This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: U.C. Berkeley CS276: Cryptography Lecture 10: 2/21/02 Professors Luca Trevisan and David Wagner Scribe: Wei Chen Lecture 10: 2/21/02 Last time we discussed the relation between OneWay Permutation (OWP) and pseudo random generators (PRG): if a lengthpreserving OWP exists, we can use it in combination with its hardcore bit to build a PRG. In todays lecture, we will show that the same relation holds between Oneway Functions (OWF) and PRG, so that if there exists a OWF a PRG must also exist. Having proved that, we will then show that the existence of a PRG implies the existence of a pseudorandom function(PRF) 1 OneWay Functions and PRG In the last lecture we showed that following result first obtained in [HILL]: Theorem 1 (OWP > PRG) Suppose f : { , 1 } n { , 1 } n is a oneway permutation, and B : { , 1 } n { , 1 } is a hardcore predicate on f . Then G ( x ) = ( f ( x ) , B ( x )) is a PRG. This theorem thus means that if a oneway permutation exists, there must also exist a pseudorandom generator. We will show that this theorem also holds when f is a oneway function thats not length preserving. First consider the case that that f is a injective OWF f : { , 1 } k { , 1 } n , with n > k . Define H to be a family of pairwise independent hash functions, so that every h H satisfies the following: x, y { , 1 } n and q, b { , 1 } m chosen randomly, P r [ h ( x ) = q and h ( y ) = b ] = ( 1 2 m ) 2 Intuitively, a pairwise independent hash function maps every distinct pair of input randomly and independently. An example of H is the set { h A,b } , with A { , 1 } ( n m ) , b { , 1 } m , and h A,b ( x ) = Ax b . The following theorem can be used to construct a pseudorandom generator from a oneway function and a family of hash functions: Theorem 2 Suppose f : { , 1 } k { , 1 } n is an injective OWF, so that for any y { , 1 } n , P r [ y = f ( x )] < = 1 / 2 k . Let H be a family of pairwise independent hash functions satisfying the properties above, with h : { , 1 } n { , 1 } ( k log (1 / )) for every h H . Then ( h, h ( f ( x ))) is ( , ) indistinguishable from ( h, r ) , where r is randomly chosen over { , 1 } ( k log (1 / )) ....
View
Full
Document
 Spring '02
 Trevisan

Click to edit the document details