foundation of cryptography 0368 4162 01 lecture 4
play

Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom - PowerPoint PPT Presentation

Dec 03, 2023 •579 likes •1.17k views

Function Families PRF from OWF PRP from PRF Applications Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel Aviv University November 29, 2011 Function Families PRF from OWF PRP from PRF

  1. Function Families PRF from OWF PRP from PRF Applications Foundation of Cryptography (0368-4162-01), Lecture 4 Pseudorandom Functions Iftach Haitner, Tel Aviv University November 29, 2011

  2. Function Families PRF from OWF PRP from PRF Applications Section 1 Function Families

  3. Function Families PRF from OWF PRP from PRF Applications function families function families F = { F n } n ∈ N , where F n = { f : { 0 , 1 } m ( n ) �→ { 0 , 1 } ℓ ( n ) } 1 We write F = { F n : { 0 , 1 } m ( n ) �→ { 0 , 1 } ℓ ( n ) } 2 If m ( n ) = ℓ ( n ) = n , we omit it from the notation 3 We identify function with their description 4 The rv F n is uniformly distributed over F n 5

  4. Function Families PRF from OWF PRP from PRF Applications efficient function families efficient function families Definition 1 (efficient function family) An ensemble of function families F = {F n } n ∈ N is efficient, if the following hold: Samplable. F is samplable in polynomial-time: there exists a PPT that given 1 n , outputs (the description of) a uniform element in F n . Efficient. There exists a polynomial-time algorithm that given x ∈ { 0 , 1 } n and (a description of) f ∈ F n , outputs f ( x ) .

  5. Function Families PRF from OWF PRP from PRF Applications random functions random functions Definition 2 (random functions) For m , ℓ ∈ N , we let Π m ,ℓ consist of all functions from { 0 , 1 } m to { 0 , 1 } ℓ .

  6. Function Families PRF from OWF PRP from PRF Applications random functions random functions Definition 2 (random functions) For m , ℓ ∈ N , we let Π m ,ℓ consist of all functions from { 0 , 1 } m to { 0 , 1 } ℓ . It takes 2 m · ℓ bits to describe an element inside Π m ,ℓ .

  7. Function Families PRF from OWF PRP from PRF Applications random functions random functions Definition 2 (random functions) For m , ℓ ∈ N , we let Π m ,ℓ consist of all functions from { 0 , 1 } m to { 0 , 1 } ℓ . It takes 2 m · ℓ bits to describe an element inside Π m ,ℓ . We sometimes think of π ∈ Π m ,ℓ as a random string of length 2 m · ℓ .

  8. Function Families PRF from OWF PRP from PRF Applications random functions random functions Definition 2 (random functions) For m , ℓ ∈ N , we let Π m ,ℓ consist of all functions from { 0 , 1 } m to { 0 , 1 } ℓ . It takes 2 m · ℓ bits to describe an element inside Π m ,ℓ . We sometimes think of π ∈ Π m ,ℓ as a random string of length 2 m · ℓ . Π n = Π n , n

  9. Function Families PRF from OWF PRP from PRF Applications pseudorandom functions pseudorandom functions Definition 3 (pseudorandom functions) A function family ensemble F = { F n : { 0 , 1 } m ( n ) �→ { 0 , 1 } ℓ ( n ) } is pseudorandom, if � � � � � Pr [ D F n ( 1 n ) = 1 ] − Pr [ D Π m ( n ) ,ℓ ( n ) ( 1 n ) = 1 � = neg ( n ) , for any oracle-aided PPT D.

  10. Function Families PRF from OWF PRP from PRF Applications pseudorandom functions pseudorandom functions Definition 3 (pseudorandom functions) A function family ensemble F = { F n : { 0 , 1 } m ( n ) �→ { 0 , 1 } ℓ ( n ) } is pseudorandom, if � � � � � Pr [ D F n ( 1 n ) = 1 ] − Pr [ D Π m ( n ) ,ℓ ( n ) ( 1 n ) = 1 � = neg ( n ) , for any oracle-aided PPT D. Suffices to consider ℓ ( n ) = n 1

  11. Function Families PRF from OWF PRP from PRF Applications pseudorandom functions pseudorandom functions Definition 3 (pseudorandom functions) A function family ensemble F = { F n : { 0 , 1 } m ( n ) �→ { 0 , 1 } ℓ ( n ) } is pseudorandom, if � � � � � Pr [ D F n ( 1 n ) = 1 ] − Pr [ D Π m ( n ) ,ℓ ( n ) ( 1 n ) = 1 � = neg ( n ) , for any oracle-aided PPT D. Suffices to consider ℓ ( n ) = n 1 Easy to construct (with no assumption) for m ( n ) = log n 2 and ℓ ∈ poly

  12. Function Families PRF from OWF PRP from PRF Applications pseudorandom functions pseudorandom functions Definition 3 (pseudorandom functions) A function family ensemble F = { F n : { 0 , 1 } m ( n ) �→ { 0 , 1 } ℓ ( n ) } is pseudorandom, if � � � � � Pr [ D F n ( 1 n ) = 1 ] − Pr [ D Π m ( n ) ,ℓ ( n ) ( 1 n ) = 1 � = neg ( n ) , for any oracle-aided PPT D. Suffices to consider ℓ ( n ) = n 1 Easy to construct (with no assumption) for m ( n ) = log n 2 and ℓ ∈ poly PRF easily imply a PRG 3

  13. Function Families PRF from OWF PRP from PRF Applications pseudorandom functions pseudorandom functions Definition 3 (pseudorandom functions) A function family ensemble F = { F n : { 0 , 1 } m ( n ) �→ { 0 , 1 } ℓ ( n ) } is pseudorandom, if � � � � � Pr [ D F n ( 1 n ) = 1 ] − Pr [ D Π m ( n ) ,ℓ ( n ) ( 1 n ) = 1 � = neg ( n ) , for any oracle-aided PPT D. Suffices to consider ℓ ( n ) = n 1 Easy to construct (with no assumption) for m ( n ) = log n 2 and ℓ ∈ poly PRF easily imply a PRG 3 Pseudorandom permutations (PRPs) 4

  14. Function Families PRF from OWF PRP from PRF Applications Section 2 PRF from OWF

  15. Function Families PRF from OWF PRP from PRF Applications the construction the construction Construction 4 Let g : { 0 , 1 } n �→ { 0 , 1 } 2 n . Let g 0 ( s ) = g ( s ) 1 ,..., n and g 1 ( s ) = g ( s ) n + 1 ,..., 2 n . For s and x ∈ { 0 , 1 } ∗ , let f s be defined as f s ( x ) = g x n ( . . . ( g x 2 ( g x 1 ( s ))))

  16. Function Families PRF from OWF PRP from PRF Applications the construction the construction Construction 4 Let g : { 0 , 1 } n �→ { 0 , 1 } 2 n . Let g 0 ( s ) = g ( s ) 1 ,..., n and g 1 ( s ) = g ( s ) n + 1 ,..., 2 n . For s and x ∈ { 0 , 1 } ∗ , let f s be defined as f s ( x ) = g x n ( . . . ( g x 2 ( g x 1 ( s )))) Let F n = { f s : s ∈ { 0 , 1 } n } and F = { F n } .

  17. Function Families PRF from OWF PRP from PRF Applications the construction the construction Construction 4 Let g : { 0 , 1 } n �→ { 0 , 1 } 2 n . Let g 0 ( s ) = g ( s ) 1 ,..., n and g 1 ( s ) = g ( s ) n + 1 ,..., 2 n . For s and x ∈ { 0 , 1 } ∗ , let f s be defined as f s ( x ) = g x n ( . . . ( g x 2 ( g x 1 ( s )))) Let F n = { f s : s ∈ { 0 , 1 } n } and F = { F n } . g is efficient function implies that F is an efficient family.

  18. Function Families PRF from OWF PRP from PRF Applications the construction the construction Construction 4 Let g : { 0 , 1 } n �→ { 0 , 1 } 2 n . Let g 0 ( s ) = g ( s ) 1 ,..., n and g 1 ( s ) = g ( s ) n + 1 ,..., 2 n . For s and x ∈ { 0 , 1 } ∗ , let f s be defined as f s ( x ) = g x n ( . . . ( g x 2 ( g x 1 ( s )))) Let F n = { f s : s ∈ { 0 , 1 } n } and F = { F n } . g is efficient function implies that F is an efficient family. Theorem 5 (Goldreich-Goldwasser-Micali) If g is a PRG then F is a PRF .

  19. Function Families PRF from OWF PRP from PRF Applications the construction the construction Construction 4 Let g : { 0 , 1 } n �→ { 0 , 1 } 2 n . Let g 0 ( s ) = g ( s ) 1 ,..., n and g 1 ( s ) = g ( s ) n + 1 ,..., 2 n . For s and x ∈ { 0 , 1 } ∗ , let f s be defined as f s ( x ) = g x n ( . . . ( g x 2 ( g x 1 ( s )))) Let F n = { f s : s ∈ { 0 , 1 } n } and F = { F n } . g is efficient function implies that F is an efficient family. Theorem 5 (Goldreich-Goldwasser-Micali) If g is a PRG then F is a PRF . Corollary 6 OWFs imply PRFs.

  20. Function Families PRF from OWF PRP from PRF Applications Proof Idea Proof Idea Easy to prove for input of length 2.

  21. Function Families PRF from OWF PRP from PRF Applications Proof Idea Proof Idea Easy to prove for input of length 2. Observation: D = ( g ( g 0 ( U n )) , g ( g 1 ( U n ))) is pseudorandom:

  22. Function Families PRF from OWF PRP from PRF Applications Proof Idea Proof Idea Easy to prove for input of length 2. Observation: D = ( g ( g 0 ( U n )) , g ( g 1 ( U n ))) is pseudorandom: Proof: D ′ = ( g ( U ( 0 ) n ) , g ( U 1 n )) ≈ c U 4 n and D ≈ c D ′ .

  23. Function Families PRF from OWF PRP from PRF Applications Proof Idea Proof Idea Easy to prove for input of length 2. Observation: D = ( g ( g 0 ( U n )) , g ( g 1 ( U n ))) is pseudorandom: Proof: D ′ = ( g ( U ( 0 ) n ) , g ( U 1 n )) ≈ c U 4 n and D ≈ c D ′ . Hence we can handle input of length 2 Extend to longer inputs?

  24. Function Families PRF from OWF PRP from PRF Applications Proof Idea Proof Idea Easy to prove for input of length 2. Observation: D = ( g ( g 0 ( U n )) , g ( g 1 ( U n ))) is pseudorandom: Proof: D ′ = ( g ( U ( 0 ) n ) , g ( U 1 n )) ≈ c U 4 n and D ≈ c D ′ . Hence we can handle input of length 2 Extend to longer inputs? We show that an efficient sample from the truth table of f ← F n , is computationally indistinguishable from that of π ← Π n , n .

  25. Function Families PRF from OWF PRP from PRF Applications Actual proof Actual proof Assume ∃ PPT D, p ∈ poly and infinite set I ⊆ N with � � 1 � � � Pr [ D F n ( 1 n ) = 1 ] − Pr [ D Π n ( 1 n ) = 1 ] � ≥ p ( n ) , (1) for any n ∈ I and fix n ∈ N

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Lecture 0 Adminstration + Introduction Iftach Haitner, Tel Aviv University November 1, 2011 Administration Course Topics Part I Administration and Course Overview Administration Course Topics

714 views • 24 slides
Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge

Foundation of Cryptography (0368-4162-01), Lecture 5 Interactive Proofs and Zero Knowledge Iftach Haitner, Tel Aviv University December 4, 2011 IP for GNI Part I Interactive Proofs IP for GNI Interactive Vs. Interactive Proofs Definition 1 (

1.51k views • 110 slides
Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel

Message Authentication Code (MAC) Constructions Signature Schemes OWFs = Signatures Foundation of Cryptography (0368-4162-01), Lecture 7 MACs and Signatures Iftach Haitner, Tel Aviv University December 27, 2011 Message Authentication

1.25k views • 89 slides
Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function

Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function

The Information Theoretic Case The Computational Case Foundation of Cryptography (0368-4162-01), Lecture 3 Hardcore Predicates for Any One-way Function Iftach Haitner, Tel Aviv University November 22, 2011 The Information Theoretic Case The

1.03k views • 85 slides
Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Definitions Constructions Active Adversaries Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv University January 3 17, 2012 Definitions Constructions Active Adversaries Section 1

1.33k views • 112 slides
Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv

Notation One Way Functions Foundation of Cryptography (0368-4162-01), Lecture 1 One Way Functions Iftach Haitner, Tel Aviv University November 1-8, 2011 Notation One Way Functions Section 1 Notation Notation One Way Functions Notation I

988 views • 67 slides
Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel

Foundation of Cryptography (0368-4162-01), Lecture 2 Pseudorandom Generators Iftach Haitner, Tel Aviv University Tel Aviv University. February 25, 2014 Iftach Haitner (TAU) Foundation of Cryptography February 25, 2014 1 / 26 Part I

1.38k views • 76 slides
Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach

Foundation of Cryptography (0368-4162-01), Intoduction Adminstration + Introduction Iftach Haitner, Tel Aviv University Tel Aviv University. February 18, 2014 Iftach Haitner (TAU) Foundation of Cryptography February 18, 2014 1 / 16 Part I

763 views • 34 slides
Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9

Public-Key Cryptography Public-Key Cryptography Lecture 9 Public-Key Cryptography Lecture 9 CCA Security SIM-CCA Security (PKE) Recv Send PK/Enc SK/Dec Replay Filter Secure (and correct) if: s.t. output of is distributed

1.26k views • 101 slides
Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University

Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University

Foundation of Cryptography, Lecture 5 MACs and Signatures Iftach Haitner, Tel Aviv University Tel Aviv University. March 17, 2013 Iftach Haitner (TAU) Foundation of Cryptography March 17, 2013 1 / 39 Part I Message Authentication Codes

1.41k views • 113 slides
Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner,

Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner,

Foundation of Cryptography, Lecture 7 Non-Interactive ZK and Proof of Knowledge Iftach Haitner, Tel Aviv University Tel Aviv University. April 1, 2014 Iftach Haitner (TAU) Foundation of Cryptography April 1, 2014 1 / 33 Part I

1.79k views • 152 slides
Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information:

Quantum Cryptography Lecture 28 Quantum Cryptography Quantum Cryptography Quantum information: Using microscopic physical state of quantum systems (spin of atoms/sub-atomic particles, polarization of photons etc.) to encode information

1.95k views • 154 slides
Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from

Lecture 7 Public Key Cryptography I: Encryption + Signatures [lecture slides are adapted from previous slides by Prof. Gene Tsudik] 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and

478 views • 23 slides
Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy: Secret-Sharing Secrecy Secrecy Cryptography is all about controlling access to information Access to learning and/or influencing

2.01k views • 171 slides
Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 8 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

256 views • 22 slides
Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography

Lecture 7 Public Key Cryptography (Diffie-Hellman and RSA) 1 Public Key Cryptography Asymmetric cryptography Invented in 1974-1978 (Diffie-Hellman and Rivest-Shamir- Adleman) Two keys: private (SK), public (PK) Encryption:

810 views • 42 slides
Some challenges in heavyweight cipher design Daniel J. Bernstein University of Illinois at

Some challenges in heavyweight cipher design Daniel J. Bernstein University of Illinois at

Some challenges in heavyweight cipher design Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Protocol generates new AES-128 key k . Protocol encrypts message block m 1 as AES k (1) m 1 , m 2 as

673 views • 30 slides
Minimum Blockcipher Calls for Block cipher based Designs Mridul Nandi Indian Statistical

Minimum Blockcipher Calls for Block cipher based Designs Mridul Nandi Indian Statistical

Minimum Blockcipher Calls for Block cipher based Designs Mridul Nandi Indian Statistical Institute, Kolkata mridul@isical.ac.in 30th Sept, ASK-2015, NTU, Singapore Symmetric Key Primitives Distinguishing Game Distinguishing a real keyed

588 views • 33 slides
Odds and ends Determinis0c Encryp0on Construc0ons: SIV

Odds and ends Determinis0c Encryp0on Construc0ons: SIV

Online Cryptography Course

135 views • 10 slides
Tagging: An Overview Rule-based Disambiguation Example after-morphology data (using Penn

Tagging: An Overview Rule-based Disambiguation Example after-morphology data (using Penn

Tagging: An Overview Rule-based Disambiguation Example after-morphology data (using Penn tagset): I watch a fly . NN NN DT NN . PRP VB NN VB VBP VBP Rules using word forms, from context & current position

694 views • 9 slides
Adaptive Management Task Force: Implementation Plan and Pilot Criteria October 2018 Presentation

Adaptive Management Task Force: Implementation Plan and Pilot Criteria October 2018 Presentation

Adaptive Management Task Force: Implementation Plan and Pilot Criteria October 2018 Presentation Outline Superfund Adaptive Management Overview Task Force Implementation Plan Superfund AM Pilot Criteria Next Steps 1 SUPERFUND

906 views • 39 slides
A Probability Ranking Principle for Interactive IR Norbert Fuhr October 18, 2008 Outline

A Probability Ranking Principle for Interactive IR Norbert Fuhr October 18, 2008 Outline

A Probability Ranking Principle for Interactive IR Norbert Fuhr October 18, 2008 Outline Motivation Approach The Model Towards application Conclusion and Outlook Motivation The classical PRP Questioning the PRP assumptions Interactive

1.03k views • 34 slides
U s e r s p a c e N V M e D r i v e r i n Q E M U F a m Z h e n g

U s e r s p a c e N V M e D r i v e r i n Q E M U F a m Z h e n g

U s e r s p a c e N V M e D r i v e r i n Q E M U F a m Z h e n g S e n i o r S o f t w a r e E n g i n e e r K V M F o r m 2 0 1 7 , P r a g u e A b o u t N V M e

428 views • 32 slides
Graph-based and Lexical-Syntactic Approaches for the Authorship Attribution Task Notebook for PAN

Graph-based and Lexical-Syntactic Approaches for the Authorship Attribution Task Notebook for PAN

Introduction Proposed approaches Experimental settings and results Universidad Aut onoma de Puebla Conclusion Graph-based and Lexical-Syntactic Approaches for the Authorship Attribution Task Notebook for PAN at CLEF 2012 Esteban Castillo,

504 views • 14 slides

More recommend