Cryptographic Primitives Based on Hard Learning Problems
نویسندگان
چکیده
Modern cryptography has had considerable impact on the development of computational learning theory. Tools from cryptography have been used in proving nearly all of the strong negative results for learning. In this paper, we give results in the reverse direction by showing how to construct several cryptographic primitives based on certain assumptions on the di culty of learning. Thus we develop further a line of thought introduced by Impagliazzo and Levin [5]. As we describe, standard de nitions in learning theory and cryptography do not appear to correspond perfectly in their original forms. In particular, a learning algorithm is generally required to be much more successful than a \statistical test" in cryptography. However, we show that natural modi cations to standard learning de nitions can yield a strong correspondence between hardness for learning and cryptography. The particular cryptographic primitives we consider are pseudorandom bit generators, one-way functions, and private-key cryptosystems. We give transformations of hard learning problems into cryptographic primitives with the desirable property that the complexity of the resulting primitive is not much greater than that of the hard-to-learn functions and distributions. In particular, our constructions are especially adept in preserving the degree of parallelism inherent in the hard functions and distributions. Thus, \simple" functions that are apparently di cult to learn (such as DNF formulae) may lead to cryptographic primitives of considerably reduced parallel complexity. In addition to generic transformations, we also describe a very simple pseudorandom bit generator based on the assumption that the class of parity functions is hard to learn in the presense of random noise (an assumption similar to the intractability of decoding random linear codes). Our construction is simpler than related constructions that have been described previously. A similar construction is apparently already known to some researchers in the cryptography community as a \folk theorem".
منابع مشابه
Lightweight 4x4 MDS Matrices for Hardware-Oriented Cryptographic Primitives
Linear diffusion layer is an important part of lightweight block ciphers and hash functions. This paper presents an efficient class of lightweight 4x4 MDS matrices such that the implementation cost of them and their corresponding inverses are equal. The main target of the paper is hardware oriented cryptographic primitives and the implementation cost is measured in terms of the required number ...
متن کاملHardness of decision (R)LWE for any modulus
The decision Learning With Errors problem has proven an extremely flexible foundation for devising provably secure cryptographic primitives. LWE can be expressed in terms of linear algebra over Z/qZ. This modulus q is the subject of study of the present work. When q is prime and small, or when it is exponential and composite with small factors, LWE is known to be at least as hard as standard wo...
متن کاملOn Formal Verification of Arithmetic-Based Cryptographic Primitives
Cryptographic primitives are fundamental for information security: they are used as basic components for cryptographic protocols or public-key cryptosystems. In many cases, their security proofs consist in showing that they are reducible to computationally hard problems. Those reductions can be subtle and tedious, and thus not easily checkable. On top of the proof assistant Coq, we had implemen...
متن کاملClassification of Lattice-based Fully Homomorphic Encryption from Noisy Polly Cracker*
Lattices have been used to construct many cryptographic primitives after Ajtai’s seminal paper in 1996. The goal of this paper is to design novel cryptographic primitives using lattices, which are still found to be no polynomial time attack by quantum computers. For achieving this, we survey the known lattice-based cryptography and lattice-based fully homomorphic encryption schemes as a first s...
متن کاملOn the Bit Security of Cryptographic Primitives
We introduce a formal quantitative notion of “bit security” for a general type of cryptographic games (capturing both decision and search problems), aimed at capturing the intuition that a cryptographic primitive with k-bit security is as hard to break as an ideal cryptographic function requiring a brute force attack on a k-bit key space. Our new definition matches the notion of bit security co...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1993