This preview shows pages 1–2. Sign up to view the full content.
ICS 180: Introduction to Cryptography
5/27/2004
Homework 5
Due
Thursday
, 6/03/2004
1
Constructing a PRG from a PRF
This question is designed so that you see a relation between a PRF and a PRG. You have
seen in class that with some work one can build a PRF out of any PRG. But PRF does
seem like a more powerful construct, so the other direction, construction of a PRG from a
PRF should be easy. But how shall this be done exactly?
Let
{
f
s

s
∈ {
0
,
1
}
τ
}
τ
=1
,
2
,...
be a PRF family, where for each
τ
and each
s
∈ {
0
,
1
}
τ
,
function
f
s
maps domain
{
0
,
1
}
τ
onto the same range
{
0
,
1
}
τ
. (Using the notation from the
lecture and the notes, we’d say that
l
(
τ
) =
L
(
τ
) =
τ
.)
Consider the following attempts to construct a PRG from this PRF family. For each of
the attempts, either prove that the PRG is secure or prove that it is not, by showing an
e±cient algorithm that distinguishes its outputs from random strings:
1.
G
1
(
x
) = [
f
x
(0
τ
)

f
x
(1
τ
)] for
x
∈ {
0
,
1
}
τ
2.
G
2
(
x
) = [
f
0
τ
(
x
)

f
1
τ
(
x
)] for
x
∈ {
0
,
1
}
τ
Note that both constructions, on purpose, are done in a way so that the
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview. Sign up
to
access the rest of the document.
 Spring '04
 Jarecki

Click to edit the document details