One Way Functions
Docsity.com
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Guidelines and tips
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community
Ask the community for help and clear up your study doubts
University Rankings
Discover the best universities in your country according to Docsity users
Free resources
Our save-the-student-ebooks!
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
One-Way Functions and Pseudorandom Generators, Slides of Cryptography and System Security
One-way functions, their relation to pseudorandom generators (prgs), and the desirable properties of one-way function families (owfs). Topics include symmetric encryption, function families, owf families, computational assumptions, hard core predicates, and the goldreich-levin theorem.
Typology: Slides
2012/2013
1 / 11
This page cannot be seen from the preview
Don't miss anything!
Related documents
Partial preview of the text
Download One-Way Functions and Pseudorandom Generators and more Slides Cryptography and System Security in PDF only on Docsity!
One Way Functions
2
PRG Stateful
Symmetric Encryption
Gave example of BG-PRG, but didn’t prove.
Desire general approach for generating PRG’s from simpler primitives. One way permutation
- hard core bit PRG
4
Function Families
Define more general concept able to handle last three examples.
Bonus: natural notion of key (function parameter in family) useful for encrypting. DEF: A function family is an index set together with parametrized domains , codomains and functions
I
Di
Ri f
i :^ Di →^ Ri ,^ ∀ i^ ∈^ I
5
OWF Families
DEF: A one way family of functions is family of functions with
- PPT generator G of indices i from security parameters k.
- PPT generator S of domain elements in
- PPT algorithm A computing f
- No PPT inversion algorithm A’ exists with the property that is non-negligible, where the probability is measured over random i and x. If all are bijections, family called one way family of permutations.
Di
f i
Pr[ f i ( A ( i , f i ( x ))) = f i ( x )]
7
Computational
assumptions
Discrete log assumption - Discrete exponential family is a one way family
RSA assumption - Modular Powers family is one way family of permutations
Factoring assumption - multiplying equal sized primes is a one way function (not family) - MOST BASIC ASSUMPTION
Factoring assumption Squaring is OWFF and when restricted to quadratic residues is a OWPF
8
Hard Core Predicate
Intuitively: a property about the inputs to a one-way function, that’s as hard to compute from outputs, as inverting.
Candidates:
For Discrete Exponential: MSB
For Modular Powers: MSB and LSB
For Modular Squares: LSB
10
Goldreich-Levin
If One Way Function Families exist, then One Way Function Families with Hard Core Bits exists. THM: Let f be a family of one-way functions whose domains are bitstrings. Extend the functions to which for valid x and outputs. Let be the dot-product Then g is a OWFF with hard core predicate B. NOTE: THM still holds for permutations.
f i
gi y^ ∈^ {^0 ,^1 }
| x |
g ( x , y ) = f ( x )‖ y Bi ( x , y )
Bi ( x , y ) = 〈 x , y 〉 =
| x |
i = 1
xi · yi
mod 2
11
OWPF PRG
DEF: Let f be a OWFP with hard core bit B. Let L be any polynomial stretch function. The pseudorandom bit generator family induced by f and B has the same domains and is defined by for security paramater k. THM: The family is a PRG-family as implied by the name. COR: Symmetric stateful encryption possible, if one of the computational assumptions holds.
g ( x ) =
Bi ( x ), Bi ( f ( x )), Bi ( f
2
( x )),... , Bi ( f
Q ( k )− 1 i