[PPT] - rt rt rt PowerPoint Presentation, free download

SLIDE 1

❇❡②♦♥❞ ❇✐rt❤❞❛②✲❇♦✉♥❞ ❙❡❝✉r✐t②

❇❛rt ▼❡♥♥✐♥❦ ❘❛❞❜♦✉❞ ❯♥✐✈❡rs✐t② ✭❚❤❡ ◆❡t❤❡r❧❛♥❞s✮

❙✉♠♠❡r s❝❤♦♦❧ ♦♥ r❡❛❧✲✇♦r❧❞ ❝r②♣t♦ ❛♥❞ ♣r✐✈❛❝② ❏✉♥❡ ✽✱ ✷✵✶✼

✶ ✴ ✸✷

SLIDE 2

❇✐rt❤❞❛② P❛r❛❞♦①

❋♦r ❛ r❛♥❞♦♠ s❡❧❡❝t✐♦♥ ♦❢ 23 ♣❡♦♣❧❡✱ ✇✐t❤ ❛ ♣r♦❜❛❜✐❧✐t② ❛t ❧❡❛st 50% t✇♦ ♦❢ t❤❡♠ s❤❛r❡ t❤❡ s❛♠❡ ❜✐rt❤❞❛②

❡♥❡r❛❧ ❇✐rt❤❞❛② P❛r❛❞♦①

❈♦♥s✐❞❡r s♣❛❝❡ ❘❛♥❞♦♠❧② ❞r❛✇ ❡❧❡♠❡♥ts ❢r♦♠ ❊①♣❡❝t❡❞ ♥✉♠❜❡r ♦❢ ❝♦❧❧✐s✐♦♥s✿ ❝♦❧❧✐s✐♦♥s ■♠♣♦rt❛♥t ♣❤❡♥♦♠❡♥♦♥ ✐♥ ❝r②♣t♦❣r❛♣❤②

✷ ✴ ✸✷

SLIDE 3

❇✐rt❤❞❛② P❛r❛❞♦①

❋♦r ❛ r❛♥❞♦♠ s❡❧❡❝t✐♦♥ ♦❢ 23 ♣❡♦♣❧❡✱ ✇✐t❤ ❛ ♣r♦❜❛❜✐❧✐t② ❛t ❧❡❛st 50% t✇♦ ♦❢ t❤❡♠ s❤❛r❡ t❤❡ s❛♠❡ ❜✐rt❤❞❛②

❡♥❡r❛❧ ❇✐rt❤❞❛② P❛r❛❞♦①
❈♦♥s✐❞❡r s♣❛❝❡ S = {0, 1}n
❘❛♥❞♦♠❧② ❞r❛✇ q ❡❧❡♠❡♥ts ❢r♦♠ S
❊①♣❡❝t❡❞ ♥✉♠❜❡r ♦❢ ❝♦❧❧✐s✐♦♥s✿

Ex [❝♦❧❧✐s✐♦♥s] = q 2

/2n

■♠♣♦rt❛♥t ♣❤❡♥♦♠❡♥♦♥ ✐♥ ❝r②♣t♦❣r❛♣❤②

✷ ✴ ✸✷

SLIDE 4

❇✐rt❤❞❛② P❛r❛❞♦①

❋♦r ❛ r❛♥❞♦♠ s❡❧❡❝t✐♦♥ ♦❢ 23 ♣❡♦♣❧❡✱ ✇✐t❤ ❛ ♣r♦❜❛❜✐❧✐t② ❛t ❧❡❛st 50% t✇♦ ♦❢ t❤❡♠ s❤❛r❡ t❤❡ s❛♠❡ ❜✐rt❤❞❛②

❡♥❡r❛❧ ❇✐rt❤❞❛② P❛r❛❞♦①
❈♦♥s✐❞❡r s♣❛❝❡ S = {0, 1}n
❘❛♥❞♦♠❧② ❞r❛✇ q ❡❧❡♠❡♥ts ❢r♦♠ S
❊①♣❡❝t❡❞ ♥✉♠❜❡r ♦❢ ❝♦❧❧✐s✐♦♥s✿

Ex [❝♦❧❧✐s✐♦♥s] = q 2

/2n
■♠♣♦rt❛♥t ♣❤❡♥♦♠❡♥♦♥ ✐♥ ❝r②♣t♦❣r❛♣❤②

✷ ✴ ✸✷

SLIDE 5

Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

IC

Ek p

blockcipher random permutation

❚✇♦ ♦r❛❝❧❡s✿ Ek ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ p

❉✐st✐♥❣✉✐s❤❡r ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r ♦r tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

✸ ✴ ✸✷

SLIDE 6

Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

IC

Ek p

distinguisher D

blockcipher random permutation

❚✇♦ ♦r❛❝❧❡s✿ Ek ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ p
❉✐st✐♥❣✉✐s❤❡r D ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r Ek ♦r p

tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

✸ ✴ ✸✷

SLIDE 7

Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

IC

Ek p

distinguisher D

blockcipher random permutation

❚✇♦ ♦r❛❝❧❡s✿ Ek ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ p
❉✐st✐♥❣✉✐s❤❡r D ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r Ek ♦r p
D tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

✸ ✴ ✸✷

SLIDE 8

Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

IC

Ek p

distinguisher D

blockcipher random permutation

❚✇♦ ♦r❛❝❧❡s✿ Ek ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ p
❉✐st✐♥❣✉✐s❤❡r D ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r Ek ♦r p
D tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

Advprp

E (D) =

Pr
DEk = 1
− Pr [Dp = 1]
✸ ✴ ✸✷

SLIDE 9

Ps❡✉❞♦r❛♥❞♦♠ ❋✉♥❝t✐♦♥

IC

Fk f

distinguisher D

ne-way function

random function

❚✇♦ ♦r❛❝❧❡s✿ Fk ✭❢♦r s❡❝r❡t r❛♥❞♦♠ ❦❡② k✮ ❛♥❞ f
❉✐st✐♥❣✉✐s❤❡r D ❤❛s q✉❡r② ❛❝❝❡ss t♦ ❡✐t❤❡r Fk ♦r f
D tr✐❡s t♦ ❞❡t❡r♠✐♥❡ ✇❤✐❝❤ ♦r❛❝❧❡ ✐t ❝♦♠♠✉♥✐❝❛t❡s ✇✐t❤

Advprf

F (D) =

Pr
DFk = 1
− Pr
Df = 1
✹ ✴ ✸✷

SLIDE 10

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿ ❈❚❘ ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s✿

✐s ❛ s❡❝✉r❡ P❘P ◆✉♠❜❡r ♦❢ ❡♥❝r②♣t❡❞ ❜❧♦❝❦s

✺ ✴ ✸✷

SLIDE 11

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[E](σ) ≤ Advprp E (σ) +

σ 2

/2n

❈❚❘ ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s✿

✐s ❛ s❡❝✉r❡ P❘P ◆✉♠❜❡r ♦❢ ❡♥❝r②♣t❡❞ ❜❧♦❝❦s

✺ ✴ ✸✷

SLIDE 12

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[E](σ) ≤ Advprp E (σ) +

σ 2

/2n
❈❚❘[E] ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s✿
Ek ✐s ❛ s❡❝✉r❡ P❘P
◆✉♠❜❡r ♦❢ ❡♥❝r②♣t❡❞ ❜❧♦❝❦s σ ≪ 2n/2

✺ ✴ ✸✷

SLIDE 13

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

mi ⊕ ci ✐s ❞✐st✐♥❝t ❢♦r ❛❧❧ σ ❜❧♦❝❦s
❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ str✐♥❣

❉✐st✐♥❣✉✐s❤✐♥❣ ❛tt❛❝❦ ✐♥ ❜❧♦❝❦s✿

✻ ✴ ✸✷

SLIDE 14

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ P❡r♠✉t❛t✐♦♥

n + 1 n + 2 n + ℓ Ek Ek · · · · · · Ek m1 c1 m2 c2 mℓ cℓ

mi ⊕ ci ✐s ❞✐st✐♥❝t ❢♦r ❛❧❧ σ ❜❧♦❝❦s
❯♥❧✐❦❡❧② t♦ ❤❛♣♣❡♥ ❢♦r r❛♥❞♦♠ str✐♥❣
❉✐st✐♥❣✉✐s❤✐♥❣ ❛tt❛❝❦ ✐♥ σ ≈ 2n/2 ❜❧♦❝❦s✿

σ 2

/2n Advcpa

CTR[E](σ)

✻ ✴ ✸✷

SLIDE 15

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ ❋✉♥❝t✐♦♥

n + 1 n + 2 n + ℓ Fk Fk · · · · · · Fk m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿ ❈❚❘ ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s ✐s ❛ s❡❝✉r❡ P❘❋ ❇✐rt❤❞❛② ❜♦✉♥❞ s❡❝✉r✐t② ❧♦ss ❞✐s❛♣♣❡❛r❡❞

✼ ✴ ✸✷

SLIDE 16

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ ❋✉♥❝t✐♦♥

n + 1 n + 2 n + ℓ Fk Fk · · · · · · Fk m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[F](σ) ≤ Advprf F (σ)

❈❚❘ ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s ✐s ❛ s❡❝✉r❡ P❘❋ ❇✐rt❤❞❛② ❜♦✉♥❞ s❡❝✉r✐t② ❧♦ss ❞✐s❛♣♣❡❛r❡❞

✼ ✴ ✸✷

SLIDE 17

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ Ps❡✉❞♦r❛♥❞♦♠ ❋✉♥❝t✐♦♥

n + 1 n + 2 n + ℓ Fk Fk · · · · · · Fk m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[F](σ) ≤ Advprf F (σ)

❈❚❘[F] ✐s s❡❝✉r❡ ❛s ❧♦♥❣ ❛s Fk ✐s ❛ s❡❝✉r❡ P❘❋
❇✐rt❤❞❛② ❜♦✉♥❞ s❡❝✉r✐t② ❧♦ss ❞✐s❛♣♣❡❛r❡❞

✼ ✴ ✸✷

SLIDE 18

❇❡②♦♥❞ ❇✐rt❤❞❛②✲❇♦✉♥❞ ❙❡❝✉r✐t②

✐♥s❡❝✉r❡ ❜✐rt❤❞❛② ♦♣t✐♠❛❧ n/2 n ← − − − ← − − − ← − − −                                               ❜❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞

✽ ✴ ✸✷

SLIDE 19

❉✐s❝❧❛✐♠❡r ❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞

⇐

=

=

⇒ ❇❡tt❡r s❡❝✉r✐t②

❧❛r❣❡ ❡♥♦✉❣❤✿ ❜✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t② ✐s ♦❦❛②

P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ ❝♦♥str✉❝t✐♦♥s

t♦♦ s♠❛❧❧✿ ❜✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t② ❝♦✉❧❞ ❜❡ ❜♦❣✉s

▲✐❣❤t✇❡✐❣❤t ❜❧♦❝❦❝✐♣❤❡rs ❛t r✐s❦

❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞✿ r❡❧❡✈❛♥t ✐❢ ✐s ♦♥ t❤❡ ❡❞❣❡

✾ ✴ ✸✷

SLIDE 20

❉✐s❝❧❛✐♠❡r ❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞

⇐

=

=

⇒ ❇❡tt❡r s❡❝✉r✐t②

n ❧❛r❣❡ ❡♥♦✉❣❤✿ ❜✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t② ✐s ♦❦❛②

− → P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ ❝♦♥str✉❝t✐♦♥s

n t♦♦ s♠❛❧❧✿ ❜✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t② ❝♦✉❧❞ ❜❡ ❜♦❣✉s

− → ▲✐❣❤t✇❡✐❣❤t ❜❧♦❝❦❝✐♣❤❡rs ❛t r✐s❦

❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞✿ r❡❧❡✈❛♥t ✐❢ ✐s ♦♥ t❤❡ ❡❞❣❡

✾ ✴ ✸✷

SLIDE 21

❉✐s❝❧❛✐♠❡r ❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞

⇐

=

=

⇒ ❇❡tt❡r s❡❝✉r✐t②

n ❧❛r❣❡ ❡♥♦✉❣❤✿ ❜✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t② ✐s ♦❦❛②

− → P❡r♠✉t❛t✐♦♥✲❜❛s❡❞ ❝♦♥str✉❝t✐♦♥s

n t♦♦ s♠❛❧❧✿ ❜✐rt❤❞❛②✲❜♦✉♥❞ s❡❝✉r✐t② ❝♦✉❧❞ ❜❡ ❜♦❣✉s

− → ▲✐❣❤t✇❡✐❣❤t ❜❧♦❝❦❝✐♣❤❡rs ❛t r✐s❦

❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞✿ r❡❧❡✈❛♥t ✐❢ n/2 ✐s ♦♥ t❤❡ ❡❞❣❡

✾ ✴ ✸✷

SLIDE 22

❙✇❡❡t✸✷ ❆tt❛❝❦

❖♥ t❤❡ Pr❛❝t✐❝❛❧ ✭■♥✲✮❙❡❝✉r✐t② ♦❢ ✻✹✲❜✐t ❇❧♦❝❦ ❈✐♣❤❡rs✿ ❈♦❧❧✐s✐♦♥ ❆tt❛❝❦s ♦♥ ❍❚❚P ♦✈❡r ❚▲❙ ❛♥❞ ❖♣❡♥❱P◆

❇❤❛r❣❛✈❛♥✱ ▲❡✉r❡♥t✱ ❆❈▼ ❈❈❙ ✷✵✶✻

❚▲❙ s✉♣♣♦rt❡❞ ❚r✐♣❧❡✲❉❊❙
❖♣❡♥❱P◆ ✉s❡❞ ❇❧♦✇✜s❤
❇♦t❤ ❇❧♦✇✜s❤ ❛♥❞ ❚r✐♣❧❡✲❉❊❙ ❤❛✈❡ ✻✹✲❜✐t st❛t❡
Pr❛❝t✐❝❛❧ ❜✐rt❤❞❛②✲❜♦✉♥❞ ❛tt❛❝❦ ♦♥ ❡♥❝r②♣t✐♦♥ ♠♦❞❡

✶✵ ✴ ✸✷

SLIDE 23

❖✉t❧✐♥❡ P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥ ❈♦♥❝❧✉s✐♦♥

✶✶ ✴ ✸✷

SLIDE 24

❖✉t❧✐♥❡ P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥ ❈♦♥❝❧✉s✐♦♥

✶✷ ✴ ✸✷

SLIDE 25

P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥

▲✉❜②✲❘❛❝❦♦✛ ✴ ❋❡✐st❡❧

P❘P P❘❋

◆♦✇

✶✸ ✴ ✸✷

SLIDE 26

P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥

▲✉❜②✲❘❛❝❦♦✛ ✴ ❋❡✐st❡❧

P❘P P❘❋

◆♦✇

✶✸ ✴ ✸✷

SLIDE 27

P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥

▲✉❜②✲❘❛❝❦♦✛ ✴ ❋❡✐st❡❧

P❘P P❘❋

◆♦✇

✶✸ ✴ ✸✷

SLIDE 28

◆❛✐✈❡ P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥

IC

Fk = Ek f

distinguisher D

blockcipher random function

P❘P✲P❘❋ ❙✇✐t❝❤

❙✐♠♣❧② ✈✐❡✇ Ek ❛s ❛ P❘❋

❞♦❡s ♥♦t ❡①♣♦s❡ ❝♦❧❧✐s✐♦♥s ❜✉t ❞♦❡s ❝❛♥ ❜❡ ❞✐st✐♥❣✉✐s❤❡❞ ❢r♦♠ ✐♥ q✉❡r✐❡s

✶✹ ✴ ✸✷

SLIDE 29

◆❛✐✈❡ P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥

IC

Fk = Ek f

distinguisher D

blockcipher random function

P❘P✲P❘❋ ❙✇✐t❝❤

❙✐♠♣❧② ✈✐❡✇ Ek ❛s ❛ P❘❋
Ek ❞♦❡s ♥♦t ❡①♣♦s❡ ❝♦❧❧✐s✐♦♥s ❜✉t f ❞♦❡s
Ek ❝❛♥ ❜❡ ❞✐st✐♥❣✉✐s❤❡❞ ❢r♦♠ f ✐♥ ≈ 2n/2 q✉❡r✐❡s

q 2

/2n Advprf

E (q) ≤ Advprp E (q) +

q 2

/2n

✶✹ ✴ ✸✷

SLIDE 30

❳♦r ♦❢ P❡r♠✉t❛t✐♦♥s

x p2 p1 y

❋✐rst s✉❣❣❡st❡❞ ❜② ❇❡❧❧❛r❡ ❡t ❛❧✳ ❬❇❑❘✾✽❪

▲✉❝❦s ❬▲✉❝✵✵❪✿ ❇❡❧❧❛r❡ ❛♥❞ ■♠♣❛❣❧✐❛③③♦ ❬❇■✾✾❪✿ P❛t❛r✐♥ ❬P❛t✵✽❪✿

✶✺ ✴ ✸✷

SLIDE 31

❳♦r ♦❢ P❡r♠✉t❛t✐♦♥s

x

1· 0·

p p y

❋✐rst s✉❣❣❡st❡❞ ❜② ❇❡❧❧❛r❡ ❡t ❛❧✳ ❬❇❑❘✾✽❪

▲✉❝❦s ❬▲✉❝✵✵❪✿ ❇❡❧❧❛r❡ ❛♥❞ ■♠♣❛❣❧✐❛③③♦ ❬❇■✾✾❪✿ P❛t❛r✐♥ ❬P❛t✵✽❪✿

✶✺ ✴ ✸✷

SLIDE 32

❳♦r ♦❢ P❡r♠✉t❛t✐♦♥s

x

1· 0·

p p y

❋✐rst s✉❣❣❡st❡❞ ❜② ❇❡❧❧❛r❡ ❡t ❛❧✳ ❬❇❑❘✾✽❪
▲✉❝❦s ❬▲✉❝✵✵❪✿ 22n/3
❇❡❧❧❛r❡ ❛♥❞ ■♠♣❛❣❧✐❛③③♦ ❬❇■✾✾❪✿ 2n/n2/3
P❛t❛r✐♥ ❬P❛t✵✽❪✿ 2n

✶✺ ✴ ✸✷

SLIDE 33

❳♦r ♦❢ P❡r♠✉t❛t✐♦♥s

x

1· 0·

p p y

❋✐rst s✉❣❣❡st❡❞ ❜② ❇❡❧❧❛r❡ ❡t ❛❧✳ ❬❇❑❘✾✽❪
▲✉❝❦s ❬▲✉❝✵✵❪✿ 22n/3
❇❡❧❧❛r❡ ❛♥❞ ■♠♣❛❣❧✐❛③③♦ ❬❇■✾✾❪✿ 2n/n2/3
P❛t❛r✐♥ ❬P❛t✵✽❪✿ 2n

Advprf

XoP(q) ≤ Advprp E (2q) + q/2n

✶✺ ✴ ✸✷

SLIDE 34

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ ❳♦P

· · · · · · Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+2 1n+2 0n+ℓ 1n+ℓ

m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[XoP](σ) ≤ Advprf XoP(σ)

❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞ ❜✉t ✷① ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘

✶✻ ✴ ✸✷

SLIDE 35

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ ❳♦P

· · · · · · Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+2 1n+2 0n+ℓ 1n+ℓ

m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[XoP](σ) ≤ Advprf XoP(σ)

≤ Advprp

E (2σ) + σ/2n

❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞ ❜✉t ✷① ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘

✶✻ ✴ ✸✷

SLIDE 36

❈♦✉♥t❡r ▼♦❞❡ ❇❛s❡❞ ♦♥ ❳♦P

· · · · · · Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+2 1n+2 0n+ℓ 1n+ℓ

m1 c1 m2 c2 mℓ cℓ

❙❡❝✉r✐t② ❜♦✉♥❞✿

Advcpa

CTR[XoP](σ) ≤ Advprf XoP(σ)

≤ Advprp

E (2σ) + σ/2n

❇❡②♦♥❞ ❜✐rt❤❞❛②✲❜♦✉♥❞ ❜✉t ✷① ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘[E]

✶✻ ✴ ✸✷

SLIDE 37

❈❊◆❈ ❜② ■✇❛t❛ ❬■✇❛✵✻❪

· · · · · · · · · Ek Ek Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+1 1n+2 0n+1 1n+w 0n+2 1n+w+1

m1 c1 m2 c2 mw cw mw+1 cw+1

❖♥❡ s✉❜❦❡② ✉s❡❞ ❢♦r w ≥ 1 ❡♥❝r②♣t✐♦♥s

❆❧♠♦st ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘ ✷✵✵✻✿ s❡❝✉r✐t②✱ ❝♦♥❥❡❝t✉r❡❞ ❬■✇❛✵✻❪ ✷✵✶✻✿ s❡❝✉r✐t② ❬■▼❱✶✻❪

❲❡❧❧✱ ✇❡ ❞✐❞ ♥♦t r❡❛❧❧② ♣r♦✈❡ ✐t ♦✉rs❡❧✈❡s ■♠♠❡❞✐❛t❡ ❝♦♥s❡q✉❡♥❝❡ ♦❢ ♠✐rr♦r t❤❡♦r② ❢r♦♠ ✷✵✵✺

✶✼ ✴ ✸✷

SLIDE 38

❈❊◆❈ ❜② ■✇❛t❛ ❬■✇❛✵✻❪

· · · · · · · · · Ek Ek Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+1 1n+2 0n+1 1n+w 0n+2 1n+w+1

m1 c1 m2 c2 mw cw mw+1 cw+1

❖♥❡ s✉❜❦❡② ✉s❡❞ ❢♦r w ≥ 1 ❡♥❝r②♣t✐♦♥s
❆❧♠♦st ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘[E]

✷✵✵✻✿ s❡❝✉r✐t②✱ ❝♦♥❥❡❝t✉r❡❞ ❬■✇❛✵✻❪ ✷✵✶✻✿ s❡❝✉r✐t② ❬■▼❱✶✻❪

❲❡❧❧✱ ✇❡ ❞✐❞ ♥♦t r❡❛❧❧② ♣r♦✈❡ ✐t ♦✉rs❡❧✈❡s ■♠♠❡❞✐❛t❡ ❝♦♥s❡q✉❡♥❝❡ ♦❢ ♠✐rr♦r t❤❡♦r② ❢r♦♠ ✷✵✵✺

✶✼ ✴ ✸✷

SLIDE 39

❈❊◆❈ ❜② ■✇❛t❛ ❬■✇❛✵✻❪

· · · · · · · · · Ek Ek Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+1 1n+2 0n+1 1n+w 0n+2 1n+w+1

m1 c1 m2 c2 mw cw mw+1 cw+1

❖♥❡ s✉❜❦❡② ✉s❡❞ ❢♦r w ≥ 1 ❡♥❝r②♣t✐♦♥s
❆❧♠♦st ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘[E]
✷✵✵✻✿ 22n/3 s❡❝✉r✐t②✱ 2n/w ❝♦♥❥❡❝t✉r❡❞ ❬■✇❛✵✻❪

✷✵✶✻✿ s❡❝✉r✐t② ❬■▼❱✶✻❪

❲❡❧❧✱ ✇❡ ❞✐❞ ♥♦t r❡❛❧❧② ♣r♦✈❡ ✐t ♦✉rs❡❧✈❡s ■♠♠❡❞✐❛t❡ ❝♦♥s❡q✉❡♥❝❡ ♦❢ ♠✐rr♦r t❤❡♦r② ❢r♦♠ ✷✵✵✺

✶✼ ✴ ✸✷

SLIDE 40

❈❊◆❈ ❜② ■✇❛t❛ ❬■✇❛✵✻❪

· · · · · · · · · Ek Ek Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+1 1n+2 0n+1 1n+w 0n+2 1n+w+1

m1 c1 m2 c2 mw cw mw+1 cw+1

❖♥❡ s✉❜❦❡② ✉s❡❞ ❢♦r w ≥ 1 ❡♥❝r②♣t✐♦♥s
❆❧♠♦st ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘[E]
✷✵✵✻✿ 22n/3 s❡❝✉r✐t②✱ 2n/w ❝♦♥❥❡❝t✉r❡❞ ❬■✇❛✵✻❪
✷✵✶✻✿ 2n/w s❡❝✉r✐t② ❬■▼❱✶✻❪

❲❡❧❧✱ ✇❡ ❞✐❞ ♥♦t r❡❛❧❧② ♣r♦✈❡ ✐t ♦✉rs❡❧✈❡s ■♠♠❡❞✐❛t❡ ❝♦♥s❡q✉❡♥❝❡ ♦❢ ♠✐rr♦r t❤❡♦r② ❢r♦♠ ✷✵✵✺

✶✼ ✴ ✸✷

SLIDE 41

❈❊◆❈ ❜② ■✇❛t❛ ❬■✇❛✵✻❪

· · · · · · · · · Ek Ek Ek Ek Ek Ek Ek Ek

0n+1 1n+1 0n+1 1n+2 0n+1 1n+w 0n+2 1n+w+1

m1 c1 m2 c2 mw cw mw+1 cw+1

❖♥❡ s✉❜❦❡② ✉s❡❞ ❢♦r w ≥ 1 ❡♥❝r②♣t✐♦♥s
❆❧♠♦st ❛s ❡①♣❡♥s✐✈❡ ❛s ❈❚❘[E]
✷✵✵✻✿ 22n/3 s❡❝✉r✐t②✱ 2n/w ❝♦♥❥❡❝t✉r❡❞ ❬■✇❛✵✻❪
✷✵✶✻✿ 2n/w s❡❝✉r✐t② ❬■▼❱✶✻❪
❲❡❧❧✱ ✇❡ ❞✐❞ ♥♦t r❡❛❧❧② ♣r♦✈❡ ✐t ♦✉rs❡❧✈❡s
■♠♠❡❞✐❛t❡ ❝♦♥s❡q✉❡♥❝❡ ♦❢ ♠✐rr♦r t❤❡♦r② ❢r♦♠ ✷✵✵✺

✶✼ ✴ ✸✷

SLIDE 42

▼✐rr♦r ❚❤❡♦r②

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

❈♦♥s✐❞❡r r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
❈♦♥s✐❞❡r ❛ s②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s ♦❢ t❤❡ ❢♦r♠✿

Pa1 ⊕ Pb1 = λ1 Pa2 ⊕ Pb2 = λ2 ✳ ✳ ✳ Paq ⊕ Pbq = λq ❢♦r s♦♠❡ s✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}

♦❛❧

▲♦✇❡r ❜♦✉♥❞ ♦♥ t❤❡ ♥✉♠❜❡r ♦❢ s♦❧✉t✐♦♥s t♦ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❞✐st✐♥❝t

✶✽ ✴ ✸✷

SLIDE 43

▼✐rr♦r ❚❤❡♦r②

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

❈♦♥s✐❞❡r r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
❈♦♥s✐❞❡r ❛ s②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s ♦❢ t❤❡ ❢♦r♠✿

Pa1 ⊕ Pb1 = λ1 Pa2 ⊕ Pb2 = λ2 ✳ ✳ ✳ Paq ⊕ Pbq = λq ❢♦r s♦♠❡ s✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}

♦❛❧
▲♦✇❡r ❜♦✉♥❞ ♦♥ t❤❡ ♥✉♠❜❡r ♦❢ s♦❧✉t✐♦♥s t♦ P

s✉❝❤ t❤❛t Pa = Pb ❢♦r ❛❧❧ ❞✐st✐♥❝t a, b ∈ {1, . . . , r}

✶✽ ✴ ✸✷

SLIDE 44

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞

❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ s✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ♦♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❝♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✶✾ ✴ ✸✷

SLIDE 45

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ s✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ♦♣t✐♠❛❧ ✐♥ P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❝♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦P ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✶✾ ✴ ✸✷

SLIDE 46

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ s✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ♦♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❝♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦Pd ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✶✾ ✴ ✸✷

SLIDE 47

▼✐rr♦r ❚❤❡♦r②

P❛t❛r✐♥✬s ❘❡s✉❧t

❊①tr❡♠❡❧② ♣♦✇❡r❢✉❧ ❧♦✇❡r ❜♦✉♥❞
❍❛s r❡♠❛✐♥❡❞ r❛t❤❡r ✉♥❦♥♦✇♥ s✐♥❝❡ ✐♥tr♦❞✉❝t✐♦♥ ✭✷✵✵✸✮

❆✉t❤♦rs P✉❜❧✐❝❛t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥ ▼✐rr♦r ❇♦✉♥❞ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✸ ❋❡✐st❡❧ s✉❜♦♣t✐♠❛❧ P❛t❛r✐♥ ❈❘❨P❚❖ ✷✵✵✹ ❋❡✐st❡❧ P❛t❛r✐♥ ■❈■❙❈ ✷✵✵✺ ❋❡✐st❡❧ ♦♣t✐♠❛❧ ✐♥ O(·) P❛t❛r✐♥✱ ▼♦♥tr❡✉✐❧ ■❈■❙❈ ✷✵✵✺ ❇❡♥❡s P❛t❛r✐♥ ■❈■❚❙ ✷✵✵✽ ❳♦P P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✽✼ ❳♦P ❝♦♥❝r❡t❡ ❜♦✉♥❞ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✵✴✷✾✸ ❋❡✐st❡❧ P❛t❛r✐♥ ❡Pr✐♥t ✷✵✶✸✴✸✻✽ ❳♦P ❈♦❣❧✐❛t✐✱ ▲❛♠♣❡✱ P❛t❛r✐♥ ❋❙❊ ✷✵✶✹ ❳♦Pd ❱♦❧t❡✱ ◆❛❝❤❡❢✱ ▼❛rr✐èr❡ ❡Pr✐♥t ✷✵✶✻✴✶✸✻ ❋❡✐st❡❧ ■✇❛t❛✱ ▼❡♥♥✐♥❦✱ ❱✐③ár ❡Pr✐♥t ✷✵✶✻✴✶✵✽✼ ❈❊◆❈

✶✾ ✴ ✸✷

SLIDE 48

▼✐rr♦r ❚❤❡♦r②

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s Pai ⊕ Pbi = λi
❙✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}
r❛♣❤ ❇❛s❡❞ ❱✐❡✇

Pa1 =Pa2 Pb1 Pb3 Pa4 =Pa5 Pb5 Pb2 =Pa3 =Pb4

λ1 λ2 λ3 λ4 λ5

Pa6 Pb6

λ6

Pa7 Pb7

λ7

Pa8 Pa9 Pb8 =Pb9 =Pb10 =Pa11 Pa10 Pb11

λ8 λ9 λ10 λ11 ✷✵ ✴ ✸✷

SLIDE 49

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ ♦r ♦r ❈♦♥tr❛❞✐❝t✐♦♥✿ ♦r ♦r ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡ ■❢ ❛♥❞ ❝❤♦✐❝❡s ❢♦r ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮ ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✷✶ ✴ ✸✷

Pa Pb Pc

λ1 λ2

SLIDE 50

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ ❛♥❞ ❝❤♦✐❝❡s ❢♦r ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮ ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✷✶ ✴ ✸✷

Pa Pb Pc

λ1 λ2

SLIDE 51

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0 ❛♥❞ λ1 = λ2

2n ❝❤♦✐❝❡s ❢♦r Pa

❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮ ❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✷✶ ✴ ✸✷

Pa Pb Pc

λ1 λ2

SLIDE 52

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0 ❛♥❞ λ1 = λ2

2n ❝❤♦✐❝❡s ❢♦r Pa
❋✐①❡s Pb = λ1 ⊕ Pa ✭✇❤✐❝❤ ✐s = Pa ❛s ❞❡s✐r❡❞✮

❋✐①❡s ✭✇❤✐❝❤ ✐s ❛s ❞❡s✐r❡❞✮

✷✶ ✴ ✸✷

Pa Pb Pc

λ1 λ2

SLIDE 53

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✶

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 ■❢ λ1 = 0 ♦r λ2 = 0 ♦r λ1 = λ2

❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc ♦r Pa = Pc
❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0 ❛♥❞ λ1 = λ2

2n ❝❤♦✐❝❡s ❢♦r Pa
❋✐①❡s Pb = λ1 ⊕ Pa ✭✇❤✐❝❤ ✐s = Pa ❛s ❞❡s✐r❡❞✮
❋✐①❡s Pc = λ2 ⊕ Pb ✭✇❤✐❝❤ ✐s = Pa, Pb ❛s ❞❡s✐r❡❞✮

✷✶ ✴ ✸✷

Pa Pb Pc

λ1 λ2

SLIDE 54

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ ♦r ❈♦♥tr❛❞✐❝t✐♦♥✿ ♦r ❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡ ■❢ ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮ ❋♦r ❛♥❞ ✇❡ r❡q✉✐r❡ ❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✷✷ ✴ ✸✷

Pa Pb Pc Pd

λ1 λ2

SLIDE 55

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮ ❋♦r ❛♥❞ ✇❡ r❡q✉✐r❡ ❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✷✷ ✴ ✸✷

Pa Pb Pc Pd

λ1 λ2

SLIDE 56

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0

2n ❝❤♦✐❝❡s ❢♦r Pa ✭✇❤✐❝❤ ✜①❡s Pb✮

❋♦r ❛♥❞ ✇❡ r❡q✉✐r❡ ❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✷✷ ✴ ✸✷

Pa Pb Pc Pd

λ1 λ2

SLIDE 57

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0

2n ❝❤♦✐❝❡s ❢♦r Pa ✭✇❤✐❝❤ ✜①❡s Pb✮
❋♦r Pc ❛♥❞ Pd ✇❡ r❡q✉✐r❡
Pc = Pa, Pb
Pd = λ2 ⊕ Pc = Pa, Pb

❆t ❧❡❛st ❝❤♦✐❝❡s ❢♦r ✭✇❤✐❝❤ ✜①❡s ✮

✷✷ ✴ ✸✷

Pa Pb Pc Pd

λ1 λ2

SLIDE 58

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✷

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pc ⊕ Pd = λ2 ■❢ λ1 = 0 ♦r λ2 = 0

❈♦♥tr❛❞✐❝t✐♦♥✿ Pa = Pb ♦r Pb = Pc
❙❝❤❡♠❡ ✐s ❞❡❣❡♥❡r❛t❡

■❢ λ1, λ2 = 0

2n ❝❤♦✐❝❡s ❢♦r Pa ✭✇❤✐❝❤ ✜①❡s Pb✮
❋♦r Pc ❛♥❞ Pd ✇❡ r❡q✉✐r❡
Pc = Pa, Pb
Pd = λ2 ⊕ Pc = Pa, Pb
❆t ❧❡❛st 2n − 4 ❝❤♦✐❝❡s ❢♦r Pc ✭✇❤✐❝❤ ✜①❡s Pd✮

✷✷ ✴ ✸✷

Pa Pb Pc Pd

λ1 λ2

SLIDE 59

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✸

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 Pc ⊕ Pa = λ3

❆ss✉♠❡ λi = 0 ❛♥❞ λi = λj

■❢ ❈♦♥tr❛❞✐❝t✐♦♥✿ ❡q✉❛t✐♦♥s s✉♠ t♦ ❙❝❤❡♠❡ ❝♦♥t❛✐♥s ❛ ❝✐r❝❧❡ ■❢ ❖♥❡ r❡❞✉♥❞❛♥t ❡q✉❛t✐♦♥✱ ♥♦ ❝♦♥tr❛❞✐❝t✐♦♥ ❙t✐❧❧ ❝♦✉♥t❡❞ ❛s ❝✐r❝❧❡

✷✸ ✴ ✸✷

Pa Pb Pc

λ1 λ2 λ3

SLIDE 60

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✸

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 Pc ⊕ Pa = λ3

❆ss✉♠❡ λi = 0 ❛♥❞ λi = λj

■❢ λ1 ⊕ λ2 ⊕ λ3 = 0

❈♦♥tr❛❞✐❝t✐♦♥✿ ❡q✉❛t✐♦♥s s✉♠ t♦ 0 = λ1 ⊕ λ2 ⊕ λ3
❙❝❤❡♠❡ ❝♦♥t❛✐♥s ❛ ❝✐r❝❧❡

■❢ ❖♥❡ r❡❞✉♥❞❛♥t ❡q✉❛t✐♦♥✱ ♥♦ ❝♦♥tr❛❞✐❝t✐♦♥ ❙t✐❧❧ ❝♦✉♥t❡❞ ❛s ❝✐r❝❧❡

✷✸ ✴ ✸✷

Pa Pb Pc

λ1 λ2 λ3

SLIDE 61

▼✐rr♦r ❚❤❡♦r②✿ ❚♦② ❊①❛♠♣❧❡ ✸

❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s✿

Pa ⊕ Pb = λ1 Pb ⊕ Pc = λ2 Pc ⊕ Pa = λ3

❆ss✉♠❡ λi = 0 ❛♥❞ λi = λj

■❢ λ1 ⊕ λ2 ⊕ λ3 = 0

❈♦♥tr❛❞✐❝t✐♦♥✿ ❡q✉❛t✐♦♥s s✉♠ t♦ 0 = λ1 ⊕ λ2 ⊕ λ3
❙❝❤❡♠❡ ❝♦♥t❛✐♥s ❛ ❝✐r❝❧❡

■❢ λ1 ⊕ λ2 ⊕ λ3 = 0

❖♥❡ r❡❞✉♥❞❛♥t ❡q✉❛t✐♦♥✱ ♥♦ ❝♦♥tr❛❞✐❝t✐♦♥
❙t✐❧❧ ❝♦✉♥t❡❞ ❛s ❝✐r❝❧❡

✷✸ ✴ ✸✷

Pa Pb Pc

λ1 λ2 λ3

SLIDE 62

▼✐rr♦r ❚❤❡♦r②✿ ❚✇♦ Pr♦❜❧❡♠❛t✐❝ ❈❛s❡s

❈✐r❝❧❡ ❉❡❣❡♥❡r❛❝②

Pa1 = Pb5 Pb1 = Pa2 Pb2 = Pa3 Pb3 = Pa4 Pb4 = Pa5

λ1 λ2 λ3 λ4 λ5

Pa1 =Pa2 Pb1 Pa3 =Pa4 Pb4 = Pa5 Pb2 =Pb3

λ1 λ2 λ3 λ4

Pa8 Pb7 = Pb8

λ1 ⊕ λ2 ⊕ · · · ⊕ λ7

Pb5 = Pa6 Pb6 = Pb7

λ6 λ5 λ7 ✷✹ ✴ ✸✷

SLIDE 63

▼✐rr♦r ❚❤❡♦r②✿ ▼❛✐♥ ❘❡s✉❧t

❙②st❡♠ ♦❢ ❊q✉❛t✐♦♥s

r ❞✐st✐♥❝t ✉♥❦♥♦✇♥s P = {P1, . . . , Pr}
❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s Pai ⊕ Pbi = λi
❙✉r❥❡❝t✐♦♥ ϕ : {a1, b1, . . . , aq, bq} → {1, . . . , r}

▼❛✐♥ ❘❡s✉❧t ■❢ t❤❡ s②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ✐s ❝✐r❝❧❡✲❢r❡❡ ❛♥❞ ♥♦♥✲❞❡❣❡♥❡r❛t❡✱ t❤❡ ♥✉♠❜❡r ♦❢ s♦❧✉t✐♦♥s t♦ P s✉❝❤ t❤❛t Pa = Pb ❢♦r ❛❧❧ ❞✐st✐♥❝t a, b ∈ {1, . . . , r} ✐s ❛t ❧❡❛st (2n)r 2nq ♣r♦✈✐❞❡❞ t❤❡ ♠❛①✐♠✉♠ tr❡❡ s✐③❡ ξ s❛t✐s✜❡s (ξ−1)2·r ≤ 2n/67

✷✺ ✴ ✸✷

SLIDE 64

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

❡♥❡r❛❧ ❙❡tt✐♥❣
❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❛♥❞ ❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ■♥♣✉ts t♦ ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ ✉♥❦♥♦✇♥s

✷✻ ✴ ✸✷

SLIDE 65

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

❡♥❡r❛❧ ❙❡tt✐♥❣
❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(0xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(1xi) =: Pbi ❙②st❡♠ ♦❢ ❡q✉❛t✐♦♥s ■♥♣✉ts t♦ ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ ✉♥❦♥♦✇♥s

✷✻ ✴ ✸✷

SLIDE 66

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

❡♥❡r❛❧ ❙❡tt✐♥❣
❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(0xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(1xi) =: Pbi

❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = yi

■♥♣✉ts t♦ ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ ✉♥❦♥♦✇♥s

✷✻ ✴ ✸✷

SLIDE 67

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

x

1· 0·

p p y

❡♥❡r❛❧ ❙❡tt✐♥❣
❆❞✈❡rs❛r② ❣❡ts tr❛♥s❝r✐♣t τ = {(x1, y1), . . . , (xq, yq)}
❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(0xi) =: Pai ❛♥❞

❊❛❝❤ t✉♣❧❡ ❝♦rr❡s♣♦♥❞s t♦ xi → p(1xi) =: Pbi

❙②st❡♠ ♦❢ q ❡q✉❛t✐♦♥s Pai ⊕ Pbi = yi
■♥♣✉ts t♦ p ❛r❡ ❛❧❧ ❞✐st✐♥❝t✿ 2q ✉♥❦♥♦✇♥s

✷✻ ✴ ✸✷

SLIDE 68

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

Pa1 Pb1 Pa2 Pb2 Paq Pbq · · ·

y1 y2 yq

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r② ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t ❢♦r ❛❧❧

❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

▼❛①✐♠✉♠ tr❡❡ s✐③❡ ■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

✷✼ ✴ ✸✷

SLIDE 69

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

Pa1 Pb1 Pa2 Pb2 Paq Pbq · · ·

y1 y2 yq

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

− → ❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

▼❛①✐♠✉♠ tr❡❡ s✐③❡ 2

■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

✷✼ ✴ ✸✷

SLIDE 70

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

Pa1 Pb1 Pa2 Pb2 Paq Pbq · · ·

y1 y2 yq

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

− → ❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

▼❛①✐♠✉♠ tr❡❡ s✐③❡ 2
■❢ 2q ≤ 2n/67✿ ❛t ❧❡❛st (2n)2q

2nq

s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

✷✼ ✴ ✸✷

SLIDE 71

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ ❢♦r s♦♠❡

❜❛❞ tr❛♥s❝r✐♣t ❢♦r

❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿

❣✐✈❡s ❣✐✈❡s

✷✽ ✴ ✸✷

SLIDE 72

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n

❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿

❣✐✈❡s ❣✐✈❡s

✷✽ ✴ ✸✷

SLIDE 73

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

❣✐✈❡s

✷✽ ✴ ✸✷

SLIDE 74

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

Pr [f ❣✐✈❡s τ] =

1 2nq

✷✽ ✴ ✸✷

SLIDE 75

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

Pr [f ❣✐✈❡s τ] =

1 2nq

✷✽ ✴ ✸✷

ε = 0

SLIDE 76

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❳♦P

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡ ❬P❛t✾✶✱P❛t✵✽✱❈❙✶✹❪ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [XoP ❣✐✈❡s τ] Pr [f ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ Advprf

XoP(q) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f]

❇❛❞ tr❛♥s❝r✐♣t✿ ✐❢ yi = 0 ❢♦r s♦♠❡ i
Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r f] = q/2n
❋♦r ❛♥② ❣♦♦❞ tr❛♥s❝r✐♣t✿
Pr [XoP ❣✐✈❡s τ] ≥ (2n)2q

2nq

·

1 (2n)2q

Pr [f ❣✐✈❡s τ] =

1 2nq

Advprf

XoP(q) ≤ q/2n

✷✽ ✴ ✸✷

ε = 0

SLIDE 77

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❈❊◆❈

Pa1 Pb1 Pb2 Pb3 Pbw

y1 y2 y3 y

w

Pa2 Pbw+1 Pbw+2 Pbw+3 Pb2w

yw+1 yw+2 yw+3 y

2 w

· · · Paq/w Pbq✕w+1 Pbq✕w+2 Pbq✕w+3 Pbq

yq✕w+1 yq✕w+2 yq✕w+3 y

q

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r② ❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t ❢♦r ❛❧❧ ◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛♥❞ ✇✐t❤✐♥ ❛❧❧ ✲❜❧♦❝❦s

❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

▼❛①✐♠✉♠ tr❡❡ s✐③❡ ■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✷✾ ✴ ✸✷

SLIDE 78

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❈❊◆❈

Pa1 Pb1 Pb2 Pb3 Pbw

y1 y2 y3 y

w

Pa2 Pbw+1 Pbw+2 Pbw+3 Pb2w

yw+1 yw+2 yw+3 y

2 w

· · · Paq/w Pbq✕w+1 Pbq✕w+2 Pbq✕w+3 Pbq

yq✕w+1 yq✕w+2 yq✕w+3 y

q

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛♥❞ yi = yj ✇✐t❤✐♥ ❛❧❧ w✲❜❧♦❝❦s

− → ❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

▼❛①✐♠✉♠ tr❡❡ s✐③❡ w + 1

■❢ ✿ ❛t ❧❡❛st s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✷✾ ✴ ✸✷

SLIDE 79

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❈❊◆❈

Pa1 Pb1 Pb2 Pb3 Pbw

y1 y2 y3 y

w

Pa2 Pbw+1 Pbw+2 Pbw+3 Pb2w

yw+1 yw+2 yw+3 y

2 w

· · · Paq/w Pbq✕w+1 Pbq✕w+2 Pbq✕w+3 Pbq

yq✕w+1 yq✕w+2 yq✕w+3 y

q

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛♥❞ yi = yj ✇✐t❤✐♥ ❛❧❧ w✲❜❧♦❝❦s

− → ❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

▼❛①✐♠✉♠ tr❡❡ s✐③❡ w + 1
■❢ 2w2q ≤ 2n/67✿ ❛t ❧❡❛st (2n)r

2nq

s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s ❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿

✷✾ ✴ ✸✷

SLIDE 80

▼✐rr♦r ❚❤❡♦r② ❆♣♣❧✐❡❞ t♦ ❈❊◆❈

Pa1 Pb1 Pb2 Pb3 Pbw

y1 y2 y3 y

w

Pa2 Pbw+1 Pbw+2 Pbw+3 Pb2w

yw+1 yw+2 yw+3 y

2 w

· · · Paq/w Pbq✕w+1 Pbq✕w+2 Pbq✕w+3 Pbq

yq✕w+1 yq✕w+2 yq✕w+3 y

q

❆♣♣❧②✐♥❣ ▼✐rr♦r ❚❤❡♦r②

❈✐r❝❧❡✲❢r❡❡✿ ♥♦ ❝♦❧❧✐s✐♦♥s ✐♥ ✐♥♣✉ts t♦ p
◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ♣r♦✈✐❞❡❞ t❤❛t yi = 0 ❢♦r ❛❧❧ i

◆♦♥✲❞❡❣❡♥❡r❛t❡✿ ❛♥❞ yi = yj ✇✐t❤✐♥ ❛❧❧ w✲❜❧♦❝❦s

− → ❈❛❧❧ t❤✐s ❛ ❜❛❞ tr❛♥s❝r✐♣t

▼❛①✐♠✉♠ tr❡❡ s✐③❡ w + 1
■❢ 2w2q ≤ 2n/67✿ ❛t ❧❡❛st (2n)r

2nq

s♦❧✉t✐♦♥s t♦ ✉♥❦♥♦✇♥s

❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡✿ Advcpa

CENC(q) ≤ q/2n + wq/2n+1

✷✾ ✴ ✸✷

SLIDE 81

◆❡✇ ▲♦♦❦ ❛t ▼✐rr♦r ❚❤❡♦r②

❊♥❝r②♣t❡❞ ❉❛✈✐❡s✲▼❡②❡r ❛♥❞ ■ts ❉✉❛❧✿ ❚♦✇❛r❞s ❖♣t✐♠❛❧ ❙❡❝✉r✐t② ❯s✐♥❣ ▼✐rr♦r ❚❤❡♦r②

▼❡♥♥✐♥❦✱ ◆❡✈❡s✱ ❈❘❨P❚❖ ✷✵✶✼

❘❡❢✉r❜✐s❤ ❛♥❞ ♠♦❞❡r♥✐③❡ ♠✐rr♦r t❤❡♦r②
Pr♦✈❡ ♦♣t✐♠❛❧ P❘❋ s❡❝✉r✐t② ♦❢✿

❊✭❲❈✮❉▼ ❬❈❙✶✻❪

x p1 p2 y

h(m)

❊❉▼❉

x p1 p2 y

Pr♦♦❢s ❛r❡ ♠♦r❡ ✐♥✈♦❧✈❡❞ ❛♥❞ ❜❡②♦♥❞ s❝♦♣❡ ♦❢ ♣r❡s❡♥t❛t✐♦♥

✸✵ ✴ ✸✷

SLIDE 82

❖✉t❧✐♥❡ P❘P✲P❘❋ ❈♦♥✈❡rs✐♦♥ ❈♦♥❝❧✉s✐♦♥

✸✶ ✴ ✸✷

SLIDE 83

❈♦♥❝❧✉s✐♦♥

❇❡②♦♥❞ ❇✐rt❤❞❛②✲❇♦✉♥❞ ❙❡❝✉r✐t②

◆♦t t❤❡ ❤♦❧② ❣r❛✐❧
❘❡❧❡✈❛♥t ❢♦r ❝❡rt❛✐♥ ❛♣♣❧✐❝❛t✐♦♥s
❖❢t❡♥ ❛❝❤✐❡✈❡❞ ✉s✐♥❣
❊①tr❛ r❛♥❞♦♠♥❡ss
❊①tr❛ st❛t❡ s✐③❡

❈❤❛❧❧❡♥❣❡s

❚r❛❞❡✲♦✛ ❜❡t✇❡❡♥ s❡❝✉r✐t② ❛♥❞ ❡✣❝✐❡♥❝②
▼❛♥② ♦♣❡♥ ♣r♦❜❧❡♠s ✐♥ ❇❇❇ s❡❝✉r✐t②
❊①✐st✐♥❣ ❛♥❛❧②s❡s ♥♦t ❛❧✇❛②s t✐❣❤t

❚❤❛♥❦ ②♦✉ ❢♦r ②♦✉r ❛tt❡♥t✐♦♥✦

✸✷ ✴ ✸✷

SLIDE 84

❙❯PP❖❘❚■◆● ❙▲■❉❊❙

✸✸ ✴ ✸✷

SLIDE 85

■♥❞✐st✐♥❣✉✐s❤❛❜✐❧✐t②

■♥❞✐st✐♥❣✉✐s❤❛❜✐❧✐t② ♦❢ ❘❛♥❞♦♠ ❙②st❡♠s IC

O P

distinguisher D

Advind(D) =

Pr
DO = 1
− Pr
DP = 1
= ∆D(O ; P)

❍♦✇ t♦ Pr♦✈❡ t❤❛t ✐s ❙♠❛❧❧❄

❛♠❡✲♣❧❛②✐♥❣ t❡❝❤♥✐q✉❡

❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡

✸✹ ✴ ✸✷

SLIDE 86

■♥❞✐st✐♥❣✉✐s❤❛❜✐❧✐t②

■♥❞✐st✐♥❣✉✐s❤❛❜✐❧✐t② ♦❢ ❘❛♥❞♦♠ ❙②st❡♠s IC

O P

distinguisher D

Advind(D) =

Pr
DO = 1
− Pr
DP = 1
= ∆D(O ; P)

❍♦✇ t♦ Pr♦✈❡ t❤❛t Advind(D) ✐s ❙♠❛❧❧❄

❛♠❡✲♣❧❛②✐♥❣ t❡❝❤♥✐q✉❡

❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡

✸✹ ✴ ✸✷

SLIDE 87

■♥❞✐st✐♥❣✉✐s❤❛❜✐❧✐t②

■♥❞✐st✐♥❣✉✐s❤❛❜✐❧✐t② ♦❢ ❘❛♥❞♦♠ ❙②st❡♠s IC

O P

distinguisher D

Advind(D) =

Pr
DO = 1
− Pr
DP = 1
= ∆D(O ; P)

❍♦✇ t♦ Pr♦✈❡ t❤❛t Advind(D) ✐s ❙♠❛❧❧❄

●❛♠❡✲♣❧❛②✐♥❣ t❡❝❤♥✐q✉❡
❍✲❝♦❡✣❝✐❡♥t t❡❝❤♥✐q✉❡

✸✹ ✴ ✸✷

SLIDE 88

❛♠❡✲P❧❛②✐♥❣ ❚❡❝❤♥✐q✉❡
❇❡❧❧❛r❡ ❛♥❞ ❘♦❣❛✇❛② ❬❇❘✵✻❪
❙✐♠✐❧❛r t♦ ▼❛✉r❡r✬s ♠❡t❤♦❞♦❧♦❣② ❬▼❛✉✵✷❪

❇❛s✐❝ ✐❞❡❛✿

❋r♦♠ t♦ ✐♥ s♠❛❧❧ st❡♣s ■♥t❡r♠❡❞✐❛t❡ st❡♣s ✭♣r❡s✉♠❛❜❧②✮ ❡❛s② t♦ ❛♥❛❧②③❡

✸✺ ✴ ✸✷

SLIDE 89

❛♠❡✲P❧❛②✐♥❣ ❚❡❝❤♥✐q✉❡
❇❡❧❧❛r❡ ❛♥❞ ❘♦❣❛✇❛② ❬❇❘✵✻❪
❙✐♠✐❧❛r t♦ ▼❛✉r❡r✬s ♠❡t❤♦❞♦❧♦❣② ❬▼❛✉✵✷❪

IC

O P

distinguisher D

❇❛s✐❝ ✐❞❡❛✿

❋r♦♠ t♦ ✐♥ s♠❛❧❧ st❡♣s ■♥t❡r♠❡❞✐❛t❡ st❡♣s ✭♣r❡s✉♠❛❜❧②✮ ❡❛s② t♦ ❛♥❛❧②③❡

✸✺ ✴ ✸✷

SLIDE 90

❛♠❡✲P❧❛②✐♥❣ ❚❡❝❤♥✐q✉❡
❇❡❧❧❛r❡ ❛♥❞ ❘♦❣❛✇❛② ❬❇❘✵✻❪
❙✐♠✐❧❛r t♦ ▼❛✉r❡r✬s ♠❡t❤♦❞♦❧♦❣② ❬▼❛✉✵✷❪

IC

O P

distinguisher D

❇❛s✐❝ ✐❞❡❛✿
❋r♦♠ O t♦ P ✐♥ s♠❛❧❧ st❡♣s

■♥t❡r♠❡❞✐❛t❡ st❡♣s ✭♣r❡s✉♠❛❜❧②✮ ❡❛s② t♦ ❛♥❛❧②③❡

✸✺ ✴ ✸✷

SLIDE 91

❛♠❡✲P❧❛②✐♥❣ ❚❡❝❤♥✐q✉❡
❇❡❧❧❛r❡ ❛♥❞ ❘♦❣❛✇❛② ❬❇❘✵✻❪
❙✐♠✐❧❛r t♦ ▼❛✉r❡r✬s ♠❡t❤♦❞♦❧♦❣② ❬▼❛✉✵✷❪

IC

O P

distinguisher D

❇❛s✐❝ ✐❞❡❛✿
❋r♦♠ O t♦ P ✐♥ s♠❛❧❧ st❡♣s
■♥t❡r♠❡❞✐❛t❡ st❡♣s ✭♣r❡s✉♠❛❜❧②✮ ❡❛s② t♦ ❛♥❛❧②③❡

✸✺ ✴ ✸✷

SLIDE 92

❛♠❡✲P❧❛②✐♥❣ ❚❡❝❤♥✐q✉❡

❚r✐❛♥❣❧❡ ■♥❡q✉❛❧✐t② ❋✉♥❞❛♠❡♥t❛❧ ▲❡♠♠❛ ■❢ ❛♥❞ ❛r❡ ✐❞❡♥t✐❝❛❧ ✉♥t✐❧ ❜❛❞✱ t❤❡♥✿ s❡ts ❜❛❞

✸✻ ✴ ✸✷

SLIDE 93

❛♠❡✲P❧❛②✐♥❣ ❚❡❝❤♥✐q✉❡

❚r✐❛♥❣❧❡ ■♥❡q✉❛❧✐t② ∆(O; P) ≤ ∆(O; R) + ∆(R; P) ❋✉♥❞❛♠❡♥t❛❧ ▲❡♠♠❛ ■❢ ❛♥❞ ❛r❡ ✐❞❡♥t✐❝❛❧ ✉♥t✐❧ ❜❛❞✱ t❤❡♥✿ s❡ts ❜❛❞

✸✻ ✴ ✸✷

SLIDE 94

❛♠❡✲P❧❛②✐♥❣ ❚❡❝❤♥✐q✉❡

❚r✐❛♥❣❧❡ ■♥❡q✉❛❧✐t② ∆(O; P) ≤ ∆(O; R) + ∆(R; P) ❋✉♥❞❛♠❡♥t❛❧ ▲❡♠♠❛ ■❢ O ❛♥❞ P ❛r❡ ✐❞❡♥t✐❝❛❧ ✉♥t✐❧ ❜❛❞✱ t❤❡♥✿ ∆(O; P) ≤ Pr [P s❡ts ❜❛❞]

✸✻ ✴ ✸✷

SLIDE 95

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✶✴✹✮

IC

Fk = Ek f

distinguisher D

blockcipher random function

❚❤❡♦r❡♠ ❋♦r ❛♥② ❞✐st✐♥❣✉✐s❤❡r D ♠❛❦✐♥❣ Q q✉❡r✐❡s t♦ Ek/p ❛♥❞ T ♦✤✐♥❡ ❡✈❛❧✉❛t✐♦♥s ∆D(Ek; f) ≤ Advprp

E (D) +

Q

2

2n

✸✼ ✴ ✸✷

SLIDE 96

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✷✴✹✮

❙t❡♣ ✶✳ ✏❘❡♣❧❛❝❡✑ ❜② ❘❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ ❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿ ∆D(Ek; f) ❜② ❞❡✜♥✐t✐♦♥

✐s ♣❛r❛♠❡tr✐③❡❞ ❜② q✉❡r✐❡s t♦

✸✽ ✴ ✸✷

SLIDE 97

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✷✴✹✮

❙t❡♣ ✶✳ ✏❘❡♣❧❛❝❡✑ Ek ❜② ❘❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ p ❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿ ∆D(Ek; f) ❜② ❞❡✜♥✐t✐♦♥

✐s ♣❛r❛♠❡tr✐③❡❞ ❜② q✉❡r✐❡s t♦

✸✽ ✴ ✸✷

SLIDE 98

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✷✴✹✮

❙t❡♣ ✶✳ ✏❘❡♣❧❛❝❡✑ Ek ❜② ❘❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ p

❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿

∆D(Ek; f) ≤ ∆D(Ek; p) + ∆D(p; f) ❜② ❞❡✜♥✐t✐♦♥

✐s ♣❛r❛♠❡tr✐③❡❞ ❜② q✉❡r✐❡s t♦

✸✽ ✴ ✸✷

SLIDE 99

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✷✴✹✮

❙t❡♣ ✶✳ ✏❘❡♣❧❛❝❡✑ Ek ❜② ❘❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ p

❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿

∆D(Ek; f) ≤ ∆D(Ek; p) + ∆D(p; f)

∆D(Ek; p) = Advprp

E (D) ❜② ❞❡✜♥✐t✐♦♥

✐s ♣❛r❛♠❡tr✐③❡❞ ❜② q✉❡r✐❡s t♦

✸✽ ✴ ✸✷

SLIDE 100

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✷✴✹✮

❙t❡♣ ✶✳ ✏❘❡♣❧❛❝❡✑ Ek ❜② ❘❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ p

❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿

∆D(Ek; f) ≤ ∆D(Ek; p) + ∆D(p; f)

∆D(Ek; p) = Advprp

E (D) ❜② ❞❡✜♥✐t✐♦♥

∆D(p; f)
D ✐s ♣❛r❛♠❡tr✐③❡❞ ❜② Q q✉❡r✐❡s t♦ p/f

✸✽ ✴ ✸✷

SLIDE 101

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✸✴✹✮

❙t❡♣ ✷✳ ❘❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ t♦ ❘❛♥❞♦♠ ❋✉♥❝t✐♦♥

❈♦♥s✐❞❡r ❧❛③✐❧② s❛♠♣❧❡❞ p ❛♥❞ f
■♥✐t✐❛❧❧② ❡♠♣t② ❧✐st ♦❢ r❡s♣♦♥s❡s L
❘❛♥❞♦♠❧② ❣❡♥❡r❛t❡❞ r❡s♣♦♥s❡ ❢♦r ❡✈❡r② ♥❡✇ q✉❡r②

❖r❛❝❧❡ r❡t✉r♥ ❖r❛❝❧❡ ✐❢ ❜❛❞ r❡t✉r♥ ❖r❛❝❧❡ r❡t✉r♥

✸✾ ✴ ✸✷

SLIDE 102

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✸✴✹✮

❙t❡♣ ✷✳ ❘❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ t♦ ❘❛♥❞♦♠ ❋✉♥❝t✐♦♥

❈♦♥s✐❞❡r ❧❛③✐❧② s❛♠♣❧❡❞ p ❛♥❞ f
■♥✐t✐❛❧❧② ❡♠♣t② ❧✐st ♦❢ r❡s♣♦♥s❡s L
❘❛♥❞♦♠❧② ❣❡♥❡r❛t❡❞ r❡s♣♦♥s❡ ❢♦r ❡✈❡r② ♥❡✇ q✉❡r②

❖r❛❝❧❡ p y

$

← − {0, 1}n\L L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ ✐❢ ❜❛❞ r❡t✉r♥ ❖r❛❝❧❡ r❡t✉r♥

✸✾ ✴ ✸✷

SLIDE 103

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✸✴✹✮

❙t❡♣ ✷✳ ❘❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ t♦ ❘❛♥❞♦♠ ❋✉♥❝t✐♦♥

❈♦♥s✐❞❡r ❧❛③✐❧② s❛♠♣❧❡❞ p ❛♥❞ f
■♥✐t✐❛❧❧② ❡♠♣t② ❧✐st ♦❢ r❡s♣♦♥s❡s L
❘❛♥❞♦♠❧② ❣❡♥❡r❛t❡❞ r❡s♣♦♥s❡ ❢♦r ❡✈❡r② ♥❡✇ q✉❡r②

❖r❛❝❧❡ p y

$

← − {0, 1}n\L L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ ✐❢ ❜❛❞ r❡t✉r♥ ❖r❛❝❧❡ f y

$

← − {0, 1}n r❡t✉r♥ y

✸✾ ✴ ✸✷

SLIDE 104

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✸✴✹✮

❙t❡♣ ✷✳ ❘❛♥❞♦♠ P❡r♠✉t❛t✐♦♥ t♦ ❘❛♥❞♦♠ ❋✉♥❝t✐♦♥

❈♦♥s✐❞❡r ❧❛③✐❧② s❛♠♣❧❡❞ p ❛♥❞ f
■♥✐t✐❛❧❧② ❡♠♣t② ❧✐st ♦❢ r❡s♣♦♥s❡s L
❘❛♥❞♦♠❧② ❣❡♥❡r❛t❡❞ r❡s♣♦♥s❡ ❢♦r ❡✈❡r② ♥❡✇ q✉❡r②

❖r❛❝❧❡ p y

$

← − {0, 1}n\L L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ p′ y

$

← − {0, 1}n ✐❢ y ∈ L y

$

← − {0, 1}n\L ❜❛❞ L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ f y

$

← − {0, 1}n r❡t✉r♥ y

✸✾ ✴ ✸✷

SLIDE 105

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✹✴✹✮

❖r❛❝❧❡ p y

$

← − {0, 1}n\L L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ p′ y

$

← − {0, 1}n ✐❢ y ∈ L y

$

← − {0, 1}n\L ❜❛❞ L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ f y

$

← − {0, 1}n r❡t✉r♥ y

✐❞❡♥t✐❝❛❧ ✐❞❡♥t✐❝❛❧ ✉♥t✐❧ ❜❛❞ ❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿ ∆D(p; f) s❡ts ❜❛❞

✹✵ ✴ ✸✷

SLIDE 106

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✹✴✹✮

❖r❛❝❧❡ p y

$

← − {0, 1}n\L L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ p′ y

$

← − {0, 1}n ✐❢ y ∈ L y

$

← − {0, 1}n\L ❜❛❞ L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ f y

$

← − {0, 1}n r❡t✉r♥ y

✐❞❡♥t✐❝❛❧ ✐❞❡♥t✐❝❛❧ ✉♥t✐❧ ❜❛❞

❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿

∆D(p; f) ≤ ∆D(p; p′) + ∆D(p′; f) s❡ts ❜❛❞

✹✵ ✴ ✸✷

SLIDE 107

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✹✴✹✮

❖r❛❝❧❡ p y

$

← − {0, 1}n\L L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ p′ y

$

← − {0, 1}n ✐❢ y ∈ L y

$

← − {0, 1}n\L ❜❛❞ L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ f y

$

← − {0, 1}n r❡t✉r♥ y

✐❞❡♥t✐❝❛❧ ✐❞❡♥t✐❝❛❧ ✉♥t✐❧ ❜❛❞

❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿

∆D(p; f) ≤ ∆D(p; p′) + ∆D(p′; f) ≤ + s❡ts ❜❛❞

✹✵ ✴ ✸✷

SLIDE 108

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✹✴✹✮

❖r❛❝❧❡ p y

$

← − {0, 1}n\L L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ p′ y

$

← − {0, 1}n ✐❢ y ∈ L y

$

← − {0, 1}n\L ❜❛❞ L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ f y

$

← − {0, 1}n r❡t✉r♥ y

✐❞❡♥t✐❝❛❧ ✐❞❡♥t✐❝❛❧ ✉♥t✐❧ ❜❛❞

❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿

∆D(p; f) ≤ ∆D(p; p′) + ∆D(p′; f) ≤ + Pr [p′ s❡ts ❜❛❞]

✹✵ ✴ ✸✷

SLIDE 109

❊①❛♠♣❧❡✿ P❘P✲P❘❋ ❙✇✐t❝❤ ✭✹✴✹✮

❖r❛❝❧❡ p y

$

← − {0, 1}n\L L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ p′ y

$

← − {0, 1}n ✐❢ y ∈ L y

$

← − {0, 1}n\L ❜❛❞ L

∪

← − y r❡t✉r♥ y ❖r❛❝❧❡ f y

$

← − {0, 1}n r❡t✉r♥ y

✐❞❡♥t✐❝❛❧ ✐❞❡♥t✐❝❛❧ ✉♥t✐❧ ❜❛❞

❚r✐❛♥❣❧❡ ✐♥❡q✉❛❧✐t②✿

∆D(p; f) ≤ ∆D(p; p′) + ∆D(p′; f) ≤ + Pr [p′ s❡ts ❜❛❞] ≤ (Q

2)

2n

✹✵ ✴ ✸✷

SLIDE 110

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

❇❛s✐❝ ✐❞❡❛✿

❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t ❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts ❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✹✶ ✴ ✸✷

SLIDE 111

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

IC

O P

distinguisher D

❇❛s✐❝ ✐❞❡❛✿

❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t ❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts ❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✹✶ ✴ ✸✷

SLIDE 112

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

IC

O P

distinguisher D

❇❛s✐❝ ✐❞❡❛✿
❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ

❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts ❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✹✶ ✴ ✸✷

SLIDE 113

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

IC

O P

distinguisher D

❇❛s✐❝ ✐❞❡❛✿
❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
O ≈ P ❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts

❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✹✶ ✴ ✸✷

SLIDE 114

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

P❛t❛r✐♥ ❬P❛t✾✶✱P❛t✵✽❪
P♦♣✉❧❛r✐③❡❞ ❜② ❈❤❡♥ ❛♥❞ ❙t❡✐♥❜❡r❣❡r ❬❈❙✶✹❪
❙✐♠✐❧❛r t♦ ✏❙tr♦♥❣ ■♥t❡r♣♦❧❛t✐♦♥ ❚❡❝❤♥✐q✉❡✑ ❬❇❡r✵✺❪

IC

O P

distinguisher D

❇❛s✐❝ ✐❞❡❛✿
❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
O ≈ P ❢♦r ♠♦st ♦❢ t❤❡ tr❛♥s❝r✐♣ts
❘❡♠❛✐♥✐♥❣ tr❛♥s❝r✐♣ts ♦❝❝✉r ✇✐t❤ s♠❛❧❧ ♣r♦❜❛❜✐❧✐t②

✹✶ ✴ ✸✷

SLIDE 115

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

D ✐s ❝♦♠♣✉t❛t✐♦♥❛❧❧② ✉♥❜♦✉♥❞❡❞ ❛♥❞ ❞❡t❡r♠✐♥✐st✐❝
❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ

❈♦♥s✐❞❡r ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts ▲❡♠♠❛ ▲❡t ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts ✿ ❣✐✈❡s ❣✐✈❡s ❚❤❡♥✱ ❜❛❞ tr❛♥s❝r✐♣t ❢♦r ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✹✷ ✴ ✸✷

SLIDE 116

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

D ✐s ❝♦♠♣✉t❛t✐♦♥❛❧❧② ✉♥❜♦✉♥❞❡❞ ❛♥❞ ❞❡t❡r♠✐♥✐st✐❝
❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
❈♦♥s✐❞❡r ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

▲❡♠♠❛ ▲❡t ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts ✿ ❣✐✈❡s ❣✐✈❡s ❚❤❡♥✱ ❜❛❞ tr❛♥s❝r✐♣t ❢♦r ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✹✷ ✴ ✸✷

SLIDE 117

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

D ✐s ❝♦♠♣✉t❛t✐♦♥❛❧❧② ✉♥❜♦✉♥❞❡❞ ❛♥❞ ❞❡t❡r♠✐♥✐st✐❝
❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
❈♦♥s✐❞❡r ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

▲❡♠♠❛ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [O ❣✐✈❡s τ] Pr [P ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ ∆D(O; P) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r P] ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✹✷ ✴ ✸✷

SLIDE 118

❍✲❈♦❡✣❝✐❡♥t ❚❡❝❤♥✐q✉❡

D ✐s ❝♦♠♣✉t❛t✐♦♥❛❧❧② ✉♥❜♦✉♥❞❡❞ ❛♥❞ ❞❡t❡r♠✐♥✐st✐❝
❊❛❝❤ ❝♦♥✈❡rs❛t✐♦♥ ❞❡✜♥❡s ❛ tr❛♥s❝r✐♣t τ
❈♦♥s✐❞❡r ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

▲❡♠♠❛ ▲❡t ε ≥ 0 ❜❡ s✉❝❤ t❤❛t ❢♦r ❛❧❧ ❣♦♦❞ tr❛♥s❝r✐♣ts τ✿ Pr [O ❣✐✈❡s τ] Pr [P ❣✐✈❡s τ] ≥ 1 − ε ❚❤❡♥✱ ∆D(O; P) ≤ ε + Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r P] ❚r❛❞❡✲♦✛✿ ❞❡✜♥❡ ❜❛❞ tr❛♥s❝r✐♣ts s♠❛rt❧②✦

✹✷ ✴ ✸✷

SLIDE 119

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✶✴✶✵✮

m c k k

P

Ek(m) = P(m ⊕ k) ⊕ k

✹✸ ✴ ✸✷

SLIDE 120

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✷✴✶✵✮

IC

E±

k

p±

distinguisher D

❙❧✐❣❤t❧② ❉✐✛❡r❡♥t ❙❡❝✉r✐t② ▼♦❞❡❧ ❯♥❞❡r❧②✐♥❣ ♣❡r♠✉t❛t✐♦♥ r❛♥❞♦♠✐③❡❞ ■♥❢♦r♠❛t✐♦♥✲t❤❡♦r❡t✐❝ ❞✐st✐♥❣✉✐s❤❡r

❝♦♥str✉❝t✐♦♥ q✉❡r✐❡s ♦✤✐♥❡ ❡✈❛❧✉❛t✐♦♥s ♣r✐♠✐t✐✈❡ q✉❡r✐❡s ❯♥❜♦✉♥❞❡❞ ❝♦♠♣✉t❛t✐♦♥❛❧ ♣♦✇❡r

✹✹ ✴ ✸✷

SLIDE 121

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✷✴✶✵✮

IC

E±

k

P ± p±

distinguisher D

❙❧✐❣❤t❧② ❉✐✛❡r❡♥t ❙❡❝✉r✐t② ▼♦❞❡❧

❯♥❞❡r❧②✐♥❣ ♣❡r♠✉t❛t✐♦♥

r❛♥❞♦♠✐③❡❞ ■♥❢♦r♠❛t✐♦♥✲t❤❡♦r❡t✐❝ ❞✐st✐♥❣✉✐s❤❡r

❝♦♥str✉❝t✐♦♥ q✉❡r✐❡s ♦✤✐♥❡ ❡✈❛❧✉❛t✐♦♥s ♣r✐♠✐t✐✈❡ q✉❡r✐❡s ❯♥❜♦✉♥❞❡❞ ❝♦♠♣✉t❛t✐♦♥❛❧ ♣♦✇❡r

✹✹ ✴ ✸✷

SLIDE 122

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✷✴✶✵✮

IC

E±

k

P ± p± P ±

distinguisher D

❙❧✐❣❤t❧② ❉✐✛❡r❡♥t ❙❡❝✉r✐t② ▼♦❞❡❧

❯♥❞❡r❧②✐♥❣ ♣❡r♠✉t❛t✐♦♥ r❛♥❞♦♠✐③❡❞
■♥❢♦r♠❛t✐♦♥✲t❤❡♦r❡t✐❝ ❞✐st✐♥❣✉✐s❤❡r D
Q ❝♦♥str✉❝t✐♦♥ q✉❡r✐❡s
T ♦✤✐♥❡ ❡✈❛❧✉❛t✐♦♥s ≈ T ♣r✐♠✐t✐✈❡ q✉❡r✐❡s

❯♥❜♦✉♥❞❡❞ ❝♦♠♣✉t❛t✐♦♥❛❧ ♣♦✇❡r

✹✹ ✴ ✸✷

SLIDE 123

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✷✴✶✵✮

IC

E±

k

P ± p± P ±

distinguisher D

❙❧✐❣❤t❧② ❉✐✛❡r❡♥t ❙❡❝✉r✐t② ▼♦❞❡❧

❯♥❞❡r❧②✐♥❣ ♣❡r♠✉t❛t✐♦♥ r❛♥❞♦♠✐③❡❞
■♥❢♦r♠❛t✐♦♥✲t❤❡♦r❡t✐❝ ❞✐st✐♥❣✉✐s❤❡r D
Q ❝♦♥str✉❝t✐♦♥ q✉❡r✐❡s
T ♦✤✐♥❡ ❡✈❛❧✉❛t✐♦♥s ≈ T ♣r✐♠✐t✐✈❡ q✉❡r✐❡s
❯♥❜♦✉♥❞❡❞ ❝♦♠♣✉t❛t✐♦♥❛❧ ♣♦✇❡r

✹✹ ✴ ✸✷

SLIDE 124

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✸✴✶✵✮

IC

E±

k

P ± p± P ±

distinguisher D

❙❧✐❣❤t❧② ❉✐✛❡r❡♥t ❙❡❝✉r✐t② ▼♦❞❡❧

❲✐t❤♦✉t ❧♦ss ♦❢ ❣❡♥❡r❛❧✐t②✱ D ✐s ❞❡t❡r♠✐♥✐st✐❝
◆♦ r❛♥❞♦♠ ❝❤♦✐❝❡s

❘❡❛s♦♥✿ ❛t t❤❡ ❡♥❞ ✇❡ ♠❛①✐♠✐③❡ ♦✈❡r ❛❧❧ ❞✐st✐♥❣✉✐s❤❡rs

✹✺ ✴ ✸✷

SLIDE 125

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✸✴✶✵✮

IC

E±

k

P ± p± P ±

distinguisher D

❙❧✐❣❤t❧② ❉✐✛❡r❡♥t ❙❡❝✉r✐t② ▼♦❞❡❧

❲✐t❤♦✉t ❧♦ss ♦❢ ❣❡♥❡r❛❧✐t②✱ D ✐s ❞❡t❡r♠✐♥✐st✐❝
◆♦ r❛♥❞♦♠ ❝❤♦✐❝❡s
❘❡❛s♦♥✿ ❛t t❤❡ ❡♥❞ ✇❡ ♠❛①✐♠✐③❡ ♦✈❡r ❛❧❧ ❞✐st✐♥❣✉✐s❤❡rs

✹✺ ✴ ✸✷

SLIDE 126

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✹✴✶✵✮

IC

E±

k

P ± p± P ±

distinguisher D

❚❤❡♦r❡♠ ❋♦r ❛♥② ❞❡t❡r♠✐♥✐st✐❝ ❞✐st✐♥❣✉✐s❤❡r D ♠❛❦✐♥❣ Q q✉❡r✐❡s t♦ Ek/f ❛♥❞ T ♣r✐♠✐t✐✈❡ q✉❡r✐❡s Advsprp

E

(D) = ∆D(E±

k , P ±; p±, P ±) ≤ 2QT

2n

✹✻ ✴ ✸✷

SLIDE 127

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✺✴✶✵✮

❙t❡♣ ✶✳ ❉❡✜♥❡ ❤♦✇ tr❛♥s❝r✐♣ts ❧♦♦❦ ❧✐❦❡ ❙t❡♣ ✷✳ ❉❡✜♥❡ ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts ❙t❡♣ ✸✳ ❯♣♣❡r ❜♦✉♥❞ Pr [❜❛❞ tr❛♥s❝r✐♣t ❢♦r (p±, P ±)] ❙t❡♣ ✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr[(E±

k ,P ±) ❣✐✈❡s τ]

Pr[(p±,P ±) ❣✐✈❡s τ] ≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

✹✼ ✴ ✸✷

SLIDE 128

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✻✴✶✵✮

✶✳ ❉❡✜♥❡ ❤♦✇ tr❛♥s❝r✐♣ts ❧♦♦❦ ❧✐❦❡

❈♦♥str✉❝t✐♦♥ q✉❡r✐❡s✿

τE = {(m1, c1), . . . , (mQ, cQ)}

Pr✐♠✐t✐✈❡ q✉❡r✐❡s✿

τP = {(x1, y1), . . . , (xT , yT )} ❯♥♦r❞❡r❡❞ ❧✐sts ✭♦r❞❡r✐♥❣ ♥♦t ♥❡❡❞❡❞ ✐♥ ❝✉rr❡♥t ♣r♦♦❢✮ ✶✲t♦✲✶ ❝♦rr❡s♣♦♥❞❡♥❝❡ ❜❡t✇❡❡♥ ❛♥② ❛♥❞ ❛♥② ❇♦♥✉s ✐♥❢♦r♠❛t✐♦♥✦

❆❢t❡r ✐♥t❡r❛❝t✐♦♥ ♦❢ ✇✐t❤ ♦r❛❝❧❡s✿ r❡✈❡❛❧ t❤❡ ❦❡② ❘❡❛❧ ✇♦r❧❞ ✿ ❦❡② ✉s❡❞ ❢♦r ❡♥❝r②♣t✐♦♥ ■❞❡❛❧ ✇♦r❧❞ ✿ ❞✉♠♠② ❦❡②

✹✽ ✴ ✸✷

SLIDE 129

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✻✴✶✵✮

✶✳ ❉❡✜♥❡ ❤♦✇ tr❛♥s❝r✐♣ts ❧♦♦❦ ❧✐❦❡

❈♦♥str✉❝t✐♦♥ q✉❡r✐❡s✿

τE = {(m1, c1), . . . , (mQ, cQ)}

Pr✐♠✐t✐✈❡ q✉❡r✐❡s✿

τP = {(x1, y1), . . . , (xT , yT )}

❯♥♦r❞❡r❡❞ ❧✐sts ✭♦r❞❡r✐♥❣ ♥♦t ♥❡❡❞❡❞ ✐♥ ❝✉rr❡♥t ♣r♦♦❢✮
✶✲t♦✲✶ ❝♦rr❡s♣♦♥❞❡♥❝❡ ❜❡t✇❡❡♥ ❛♥② D ❛♥❞ ❛♥② (τE, τP )

❇♦♥✉s ✐♥❢♦r♠❛t✐♦♥✦

❆❢t❡r ✐♥t❡r❛❝t✐♦♥ ♦❢ ✇✐t❤ ♦r❛❝❧❡s✿ r❡✈❡❛❧ t❤❡ ❦❡② ❘❡❛❧ ✇♦r❧❞ ✿ ❦❡② ✉s❡❞ ❢♦r ❡♥❝r②♣t✐♦♥ ■❞❡❛❧ ✇♦r❧❞ ✿ ❞✉♠♠② ❦❡②

✹✽ ✴ ✸✷

SLIDE 130

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✻✴✶✵✮

✶✳ ❉❡✜♥❡ ❤♦✇ tr❛♥s❝r✐♣ts ❧♦♦❦ ❧✐❦❡

❈♦♥str✉❝t✐♦♥ q✉❡r✐❡s✿

τE = {(m1, c1), . . . , (mQ, cQ)}

Pr✐♠✐t✐✈❡ q✉❡r✐❡s✿

τP = {(x1, y1), . . . , (xT , yT )}

❯♥♦r❞❡r❡❞ ❧✐sts ✭♦r❞❡r✐♥❣ ♥♦t ♥❡❡❞❡❞ ✐♥ ❝✉rr❡♥t ♣r♦♦❢✮
✶✲t♦✲✶ ❝♦rr❡s♣♦♥❞❡♥❝❡ ❜❡t✇❡❡♥ ❛♥② D ❛♥❞ ❛♥② (τE, τP )
❇♦♥✉s ✐♥❢♦r♠❛t✐♦♥✦
❆❢t❡r ✐♥t❡r❛❝t✐♦♥ ♦❢ D ✇✐t❤ ♦r❛❝❧❡s✿ r❡✈❡❛❧ t❤❡ ❦❡②

❘❡❛❧ ✇♦r❧❞ ✿ ❦❡② ✉s❡❞ ❢♦r ❡♥❝r②♣t✐♦♥ ■❞❡❛❧ ✇♦r❧❞ ✿ ❞✉♠♠② ❦❡②

✹✽ ✴ ✸✷

SLIDE 131

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✻✴✶✵✮

✶✳ ❉❡✜♥❡ ❤♦✇ tr❛♥s❝r✐♣ts ❧♦♦❦ ❧✐❦❡

❈♦♥str✉❝t✐♦♥ q✉❡r✐❡s✿

τE = {(m1, c1), . . . , (mQ, cQ)}

Pr✐♠✐t✐✈❡ q✉❡r✐❡s✿

τP = {(x1, y1), . . . , (xT , yT )}

❯♥♦r❞❡r❡❞ ❧✐sts ✭♦r❞❡r✐♥❣ ♥♦t ♥❡❡❞❡❞ ✐♥ ❝✉rr❡♥t ♣r♦♦❢✮
✶✲t♦✲✶ ❝♦rr❡s♣♦♥❞❡♥❝❡ ❜❡t✇❡❡♥ ❛♥② D ❛♥❞ ❛♥② (τE, τP )
❇♦♥✉s ✐♥❢♦r♠❛t✐♦♥✦
❆❢t❡r ✐♥t❡r❛❝t✐♦♥ ♦❢ D ✇✐t❤ ♦r❛❝❧❡s✿ r❡✈❡❛❧ t❤❡ ❦❡②
❘❡❛❧ ✇♦r❧❞ (E±

k , P ±)✿ ❦❡② ✉s❡❞ ❢♦r ❡♥❝r②♣t✐♦♥

■❞❡❛❧ ✇♦r❧❞ ✿ ❞✉♠♠② ❦❡②

✹✽ ✴ ✸✷

SLIDE 132

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✻✴✶✵✮

✶✳ ❉❡✜♥❡ ❤♦✇ tr❛♥s❝r✐♣ts ❧♦♦❦ ❧✐❦❡

❈♦♥str✉❝t✐♦♥ q✉❡r✐❡s✿

τE = {(m1, c1), . . . , (mQ, cQ)}

Pr✐♠✐t✐✈❡ q✉❡r✐❡s✿

τP = {(x1, y1), . . . , (xT , yT )}

❯♥♦r❞❡r❡❞ ❧✐sts ✭♦r❞❡r✐♥❣ ♥♦t ♥❡❡❞❡❞ ✐♥ ❝✉rr❡♥t ♣r♦♦❢✮
✶✲t♦✲✶ ❝♦rr❡s♣♦♥❞❡♥❝❡ ❜❡t✇❡❡♥ ❛♥② D ❛♥❞ ❛♥② (τE, τP )
❇♦♥✉s ✐♥❢♦r♠❛t✐♦♥✦
❆❢t❡r ✐♥t❡r❛❝t✐♦♥ ♦❢ D ✇✐t❤ ♦r❛❝❧❡s✿ r❡✈❡❛❧ t❤❡ ❦❡②
❘❡❛❧ ✇♦r❧❞ (E±

k , P ±)✿ ❦❡② ✉s❡❞ ❢♦r ❡♥❝r②♣t✐♦♥

■❞❡❛❧ ✇♦r❧❞ (p±, P ±)✿ ❞✉♠♠② ❦❡② k

$

← − {0, 1}n

✹✽ ✴ ✸✷

SLIDE 133

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✼✴✶✵✮

m c k k

P

✷✳ ❉❡✜♥❡ ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

■♥t✉✐t✐♦♥✿

✏❞❡✜♥❡s✑ ✲q✉❡r② ❙❤♦✉❧❞ ♥♦t ❝♦❧❧✐❞❡ ✇✐t❤ ❛♥②

❚r❛♥s❝r✐♣t ✐s ❜❛❞ ✐❢ s✉❝❤ t❤❛t ♦r ◆♦t❡✿ ♥♦ ✐♥t❡r♥❛❧ ❝♦❧❧✐s✐♦♥s ✐♥ ❛♥❞

✹✾ ✴ ✸✷

SLIDE 134

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✼✴✶✵✮

m c k k

P

✷✳ ❉❡✜♥❡ ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

■♥t✉✐t✐♦♥✿
(m, c) ∈ τE ✏❞❡✜♥❡s✑ P✲q✉❡r② (m ⊕ k, c ⊕ k)

❙❤♦✉❧❞ ♥♦t ❝♦❧❧✐❞❡ ✇✐t❤ ❛♥②

❚r❛♥s❝r✐♣t ✐s ❜❛❞ ✐❢ s✉❝❤ t❤❛t ♦r ◆♦t❡✿ ♥♦ ✐♥t❡r♥❛❧ ❝♦❧❧✐s✐♦♥s ✐♥ ❛♥❞

✹✾ ✴ ✸✷

SLIDE 135

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✼✴✶✵✮

m c k k

P

✷✳ ❉❡✜♥❡ ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

■♥t✉✐t✐♦♥✿
(m, c) ∈ τE ✏❞❡✜♥❡s✑ P✲q✉❡r② (m ⊕ k, c ⊕ k)
❙❤♦✉❧❞ ♥♦t ❝♦❧❧✐❞❡ ✇✐t❤ ❛♥② (x, y) ∈ τP

❚r❛♥s❝r✐♣t ✐s ❜❛❞ ✐❢ s✉❝❤ t❤❛t ♦r ◆♦t❡✿ ♥♦ ✐♥t❡r♥❛❧ ❝♦❧❧✐s✐♦♥s ✐♥ ❛♥❞

✹✾ ✴ ✸✷

SLIDE 136

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✼✴✶✵✮

m c k k

P

✷✳ ❉❡✜♥❡ ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

■♥t✉✐t✐♦♥✿
(m, c) ∈ τE ✏❞❡✜♥❡s✑ P✲q✉❡r② (m ⊕ k, c ⊕ k)
❙❤♦✉❧❞ ♥♦t ❝♦❧❧✐❞❡ ✇✐t❤ ❛♥② (x, y) ∈ τP
❚r❛♥s❝r✐♣t τ = (τE, τP , k) ✐s ❜❛❞ ✐❢

∃(m, c) ∈ τE, (x, y) ∈ τP s✉❝❤ t❤❛t m ⊕ k = x ♦r c ⊕ k = y ◆♦t❡✿ ♥♦ ✐♥t❡r♥❛❧ ❝♦❧❧✐s✐♦♥s ✐♥ ❛♥❞

✹✾ ✴ ✸✷

SLIDE 137

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✼✴✶✵✮

m c k k

P

✷✳ ❉❡✜♥❡ ❣♦♦❞ ❛♥❞ ❜❛❞ tr❛♥s❝r✐♣ts

■♥t✉✐t✐♦♥✿
(m, c) ∈ τE ✏❞❡✜♥❡s✑ P✲q✉❡r② (m ⊕ k, c ⊕ k)
❙❤♦✉❧❞ ♥♦t ❝♦❧❧✐❞❡ ✇✐t❤ ❛♥② (x, y) ∈ τP
❚r❛♥s❝r✐♣t τ = (τE, τP , k) ✐s ❜❛❞ ✐❢

∃(m, c) ∈ τE, (x, y) ∈ τP s✉❝❤ t❤❛t m ⊕ k = x ♦r c ⊕ k = y

◆♦t❡✿ ♥♦ ✐♥t❡r♥❛❧ ❝♦❧❧✐s✐♦♥s ✐♥ τE ❛♥❞ τP

✹✾ ✴ ✸✷

SLIDE 138

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✽✴✶✵✮

✸✳ ❯♣♣❡r ❜♦✉♥❞ Pr

❜❛❞ tr❛♥s❝r✐♣t ❢♦r (p±, P ±)
❚r❛♥s❝r✐♣t τ = (τE, τP , k) ✐s ❜❛❞ ✐❢

∃(m, c) ∈ τE, (x, y) ∈ τP s✉❝❤ t❤❛t m ⊕ k = x ♦r c ⊕ k = y

♦❢ s✐③❡

✐♥❞❡♣❡♥❞❡♥t❧② ❣❡♥❡r❛t❡❞ ✲❜✐t ❞✉♠♠② ❦❡② ❜❛❞ tr❛♥s❝r✐♣t ❢♦r

✺✵ ✴ ✸✷

SLIDE 139

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✽✴✶✵✮

✸✳ ❯♣♣❡r ❜♦✉♥❞ Pr

❜❛❞ tr❛♥s❝r✐♣t ❢♦r (p±, P ±)
❚r❛♥s❝r✐♣t τ = (τE, τP , k) ✐s ❜❛❞ ✐❢

∃(m, c) ∈ τE, (x, y) ∈ τP s✉❝❤ t❤❛t m ⊕ k = x ♦r c ⊕ k = y ⇐ ⇒ k ∈ {m ⊕ x, c ⊕ y | (m, c) ∈ τE, (x, y) ∈ τP }

♦❢ s✐③❡

✐♥❞❡♣❡♥❞❡♥t❧② ❣❡♥❡r❛t❡❞ ✲❜✐t ❞✉♠♠② ❦❡② ❜❛❞ tr❛♥s❝r✐♣t ❢♦r

✺✵ ✴ ✸✷

SLIDE 140

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✽✴✶✵✮

✸✳ ❯♣♣❡r ❜♦✉♥❞ Pr

❜❛❞ tr❛♥s❝r✐♣t ❢♦r (p±, P ±)
❚r❛♥s❝r✐♣t τ = (τE, τP , k) ✐s ❜❛❞ ✐❢

∃(m, c) ∈ τE, (x, y) ∈ τP s✉❝❤ t❤❛t m ⊕ k = x ♦r c ⊕ k = y ⇐ ⇒ k ∈ {m ⊕ x, c ⊕ y | (m, c) ∈ τE, (x, y) ∈ τP }

♦❢ s✐③❡ ≤ 2QT

✐♥❞❡♣❡♥❞❡♥t❧② ❣❡♥❡r❛t❡❞ ✲❜✐t ❞✉♠♠② ❦❡② ❜❛❞ tr❛♥s❝r✐♣t ❢♦r

✺✵ ✴ ✸✷

SLIDE 141

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✽✴✶✵✮

✸✳ ❯♣♣❡r ❜♦✉♥❞ Pr

❜❛❞ tr❛♥s❝r✐♣t ❢♦r (p±, P ±)
❚r❛♥s❝r✐♣t τ = (τE, τP , k) ✐s ❜❛❞ ✐❢

∃(m, c) ∈ τE, (x, y) ∈ τP s✉❝❤ t❤❛t m ⊕ k = x ♦r c ⊕ k = y ⇐ ⇒ k ∈ {m ⊕ x, c ⊕ y | (m, c) ∈ τE, (x, y) ∈ τP }

♦❢ s✐③❡ ≤ 2QT

− → ✐♥❞❡♣❡♥❞❡♥t❧② ❣❡♥❡r❛t❡❞ n✲❜✐t ❞✉♠♠② ❦❡② ❜❛❞ tr❛♥s❝r✐♣t ❢♦r

✺✵ ✴ ✸✷

SLIDE 142

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✽✴✶✵✮

✸✳ ❯♣♣❡r ❜♦✉♥❞ Pr

❜❛❞ tr❛♥s❝r✐♣t ❢♦r (p±, P ±)
❚r❛♥s❝r✐♣t τ = (τE, τP , k) ✐s ❜❛❞ ✐❢

∃(m, c) ∈ τE, (x, y) ∈ τP s✉❝❤ t❤❛t m ⊕ k = x ♦r c ⊕ k = y ⇐ ⇒ k ∈ {m ⊕ x, c ⊕ y | (m, c) ∈ τE, (x, y) ∈ τP }

♦❢ s✐③❡ ≤ 2QT

− → ✐♥❞❡♣❡♥❞❡♥t❧② ❣❡♥❡r❛t❡❞ n✲❜✐t ❞✉♠♠② ❦❡② Pr

❜❛❞ tr❛♥s❝r✐♣t ❢♦r (p±, P ±)
≤ 2QT

2n

✺✵ ✴ ✸✷

SLIDE 143

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✾✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

❈♦✉♥t✐♥❣ ✏❝♦♠♣❛t✐❜❧❡✑ ♦r❛❝❧❡s ✭♠♦❞✉❧♦ ❞❡t❛✐❧s✮✿ ❣✐✈❡s ♦r❛❝❧❡s t❤❛t ❝♦✉❧❞ ❣✐✈❡ ♦r❛❝❧❡s ❋♦r r❡❛❧ ✇♦r❧❞ ✿ ❣✐✈❡s ❋♦r ✐❞❡❛❧ ✇♦r❧❞ ✿ ❣✐✈❡s

✺✶ ✴ ✸✷

SLIDE 144

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✾✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

❈♦✉♥t✐♥❣ ✏❝♦♠♣❛t✐❜❧❡✑ ♦r❛❝❧❡s ✭♠♦❞✉❧♦ ❞❡t❛✐❧s✮✿

Pr [O ❣✐✈❡s τ] =

♦r❛❝❧❡s O t❤❛t ❝♦✉❧❞ ❣✐✈❡ τ
♦r❛❝❧❡s O
❋♦r r❡❛❧ ✇♦r❧❞

✿ ❣✐✈❡s ❋♦r ✐❞❡❛❧ ✇♦r❧❞ ✿ ❣✐✈❡s

✺✶ ✴ ✸✷

SLIDE 145

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✾✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

❈♦✉♥t✐♥❣ ✏❝♦♠♣❛t✐❜❧❡✑ ♦r❛❝❧❡s ✭♠♦❞✉❧♦ ❞❡t❛✐❧s✮✿

Pr [O ❣✐✈❡s τ] =

♦r❛❝❧❡s O t❤❛t ❝♦✉❧❞ ❣✐✈❡ τ
♦r❛❝❧❡s O
❋♦r r❡❛❧ ✇♦r❧❞ (E±

k , P ±)✿

Pr

(E±

k , P ±) ❣✐✈❡s τ

=

❋♦r ✐❞❡❛❧ ✇♦r❧❞ ✿ ❣✐✈❡s

✺✶ ✴ ✸✷

SLIDE 146

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✾✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

❈♦✉♥t✐♥❣ ✏❝♦♠♣❛t✐❜❧❡✑ ♦r❛❝❧❡s ✭♠♦❞✉❧♦ ❞❡t❛✐❧s✮✿

Pr [O ❣✐✈❡s τ] =

♦r❛❝❧❡s O t❤❛t ❝♦✉❧❞ ❣✐✈❡ τ
♦r❛❝❧❡s O
❋♦r r❡❛❧ ✇♦r❧❞ (E±

k , P ±)✿

Pr

(E±

k , P ±) ❣✐✈❡s τ

=

2n · 2n! ❋♦r ✐❞❡❛❧ ✇♦r❧❞ ✿ ❣✐✈❡s

✺✶ ✴ ✸✷

SLIDE 147

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✾✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

❈♦✉♥t✐♥❣ ✏❝♦♠♣❛t✐❜❧❡✑ ♦r❛❝❧❡s ✭♠♦❞✉❧♦ ❞❡t❛✐❧s✮✿

Pr [O ❣✐✈❡s τ] =

♦r❛❝❧❡s O t❤❛t ❝♦✉❧❞ ❣✐✈❡ τ
♦r❛❝❧❡s O
❋♦r r❡❛❧ ✇♦r❧❞ (E±

k , P ±)✿

Pr

(E±

k , P ±) ❣✐✈❡s τ

= (2n − Q − T)!

2n · 2n! ❋♦r ✐❞❡❛❧ ✇♦r❧❞ ✿ ❣✐✈❡s

✺✶ ✴ ✸✷

SLIDE 148

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✾✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

❈♦✉♥t✐♥❣ ✏❝♦♠♣❛t✐❜❧❡✑ ♦r❛❝❧❡s ✭♠♦❞✉❧♦ ❞❡t❛✐❧s✮✿

Pr [O ❣✐✈❡s τ] =

♦r❛❝❧❡s O t❤❛t ❝♦✉❧❞ ❣✐✈❡ τ
♦r❛❝❧❡s O
❋♦r r❡❛❧ ✇♦r❧❞ (E±

k , P ±)✿

Pr

(E±

k , P ±) ❣✐✈❡s τ

= (2n − Q − T)!

2n · 2n!

❋♦r ✐❞❡❛❧ ✇♦r❧❞ (p±, P ±)✿

Pr

(p±, P ±) ❣✐✈❡s τ
= (2n − Q)!(2n − T)!

2n · (2n!)2

✺✶ ✴ ✸✷

SLIDE 149

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✶✵✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

P✉tt✐♥❣ t❤✐♥❣s t♦❣❡t❤❡r✿

Pr

(E±

k , P ±) ❣✐✈❡s τ

Pr
(p±, P ±) ❣✐✈❡s τ

=

(2n−Q−T)! 2n·2n! (2n−Q)!(2n−T)! 2n·(2n!)2

= (2n − Q − T)!2n! (2n − Q)!(2n − T)! ❲❡ ♣✉t ❈♦♥❝❧✉s✐♦♥✿

✺✷ ✴ ✸✷

SLIDE 150

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✶✵✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

P✉tt✐♥❣ t❤✐♥❣s t♦❣❡t❤❡r✿

Pr

(E±

k , P ±) ❣✐✈❡s τ

Pr
(p±, P ±) ❣✐✈❡s τ

=

(2n−Q−T)! 2n·2n! (2n−Q)!(2n−T)! 2n·(2n!)2

= (2n − Q − T)!2n! (2n − Q)!(2n − T)! ≥ 1 ❲❡ ♣✉t ❈♦♥❝❧✉s✐♦♥✿

✺✷ ✴ ✸✷

SLIDE 151

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✶✵✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

P✉tt✐♥❣ t❤✐♥❣s t♦❣❡t❤❡r✿

Pr

(E±

k , P ±) ❣✐✈❡s τ

Pr
(p±, P ±) ❣✐✈❡s τ

=

(2n−Q−T)! 2n·2n! (2n−Q)!(2n−T)! 2n·(2n!)2

= (2n − Q − T)!2n! (2n − Q)!(2n − T)! ≥ 1

❲❡ ♣✉t ε = 0

❈♦♥❝❧✉s✐♦♥✿

✺✷ ✴ ✸✷

SLIDE 152

❊①❛♠♣❧❡✿ ❊✈❡♥✲▼❛♥s♦✉r ✭✶✵✴✶✵✮

✹✳ ▲♦✇❡r ❜♦✉♥❞

Pr

(E±

k ,P ±) ❣✐✈❡s τ

Pr
(p±,P ±) ❣✐✈❡s τ

≥ 1 − ε ✭∀ ❣♦♦❞ τ✮

P✉tt✐♥❣ t❤✐♥❣s t♦❣❡t❤❡r✿

Pr

(E±

k , P ±) ❣✐✈❡s τ

Pr
(p±, P ±) ❣✐✈❡s τ

=

(2n−Q−T)! 2n·2n! (2n−Q)!(2n−T)! 2n·(2n!)2

= (2n − Q − T)!2n! (2n − Q)!(2n − T)! ≥ 1

❲❡ ♣✉t ε = 0
❈♦♥❝❧✉s✐♦♥✿

Advsprp

E

(D) = ∆D(E±

k , P ±; p±, P ±) ≤ 2QT

2n + 0

✺✷ ✴ ✸✷