CSE 599 b : Cryptography ( Winter 2006 ) Lecture 14 : Cryptographic Hash Functions 17 February 2006
نویسنده
چکیده
and thus being a universal hash function family is equivalent to having a probability distribution on functions from D to R that maps elements of D in a uniform pairwise independent fashion. Typically we will consider D = {0, 1} and R = {0, 1} form < n. The following construction due to Dietzfelbinger is particularly convenient: The space of keys is all strings K = (a, b) where a, b ∈ {0, 1} and HK(x) consists of the middlem bits of ax+ b. (ax+ b will naturally have 2n+m bits.) In keeping with our choice of considering PPT adversaries for our formal definitions we will use infinite hash function families and allow probability slop that is negligible. We will also want our hash function families to be efficiently computable. Before we consider the cryptographic versions we state a relaxation of the universal hash function family definition.
منابع مشابه
CSE 599 b : Cryptography ( Winter 2006 ) Lecture 4 : More Block Ciphers ; Pseudorandom Generators 13 January 2006
Given a single (M,C) pair with C = DESK(M) and the fact that DES has a key length of 56 bits and brute force key search will succeed on average in 2 trials to find a K ′ such that DESK′(M) = C; moreover it is unlikely that even two different keys will work for the single (M,C) pair since there are more ciphertexts than keys so almost surelyK ′ = K. More sophisticated attacks have been developed...
متن کاملCSE 599 b : Cryptography ( Winter 2006 ) Lecture 6 : Collections of One - way Functions ; Candidates 20 January 2006
(0) Sampling: – There is a PPT CI that on input 1 produces an element of I ∩ {0, 1}. – There is a PPT CD that on input i ∈ I produces an element of Di. Note that neither CI nor CD is required to be uniform (or even have support that is all of I ∩ {0, 1} or Di respectively) so all we need is that CI and CD choose elements from the appropriate sets. (1) Easy to Compute: There is a deterministic p...
متن کاملCSE 599 b : Cryptography ( Winter 2006 ) Lecture 11 : Semantic Security vs Indistinguishability Security 8 February 2006
From now on we will at least aim for the ability to handle chosen plaintext attacks (CPA). Also, of the two versions of chosen ciphertext attack, CCA1 and CCA2, we will only consider CCA2 attacks which allow the chosen ciphertexts to depend on (but be different from) the challenge ciphertext. We also have 3 security notions: Semantic Security (SS), Indistinguishability Security (IND) which is a...
متن کاملCSE 599 b : Cryptography ( Winter 2006 ) Lecture 12 : Public Key ( Asymmetric ) Encryption
One way to use Diffie-Hellman’s 1976 secret key exchange protocol is to create a key to be used in later rounds for symmetric encryption. This requires multiple rounds of communication. Rivest, Shamir, and Adleman in 1978 developed the one round communication scheme discussed earlier. Namely, in order for Bob to receive messages Bob produces an integer N = pq where p and q are primes of equal l...
متن کاملCSE 599 b : Cryptography ( Winter 2006 ) Lecture 13 : Public Key Encryption Schemes 15 February 2006
Recall the collection of functions {BlumN : QRN → QRN} were BlumN = x mod N for so-called Blum integers N that are products of two distinct primes congruent to 3 mod 4 are candidate one-way functions. As we mentioned earlier, inverting for algorithms for BlumN yield algorithms for factoring N . We now show that for N = pq, p 6= q prime, p, q ≡ 3 (mod 4), the pair (p, q) of factors of N forms tr...
متن کامل