A Concrete Introduction to Higher Algebra, 2nd Edition

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: U.C. Berkeley CS276: Cryptography Lecture 10: 2/21/02 Professors Luca Trevisan and David Wagner Scribe: Wei Chen Lecture 10: 2/21/02 Last time we discussed the relation between One-Way Permutation (OWP) and pseudo- random generators (PRG): if a length-preserving OWP exists, we can use it in combination with its hardcore bit to build a PRG. In todays lecture, we will show that the same relation holds between One-way Functions (OWF) and PRG, so that if there exists a OWF a PRG must also exist. Having proved that, we will then show that the existence of a PRG implies the existence of a pseudo-random function(PRF) 1 One-Way Functions and PRG In the last lecture we showed that following result first obtained in [HILL]: Theorem 1 (OWP -> PRG) Suppose f : { , 1 } n { , 1 } n is a one-way permutation, and B : { , 1 } n { , 1 } is a hardcore predicate on f . Then G ( x ) = ( f ( x ) , B ( x )) is a PRG. This theorem thus means that if a one-way permutation exists, there must also exist a pseudo-random generator. We will show that this theorem also holds when f is a one-way function thats not length preserving. First consider the case that that f is a injective OWF f : { , 1 } k { , 1 } n , with n > k . Define H to be a family of pairwise independent hash functions, so that every h H satisfies the following: x, y { , 1 } n and q, b { , 1 } m chosen randomly, P r [ h ( x ) = q and h ( y ) = b ] = ( 1 2 m ) 2 Intuitively, a pairwise independent hash function maps every distinct pair of input randomly and independently. An example of H is the set { h A,b } , with A { , 1 } ( n m ) , b { , 1 } m , and h A,b ( x ) = Ax b . The following theorem can be used to construct a pseudo-random generator from a one-way function and a family of hash functions: Theorem 2 Suppose f : { , 1 } k { , 1 } n is an injective OWF, so that for any y { , 1 } n , P r [ y = f ( x )] < = 1 / 2 k . Let H be a family of pairwise independent hash functions satisfying the properties above, with h : { , 1 } n { , 1 } ( k log (1 / )) for every h H . Then ( h, h ( f ( x ))) is ( , ) indistinguishable from ( h, r ) , where r is randomly chosen over { , 1 } ( k log (1 / )) ....
View Full Document

Page1 / 5

Feb 21 notes - U.C. Berkeley CS276: Cryptography Lecture...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online