Feb 21 notes

A Concrete Introduction to Higher Algebra, 2nd Edition

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: U.C. Berkeley — CS276: Cryptography Lecture 10: 2/21/02 Professors Luca Trevisan and David Wagner Scribe: Wei Chen Lecture 10: 2/21/02 Last time we discussed the relation between One-Way Permutation (OWP) and pseudo- random generators (PRG): if a length-preserving OWP exists, we can use it in combination with its hardcore bit to build a PRG. In today’s lecture, we will show that the same relation holds between One-way Functions (OWF) and PRG, so that if there exists a OWF a PRG must also exist. Having proved that, we will then show that the existence of a PRG implies the existence of a pseudo-random function(PRF) 1 One-Way Functions and PRG In the last lecture we showed that following result first obtained in [HILL]: Theorem 1 (OWP -> PRG) Suppose f : { , 1 } n → { , 1 } n is a one-way permutation, and B : { , 1 } n → { , 1 } is a hardcore predicate on f . Then G ( x ) = ( f ( x ) , B ( x )) is a PRG. This theorem thus means that if a one-way permutation exists, there must also exist a pseudo-random generator. We will show that this theorem also holds when f is a one-way function that’s not length preserving. First consider the case that that f is a injective OWF f : { , 1 } k → { , 1 } n , with n > k . Define H to be a family of pairwise independent hash functions, so that every h ∈ H satisfies the following: ∀ x, y ∈ { , 1 } n and ∀ q, b ∈ { , 1 } m chosen randomly, P r [ h ( x ) = q and h ( y ) = b ] = ( 1 2 m ) 2 Intuitively, a pairwise independent hash function maps every distinct pair of input randomly and independently. An example of H is the set { h A,b } , with A ∈ { , 1 } ( n ∗ m ) , b ∈ { , 1 } m , and h A,b ( x ) = Ax ⊕ b . The following theorem can be used to construct a pseudo-random generator from a one-way function and a family of hash functions: Theorem 2 Suppose f : { , 1 } k → { , 1 } n is an injective OWF, so that for any y ∈ { , 1 } n , P r [ y = f ( x )] < = 1 / 2 k . Let H be a family of pairwise independent hash functions satisfying the properties above, with h : { , 1 } n → { , 1 } ( k − log (1 / )) for every h ∈ H . Then ( h, h ( f ( x ))) is ( ∞ , ) indistinguishable from ( h, r ) , where r is randomly chosen over { , 1 } ( k − log (1 / )) ....
View Full Document

This note was uploaded on 02/04/2008 for the course CS 276 taught by Professor Trevisan during the Spring '02 term at Berkeley.

Page1 / 5

Feb 21 notes - U.C Berkeley — CS276 Cryptography Lecture...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online