Derandomization in Cryptography
نویسندگان
چکیده
We give two applications of Nisan–Wigderson-type (“non-cryptographic”) pseudorandom generators in cryptography. Specifically, assuming the existence of an appropriate NW-type generator, we construct: 1. A one-message witness-indistinguishable proof system for every language in NP, based on any trapdoor permutation. This proof system does not assume a shared random string or any setup assumption, so it is actually an “NP proof system.” 2. A noninteractive bit commitment scheme based on any one-way function. The specific NW-type generator we need is a hitting set generator fooling nondeterministic circuits. It is known how to construct such a generator if E = DTIME(2) has a function of nondeterministic circuit complexity 2 (Miltersen and Vinodchandran, FOCS ‘99). Our witness-indistinguishable proofs are obtained by using the NW-type generator to derandomize the ZAPs of Dwork and Naor (FOCS ‘00). To our knowledge, this is the first construction of an NP proof system achieving a secrecy property. Our commitment scheme is obtained by derandomizing the interactive commitment scheme of Naor (J. Cryptology, 1991). Previous constructions of noninteractive commitment schemes were only known under incomparable assumptions.
منابع مشابه
A Note on Perfect Correctness by Derandomization
We show a general compiler that transforms a large class of erroneous cryptographic schemes (such as public-key encryption, indistinguishability obfuscation, and secure multiparty computation schemes) into perfectly correct ones. The transformation works for schemes that are correct on all inputs with probability noticeably larger than half, and are secure under parallel repetition. We assume t...
متن کاملNotes on Complexity Theory Last updated : November , 2011 Lecture 25
Randomization provides unconditional benefits in many settings; examples include cryptography (where random keys are used to provide protection against an adversary) and distributed computing (where randomness can be used as a means to break symmetry between parties). Randomness also appears to help in algorithm design. But is it possible that, from a complexity-theoretic perspective, randomnes...
متن کاملHardness Amplification and Error Correcting Codes
We pointed out in earlier chapters (e.g., Chapter ?? the distinction between worst-case hardness and average-case hardness. For example, the problem of finding the smallest factor of every given integer seems difficult on worstcase instances, and yet is trivial for at least half the integers –namely, the even ones. We also saw that functions that are average-case hard have many uses, notably in...
متن کاملIn a World of P=BPP
We show that proving results such as BPP = P essentially necessitate the construction of suitable pseudorandom generators (i.e., generators that suffice for such derandomization results). In particular, the main incarnation of this equivalence refers to the standard notion of uniform derandomization and to the corresponding pseudorandom generators (i.e., the standard uniform notion of “canonica...
متن کاملApplications of Orthogonal Arrays to Computer Science
Orthogonal arrays (OAs) are basic combinatorial structures, originally studied by statisticians motivated by their applications to design of experiments. In recent years, they have found numerous applications in computer science. Among their applications are derandomization of algorithms, random pattern testing of VLSI chips, authentication codes, universal hash functions, threshold schemes, an...
متن کاملBounds for Resilient Functions and Orthogonal Arrays Extended Abstract
Orthogonal arrays (OAs) are basic combinatorial structures, which appear under various disguises in cryptology and the theory of algorithms. Among their applications are universal hashing, authentica-tion codes, resilient and correlation-immune functions, derandomization of algorithms, and perfect local randomizers. In this paper, we give new bounds on the size of orthogonal arrays using Delsar...
متن کامل