learning and/or influencing

2.01k views • 171 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

256 views • 22 slides
Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

810 views • 42 slides
Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec.

Leakage-Resilient Cryptography from Puncturable Primitives and Obfuscation ASIACRYPT 2018 Dec. 5th 2018 1 / 51 Yu Chen 1 Yuyu Wang 2 Hong-Sheng Zhou 3 1 SKLOIS-IIE-CAS, UCAS 2 Tokyo Institute of Technology, IOHK, AIST 3 Virginia Commonwealth

1.2k views • 104 slides
Structured Prediction Basics Graham Neubig Site https://phontron.com/class/nn4nlp2019/ A

Structured Prediction Basics Graham Neubig Site https://phontron.com/class/nn4nlp2019/ A

CS11-747 Neural Networks for NLP Structured Prediction Basics Graham Neubig Site https://phontron.com/class/nn4nlp2019/ A Prediction Problem very good good I hate this movie neutral bad very bad very good good I love this

426 views • 38 slides
Lecture 2 Diagnostics and Model Evaluation Colin Rundel 10/05/2018 1 Some more linear models

Lecture 2 Diagnostics and Model Evaluation Colin Rundel 10/05/2018 1 Some more linear models

Lecture 2 Diagnostics and Model Evaluation Colin Rundel 10/05/2018 1 Some more linear models Linear model and data ggplot (d, aes (x=x,y=y)) + 2 geom_smooth (method=lm, color=blue, se = FALSE) geom_line () + 7.5 5.0 2.5 y 0.0

1.02k views • 53 slides
Certified Global Optimization using Max-Plus based Templates Joint Work with B. Werner, S.

Certified Global Optimization using Max-Plus based Templates Joint Work with B. Werner, S.

Flyspeck-Like Global Optimization Classical Approach: Taylor + SOS Max-Plus Based Templates Certified Global Optimization with Certified Global Optimization using Max-Plus based Templates Joint Work with B. Werner, S. Gaubert and X. Allamigeon

854 views • 46 slides
Supplemental NDA/BLA Submissions in Oncology Considerations for Summary Review of Supplemental

Supplemental NDA/BLA Submissions in Oncology Considerations for Summary Review of Supplemental

Considerations for Summary Review of Supplemental NDA/BLA Submissions in Oncology Considerations for Summary Review of Supplemental NDA/BLA Submissions in Oncology Rachel Sherman, MD Greenleaf Health LLC Speakers Rachel Sherman, MD,

987 views • 49 slides
Summarizing and mining inverse distributions on data streams via dynamic inverse sampling

Summarizing and mining inverse distributions on data streams via dynamic inverse sampling

Summarizing and mining inverse distributions on data streams via dynamic inverse sampling Presented by Graham Cormode cormode@bell-labs.com S. Muthukrishnan muthu@cs.rutgers.edu Irina Rozenbaum rozenbau@paul.rutgers.edu Outline Defining and

660 views • 22 slides
Communication Lower Bounds for Statistical Estimation Problems via a Distributed Data Processing

Communication Lower Bounds for Statistical Estimation Problems via a Distributed Data Processing

Communication Lower Bounds for Statistical Estimation Problems via a Distributed Data Processing Inequality Mark Braverman Ankit Garg Tengyu Ma Huy Nguyen David Woodruff DIMACS Workshop on Big Data through the Lens of Sublinear Algorithms

730 views • 34 slides
A Self-Biased and FPN-Compensated Digital APS for Hybrid CMOS Imagers F. Serra-Graells, J. M.

A Self-Biased and FPN-Compensated Digital APS for Hybrid CMOS Imagers F. Serra-Graells, J. M.

ISCAS07: A Digital APS for Hybrid CMOS Imagers Intro DPS Blocks Results Conclusions 1/19 A Self-Biased and FPN-Compensated Digital APS for Hybrid CMOS Imagers F. Serra-Graells, J. M. Margarit and L. Ters System Integration Department

427 views • 19 slides

More recommend