PPT-Better Pseudorandom Generators from Milder Pseudorandom Res

Raghu Meka IAS Parikshit Gopalan Omer Reingold MSRSVC Luca Trevian Stanford Salil Vadhan Harvard Can we generate random bits Can we generate random bits Pseudorandom Generators Stretch bits to fool a class of test functions . Dichtlsiemenscom Abstract This papers studies methods to improve the cryptographic quality of random or pseudorandom sequences by modifying the order of the original sequence A new algorithm Cryshu is suggested which produces its shu64260ed output da uoagr Abstract Pseudorandom sequences have many applications in cryp tography and spread spectrum communications In this dissertation on one hand we develop tools for assessing the randomness of a sequence and on the other hand we propose new constru A Karrasl and V Zorkadis2 Hellenic Aerospace Industry University of Hertfordshire UK and Hellenic Open University Rodu2 Ano Iliupolis Athens 16342 Greece emails dakarrasholgr dkarrashaicorpcom dakarrasusanet Data Protection Authority Omirou 8 10564 A Thomas . Holenstein. Iftach Haitner. Salil Vadhan. Hoeteck Wee. Joint With. Omer Reingold. Cryptography. Rich array of . applications and . powerful . implementations.. In some cases (. e.g. Zero-Knowledge), . 1. Raghu. . Meka. UT Austin. (joint work with David Zuckerman). Polynomial Threshold Functions. 2. Applications. : Complexity theory, learning theory, voting theory, quantum computing. Halfspaces. 3. 3b. . Pseudorandomness. .. B. ased on: Jonathan . Katz and Yehuda . Lindell. . Introduction . to . Modern Cryptography. 2. Pseudorandomness. An introduction. A distribution . D. is pseudorandom if no PPT . Based on: William . Stallings, Cryptography and Network Security . . Chapter 7. Pseudorandom Number Generators . and Stream Ciphers. Random Numbers. A number of cryptographic protocols make use of random binary numbers:. Cryptography Lecture 6 Pseudorandom generators (PRGs) Let G be an efficient, deterministic algorithm that expands a short seed into a longer output Specifically, let |G(x)| = p(|x|) G is a PRG if: when the distribution of x is uniform, the distribution of G(x) is “indistinguishable from uniform” Cryptography Lecture 8 Pseudorandom functions Keyed functions Let F: {0,1} * x {0,1} *  {0,1} * be an efficient, deterministic algorithm Define F k (x) = F(k, x) The first input is called the Cryptography Lecture 7 Pseudorandom functions Keyed functions Let F: {0,1} * x {0,1} *  {0,1} * be an efficient, deterministic algorithm Define F k (x) = F(k, x) The first input is called the k. c. m. c. . . . Enc. k. (m). k. m. 1. c. 1. . . . Enc. k. (m. 1. ). m. 2. c. 2. . . . Enc. k. (m. 2. ). c. 1. c. 2. Is the threat model too strong?. In practice, there are many ways an attacker can . Keyed functions. Let F: {0,1}. *. x {0,1}. *. .  {0,1}. *. be an efficient, deterministic algorithm. Define . F. k. (x) = F(k, x). The first input is called the . key. A. ssume F is . length preserving. Which of the following encryption schemes is CPA-secure (G is a PRG, F is a PRF)?. Enc. k. (m) chooses uniform r; outputs <r, G(r) .  . m>. Enc. k. (m) chooses uniform r; outputs <r, . F. . (PRGs). Let G be an efficient, deterministic algorithm . that expands a . short . seed. . into a . longer . output. Specifically, let |G(x)| = p(|x|). G is a PRG if: when the distribution of x is uniform, the distribution of G(x) is “indistinguishable from uniform”.