foundation of cryptography 0368 4162 01 lecture 3
play

Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore - PowerPoint PPT Presentation

May 16, 2023 •167 likes •1.03k views

The Information Theoretic Case The Computational Case Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function Iftach Haitner, Tel Aviv University November 22, 2011 The Information Theoretic Case The

  1. The Information Theoretic Case The Computational Case Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function Iftach Haitner, Tel Aviv University November 22, 2011

  2. The Information Theoretic Case The Computational Case Definition 1 (hardcore predicates) An efficiently computable function b : { 0 , 1 } n �→ { 0 , 1 } is an hardcore predicate of f : { 0 , 1 } n �→ { 0 , 1 } n , if Pr [ P ( f ( U n )) = b ( U n )] ≤ 1 2 + neg ( n ) , for any PPT P .

  3. The Information Theoretic Case The Computational Case Definition 1 (hardcore predicates) An efficiently computable function b : { 0 , 1 } n �→ { 0 , 1 } is an hardcore predicate of f : { 0 , 1 } n �→ { 0 , 1 } n , if Pr [ P ( f ( U n )) = b ( U n )] ≤ 1 2 + neg ( n ) , for any PPT P . Theorem 2 (Goldreich-Levin) Let f : { 0 , 1 } n �→ { 0 , 1 } n be a OWF, and define g : { 0 , 1 } n × { 0 , 1 } n �→ { 0 , 1 } n × { 0 , 1 } n as g ( x , r ) = f ( x ) , r. Then b ( x , r ) = � x , r � 2 , is an hardcore predicate of g. Note that if f is one-to-one, then so is g .

  4. The Information Theoretic Case The Computational Case Section 1 The Information Theoretic Case

  5. The Information Theoretic Case The Computational Case Definition 3 (min-entropy) The min entropy of a random variable X , is defined 1 H ∞ ( X ) := y ∈ Supp ( X ) log min Pr X [ y ] .

  6. The Information Theoretic Case The Computational Case Definition 3 (min-entropy) The min entropy of a random variable X , is defined 1 H ∞ ( X ) := y ∈ Supp ( X ) log min Pr X [ y ] . Examples X is uniform over a set of size 2 k

  7. The Information Theoretic Case The Computational Case Definition 3 (min-entropy) The min entropy of a random variable X , is defined 1 H ∞ ( X ) := y ∈ Supp ( X ) log min Pr X [ y ] . Examples X is uniform over a set of size 2 k ( X | f ( X ) = y ) , where f : { 0 , 1 } n �→ { 0 , 1 } n is 2 k to 1 and X is uniform over { 0 , 1 } n

  8. The Information Theoretic Case The Computational Case Pairwise independent hashing Pairwise independent hashing Definition 4 (pairwise independent hash functions) A function family H from { 0 , 1 } n to { 0 , 1 } m is pairwise independent, if for every x � = x ′ ∈ { 0 , 1 } n and y , y ′ ∈ { 0 , 1 } m , it holds that Pr h ←H [ h ( x ) = y ∧ h ( x ′ ) = y ′ )] = 2 − 2 m .

  9. The Information Theoretic Case The Computational Case Pairwise independent hashing Pairwise independent hashing Definition 4 (pairwise independent hash functions) A function family H from { 0 , 1 } n to { 0 , 1 } m is pairwise independent, if for every x � = x ′ ∈ { 0 , 1 } n and y , y ′ ∈ { 0 , 1 } m , it holds that Pr h ←H [ h ( x ) = y ∧ h ( x ′ ) = y ′ )] = 2 − 2 m . Lemma 5 (leftover hash lemma) Let X be a random variable over { 0 , 1 } n with H ∞ ( X ) ≥ k and let H be a family of pairwise independent hash functions from { 0 , 1 } n to { 0 , 1 } m , then SD (( h , h ( x )) h ←H , x ← X , ( h , y ) h ←H , y ←{ 0 , 1 } m ) ≤ 2 ( m − k − 2 )) / 2 .

  10. The Information Theoretic Case The Computational Case Pairwise independent hashing Pairwise independent hashing Definition 4 (pairwise independent hash functions) A function family H from { 0 , 1 } n to { 0 , 1 } m is pairwise independent, if for every x � = x ′ ∈ { 0 , 1 } n and y , y ′ ∈ { 0 , 1 } m , it holds that Pr h ←H [ h ( x ) = y ∧ h ( x ′ ) = y ′ )] = 2 − 2 m . Lemma 5 (leftover hash lemma) Let X be a random variable over { 0 , 1 } n with H ∞ ( X ) ≥ k and let H be a family of pairwise independent hash functions from { 0 , 1 } n to { 0 , 1 } m , then SD (( h , h ( x )) h ←H , x ← X , ( h , y ) h ←H , y ←{ 0 , 1 } m ) ≤ 2 ( m − k − 2 )) / 2 . * We typically simply write SD (( H , H ( X )) , ( H , U m )) , where H is uniformly distributed over H .

  11. The Information Theoretic Case The Computational Case efficient function families efficient function families Definition 6 (efficient function family) An ensemble of function families F = {F n } n ∈ N is efficient, if the following hold: Samplable. F is samplable in polynomial-time: there exists a PPT that given 1 n , outputs (the description of) a uniform element in F n . Efficient. There exists a polynomial-time algorithm that given x ∈ { 0 , 1 } n and (a description of) f ∈ F n , outputs f ( x ) .

  12. The Information Theoretic Case The Computational Case hardcore predicate for regular functions hardcore predicate for regular OWF Lemma 7 Let f : { 0 , 1 } n �→ { 0 , 1 } n be a d ( n ) ∈ 2 ω ( log n ) regular function and let H = {H n } be an efficient family of Boolean pairwise independent hash functions over { 0 , 1 } n . Define g : { 0 , 1 } n × H n �→ { 0 , 1 } n × H n as g ( x , h ) = ( f ( x ) , h ) , then b ( x , h ) = h ( x ) is an hardcore predicate of g.

  13. The Information Theoretic Case The Computational Case hardcore predicate for regular functions hardcore predicate for regular OWF Lemma 7 Let f : { 0 , 1 } n �→ { 0 , 1 } n be a d ( n ) ∈ 2 ω ( log n ) regular function and let H = {H n } be an efficient family of Boolean pairwise independent hash functions over { 0 , 1 } n . Define g : { 0 , 1 } n × H n �→ { 0 , 1 } n × H n as g ( x , h ) = ( f ( x ) , h ) , then b ( x , h ) = h ( x ) is an hardcore predicate of g. How does it relate to the computational case?

  14. The Information Theoretic Case The Computational Case hardcore predicate for regular functions hardcore predicate for regular OWF Lemma 7 Let f : { 0 , 1 } n �→ { 0 , 1 } n be a d ( n ) ∈ 2 ω ( log n ) regular function and let H = {H n } be an efficient family of Boolean pairwise independent hash functions over { 0 , 1 } n . Define g : { 0 , 1 } n × H n �→ { 0 , 1 } n × H n as g ( x , h ) = ( f ( x ) , h ) , then b ( x , h ) = h ( x ) is an hardcore predicate of g. How does it relate to the computational case? Proof : We prove the claim by showing that Claim 8 SD (( f ( U n ) , H , H ( U n )) , ( f ( U n ) , H , U 1 )) = neg ( n ) , where the rv H = H ( n ) is uniformly distributed over H n .

  15. The Information Theoretic Case The Computational Case hardcore predicate for regular functions hardcore predicate for regular OWF Lemma 7 Let f : { 0 , 1 } n �→ { 0 , 1 } n be a d ( n ) ∈ 2 ω ( log n ) regular function and let H = {H n } be an efficient family of Boolean pairwise independent hash functions over { 0 , 1 } n . Define g : { 0 , 1 } n × H n �→ { 0 , 1 } n × H n as g ( x , h ) = ( f ( x ) , h ) , then b ( x , h ) = h ( x ) is an hardcore predicate of g. How does it relate to the computational case? Proof : We prove the claim by showing that Claim 8 SD (( f ( U n ) , H , H ( U n )) , ( f ( U n ) , H , U 1 )) = neg ( n ) , where the rv H = H ( n ) is uniformly distributed over H n . Does this conclude the proof?

  16. The Information Theoretic Case The Computational Case hardcore predicate for regular functions Proving Claim 8 Proof : For y ∈ f ( { 0 , 1 } n ) := { f ( x ): x ∈ { 0 , 1 } n } , let the rv X y be uniformly distributed over f − 1 ( y ) := { x ∈ { 0 , 1 } n : f ( x ) = y } .

  17. The Information Theoretic Case The Computational Case hardcore predicate for regular functions Proving Claim 8 Proof : For y ∈ f ( { 0 , 1 } n ) := { f ( x ): x ∈ { 0 , 1 } n } , let the rv X y be uniformly distributed over f − 1 ( y ) := { x ∈ { 0 , 1 } n : f ( x ) = y } . SD (( f ( U n ) , H , H ( U n )) , ( f ( U n ) , H , U 1 )) � � = Pr [ f ( U n ) = y ] · SD ( f ( U n ) , H , H ( U n ) | f ( U n ) = y ) y ∈ f ( { 0 , 1 } n ) � , ( f ( U n ) , H , U 1 | f ( U n ) = y )

  18. The Information Theoretic Case The Computational Case hardcore predicate for regular functions Proving Claim 8 Proof : For y ∈ f ( { 0 , 1 } n ) := { f ( x ): x ∈ { 0 , 1 } n } , let the rv X y be uniformly distributed over f − 1 ( y ) := { x ∈ { 0 , 1 } n : f ( x ) = y } . SD (( f ( U n ) , H , H ( U n )) , ( f ( U n ) , H , U 1 )) � � = Pr [ f ( U n ) = y ] · SD ( f ( U n ) , H , H ( U n ) | f ( U n ) = y ) y ∈ f ( { 0 , 1 } n ) � , ( f ( U n ) , H , U 1 | f ( U n ) = y ) � = Pr [ f ( U n ) = y ] · SD (( y , H , H ( X y )) , ( y , H , U 1 )) y ∈ f ( { 0 , 1 } n )

  19. The Information Theoretic Case The Computational Case hardcore predicate for regular functions Proving Claim 8 Proof : For y ∈ f ( { 0 , 1 } n ) := { f ( x ): x ∈ { 0 , 1 } n } , let the rv X y be uniformly distributed over f − 1 ( y ) := { x ∈ { 0 , 1 } n : f ( x ) = y } . SD (( f ( U n ) , H , H ( U n )) , ( f ( U n ) , H , U 1 )) � � = Pr [ f ( U n ) = y ] · SD ( f ( U n ) , H , H ( U n ) | f ( U n ) = y ) y ∈ f ( { 0 , 1 } n ) � , ( f ( U n ) , H , U 1 | f ( U n ) = y ) � = Pr [ f ( U n ) = y ] · SD (( y , H , H ( X y )) , ( y , H , U 1 )) y ∈ f ( { 0 , 1 } n ) ≤ y ∈ f ( { 0 , 1 } n ) SD (( y , H , H ( X y )) , ( y , H , U 1 )) max

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach Haitner, Tel Aviv University November 1, 2011 Administration Course Topics Part I Administration and Course Overview Administration Course Topics

714 views • 24 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel

Message Authentication Code (MAC) Constructions Signature Schemes OWFs = Signatures Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel Aviv University December 27, 2011 Message Authentication

1.25k views • 89 slides
Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel

Function Families PRF from OWF PRP from PRF Applications Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel Aviv University November 29, 2011 Function Families PRF from OWF PRP from PRF

1.17k views • 58 slides
Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Definitions Constructions Active Adversaries Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv University January 3 17, 2012 Definitions Constructions Active Adversaries Section 1

1.33k views • 112 slides
Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv

Notation One Way Functions Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv University November 1-8, 2011 Notation One Way Functions Section 1 Notation Notation One Way Functions Notation I

988 views • 67 slides
Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel Aviv University Tel Aviv University. February 25, 2014 Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 1 / 26 Part I

1.38k views • 76 slides
Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach Haitner, Tel Aviv University Tel Aviv University. February 18, 2014 Iftach Haitner (TAU) Foundation of Cryptography February 18, 2014 1 / 16 Part I

763 views • 34 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University

Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University

Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University Tel Aviv University. March 17, 2013 Iftach Haitner (TAU) Foundation of Cryptography March 17, 2013 1 / 39 Part I Message Authentication Codes

1.41k views • 113 slides
Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner,

Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner,

Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner, Tel Aviv University Tel Aviv University. April 1, 2014 Iftach Haitner (TAU) Foundation of Cryptography April 1, 2014 1 / 33 Part I

1.79k views • 152 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from previous slides by Prof. Gene Tsudik] 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and

478 views • 23 slides
Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy: Secret-Sharing Secrecy Secrecy Cryptography is all about controlling access to information Access to learning and/or influencing

2.01k views • 171 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

256 views • 22 slides
Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

810 views • 42 slides
Computational Learning Theory: Agnostic Learning Machine Learning 1 Slides based on material

Computational Learning Theory: Agnostic Learning Machine Learning 1 Slides based on material

Computational Learning Theory: Agnostic Learning Machine Learning 1 Slides based on material from Dan Roth, Avrim Blum, Tom Mitchell and others This lecture: Computational Learning Theory The Theory of Generalization Probably

653 views • 44 slides
Generalization Bounds and Stability Lorenzo Rosasco Tomaso Poggio 9.520 Class 6 February, 23

Generalization Bounds and Stability Lorenzo Rosasco Tomaso Poggio 9.520 Class 6 February, 23

Generalization Bounds and Stability Lorenzo Rosasco Tomaso Poggio 9.520 Class 6 February, 23 2011 L. Rosasco/ T.Poggio Generalization and Stability About this class Goal To recall the notion of generalization bounds and show how they can be

505 views • 28 slides
Bootstrapping and Learning PDFA in Data Streams Borja Balle , Jorge Castro, Ricard Gavald` a

Bootstrapping and Learning PDFA in Data Streams Borja Balle , Jorge Castro, Ricard Gavald` a

Bootstrapping and Learning PDFA in Data Streams Borja Balle , Jorge Castro, Ricard Gavald` a International Colloquium on Grammatical Inference University of Maryland, September 2012 This work is partially supported by the PASCAL2 Network

427 views • 23 slides
Illustrating Agnostic Learning We want a classifier to distinguish between cats and dogs Image 1

Illustrating Agnostic Learning We want a classifier to distinguish between cats and dogs Image 1

Illustrating Agnostic Learning We want a classifier to distinguish between cats and dogs Image 1 Image 2 Image 3 Image 4 x c ( x ) Cat Dog Ostrich? Sensor Error? Unrealizable (Agnostic) Learning We are given a training set { ( x 1 , c

425 views • 30 slides
CSCE 478/878 Lecture 3: Computational Learning Theory Examines the worst-case minimum and

CSCE 478/878 Lecture 3: Computational Learning Theory Examines the worst-case minimum and

Introduction Combines machine learning with: Algorithm design and analysis Computational complexity CSCE 478/878 Lecture 3: Computational Learning Theory Examines the worst-case minimum and maximum data and time requirements for

222 views • 7 slides
Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which problems have algorithmic solutions Machine Learning Feasibility what assumptions must we make to trust that we can learn an unknown target

246 views • 22 slides
Algorithms at Scale (Week 2) Puzzle of the Day: A bag contains a collection of blue and red

Algorithms at Scale (Week 2) Puzzle of the Day: A bag contains a collection of blue and red

Algorithms at Scale (Week 2) Puzzle of the Day: A bag contains a collection of blue and red balls. Repeat: Take two balls from the bag. If they are the same color, discard them both and add a blue ball. If they are different colors,

2.01k views • 168 slides
Learning sums of ridge functions in high dimension: a nonlinear compressed sensing model Massimo

Learning sums of ridge functions in high dimension: a nonlinear compressed sensing model Massimo

Learning sums of ridge functions in high dimension: a nonlinear compressed sensing model Massimo Fornasier Fakult at f ur Mathematik Technische Universit at M unchen massimo.fornasier@ma.tum.de http://www-m15.ma.tum.de/ Winter

1.8k views • 134 slides

More recommend