Proving hard-core predicates using list decoding

Akavia, Adi; Goldwasser, Shafi; Safra, Shmuel

doi:10.1109/sfcs.2003.1238189

Cited by 67 publications

(162 citation statements)

References 19 publications

Supporting

Mentioning

162

Contrasting

Order By: Relevance

“…In concurrent works [10,11] gave a universal SFT algorithm for a restricted class of functions over Z p : compressible or Fourier sparse functions. 2 Noise is out of scope in the analysis of the universal algorithms [12,10,11]. These SFT algorithms [12,6,2,7,10,11] are insufficient for our result solving HNP.…”

Section: New Tool: Universally Finding Significant Fourier Coefficientsmentioning

confidence: 99%

“…2 Noise is out of scope in the analysis of the universal algorithms [12,10,11]. These SFT algorithms [12,6,2,7,10,11] are insufficient for our result solving HNP. Both universality as well as handling functions that are neither compressible nor Fourier sparse are crucial for our algorithm solving HNP.…”

Section: New Tool: Universally Finding Significant Fourier Coefficientsmentioning

confidence: 99%

“…For functions over Z p , prior SFT algorithms [6,2,7] are not universal. In concurrent works [10,11] gave a universal SFT algorithm for a restricted class of functions over Z p : compressible or Fourier sparse functions.…”

Section: New Tool: Universally Finding Significant Fourier Coefficientsmentioning

confidence: 99%

See 2 more Smart Citations

Solving Hidden Number Problem with One Bit Oracle and Advice

Akavia

2009

Advances in Cryptology - CRYPTO 2009

View full text Add to dashboard Cite

Abstract. In the Hidden Number Problem (HNP), the goal is to find a hidden number s, when given p, g and access to an oracle that on query a returns the k most significant bits of s · g a mod p.We present an algorithm solving HNP, when given an advice depending only on p and g; the running time and advice length are polynomial in log p. This algorithm improves over prior HNP algorithms in achieving:(1) optimal number of bits k ≥ 1 (compared with k ≥ Ω(log log p)); (2) robustness to random noise; and (3) handling a wide family of predicates on top of the most significant bit.As a central tool we present an algorithm that, given oracle access to a function f over ZN , outputs all the significant Fourier coefficients of f (i.e., those occupying, say, at least 1% of the energy). This algorithm improves over prior works in being:-Local. Its running time is polynomial in log N and L1( f ) (for L1( f ) the sum of f 's Fourier coefficients, in absolute value). -Universal. For any N, t, the same oracle queries are asked for all functions f over ZN s.t. L1( f ) ≤ t. -Robust. The algorithm succeeds with high probability even if the oracle to f is corrupted by random noise.

show abstract

Section: New Tool: Universally Finding Significant Fourier Coefficientsmentioning

confidence: 99%

Section: New Tool: Universally Finding Significant Fourier Coefficientsmentioning

confidence: 99%

See 1 more Smart Citation

Solving Hidden Number Problem with One Bit Oracle and Advice

Akavia

2009

Advances in Cryptology - CRYPTO 2009

View full text Add to dashboard Cite

show abstract

“…We give a general construction of related-secret strong hard-core bits. Our construction will use similiar techniques to the ones found in [20]. (x,r) ,A which will invert f (x) with non-negligible probability as long as A F f ,(x,r) returns B(x, r) with probability non-negligibly better than 1/2.…”

Section: The Importance Of Rs-prbsmentioning

confidence: 99%

On Related-Secret Pseudorandomness

Goldenberg

Liskov

2010

Theory of Cryptography

View full text Add to dashboard Cite

Abstract. Related-key attacks are attacks against constructions which use a secret key (such as a blockcipher) in which an attacker attempts to exploit known or chosen relationships among keys to circumvent security properties. Security against related-key attacks has been a subject of study in numerous recent cryptographic papers. However, most of these results are attacks on specific constructions, while there has been little positive progress on constructing related-key secure primitives.In this paper, we attempt to address the question of whether relatedkey secure blockciphers can be built from traditional cryptographic primitives. We develop a theoretical framework of "related-secret secure" cryptographic primitives, a class of primitives which includes related-key secure blockciphers and PRFs. We show that while a single related-secret pseduorandom bit is sufficient and necessary to create related-key secure blockciphers, hard-core bits with typical proofs are not related-secret psuedorandom. Since the pseudorandomness of hard-core bits is the essential technique known to make pseudorandomness from assumptions of simple hardness, this presents a very strong barrier to the development of provably related-key secure blockciphers based on standard hardness assumptions.

show abstract

“…In [AGS03], Akavia et al show that list-decoding can also be used to prove specific hard-core results. For example, they give a proof based on list-decodable codes that the least significant bit of RSA is hard-core (which was first shown in [ACGS88]).…”

Section: Calls the List-decoding Algorithm Needs δε 2 As Inputmentioning

confidence: 99%

Complete Classification of Bilinear Hard-Core Functions

Holenstein

Maurer

Sjödin

2004

Advances in Cryptology – CRYPTO 2004

View full text Add to dashboard Cite

Abstract. Let f : {0, 1} n → {0, 1} l be a one-way function. A function h : {0, 1} n → {0, 1} m is called a hard-core function for f if, when given f (x) for a (secret) x drawn uniformly from {0, 1} n , it is computationally infeasible to distinguish h(x) from a uniformly random m-bit string. A (randomized) function h : {0, 1} n × {0, 1} k → {0, 1} m is a general hardcore function if it is hard-core for every one-way function f : {0, 1} n → {0, 1} l , where the second input to h is a k-bit uniform random string r. Hard-core functions are a crucial tool in cryptography, in particular for the construction of pseudo-random generators and pseudo-random functions from any one-way function. The first general hard-core predicate, proposed by Goldreich and Levin, and several subsequently proposed hard-core functions, are bilinear functions in the two arguments x and r. In this paper we introduce a parameter of bilinear functions h : {0, 1} n × {0, 1} k → {0, 1} m , called exponential rank loss, and prove that it characterizes exactly whether or not h is a general hard-core function. The security proofs for the previously proposed bilinear hard-core functions follow as simple consequences. Our results are obtained by extending the class of list-decodable codes and by generalizing Hast's list-decoding algorithm from the Reed-Muller code to general codes.

show abstract

Proving hard-core predicates using list decoding

Cited by 67 publications

References 19 publications

Solving Hidden Number Problem with One Bit Oracle and Advice

Solving Hidden Number Problem with One Bit Oracle and Advice

On Related-Secret Pseudorandomness

Complete Classification of Bilinear Hard-Core Functions

Contact Info

Product

Resources

About