SLIDE 1
Security
Security Game Adversary
1
On the Bit Security of Cryptographic Primitives M E T R A S 7 - - PowerPoint PPT Presentation
On the Bit Security of Cryptographic Primitives M E T R A S 7 - - PowerPoint PPT Presentation
On the Bit Security of Cryptographic Primitives M E T R A S 7 . 7 M Daniele Micciancio Michael Walter UCSD IST Austria eprint.iacr.org/2018/077 Security Security Adversary Game 1 Security Security Adversary Game
SLIDE 2
SLIDE 3
Security
Security Game Adversary
1
SLIDE 4
Security
Security Game Adversary A's resources and advantage
1
SLIDE 5
Proofs of Security
Simplicity Precision
2
SLIDE 6
Proofs of Security
Asymptotic Proofs Simplicity Precision
2
SLIDE 7
Proofs of Security
Asymptotic Proofs Concrete Security Simplicity Precision
2
SLIDE 8
Proofs of Security
Asymptotic Proofs Concrete Security Bit Security Simplicity Precision
2
SLIDE 9
Proofs of Security
Asymptotic Proofs Concrete Security Bit Security Simplicity Precision A's resources A's advantage
2
SLIDE 10
Adversarial Advantage
3
SLIDE 11
Adversarial Advantage
1) Search game:
3
SLIDE 12
Adversarial Advantage
1) Search game: 2) Decision game:
3
SLIDE 13
Adversarial Advantage
1) Search game: 2) Decision game:
A's resources A's advantage constant
3
SLIDE 14
Adversarial Advantage
1) Search game: 2) Decision game: A's resources A's advantage not constant
A's resources A's advantage constant
3
SLIDE 15
Adversarial Advantage
1) Search game: 2) Decision game: A's resources A's advantage not constant no bit secure PRG:
A's resources A's advantage constant
3
SLIDE 16
Adversarial Advantage, contd.
4
SLIDE 17
Adversarial Advantage, contd.
[HILL'99]
4
SLIDE 18
Adversarial Advantage, contd.
[HILL'99]
4
SLIDE 19
Adversarial Advantage, contd.
[HILL'99] [GL'89,L'93]
4
SLIDE 20
Adversarial Advantage, contd.
[HILL'99] [GL'89,L'93]
4
SLIDE 21
Adversarial Advantage, contd.
[HILL'99] [GL'89,L'93]
4
SLIDE 22
Adversarial Advantage, contd.
[HILL'99] [GL'89,L'93]
4
SLIDE 23
Adversarial Advantage, contd.
[HILL'99] [GL'89,L'93]
4
SLIDE 24
Adversarial Advantage, contd.
[HILL'99] [GL'89,L'93]
4
SLIDE 25
General Definition
5
SLIDE 26
General Definition
- unify search and decision games
5
SLIDE 27
General Definition
- unify search and decision games
- characterize information gain of A
5
SLIDE 28
General Definition
- unify search and decision games
- characterize information gain of A
- specialize to search and decision games
5
SLIDE 29
General Definition
- unify search and decision games
- characterize information gain of A
- specialize to search and decision games
"right" advantage:
5
SLIDE 30
General Definition
- unify search and decision games
- characterize information gain of A
- specialize to search and decision games
"right" advantage: Search
5
SLIDE 31
General Definition
- unify search and decision games
- characterize information gain of A
- specialize to search and decision games
"right" advantage: Search Decision
5
SLIDE 32
Security Reductions: One-Way vs Pseudorandom
OW PR
6
SLIDE 33
Security Reductions: One-Way vs Pseudorandom
OW PR
6
SLIDE 34
Security Reductions: One-Way vs Pseudorandom
OW PR bit secure OWF implies GL hardcore bit is bit pseudorandom [L'93]
6
SLIDE 35
Security Reductions: One-Way vs Pseudorandom
OW PR bit secure OWF implies GL hardcore bit is bit pseudorandom [L'93]
6
SLIDE 36
Security Reductions: One-Way vs Pseudorandom
OW PR bit secure OWF implies GL hardcore bit is bit pseudorandom [L'93] bit secure PRG is also bit secure OWF
6
SLIDE 37
Security Reductions: Further Results
7
SLIDE 38
Security Reductions: Further Results
- Encryption: IND implies OW
7
SLIDE 39
Security Reductions: Further Results
- Hybrid Argument
- Encryption: IND implies OW
7
SLIDE 40
Security Reductions: Further Results
- Hybrid Argument
- Security for Approximate Samplers
with Less Precision
- Encryption: IND implies OW
7