Leaky Pseudo-Entropy Functions

نویسندگان

  • Mark Braverman
  • Avinatan Hassidim
  • Yael Tauman Kalai
چکیده

Pseudo-random functions (PRFs) introduced by Goldwasser, Goldreich, and Micali (FOCS 1984), are one of the most important building blocks in cryptography. A PRF family is a family of seeded functions {fs}, with the property that no efficient adversary can tell the difference between getting oracle access to a random PRF function fs, and getting oracle access to a truly random function. In this work, we consider the problem of constructing pseudo-random functions that are resilient to leakage. Unfortunately, even if a single bit about the secret seed s ∈ {0, 1}k is leaked, then there is no hope to construct a PRF, since the leakage can simply be the first bit of fs(0), and thus fs(0) is distinguishable from uniform. Therefore, when dealing with leakage, we must relax the definition. We consider the following relaxation: Instead of requiring that for each input x, the value fs(x) looks random, we require that it looks like it has high min-entropy, even given oracle access to fs everywhere except point x. We call such a function family a pseudo-entropy function (PEF) family. In particular, a leakage-resilient PEF family has the property that given leakage L(s) and given oracle access to fs, it is hard to predict fs on any input that was not queried. We construct such a leakage-resilient PEF family under the DDH assumption (or more generally, assuming the existence of lossy functions with the property that the output size is not much larger than the input size). We also show that leakage-resilient PEFs imply leakage-resilient random-input PRFs, where the requirement is that for a random input r, the value fs(r) looks uniform, even given the leakage L(s) and given oracle access to fs anywhere accept at point r (the leakage L(s) is independent of r, but the oracle fs is present even after the pair (r, fs(r)) is given).

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On classical and quantal Kolmogorov entropies

The construction of a quantal Kolmogorov entropy that tends to the classical Kolmogorov entropy in the limit h -t 0 is discussed. The approach is to use sets of functions rather than disjoint partitions and involves the use of pseudo-differential operators.

متن کامل

Qualms concerning Tsallis’s condition of Pseudo-Additivity as a Definition of Non-Extensivity

The pseudo-additive relation that the Tsallis entropy satisfies has nothing whatsoever to do with the super-and sub-additivity properties of the entropy. The latter properties, like concavity and convexity, are couched in geometric inequalities and cannot be reduced to equalities. Rather, the pseudo-additivity relation is a functional equation that determines the functional forms of the random ...

متن کامل

Robustness of the Learning with Errors Assumption Citation

Starting with the work of Ishai-Sahai-Wagner and Micali-Reyzin, a new goal has been set within the theory of cryptography community, to design cryptographic primitives that are secure against large classes of side-channel attacks. Recently, many works have focused on designing various cryptographic primitives that are robust (retain security) even when the secret key is “leaky”, under various i...

متن کامل

Robustness of the Learning with Errors Assumption

Starting with the work of Ishai-Sahai-Wagner and Micali-Reyzin, a new goal has been set within the theory of cryptography community, to design cryptographic primitives that are secure against large classes of side-channel attacks. Recently, many works have focused on designing various cryptographic primitives that are robust (retain security) even when the secret key is “leaky”, under various i...

متن کامل

Nongeneralizability of Tsallis Entropy by means of Kolmogorov-Nagumo averages under pseudo-additivity

As additivity is a characteristic property of the classical information measure, Shannon entropy, pseudo-additivity of the form x+qy = x+y+(1−q)xy is a characteristic property of Tsallis entropy. Rényi in [1] generalized Shannon entropy by means of Kolmogorov-Nagumo averages, by imposing additivity as a constraint. In this paper we show that there exists no generalization for Tsallis entropy, b...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011