Naor, J., Naor, M.: Small-bias probability spaces: E#cient constructions and applications. SIAM J. Comput. 22 (1993) 838--856 A Proofs Proof (of Lemma 1). To ease the notation let f = f k . The event E i can be defined as: E i =  Home/Search   Document Not in Database   Summary   Related Articles   Check

....hash functions, de ned below. 2.1 biased Sample Spaces De nition 5. A set S f0; 1g is called biased (or an biased sample space) if for all nonempty [n] f1; ng, Exp s2S Q sa : Small sets with these properties were initially constructed by Naor and Naor [16] and Peralta [18] We will use a construction, due to Alon, Goldreich, H astad and Peralta [1] which gives an biased sample space in f0; 1g of size about ( The sample space is given as the image of a certain function n;m : F 2 m F 2 m . Here F 2 n denotes the nite eld ....

Joseph Naor and Moni Naor. Small-bias probability spaces: Ecient constructions and applications. SIAM Journal on Computing, 22(4):838-856, August 1993.

....resistance and set collision resistance. We demonstrate how multiset hash functions enable secure o ine integrity checkers for untrusted memory. O ine memory integrity checking was introduced by Blum et al. 91] However, their implementation of o ine checkers uses biased hash functions [NN90] these hash functions can be used to detect random errors, but are not cryptographically secure. We prove that multiset hash functions are cryptographically secure, and show how they can be used in place of biased hash functions to build an o ine checker secure against active adversaries. ....

....Corollary 3. Tampering with the RAM without being detected is as hard as nding a collision W 6= R for the multiset hash function. The original o ine checker in [BEG 91] di ers from our improved checker in two respects. First, the original checker is implemented with biased hash functions [NN90] These hash functions are set collision resistant against random errors but not against a malicious adversary. Secondly, the Timer is incremented on each put operation and is not a function of what is read from memory. The Timer is solely under the control of the checker. This means that the ....

J. Naor and M. Naor. Small-bias probability spaces: ecient constructions and applications. In 22nd ACM Symposium on Theory of Computing, pages 213-223, 1990.

....resistance and set collision resistance. We demonstrate how multiset hash functions enable secure o#ine integrity checkers for untrusted memory. O#ine memory integrity checking was introduced by Blum et al. 91] However, their implementation of o#ine checkers uses # biased hash functions [NN90] these hash functions can be used to detect random errors, but are not cryptographically secure. We prove that multiset hash functions are cryptographically secure, and show how they can be used in place of # biased hash functions to build an o#ine checker secure against active adversaries. ....

....3. Tampering with the RAM without being detected is as hard as finding a collision W R for the multiset hash function. 9 The original o#ine checker in [BEG 91] di#ers from our improved checker in two respects. First, the original checker is implemented with # biased hash functions [NN90] These hash functions are set collision resistant against random errors but not against a malicious adversary. Secondly, the Timer is incremented on each put operation and is not a function of what is read from memory. The Timer is solely under the control of the checker. This means that the ....

J. Naor and M. Naor. Small-bias probability spaces: e#cient constructions and applications. In 22nd ACM Symposium on Theory of Computing, pages 213--223, 1990.

.... #) is almost uniformly distiributed in the original definition of PC(l) of order k. We then show that indeed better parameters are obtained than normal PC(l) of order k functions. We present a design method of # almost PC(l) of order k functions using linear codes and a # biased sample spaces [11] which satisfy some property. Our construction o#ers smaller input length n than normal PC(l) of order k functions for the same (l, k) The input size n of Sboxes can be smaller for the security level (l, k) In other words, we can obtain larger (l, k) for the same input length n. Higher ....

....any # 0 . 4 Definition 3.2 (almost k wise independence) Suppose that X = x 1 xN is chosen randomly from SN . Then we say that SN is (#, k) independent if for any k positions i 1 i 2 i k and any k bit string #, we have Pr[x i 1 x i 2 2 k #. Proposition 3. 1 [11] Suppose that S n is # biased. Let H be a parity check matrix of a [N, N n, k 1] linear code C. Define SN # = S n H Then SN is (e #, k) independent, where 3.2 Almost Resilient Functions Definition 3.3 [8] The function f(X) is called an # almost (n, m, k) resilient function if ....

J. Naor and M. Naor. Small bias probability spaces: e#cient constructions and applications. SIAM Journal on Computing 22 (1993), 838-- 856.

....storage and, in the common case, require only a constant overhead on the number of accesses to the storage, as compared to the logarithmic overhead incurred by online Merkle tree schemes. 1 Introduction In [BEG 91] Blum et al. describe an o#ine checker using # based hash functions [NN90] that can be used to detect random errors after a sequence of operations has been performed on random access memory (RAM) The o#ine checker is contrasted with an online checker using Merkle trees [Mer79] which can be used to detect, after each operation, whether the untrusted storage ....

J. Naor and M. Naor. Small-bias probability spaces: e#cient constructions and applications. In 22nd ACM Symposium on Theory of Computing, pages 213--223, 1990.

....a O(log(N) cost for each memory access. They also proposed o#ine schemes to check the correctness of RAM after a sequence of operations have been performed on RAM. These schemes compute a running hash of memory reads and writes. Their implementation of o#ine checkers uses # biased hash functions [13]; these hash functions can be used to detect random errors, but are not cryptographically secure. We have used incremental multiset hashes and their o#ine scheme as the basis to build log hash based RAM integrity checkers secure against active adversaries. We have described how an on chip trusted ....

J. Naor and M. Naor. Small-bias probability spaces: e#cient constructions and applications. In 22nd ACM Symposium on Theory of Computing, pages 213--223, 1990.

....whether the untrusted storage performed correctly after a sequence of operations is performed. The benefit of the approach is that there is a constant overhead on the number of storage accesses on each program load or store. Blum s correctness checker was implemented using # biased hash functions [NN90] these hash functions can be used to detect random errors, but are not cryptographically secure. We extend Blum s work to produce an o#ine integrity checker, secure against attacks by an active adversary. O#ine integrity checking can be particularly e#cient in an application like certified ....

....by the work on memory correctness checkers by Blum et al. BEG 91] They proposed using hash (Merkle) trees to detect attacks by active adversaries on RAM. They also proposed o#ine schemes to check the correctness of RAM. Their implementation of o#ine checkers uses # biased hash functions [NN90] these hash functions can be used to detect random errors, but are not cryptographically secure. We introduce a bag integrity checking primitive, and introduce multiset hash functions as a cryptographic tool to implement it. We demonstrate how the bag primitive can be used as a basis to build ....

J. Naor and M. Naor. Small-bias probability spaces: e#cient constructions and applications. In 22nd ACM Symposium on Theory of Computing, pages 213--223, 1990.

....then possibly observed by the adversary) Our most important requirement is that the hash function in the strong extractor family be describable by a very short random string. This requirement is met by the strong extractor of Srinivasan and Zuckerman [24] using the hash families of Naor and Naor [17]. Their results can be summarized as follows: Lemma 1 ( 24] For any and t =2, there exists a family H of hash functions mapping f0; 1g to a range f0; 1g , where k = 2t, such that the following holds: A random member of H can be described by and eciently computed using 4( t) ....

J. Naor, M. Naor. Small-Bias Probability Spaces: Ecient Constructions and Applications. In SIAM J. Computing, 22(4):838-856, 1993.

....independent. However they satisfy a weaker form of independence which will suce. We rst introduce this notion and show how the second moment analy sis can still be applied here. Our notion seems to be slightly weaker than some weak forms of independence that have been used in the literature [21, 1] and incomparable to some of the others [18, 23] The de nition that follows is given only for the special case of boolean random variables, but is easily generalized. We let [N ] f1; Ng. Refer to bottom of Section 2 for notation and conventions. De nition 3.7 Let X 1 ; Xn be ....

J. Naor and M. Naor. Small bias probability spaces: ecient constructions and applications. STOC 90.

....work on derandomizing randomized algorithms. A common technique to reducing randomness is to use k wise independent random variables rather than totally independent ones. The generation of k wise independent and approximately k wise independent random variables has been well studied [Jof74, CG89, NN93, EGL 98, CRS00] Early applications of k wise independence in derandomization can be found in [KW85, Lub86, ABI86, Lub93, BR91] Very recently Klivans and Spielman [KS01] gave a randomness ecient method for testing if a polynomial is identically zero. In all of these algorithms a reduction in ....

J. Naor and M. Naor. Small-bias probability spaces: Ecient constructions and applications. SICOMP, 22(4):838-856, 1993.

No context found.

Naor, J., Naor, M.: Small-bias probability spaces: E#cient constructions and applications. SIAM J. Comput. 22 (1993) 838--856 A Proofs Proof (of Lemma 1). To ease the notation let f = f k . The event E i can be defined as: E i =

No context found.

J. Naor and M. Naor. Small-bias probability spaces: Ecient constructions and applications. SIAM Journal on Computing, 22(4):838-856, 1993. (preliminary version in STOC'90).

No context found.

J. Naor, M. Naor.Small-Bias Probability Spaces: E#cient Constructions and Applications.In SIAM J. Comput. 22(4): 838-856 (1993).

No context found.

J. Naor and M. Naor. Small-bias probability spaces: E#cient constructions and applications. SIAM J. Comput, 22(4):838--856, 1993.

No context found.

J. Naor and M. Naor, Small-bias probability spaces: Ecient constructions and applications, SIAM Journal on Computing, vol. 22, no. 4, pp. 838-356, 1993.

No context found.

J. Naor, M. Naor. Small Bias Probability Spaces: E#cient Constructions and Applications. 22nd STOC 1990, pages 213-223.

No context found.

J. Naor, M. Naor. Small Bias Probability Spaces: E#cient Constructions and Applications. 22nd STOC 1990, pages 213-223.

No context found.

J. Naor and M. Naor. Small-bias probability spaces: e#cient constructions and applications. In 22nd ACM Symposium on Theory of Computing, pages 213--223, 1990.

No context found.

J. Naor, M. Naor, Small--bias probability spaces: E#cient constructions and applications, SIAM Journal on Computing 22 (4) (1993) 838--856.

No context found.

Naor, J., and Naor, M. Small-bias probability spaces: Ecient constructions and applications. In Proc. 22nd ACM Symp. on Theory of Computing (Baltimore, Maryland, 4-16 May 1990), pp. 213-223.

No context found.

J. Naor and M. Naor. Small-bias probability spaces: e#cient constructions and applications, 1993.

No context found.

Naor, J., and Naor, M. Small-bias probability spaces: Ecient constructions and applications. In Proc. 22nd ACM Symp. on Theory of Computing (Baltimore, Maryland, 4-16 May 1990), pp. 213-223.

No context found.

J. Naor and M. Naor. Small-bias probability spaces: e#cient constructions and applications. In 22nd ACM STOC, pages 213--223, 1990.

No context found.

J. Naor and M. Naor, "Small-bias Probability Spaces: E#cient Constructions and Applications ", SIAM J. on Computing, Vol 22, 1993, pp. 838--856.

No context found.

J. Naor, M. Naor. Small-Bias Probability Spaces: Ecient Constructions and Applications. In SIAM J. Computing, 22(4):838-856, 1993.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC