S 6830 – Cryptography Oct 1 , 2009 Lecture 11 : Pseudorandom functions
نویسنده
چکیده
Definition 2 (Multi-message secure encryption) (Gen,Enc,Dec) is a multi-message secure encryption scheme if for all nuPPT A, for all polynomial q(·) there exists a negligible function (·) such that ∀ n ∈ N and for all pairs of sequences of messages m0,m1, . . . ,mq(n), m ′ 0,m ′ 1, . . . ,m ′ q(n) ∈ {0, 1} , A distinguishes {k ← Gen(1) : Enck(m0), . . . , Enck(mq(n))} {k ← Gen(1) : Enck(m0), . . . , Enck(mq(n))}
منابع مشابه
COS598D Lecture 3 Pseudorandom generators from one-way functions
In this lecture we prove the existence of pseudorandom-generators assuming that one-way functions exist (Hastad, Impagliazzo, Levin and Luby '99). Our proof is with respect to non-uniform security. We also sketch the uniform case which requires a uniform version of Impagliazzo's hardcore set lemma that uses ideas from learning theory. We briefly recall some standard notions from cryptography. F...
متن کاملConstrained Verifiable Random Functions
We extend the notion of verifiable random functions (VRF) to constrained VRFs, which generalize the concept of constrained pseudorandom functions, put forward by Boneh and Waters (Asiacrypt’13), and independently by Kiayias et al. (CCS’13) and Boyle et al. (PKC’14), who call them delegatable PRFs and functional PRFs, respectively. In a standard VRF the secret key sk allows one to evaluate a pse...
متن کاملCs290g — Introduction to Modern Cryptography Task 1 — Pseudorandom Functions and Macs
Note that F ′ cannot be a MAC in the strict sense as defined in the lecture, as it does not take inputs of arbitrary length. (My bad!) But still, the notion of UF-CMA makes sense for finite domains – and it is easy to see that F ′ is not UF-CMA secure even in this case: Indeed, we can consider the adversary that makes no queries to Eval, and then makes on query to Vrfy with input (02n, 0n). Cle...
متن کاملLecture Notes on Pseudorandomness { Part I
A fresh view at the question of randomness was taken in the theory of computing: It has been postulated that a distribution is pseudorandom if it cannot be told apart from the uniform distribution by any e cient procedure. This paradigm, originally associating e cient procedures with polynomial-time algorithms, has been applied also with respect to a variety of other classes of distinguishing p...
متن کاملCs 255 Notes
1. Overview and The One-Time Pad: 1/7/2013 1 2. Pseudorandom Generators: 1/9/2013 3 Week 1 Videos: History of Cryptography and Discrete Probability 5 3. More Stream Ciphers : 1/14/2013 7 4. Block Ciphers : 1/16/2013 9 5. Section 1: Getting Started With Javascript, taught by Lucas Garron: 1/18/2013 11 6. AES: 1/23/2013 12 7. More PRFs and PRPs: 1/28/2013 13 8. Message Authentication Codes: 1/30/...
متن کامل