One way functions Flashcards
Key Idea of Modern Cryptography
Use the intractability of some problems for the advantage of constructing secure system
3 basic issues in Cryptography
- Identification
- Authentication
- Encryption
What does one need to specify to define the security of a system?
- What constitutes a failure?
- The power of the adversary
- computational resources
- access to the system
- what it means to break the system
Shannon Entropy
At a conceptual level, Shannon’s Entropy is simply the “amount of information” in a variable. More mundanely, that translates to the amount of storage (e.g. number of bits) required to store the variable, which can intuitively be understood to correspond to the amount of information in that variable
Min Entropy
Let X be random variable over alphabet Γ with distribution Px
The min entropy of X is
Hmin(X) = - log max x Γ Px (x)
The min entropy represents the most likely value of X
Property: Hmin(X) ≤ H(X)
High Min Entropy and Passwords
Claim: If Alice and Bob agree on X such that Hmin(X) ≥ m, then the probability that Eve succeeds in cheating is at most 2-m
Proof: Make Eve deterministic, by picking her best choice, X = x’.
Prob[X=x’] = PX (x’) ≤ max X Γ PX (x) = 2 –Hmin(X) ≤ 2-m
Conclusion: passwords should be chosen to have high min-entropy!
Computational Models:Asymptotic
Turing Machines with random tape
For classical models: precise model does not matter up to polynomial factor
Computational Models: Concrete: Boolean circuits
A function f:{0,1}n → {0,1}n is called a (t,ε) one-way function, if
f is a polynomial-time computable function (independent of t)
for every t-time algorithm A,
Prob[A(f(x)) f-1(f(x)) ] ≤ ε
where x is chosen uniformly in {0,1}n and the probability is also over the internal coin flips of A
Can either think of t and ε as being fixed or as t(n), ε(n)
One-way functions - asymptotic
A function f: {0,1}* → {0,1}* is called a one-way function, if
f is a polynomial-time computable function
thus, also polynomial relationship between input and output length
for every probabilistic polynomial-time algorithm A, every positive polynomial p(.), and all sufficiently large n’s
Prob[ A(f(x)) f-1(f(x)) ] ≤ 1/p(n)
where x is chosen uniformly in {0,1}n and the probability is also over the internal coin flips of A
Claim: if P=NP then there
Claim: if P=NP then there are no one-way functions
Examples of hard problems:
- subset sum
- discrete log
- factoring
Subset sum one-way function
function f:{0,1}mn+n → {0,1}mn+m
f(a1, a2 ,…, an , b1, b2 ,…, bn ) =
(a1, a2 ,…, an , ∑ i=1n bi ai mod 2m )Discrete Log Problem OWF
If difficult, f(g,x) = (g, gx ) is a one-way function.
Integer Factoring OWF
Let g(r) be a function mapping random bits into random primes. The function f(r1,r2) = g(r1) • g(r2) is one-way
Weak One-way function
A function f: {0,1}n → {0,1}n is called a weak one-way function, if
f is a polynomial-time computable function, and
there exists a polynomial p( ), s.t. for every probabilistic polynomial-time algorithm A, and all sufficiently large n’s it holds that
Prob[A[f(x)] f-1(f(x)) ] ≤ 1-1/p(n)
is valid, where x is chosen uniformly in {0,1}n and the probability is also over the internal coin flips of A.
