CSE 599 b : Cryptography ( Winter 2006 ) Lecture 6 : Collections of One - way Functions ; Candidates 20 January 2006
نویسنده
چکیده
(0) Sampling: – There is a PPT CI that on input 1 produces an element of I ∩ {0, 1}. – There is a PPT CD that on input i ∈ I produces an element of Di. Note that neither CI nor CD is required to be uniform (or even have support that is all of I ∩ {0, 1} or Di respectively) so all we need is that CI and CD choose elements from the appropriate sets. (1) Easy to Compute: There is a deterministic polynomial-time algorithm F that on input i ∈ I and x ∈ Di computes fi(x). (2) Hard to Invert: For all PPT A the function is negligible for (n) = Pr[A(fi(x), i) ∈ f−1 i (fi(x)) | i← CI(1);x← CD(i)].
منابع مشابه
CSE 599 b : Cryptography ( Winter 2006 ) Lecture 4 : More Block Ciphers ; Pseudorandom Generators 13 January 2006
Given a single (M,C) pair with C = DESK(M) and the fact that DES has a key length of 56 bits and brute force key search will succeed on average in 2 trials to find a K ′ such that DESK′(M) = C; moreover it is unlikely that even two different keys will work for the single (M,C) pair since there are more ciphertexts than keys so almost surelyK ′ = K. More sophisticated attacks have been developed...
متن کاملCSE 599 b : Cryptography ( Winter 2006 ) Lecture 12 : Public Key ( Asymmetric ) Encryption
One way to use Diffie-Hellman’s 1976 secret key exchange protocol is to create a key to be used in later rounds for symmetric encryption. This requires multiple rounds of communication. Rivest, Shamir, and Adleman in 1978 developed the one round communication scheme discussed earlier. Namely, in order for Bob to receive messages Bob produces an integer N = pq where p and q are primes of equal l...
متن کاملCSE 599 b : Cryptography ( Winter 2006 ) Lecture 14 : Cryptographic Hash Functions 17 February 2006
and thus being a universal hash function family is equivalent to having a probability distribution on functions from D to R that maps elements of D in a uniform pairwise independent fashion. Typically we will consider D = {0, 1} and R = {0, 1} form < n. The following construction due to Dietzfelbinger is particularly convenient: The space of keys is all strings K = (a, b) where a, b ∈ {0, 1} an...
متن کاملCSE 599 b : Cryptography ( Winter 2006 ) Lecture 13 : Public Key Encryption Schemes 15 February 2006
Recall the collection of functions {BlumN : QRN → QRN} were BlumN = x mod N for so-called Blum integers N that are products of two distinct primes congruent to 3 mod 4 are candidate one-way functions. As we mentioned earlier, inverting for algorithms for BlumN yield algorithms for factoring N . We now show that for N = pq, p 6= q prime, p, q ≡ 3 (mod 4), the pair (p, q) of factors of N forms tr...
متن کاملCSE 599 b : Cryptography ( Winter 2006 ) Lecture 11 : Semantic Security vs Indistinguishability Security 8 February 2006
From now on we will at least aim for the ability to handle chosen plaintext attacks (CPA). Also, of the two versions of chosen ciphertext attack, CCA1 and CCA2, we will only consider CCA2 attacks which allow the chosen ciphertexts to depend on (but be different from) the challenge ciphertext. We also have 3 security notions: Semantic Security (SS), Indistinguishability Security (IND) which is a...
متن کامل