Results 1  10
of
62
PseudoRandom Generation from OneWay Functions
 PROC. 20TH STOC
, 1988
"... Pseudorandom generators are fundamental to many theoretical and applied aspects of computing. We show howto construct a pseudorandom generator from any oneway function. Since it is easy to construct a oneway function from a pseudorandom generator, this result shows that there is a pseudorandom gene ..."
Abstract

Cited by 756 (22 self)
 Add to MetaCart
Pseudorandom generators are fundamental to many theoretical and applied aspects of computing. We show howto construct a pseudorandom generator from any oneway function. Since it is easy to construct a oneway function from a pseudorandom generator, this result shows that there is a pseudorandom generator iff there is a oneway function.
Universal OneWay Hash Functions and their Cryptographic Applications
, 1989
"... We define a Universal OneWay Hash Function family, a new primitive which enables the compression of elements in the function domain. The main property of this primitive is that given an element x in the domain, it is computationally hard to find a different domain element which collides with x. We ..."
Abstract

Cited by 322 (14 self)
 Add to MetaCart
We define a Universal OneWay Hash Function family, a new primitive which enables the compression of elements in the function domain. The main property of this primitive is that given an element x in the domain, it is computationally hard to find a different domain element which collides with x. We prove constructively that universal oneway hash functions exist if any 11 oneway functions exist. Among the various applications of the primitive is a OneWay based Secure Digital Signature Scheme which is existentially secure against adoptive attacks. Previously, all provably secure signature schemes were based on the stronger mathematical assumption that trapdoor oneway functions exist. Key words. cryptography, randomized algorithms AMS subject classifications. 68M10, 68Q20, 68Q22, 68R05, 68R10 Part of this work was done while the authors were at the IBM Almaden Research Center. The first author was supported in part by NSF grant CCR88 13632. A preliminary version of this work app...
Oneway functions are necessary and sufficient for secure signatures
, 1990
"... Much research in theoretical cryptography has been centered around finding the weakest possible cryptographic assumptions required to implement major primitives. Ever since Diffie and Hellman first suggested that modern ..."
Abstract

Cited by 206 (0 self)
 Add to MetaCart
Much research in theoretical cryptography has been centered around finding the weakest possible cryptographic assumptions required to implement major primitives. Ever since Diffie and Hellman first suggested that modern
PublicKey Cryptosystems from Lattice Reduction Problems
, 1996
"... We present a new proposal for a trapdoor oneway function, from whichwe derive publickey encryption and digital signatures. The security of the new construction is based on the conjectured computational difficulty of latticereduction problems, providing a possible alternative to existing publicke ..."
Abstract

Cited by 131 (5 self)
 Add to MetaCart
We present a new proposal for a trapdoor oneway function, from whichwe derive publickey encryption and digital signatures. The security of the new construction is based on the conjectured computational difficulty of latticereduction problems, providing a possible alternative to existing publickey encryption algorithms and digital signatures such as RSA and DSS.
BPP has Subexponential Time Simulations unless EXPTIME has Publishable Proofs (Extended Abstract)
, 1993
"... ) L'aszl'o Babai Noam Nisan y Lance Fortnow z Avi Wigderson University of Chicago Hebrew University Abstract We show that BPP can be simulated in subexponential time for infinitely many input lengths unless exponential time ffl collapses to the second level of the polynomialtime ..."
Abstract

Cited by 114 (9 self)
 Add to MetaCart
) L'aszl'o Babai Noam Nisan y Lance Fortnow z Avi Wigderson University of Chicago Hebrew University Abstract We show that BPP can be simulated in subexponential time for infinitely many input lengths unless exponential time ffl collapses to the second level of the polynomialtime hierarchy, ffl has polynomialsize circuits and ffl has publishable proofs (EXPTIME=MA). We also show that BPP is contained in subexponential time unless exponential time has publishable proofs for infinitely many input lengths. In addition, we show BPP can be simulated in subexponential time for infinitely many input lengths unless there exist unary languages in MA n P . The proofs are based on the recent characterization of the power of multiprover interactive protocols and on random selfreducibility via low degree polynomials. They exhibit an interplay between Boolean circuit simulation, interactive proofs and classical complexity classes. An important feature of this proof is that it does not ...
Cryptographic Primitives Based on Hard Learning Problems
, 1994
"... this paper, we give results in the reverse direction by showing how to construct several cryptographic primitives based on certain assumptions on the difficulty of learning. In doing so, we develop further a line of thought introduced by Impagliazzo and Levin [6]. As we describe, standard definition ..."
Abstract

Cited by 88 (4 self)
 Add to MetaCart
this paper, we give results in the reverse direction by showing how to construct several cryptographic primitives based on certain assumptions on the difficulty of learning. In doing so, we develop further a line of thought introduced by Impagliazzo and Levin [6]. As we describe, standard definitions in learning theory and cryptography do not appear to correspond perfectly in their original forms. However, we show that natural modifications to standard learning definitions can yield the desired connections. The particular cryptographic primitives we consider are pseudorandom bit generators, oneway functions, and privatekey cryptosystems. We give transformations of hard learning problems into these cryptographic primitives with the desirable property that the complexity of the resulting primitive is not much greater than that of the hardtolearn functions and distributions. In particular, our constructions are especially adept at preserving the degree of parallelism inherent in the hard functions and distributions. Note that while it is wellknown that some of the primitives above imply the existence of others (for instance, the equivalence of bit generators and oneway functions) [14, 7], we are interested in the separate results because the equivalences between primitives often do not preserve complexity measures such as circuit depth (parallelism). For instance, it is not known how to construct a bit generator in NC given a oneway function in N C. One of the main potential benefits of this line of research is that as "simple" function classes (for instance, DNF formulae) continue to elude efficient learning, our belief in the intractability of learning such classes increases, and we can exploit this intractability to obtain simpler cryptographic primitives. In add...
E±cient cryptographic schemes provably as secure as subset sum
 Proc. 30th IEEE Symposium on Foundations of Computer Science
, 1989
"... ..."
Randomness vs. Time: Derandomization under a uniform assumption
 Journal of Computer and System Sciences
, 1998
"... We prove that if BPP 6= EXP, then every problem in BPP can be solved deterministically in subexponential time on almost every input ( on every samplable ensemble for infinitely many input sizes). This is the first derandomization result for BPP based on uniform, noncryptographic hardness assumptions ..."
Abstract

Cited by 73 (11 self)
 Add to MetaCart
We prove that if BPP 6= EXP, then every problem in BPP can be solved deterministically in subexponential time on almost every input ( on every samplable ensemble for infinitely many input sizes). This is the first derandomization result for BPP based on uniform, noncryptographic hardness assumptions. It implies the following gap in the averageinstance complexities of problems in BPP : either these complexities are always subexponential or they contain arbitrarily large exponential functions. We use a construction of a small "pseudorandom " set of strings from a "hard function" in EXP which is identical to that used in the analogous nonuniform results of [21, 3]. However, previous proofs of correctness assume the "hard function" is not in P=poly. They give a nonconstructive argument that a circuit distinguishing the pseudorandom strings from truly random strings implies that a similarlysized circuit exists computing the "hard function". Our main technical contribution is to show ...
Perfect ZeroKnowledge Arguments for NP Using any OneWay Permutation
 Journal of Cryptology
, 1998
"... "Perfect zeroknowledge arguments" is a cryptographic primitive which allows one polynomialtime player to convince another polynomialtime player of the validity of an NP statement, without revealing any additional information (in the informationtheoretic sense). Here the security achi ..."
Abstract

Cited by 60 (5 self)
 Add to MetaCart
"Perfect zeroknowledge arguments" is a cryptographic primitive which allows one polynomialtime player to convince another polynomialtime player of the validity of an NP statement, without revealing any additional information (in the informationtheoretic sense). Here the security achieved is online: in order to cheat and validate a false theorem, the prover must break a cryptographic assumption online during the conversation, while the verifier cannot find (ever) any information unconditionally. Despite their practical and theoretical importance, it was only known how to implement zeroknowledge arguments based on specific algebraic assumptions. In this paper, we show a general construction, which can be based on any oneway permutation. The result is obtained by a construction of an informationtheoretic secure bitcommitment protocol. The protocol is efficient (both parties are polynomial time) and can be based on any oneway permutation. A preliminary version of this ...
Collisionfree hashing from lattice problems
 Electronic Colloquium on Computational Complexity (ECCC) 3
, 1996
"... Abstract. In 1995, Ajtai described a construction of oneway functions whose security is equivalent to the difficulty of some well known approximation problems in lattices. We show that essentially the same construction can also be used to obtain collisionfree hashing. This paper contains a selfco ..."
Abstract

Cited by 60 (1 self)
 Add to MetaCart
Abstract. In 1995, Ajtai described a construction of oneway functions whose security is equivalent to the difficulty of some well known approximation problems in lattices. We show that essentially the same construction can also be used to obtain collisionfree hashing. This paper contains a selfcontained proof sketch of Ajtai’s result.