O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. Zuckerman. Security preserving amplification of hardness. In Proc. 31st Annual Symposium on Foundations of Computer Science, pp. 318-- 326. IEEE, 1990.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....ingredients, explicit security parameters and carefully quantified security reductions, form the basis for what we call concrete security analysis. In the case of pseudorandom functions this study was initiated in [4, 3] Security preserving reductions are the subject of other works as well, e.g. [9, 11]. Following [4] we say that a function family G is (t; q; l; ffl) secure if a program that runs in time t (more precisely, the running time plus size of the description of the program, in some fixed RAM model of computation, must be bounded by t) given an oracle for a function E and allowed to ....

O. GOLDREICH, R. IMPAGLIAZZO, L. LEVIN, R. VENKATESAN, AND R. ZUCKERMAN,D., "Security Preserving Amplification of Hardness." Proceedings of the 31st Symposium on Foundations of Computer Science, IEEE, 1990.

....that a random integer n contains two large primefactors. i.e. if we pick n at random and e as a prime larger than n, then x ## x e modn is a weak trapdoor permutation over Z # n (relative to assumption 1. The same observation was used in [9] where they refer to general amplification results[21, 13] to obtain a collection of strong trapdoor permutations from this collection of weak ones. Here we apply an explicit amplification procedure, which is slightly more e#cient, and prove that it gives us a simulatable collection of trapdoor permutations. Let l be an amplification parameter, which we ....

....k ) log k ) and so is negligible. So we have: Theorem 5. Under assumption 1, the set SRSA = f i : D i # D i is a simulatable collection of trapdoor permutations. We note that ( 1 log k ) log k is only slightly below what is needed to be negligible. To obtain a security preserving[13] amplification we could use k k bit moduli. Another approach would be to remove the need for amplification by finding an invertible way to produce integers with two large primefactors and use just one such modulus for encryption. 6.2 Doing without Oblivious Index Generation We now proceed to ....

Oded Goldreich, Russell Impagliazzo, Leonid Levin, Ramarathnam Venkatesan, and David Zuckerman. Security preserving amplification of hardness. In 31st Annual Symposium on Foundations of Computer Science, volume I, pages 318-- 326, St. Louis, Missouri, 22--24 October 1990. IEEE.

....problem, and it is an open question whether such a PKC exists. If one does exist it is possible that an Algebraic Coded PKC might provide an example. Although such an example would not necessarily be practically secure, since NP complete problems can be almost always easy, there is some evidence[9] that NP security, once obtained, can be amplified to the required cryptographic security. 1.3 Gabidulin codes and the Gabidulin PKC Definition1. Let x be any q vector over GF (2 m ) The p Theta q Gabidulin matrix with generating vector x is the matrix whose first row is x, and whose i th row ....

GOLDREICH O., IMPAGLIAZZO R., LEVIN L., VENKATESAN R., and ZUCKERMAN D. "Security Preserving Amplification of Hardness." Proc. of the 31st Annual Symposium on the Foundations of Computer Science (FOCS), 1990.

....that a random integer n contains two large primefactors. i.e. if we pick n at random and e as a prime larger than n, then x ## x e modn is a weak trapdoor permutation over Z # n (relative to assumption 1. The same observation was used in [9] where they refer to general amplification results[21, 13] to obtain a collection of strong trapdoor permutations from this collection of weak ones. Here we apply an explicit amplification procedure, which is slightly more e#cient, and prove that it gives us a simulatable collection of trapdoor permutations. Let l be an amplification parameter, which we ....

....k ) log k ) and so is negligible. So we have: Theorem 5. Under assumption 1, the set SRSA = f i : D i # D i is a simulatable collection of trapdoor permutations. We note that ( 1 log k ) log k is only slightly below what is needed to be negligible. To obtain a security preserving[13] amplification we could use k k bit moduli. Another approach would be to remove the need for amplification by finding an invertible way to produce integers with two large primefactors and use just one such modulus for encryption. 6.2 Doing without Oblivious Index Generation We now proceed to ....

Oded Goldreich, Russell Impagliazzo, Leonid Levin, Ramarathnam Venkatesan, and David Zuckerman. Security preserving amplification of hardness. In 31st Annual Symposium on Foundations of Computer Science, volume I, pages 318-- 326, St. Louis, Missouri, 22--24 October 1990. IEEE.

.... been studied extensively, and have numerous applications in theoretical computer science, including space efficient algorithms for undirected connectivity [4, 8] derandomization [1] recycling of random bits [10, 15] approximation algorithms [6, 12, 17] efficient constructions in cryptography [14], and self stabilizing distributed computing [11, 16] Frequently (see, for example, Karger et al. 19] and Nisan et al. 20] we are interested in E[T (N ) the expected time before a simple random walk on an undirected connected graph, G, visits its N th distinct vertex, N n. The ....

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. I. Zuckerman, Security preserving amplification of hardness, in Proceedings 31st Annual Symposium on Foundations of Computer Science, St. Louis, MO, Oct. 1990, IEEE, pp. 318--326.

No context found.

O. Goldreich, R. Impagliazzo, L.A. Levin, R. Venkatesan, and D. Zuckerman. Security Preserving Amplification of Hardness. In 31st FOCS, pages 318--326, 1990.

No context found.

Goldreich, O., Impagliazzo, R., Levin, L., Venketesan, R., Zuckerman, D., "Security Preserving Amplification of Hardness", Proceedings of the 31st IEEE Symposium on Foundations of Computer Science, pp. 318-326, 1990.

No context found.

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. Zuckerman. Security preserving amplification of hardness. In 31st FOCS, pages 318--326, 1990. 25

....) 1 , G 2 (1 ) G(1 ) and extend f fi into g fi so that g fi (x) f fi (x) if x 2 D fi and g fi (x) x otherwise. This yields a collection of common domain permutations, fg fi : f0; 1g jfij 1 1 7 f0; 1g g, which are weakly one way. Employing amplification techniques (e.g. [Y, GILVZ]) we obtain a proper common domain system. In the sequel we refer to common domain trapdoor systems in a less formal way. We say that two oneway permutations, f a and f b , are a pair if they are both permutations over the same domain (i.e. a = ff; fi 1 ) and b = ff; fi 2 ) where the domain ....

....of N is not known. Let f N (x) x e (mod N) if x N and f N (x) x otherwise. With non negligible probability N is a product of two large primes. Thus, this construction yields a collection of common domain permutations which are weakly one way. Employing an amplification procedure (e.g. [Y, GILVZ]) we obtain a proper common domain system. This common domain trapdoor system can be used as described in Section 4.2. However, here the keygeneration stage can be simplified considerably. Observe that it is possible to choose a permutation from the above distribution without knowing its ....

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan and D. Zuckerman, "Security Preserving Amplification of Hardness", 31st FOCS, 1990, pp. 318--326.

....need to set the security parameter in the first case to the square of the one in the second case for the same level of security, so that the first algorithm effectively becomes O(k 6 ) where k is the security paramter. The efficiency of security reductions has been treated by Goldreich et al. [GILVZ] in the context of one way permutations. More recently, there has been much interest in this subject in the context of pseudorandom functions [BCK, BGK] The reason is that pseudorandom functions, introduced by [GGM] are a useful tool in cryptographic protocol design for both theoretical and ....

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan and D. Zuckerman. Security preserving amplification of hardness. Proceedings of the 31st Symposium on Foundations of Computer Science, IEEE, 1990.

No context found.

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. Zuckerman, "Security Preserving Amplification of Hardness." In Proceedings of the 31st Annual IEEE Symposium on Foundations of Computer Science, 1990, pp. 318-326.

....1 p(n) where the probability is over the random choices of x and the random tape of A. The above definition is of a strong one way function. Its existence is equivalent to the existence of weak one way function using Yao s amplification technique [37] or the more security preserving method of [15] which is applicable only to permutations or regular functions. A weak one way function has the same definition as above, but the hardness of inversion is smaller, i.e. its probability is inverse polynomially away from 1. If in addition f is 1 1 and length preserving then we say the f is a ....

....all numbers smaller than P where 2 n Gamma1 P 2 n , as is the case in the number theoretic constructions. Then we can construct from it a weak one way permutation f : f0; 1g n 7 f0; 1g n by taking f(x) f 0 (x) if x 2 S and f(x) x otherwise. Using the amplification techniques of [37, 15] we can then obtain a strong one way permutation on a domain f0; 1g n 0 for n 0 linear in n. The goal of this paper is to present a construction of perfectly secure computationally binding commitment from any one way permutation. 2.3 Perfect Zero Knowledge Arguments We now briefly discuss ....

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. Zuckerman, Security Preserving Amplification of Hardness, Proc. IEEE 31st Symp. on Foundations of Computer Science, 1990, pp. 318--326.

No context found.

O. Goldreich, R. Impagliazzo, L.A. Levin, R. Venkatesan, and D. Zuckerman, Security Preserving Amplification of Hardness, Proc. of the 31st IEEE Symp. on Foundation of Computer Science (FOCS), 31st FOCS, pp. 318--326, 1990.

.... for any one way functions [67] ffl A plausibility result of Yao (commonly attributed to [120] by which any weak one way permutation can be transformed into an ordinary one way permutation was replaced by an efficient transformation of weak one way permutation into ordinary one way permutation [65]. ffl A plausibility result of [68] by which one may construct Verifiable Secret Sharing schemes (cf. 39] using any one way function, was replaced by an efficient construction the security of which is based on DLP [54] In general, many concrete problems which are solvable in principle (by the ....

O. Goldreich, R. Impagliazzo, L.A. Levin, R. Venkatesan, and D. Zuckerman. Security Preserving Amplification of Hardness. In 31st IEEE Symposium on Foundations of Computer Science, pages 318--326, 1990. 29

.... for any one way functions [96] ffl A plausibility result of Yao (commonly attributed to [168] by which any weak one way permutation can be transformed into an ordinary one way permutation was replaced by an efficient transformation of weak one way permutation into ordinary one way permutation [93]. ffl A plausibility result of [97] by which one may construct Verifiable Secret Sharing schemes (cf. 49] using any one way function, was replaced by an efficient construction the security of which is based on DLP [76] In general, many concrete problems which are solvable in principle (by the ....

O. Goldreich, R. Impagliazzo, L.A. Levin, R. Venkatesan, and D. Zuckerman. Security Preserving Amplification of Hardness. In 31st IEEE Symposium on Foundations of Computer Science, pages 318--326, 1990.

No context found.

O. Goldreich, R. Impagliazzo, L.A. Levin, R. Venkatesan, and D. Zuckerman, "Security Preserving Amplification of Hardness", 31st FOCS, pp. 318--326, 1990.

....if f is a permutation on f0; 1g n ; n 0, then we say that f is a one way permutation. The above definition is of a strong one way function. Its existence is equivalent to the existence of the weak one way function [Y82] a stronger equivalence is possible in the case of permutations (see [GILVZ]) A weak one way function has the same definition as above, except the probability of successful inversion above is 1 Gamma 1=n c ; c 0. 3 Main Result We show that if there is any one way permutation, then honest verifier zero knowledge is in fact just as strong as zero knowledge. Theorem ....

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. Zuckerman, Security Preserving Amplification of Hardness, FOCS 90.

....p and all sufficiently large n, Pr[f(x) f(A(f(x) j x 2R f0; 1g n ] 1=p(n) The above definition is of a strong one way function. Its existence is equivalent to the existence of the weaker somewhat one way function using Yao s amplification technique [Y82] or the more efficient method of [GILVZ] (which is applicable only to permutations or regular functions) A somewhat one way function has the same definition as above, but the hardness of inversion is smaller, i.e. its probability is inverse polynomially away from 1. If in addition f is 1 1 then we say the f is a One Way Permutation. ....

....permutations. For practical purposes consider the data encryption standard (DES) Kon] Given a k regular [GKL] one way function (i.e. the number of pre images of a point is k and is k on a significant fraction) one can transform it into a one way function which is 1 1 almost everywhere [GILVZ]. We apply this to the function DES(k;m) y (k = key, m= message) where (actual used parameters are) k 2 f0; 1g 56 , m; y 2 f0; 1g 64 . Assuming that DES is not breakable on line (say in 10 seconds) then it is a good candidate for our scheme. We explore this further in the full version of ....

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. Zuckerman, Security Preserving Amplification of Hardness, FOCS 90.

No context found.

O. Goldreich, R. Impagliazzo, L.A. Levin, R. Venkatesan, and D. Zuckerman, "Security Preserving Amplification of Hardness", 31st FOCS, pp. 318--326, 1990.

....density (within the vertex set) The importance of this discovery stems from the fact that a random walk on an expander can be generated using much fewer random coins than required for generating indepdendent samples in the vertex set. Precise formulations of the above discovery were given in [AKS87, CW89, GILVZ90] culminating in Kahale s optimal analysis [K91, Sec. 6] Theorem 1.1 (Expander Random Walk Theorem [K91, Cor. 6.1] Let G = V; E) be an expander graph of degree d and be an upper bound on the absolute value of all eigenvalues, save the biggest one, of the adjacency matrix of the graph. Let W ....

O. Goldreich, R. Impagliazzo, L.A. Levin, R. Venkatesan, and D. Zuckerman, "Security Preserving Amplification of Hardness", 31st FOCS, pp. 318--326, 1990.

No context found.

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. Zuckerman. Security preserving amplification of hardness. In Proc. 31st Annual Symposium on Foundations of Computer Science, pp. 318-- 326. IEEE, 1990.

No context found.

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. Zuckerman, Security Preserving Amplification of Hardness, FOCS 90.

No context found.

O. Goldreich, R. Impagliazzo, L. Levin, R. Venkatesan, and D. Zuckerman. Security preserving amplification of hardness. In Proc. 31st Annual Symposium on Foundations of Computer Science, pages 318--326. IEEE, 1990.

No context found.

Oded Goldreich, Russell Impagliazzo, Leonid Levin, Ramarathnam Venkatesan, and David Zuckerman. Security preserving amplification of hardness. In 31st Annual Symposium on Foundations of Computer Science, volume I, pages 318-- 326, St. Louis, Missouri, 22--24 October 1990. IEEE.

No context found.

Oded Goldreich, Russell Impagliazzo, Leonid Levin, Ramarathnam Venkatesan, and David Zuckerman. Security preserving amplification of hardness. In 31st Annual Symposium on Foundations of Computer Science, volume I, pages 318--326, St. Louis, Missouri, 22--24 October 1990. IEEE.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC