foundations of cryptography n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
密碼學理論基礎 Foundations of Cryptography PowerPoint Presentation
Download Presentation
密碼學理論基礎 Foundations of Cryptography

Loading in 2 Seconds...

play fullscreen
1 / 23

密碼學理論基礎 Foundations of Cryptography - PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on

密碼學理論基礎 Foundations of Cryptography. 呂學一 ( 中央研究院 資訊科學所 ) http://www.iis.sinica.edu.tw/~hil/. Today. Three questions (assumption:  a weakly OWF f and f is length preserving )

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '密碼學理論基礎 Foundations of Cryptography' - brody


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
foundations of cryptography

密碼學理論基礎Foundations of Cryptography

呂學一 (中央研究院 資訊科學所)

http://www.iis.sinica.edu.tw/~hil/

today
Today
  • Three questions (assumption:  a weakly OWF f and f is length preserving)
    • Q1: All OWFs are strong? (i.e. 會不會 f  strong OWF↔ f  weakly OWF?)
    • Q2: All OWFs are weak? (i.e. 會不會不存在strong OWF, 而只有 weakly OWF?)
    • Q3: Universal OWF?
strong ow vs weakly ow
Strong OW vs. weakly OW
  • Strong one-way f:
    •  polynomial P( ) Pr [ 破f inverts f (Un) ] < 1/P(n) 破f
  • Weakly one-way f:
    •  polynomial P( ) Pr [ 破f inverts f (Un) ] < 1-(1/P(n)) 破f
slide4
Part I : Three questions-Q1

All OWFs are strong?

ans to q1
Ans to Q1
  • Ans to Q1: There exists a weakly one-way function g, that is not strongly one-way.
  • 首先定義 g為何,再證明 g is a weakly one-way function 但不是 a strongly one-way, 依此分兩部分證明:
    • Claim 1: g is not strongly one-way.
    • Claim 2: g is still weakly one-way.
definition
Definition
  • Def: A string z is 零頭字串, if the first log2|z| bits of z are all zero.
    • Q: {0,1}n中有幾個零頭string? Ans: 2n/n個
  • Def: For any string zx with |z|=|x| let g(zx)= zf(x), if z is 零頭string

zx, otherwise

proof claim 1
Proof: Claim 1
  • Idea: 因為 g(zx)中, 若 z不是零頭字串,則input=output, 所以令”破ID (y)=y”.
  • Pr [ 破ID inverts g (U2n) ]

= Pr [ g(破ID (g (U2n)) )= g (U2n) ]

= Pr [ g( g (U2n) )= g (U2n) ]

≥ 1-(1/n) ≥ 1/n

因為

破ID(y)=y

只要n夠大,就成立

proof claim 2
Proof: Claim 2
  • Recall:

Pr [A|B] = Pr[A∩B]/P[B] ≥ Pr[A]-Pr[¬B]/P[B]

  • Idea: 利用反證法, g is not weakly one-way, 推導到neither is f.
  • 由 g is not weakly one-way此句話可寫為  polynomial p( ),  破gp , s.t. Pr [破gp inverts g(U2n)] ≥ 1 - (1/p(2n))
proof claim 21
Proof: Claim 2
  • Define 破fp (y) as follows:
    • Uniformly select 零頭 string y’ with |y’|=|y|
    • Let zx = 破gp (y’y)
    • Return x;
  • Goal:  polynomial q( ),  破*fq , s.t. Pr[破*fq inverts f(Un)] ≥ 1-(1/q(n))
proof claim 22
Proof: Claim 2
  •  q( ) 令p( ) be a polynomial with p(2n)/n≥q(n)
  • 令破*fq≡破fp

Pr[破*fq inverts f(Un)] = Pr[破fp inverts f(Un)]

≥ Pr[破gp inverts g(Un’Un)|Un’為零頭字串]

≥{Pr[破gp inverts g(Un’Un)]–Pr[Un’非零頭字串]}/ Pr[Un’是零頭字串]

=n Pr[破gp inverts g(Un’Un)] – n+1

≥ n -(n/p(2n)) -n+1≥ 1-(n/p(2n)) ≥ 1 -(1/q(n))

definition1
Definition
  • Ans to Q2: There exists a strongly one-way function g, that is not weakly one-way.
  • Def: t(n) = np(n)
  • Def: g( x1x2x3…xt(n) )=f(x1) f(x2)… f(xt(n))
    • Input or output length = n²p(n) bits
    • |x1|=|x2|=|x3|=…=|xt(n)|= n
na ve
Naïve
  • Pr [破g inverts g(Un²p(n))]

=Πi=1t(n) Pr[破f(i)inverts f(Un(i))]

<Πi=1t(n) ( 1-(1/p(n)) )

= ( 1 -(1/p(n)) )np(n)

<(1/e)n < (½)n

  • 不夠嚴謹的證明方法, 因為第一個等號要成立,需要將g(Un²p(n))拆成f(x1) f(x2)… f(xt(n))來計算,但在這裡並沒有保證一定會拆開來算.
proof way
Proof way
  • Approach:利用反證法證明,先假設g is not a strongly OWF, 推出 f也不是weakly OWF,和前提不合產生矛盾.
  • 由g is not strongly one-way此句話可寫為 破g s.t.polynomial q( ), Pr [破g inverts g(Un²p(n))] ≥ 1/(q(n²p(n)))
definition2
Definition
  • Def: 破f (y)如下: repeat a(n)=2n²p(n)q(n²p(n)) times
    • Def: 小破f (y) :
      • For i=1 to t(n)
      • Select uniformly x1x2x3…xt(n) in {0,1}n
      • Compute x1’x2’x3’…xt(n) ’

= 破g( f(x1) f(x2)… f(xi-1) y f(xi+1)… f(xt(n)) )

      • If f(xi’)=y then output xi and halt
  • 破f (y)=小破f (y)重複 a(n)次
about n
About 好n
  • Def: 好n= { x{0,1}n | Pr[f(小破f(f(x)) )=f(x)] >( n/a(n) ) }
    • 推導出  x 好n ,

Pr[ f( 破f(f(x)) )=f(x) ] > 1 - (1-(n/a(n)) )a(n) > 1 -(1/e)n>1-(½)n

  • Claim: |好n|>( 1- ( 1/(2p(n)) ) )2n
proof q2
Proof Q2
  • 由claim推出

Pr [ 破f inverts f (Un) ]

>( 1- ( 1/(2p(n)) ) ) (1 -(½)n)

>( 1- ( 1/(2p(n)) ) ) ( 1- ( 1/(2p(n)) ) )

>1- (1/p(n))

  • 由上式知 f 不為weakly OWF,和三個問題的假設相矛盾.
proof of the claim
Proof of the claim
  • Assume |好n|≤ ( 1- ( 1/(2p(n)) ) )2n
  • Pr [破g inverts g(Un²p(n))]

= Pr [破g inverts g(Un(1) Un(2) … Un(t(n))) ]

= Pr [破g inverts g(Un(1) Un(2) … Un(t(n))) AND  i s.t. Un(i) 好n]………………..機率 1

+Pr [破g inverts g(Un(1) Un(2) … Un(t(n))) AND  i s.t. Un(i) 好n]………………..機率 2

< 1/2q(n²p(n))+ 1/2q(n²p(n)) = 1/(q(n²p(n)))

slide19
機率 1
  • Pr [破g inverts g(Un(1) Un(2) … Un(t(n))) AND  i s.t. Un(i) 好n]

= Pr [  i s.t. (1)破g inverts g(Un(1) Un(2) … Un(t(n)))

(2) Un(i) 好n ]

≤ Σi=1t(n) Pr [ (1) and (2) ]

≤ Σi=1t(n)Σx{0,1}^n -好n Pr [ (1) and (2)’ Un(i)=x]

≤ Σi=1t(n)Σx{0,1}^n -好n Pr [Un(i)=x ]Pr[(1)|(2)’ ]

slide20
機率 1

≤ Σi=1t(n) maxx{0,1}^n -好n Pr [ (1)|(2)’]

≤ Σi=1t(n) maxx{0,1}^n -好n Pr [f(小破f(f(x)) )=f(x)]

≤ t(n) ( n/a(n) )

= n²p(n)/a(n)

= n²p(n)/2n²p(n)q(n²p(n))

= 1/( 2q(n²p(n)) )

slide21
機率 2
  • Pr [破g inverts g(Un(1) Un(2) … Un(t(n))) AND  i s.t. Un(i) 好n]

≤ Pr [ i Un(i) 好n ]

≤ ( 1- ( 1/(2p(n)) ) )t(n)

≤ (1/e)(n/2)

< 1/( 2q(n²p(n)) )

universal owf
Universal OWF?
  • Universal OWF? Yes!!
  • 假設: code (M) = encoding of TM M

M (x) = the output of M on x, if executable in

|x|³ steps

x, otherwise

  • F (code (M), x )= (code (M), M (x) )
  • F is Universal OWF