solutions 5 - ICS 180 Introduction to Cryptography...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
ICS 180: Introduction to Cryptography 6/14/2004 Solutions to homework 5 1 Constructing a PRG from a PRF This question is designed so that you see a relation between a PRF and a PRG. You have seen in class that with some work one can build a PRF out of any PRG. But PRF does seem like a more powerful construct, so the other direction, construction of a PRG from a PRF should be easy. But how shall this be done exactly? Let { f s | s ∈{ 0 , 1 } τ } τ =1 , 2 ,... be a PRF family, where for each τ and each s ∈{ 0 , 1 } τ , function f s maps domain { 0 , 1 } τ onto the same range { 0 , 1 } τ . (Using the notation from the lecture and the notes, we’d say that l ( τ ) = L ( τ ) = τ .) Consider the following attempts to construct a PRG from this PRF family. For each of the attempts, either prove that the PRG is secure or prove that it is not, by showing an efficient algorithm that distinguishes its outputs from random strings: 1. G 1 ( x ) = [ f x (0 τ ) | f x (1 τ )] for x ∈{ 0 , 1 } τ 2. G 2 ( x ) = [ f 0 τ ( x ) | f 1 τ ( x )] for x ∈{ 0 , 1 } τ Note that both constructions, on purpose, are done in a way so that the G i ’s are trivially stretching: | G i ( x ) | = 2 | x | for both i = 1 , 2. Hint: First, recall what a (secure) PRG is and what a (secure) PRF is. If you want to prove that a PRG construction is secure , use one of the two security arguments we have had. Namely, either prove that some two required probability distribution are indistinguishable directly by a series of transformations (for example as in the solutions to problem (1.1) in homework 4). Or, prove it by contradiction, i.e. assume that there exists a PPT adversary A that breaks the PRG security property for the construction G 1 or G 2 , and use that adversary to create a PPT attack A that breaks the PRF security property for the function family { f s } . If you want to show that the PRG construction is insecure , you can do so similarly as in the problem (1.2) in homework 4, i.e. by showing that for some PRF family { f s } , the family itself is a secure PRF family, but the G i construction (for i either 1 or 2) fails to produce a pseudorandom number generator. How can you do this? Recall the method we used in problem (1.2) of homework 4 and apply it in this case. Namely, try to create function family { f s } from any PRF family { ¯ f s } s.t. { f s } remains a PRF family, but it makes the G i construction fail as a PRG. Solution: 1.1 The G 1 construction actually does make a secure PRG. G 1 is a good PRG if the following probability distributions are indistinguishable: { G 1 ( s ) } s ←{ 0 , 1 } τ ≈{ r } r ←{ 0 , 1 } 2 τ S5-1
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
I claim that this is indeed the case. One way to argue this is the following: Since { f s } is a PRF, for every (efficient) adversary A we have { A f s (1 τ ) } s ←{ 0 , 1 } τ ≈{ A R (1 τ ) } R RNDF CT ( τ,τ ) (1) which reads: “the distribution of outputs of A on input 1 τ and on access to function f s , where s is a random τ -bit seed is indistinguishable from the distribution of outputs of A on input 1 τ and on access to a random function R ”.
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern