Almost Optimal Bounds for Direct Product Threshold Theorem

Jutla, Charanjit S.

doi:10.1007/978-3-642-11799-2_3

Cited by 10 publications

(10 citation statements)

References 9 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For this kind of puzzles, it has been proved [6] that if it is difficult for an attacker to solve a weakly-verifiable puzzle P, then trying to solve multiple instances of a puzzle in parallel is harder. Most recently, Jutla found a better bound to show how hard it is for an attacker to solve multiple instances of weakly-verifiable puzzles [8]. The next theorem is based on the main theorem proposed by Jutla, but it has been adapted to CAPTCHAS, which are of our interest in this work.…”

Section: Security Of P ′mentioning

confidence: 97%

On Securing Communication from Profilers

Diaz-Santiago

Chakraborty

2012

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

Abstract. A profiling adversary is an adversary which aims to classify messages into pre-defined profiles and thus gain useful information regarding the sender or receiver of such messages. Usual chosen-plaintext secure encryption schemes are capable of securing information from profilers, but these schemes provide more security than required for this purpose. In this paper we study the requirements for an encryption algorithm to be secure only against profilers and finally give a precise notion of security for such schemes. We also present a full protocol for secure (against profiling adversaries) communication, which neither requires a key exchange nor a public key infrastructure. Our protocol guarantees security against non-human profilers and is constructed using CAPTCHAs and secret sharing schemes.

show abstract

Section: Security Of P ′mentioning

confidence: 97%

On Securing Communication from Profilers

Diaz-Santiago

Chakraborty

2012

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

show abstract

“…The earlier bounds of [IJK09b,Jut10] do not make such an assumption, but they are not optimal. Using conditioning in the reductions (cf.…”

Section: Hardness Amplification Of Captcha Puzzlesmentioning

confidence: 99%

“…1 DPTs for puzzles are known [BIN97,CHS05], with [CHS05] giving an optimal DPT. Also TDPTs are known [IJK09b,Jut10], but they are not optimal. Here we immediately get an optimal TDPT for puzzles, using the optimal DPT of [CHS05], when the success probabilities of the legitimate user and the attacker are constant.…”

Section: A Constructive Version Of Theorem 11mentioning

confidence: 99%

Constructive Proofs of Concentration Bounds

Impagliazzo

Kabanets

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We give a simple combinatorial proof of the Chernoff-Hoeffding concentration bound [Che52,Hoe63], which says that the sum of independent {0, 1}-valued random variables is highly concentrated around the expected value. Unlike the standard proofs, our proof does not use the method of higher moments, but rather uses a simple and intuitive counting argument. In addition, our proof is constructive in the following sense: if the sum of the given random variables is not concentrated around the expectation, then we can efficiently find (with high probability) a subset of the random variables that are statistically dependent. As simple corollaries, we also get the concentration bounds for [0, 1]-valued random variables and Azuma's inequality for martingales [Azu67].We interpret the Chernoff-Hoeffding bound as a statement about Direct Product Theorems. Informally, a Direct Product Theorem says that the complexity of solving all k instances of a hard problem increases exponentially with k; a Threshold Direct Product Theorem says that it is exponentially hard in k to solve even a significant fraction of the given k instances of a hard problem. We show the equivalence between optimal Direct Product Theorems and optimal Threshold Direct Product Theorems. As an application of this connection, we get the Chernoff bound for expander walks [Gil98] from the (simpler to prove) hitting property [AKS87], as well as an optimal (in a certain range of parameters) Threshold Direct Product Theorem for weakly verifiable puzzles from the optimal Direct Product Theorem [CHS05]. We also get a simple constructive proof of Unger's result [Ung09] saying that XOR Lemmas imply Threshold Direct Product Theorems.

show abstract

“…However, since a solver can correlate his answers to different puzzles, the events are not independent and the hardness bound may not hold. In the literature, there are various (parallel) repetition theorems for aforementioned puzzle systems saying that the hardness bounds match that of independent events and/or that the hardness is amplified in an exponential rate, which are useful to deduce security amplification results [CHS05,IJK07,DIJK09,Jut10]. In general, hardness amplification results for one puzzle systems do not imply the same results for another puzzle systems.…”

Section: Puzzle Systems and Security Amplification For Other Primitivesmentioning

confidence: 99%

“…For weakly-verifiable puzzle systems, Canetti, Halevi, and Steiner [CHS05] prove a tight Direct Product Theorem, saying that solving n puzzles is δ n -hard 2 if solving a single puzzle is δ-hard, and Impagliazzo, Jaiswal, and Kabanets [IJK07] prove a more general Chernoff-type Theorem, saying that solving at least (1.1) · δ · n out of n puzzles is 2 −Ω(δ·n) -hard if solving a single puzzle is δ-hard. The bound of [IJK07] was recently improved by Jutla [Jut10] to nearly optimal. Dodis, Impagliazzo, Jaiswal, and Kabanets [DIJK09] extend the Chernofftype Theorem to dynamic weakly-verifiable puzzle systems, and use it to achieve security amplification for MACs, digital signatures, and PRFs.…”

Section: Puzzle Systems and Security Amplification For Other Primitivesmentioning

confidence: 99%

Efficient String-Commitment from Weak Bit-Commitment

Chung

Liu

et al. 2010

Advances in Cryptology - ASIACRYPT 2010

View full text Add to dashboard Cite

Abstract. We study security amplification for commitment schemes and improve the efficiency of black-box security amplification in the computational setting, where the security holds against PPT active adversaries. We show that ω(log s) black-box calls to a weak bit-commitment scheme with constant security is sufficient to construct a commitment scheme with standard negligible security, where s denotes the security parameter and ω(log s) denotes any super-logarithmic function of s. Furthermore, the resulting scheme is a string commitment scheme that can commit to O(log s)-bit strings. This improves on previous work of Damgård et al. [DKS99] and Halevi and Rabin [HR08], whose transformations require ω(log 2 s) black-box calls to commit a single bit. As a byproduct of our analysis, we also improve the efficiency of security amplification for message authentication codes, digital signatures, and pseudorandom functions studied in [DIJK09]. This is from an improvement of the "Chernoff-type Theorems" of dynamic weakly-verifiable puzzles of [DIJK09].

show abstract

Almost Optimal Bounds for Direct Product Threshold Theorem

Cited by 10 publications

References 9 publications

On Securing Communication from Profilers

On Securing Communication from Profilers

Constructive Proofs of Concentration Bounds

Efficient String-Commitment from Weak Bit-Commitment

Contact Info

Product

Resources

About