## Duality between two cryptographic primitives (1990)

### Cached

### Download Links

- [www.sis.uncc.edu]
- [pscit-www.fcit.monash.edu.au]
- DBLP

### Other Repositories/Bibliography

Venue: | Papers of Technical Group for Information Security, IEICE of Japan |

Citations: | 7 - 2 self |

### BibTeX

@INPROCEEDINGS{Zheng90dualitybetween,

author = {Yuliang Zheng and Tsutomu Matsumoto and Hideki Imai},

title = {Duality between two cryptographic primitives},

booktitle = {Papers of Technical Group for Information Security, IEICE of Japan},

year = {1990},

pages = {379--390},

publisher = {Springer-Verlag}

}

### OpenURL

### Abstract

This paper reveals a duality between constructions of two basic cryptographic primitives, pseudo-random string generators and one-way hash functions. Applying the duality, we present a construction for universal one-way hash functions assuming the existence of one-way permutations. Under a stronger assumption, the existence of distinction-intractable permutations, we prove that the construction constitutes a collision-intractable hash function. Using ideas behind the construction, we propose practical one-way hash functions, the fastest of which compress nearly 2n-bit long input into n-bit long output strings by applying only twice a one-way function. 1

### Citations

1178 |
Probabilistic encryption
- Goldwasser, Micali
- 1984
(Show Context)
Citation Context ...ts 1 on input f n (ins i(n) (ff; v)). Since ff2 R \Sigma n\Gamma1 and i(n) is a hard bit of f (by assumption), we can think of z = f n (ins i(n) (ff; x `(n) )) as a probabilistic encryption of x `(n) =-=[GM84]-=-. Thus for any probabilistic polynomial time algorithm A, for any polynomial Q, for all sufficiently large n, we have j Pr 0 \Gamma Pr 1 j ! 1=Q(n). Now let v2R \Sigma. Then Pr v = Pr 0 \Delta Prfv = ... |

726 | A pseudorandom generator from any one-way function
- H˚astad, Impagliazzo, et al.
- 1999
(Show Context)
Citation Context ...g generators and one-way hash functions behave in a dual fashion. It has been proved that pseudo-random string generators can be constructed under the assumption of the existence of one-way functions =-=[ILL89]-=-. However, at the time when this paper was written, the best known result on the construction of (universal) one-way hash functions was based on the assumption of the existence of one-way quasiinjecti... |

629 | How to construct random functions - Goldreich, Goldwasser, et al. - 1986 |

604 |
How to generate cryptographically strong sequences of pseudorandom bits
- Blum, Micali
- 1984
(Show Context)
Citation Context ...ution defined by the random variable g n (x) where x2R \Sigma n , and let g(U) = fg n (U) j n 2 Ng. Clearly, g(U) is polynomially samplable. The following definition can be found in [Yao82] (see also =-=[BM84]-=-, [GGM86] and [ILL89]). Definition 1 g = fg n j n 2 Ng is a (cryptographically secure) pseudo-random string generator (PSG) if g(U) is pseudo-random. One-way function is the basis of most of modern cr... |

516 |
Theory and applications of trapdoor functions
- Yao
- 1982
(Show Context)
Citation Context ...robability distribution defined by the random variable g n (x) where x2R \Sigma n , and let g(U) = fg n (U) j n 2 Ng. Clearly, g(U) is polynomially samplable. The following definition can be found in =-=[Yao82]-=- (see also [BM84], [GGM86] and [ILL89]). Definition 1 g = fg n j n 2 Ng is a (cryptographically secure) pseudo-random string generator (PSG) if g(U) is pseudo-random. One-way function is the basis of ... |

331 |
New Hash Functions and Their Use in Authentication and Set Equality
- Wegman, Carter
- 1981
(Show Context)
Citation Context ...n polynomially many processors. This observation is the very basis of Micali and Schnorr's parallel PSGs [MSc88]. On the other hand, a parallel hashing method was considered in several papers such as =-=[WC81]-=-, [NY89] and [Dam89]. Duality between these two methods is clear. Details are omitted here. 4 PSGs and UOHs from One-Way Permutations Throughout this section, it is assumed that f is a one-way permuta... |

313 | Universal one-way hash functions and their cryptographic applications
- Naor, Yung
- 1989
(Show Context)
Citation Context ...unctions (or shortly UOHs and CIHs, respectively). In [Mer89] the former is called weakly and the latter strongly , one-way hash functions respectively. Naor and Yung gave a formal definition for UOH =-=[NY89]-=-, and Damgard gave for CIH [Dam89]. The definition for UOH to be given below is from [ZMI90a] [ZMI90b] in which many other results, such as a construction for UOHs assuming the existence of one-way qu... |

113 |
One-way Functions are Essential for Complexity Based Cryptography. FOCS
- Impagliazzo, Luby
- 1989
(Show Context)
Citation Context ... g = fg n j n 2 Ng is a (cryptographically secure) pseudo-random string generator (PSG) if g(U) is pseudo-random. One-way function is the basis of most of modern cryptographic functions and protocols =-=[IL89]-=-. The following definition is from [ILL89]. Definition 2 Let f : D ! R, where D = S n \Sigma n and R = S n \Sigma `(n) , be a polynomial time computable function, and let E be an ensemble with length ... |

48 |
One Way Hash Functions and
- Merkle
- 1989
(Show Context)
Citation Context ... One-Way Hash Functions There are basically two kinds of one-way hash functions: universal one-way hash functionssand collision-intractable hash functions (or shortly UOHs and CIHs, respectively). In =-=[Mer89]-=- the former is called weakly and the latter strongly , one-way hash functions respectively. Naor and Yung gave a formal definition for UOH [NY89], and Damgard gave for CIH [Dam89]. The definition for ... |

23 |
Pseudo-random generators and complexity classes
- Boppana, Hirschfeld
- 1989
(Show Context)
Citation Context ...put strings is called a t-extender. Let y be a finite length string. Denote by head i (y) the first i bits and by tail i (y) the last i bits of y. The following lemma is due to Boppana and Hirschfeld =-=[BH89]-=-. Lemma 2 (serial-extending 2) Let e = fe n j n 2 Ng be a t-extender. For an n-bit string x, let b i (x) = head t ffi e n ffi (tail n ffi e n ) (i\Gamma1) (x), where 1sisk(n). Let g n be the function ... |

22 |
H.: On the construction of block ciphers provably secure and not relying on any unproved hypotheses
- Zheng, Matsumoto, et al.
- 1989
(Show Context)
Citation Context ...its key length is too short. Now we use DES as bricks to build a common-key block cipher called xDES. Our building method is based on a theory on the construction of secure block ciphers developed in =-=[ZMI89]-=-. Let r be a polynomial with r(i)s2i + 1. xDES is defined by xDES 0 , xDES 1 , xDES 2 , xDES 3 , \Delta \Delta \Delta, where xDES 0 is the same as DES and, for each is1, xDES i is a function from \Sig... |

17 |
Perfect Random Number Generators
- Micali, Schnorr, et al.
(Show Context)
Citation Context ...ruction provides us a configuration for generating pseudo-random strings in parallel, when given polynomially many processors. This observation is the very basis of Micali and Schnorr's parallel PSGs =-=[MSc88]-=-. On the other hand, a parallel hashing method was considered in several papers such as [WC81], [NY89] and [Dam89]. Duality between these two methods is clear. Details are omitted here. 4 PSGs and UOH... |

13 | Structural properties of one-way hash functions,” CRYPTO '90
- Zheng, Matsumoto, et al.
- 1991
(Show Context)
Citation Context ...hen this paper was written, the best known result on the construction of (universal) one-way hash functions was based on the assumption of the existence of one-way quasiinjections [ZMI90a]. (See also =-=[ZMI90b]-=-.) The aim of this research is to explore the intuition that there is a duality between pseudo-random string generators and one-way hash functions, and to apply techniques developed for the former to ... |

8 |
M.: Probability to meet in the middle
- Nishimura, Sibuya
- 1990
(Show Context)
Citation Context ...d. To prevent the compressing method from meet-in-the-middle attacks, n should be chosen in such a way that m(n) is sufficiently large, say ? 120. A rigorous treatment of this subject can be found in =-=[NS90]-=-. Consider the perhaps most widely used modern encryption algorithm DES. According to our definition, DES is the restriction of some common-key block cipher on \Sigma 56 \Theta \Sigma 64 . DES should ... |

2 |
A design principle for hash functions, Presented at Crypto'89
- Damgard
- 1989
(Show Context)
Citation Context ...s, respectively). In [Mer89] the former is called weakly and the latter strongly , one-way hash functions respectively. Naor and Yung gave a formal definition for UOH [NY89], and Damgard gave for CIH =-=[Dam89]-=-. The definition for UOH to be given below is from [ZMI90a] [ZMI90b] in which many other results, such as a construction for UOHs assuming the existence of one-way quasi-injections, are presented. Let... |

2 | Connections among several versions of one-way hash functions
- Zheng, Matsumoto, et al.
- 1990
(Show Context)
Citation Context ...wever, at the time when this paper was written, the best known result on the construction of (universal) one-way hash functions was based on the assumption of the existence of one-way quasiinjections =-=[ZMI90a]-=-. (See also [ZMI90b].) The aim of this research is to explore the intuition that there is a duality between pseudo-random string generators and one-way hash functions, and to apply techniques develope... |

1 |
Super-e cient, perfect random number generators
- Micali, Schnorr
- 1990
(Show Context)
Citation Context ...truction provides us a con guration for generating pseudo-random strings in parallel, when given polynomially many processors. This observation is the very basis of Micali and Schnorr's parallel PSGs =-=[MSc88]-=-. On the other hand, a parallel hashing method was considered in several papers suchas[WC81], [NY89] and [Dam89]. Dualitybetween these two methods is clear. Details are omitted here. 4 PSGs and UOHs f... |