TY - GEN
T1 - On the power of the randomized iterate
AU - Haitner, Iftach
AU - Harnik, Danny
AU - Reingold, Omer
PY - 2006
Y1 - 2006
N2 - We consider two of the most fundamental theorems in Cryptography. The first, due to Håstad et al. [HILL99], is that pseudorandom generators can be constructed from any one-way function. The second due to Yao [Yao82] states that the existence of weak one-way functions (i.e. functions on which every efficient algorithm fails to invert with some noticeable probability) implies the existence of full fledged one-way functions. These powerful plausibility results shape our understanding of hardness and randomness in Cryptography. Unfortunately, the reductions given in [HILL99, Yao82] are not as security preserving as one may desire. The main reason for the security deterioration is the input blow up in both of these constructions. For example, given one-way functions on n bits one obtains by [HILL99] pseudorandom generators with seed length Ω(n8). This paper revisits a technique that we call the Randomized Iterate, introduced by Goldreich, et. al. [GKL93]. This technique was used in [GKL93] to give a construction of pseudorandom generators from regular one-way functions. We simplify and strengthen this technique in order to obtain a similar reduction where the seed length of the resulting generators is as short as Ο(n log n) rather than Ω(n3) in [GKL93]. Our technique has the potential of implying seed-length Ο(n), and the only bottleneck for such a result is the parameters of current generators against space bounded computations. We give a reduction with similar parameters for security amplification of regular one-way functions. This improves upon the reduction of Goldreich et al. [GIL+90] in that the reduction does not need to know the regularity parameter of the functions (in terms of security, the two reductions are incomparable). Finally, we show that the randomized iterate may even be useful in the general context of [HILL99]. In Particular, we use the randomized iterate to replace the basic building block of the [HILL99] construction. Interestingly, this modification improves efficiency by an n 3 factor and reduces the seed length to Ο(n7) (which also implies improvement in the security of the construction).
AB - We consider two of the most fundamental theorems in Cryptography. The first, due to Håstad et al. [HILL99], is that pseudorandom generators can be constructed from any one-way function. The second due to Yao [Yao82] states that the existence of weak one-way functions (i.e. functions on which every efficient algorithm fails to invert with some noticeable probability) implies the existence of full fledged one-way functions. These powerful plausibility results shape our understanding of hardness and randomness in Cryptography. Unfortunately, the reductions given in [HILL99, Yao82] are not as security preserving as one may desire. The main reason for the security deterioration is the input blow up in both of these constructions. For example, given one-way functions on n bits one obtains by [HILL99] pseudorandom generators with seed length Ω(n8). This paper revisits a technique that we call the Randomized Iterate, introduced by Goldreich, et. al. [GKL93]. This technique was used in [GKL93] to give a construction of pseudorandom generators from regular one-way functions. We simplify and strengthen this technique in order to obtain a similar reduction where the seed length of the resulting generators is as short as Ο(n log n) rather than Ω(n3) in [GKL93]. Our technique has the potential of implying seed-length Ο(n), and the only bottleneck for such a result is the parameters of current generators against space bounded computations. We give a reduction with similar parameters for security amplification of regular one-way functions. This improves upon the reduction of Goldreich et al. [GIL+90] in that the reduction does not need to know the regularity parameter of the functions (in terms of security, the two reductions are incomparable). Finally, we show that the randomized iterate may even be useful in the general context of [HILL99]. In Particular, we use the randomized iterate to replace the basic building block of the [HILL99] construction. Interestingly, this modification improves efficiency by an n 3 factor and reduces the seed length to Ο(n7) (which also implies improvement in the security of the construction).
UR - http://www.scopus.com/inward/record.url?scp=33749559476&partnerID=8YFLogxK
U2 - 10.1007/11818175_2
DO - 10.1007/11818175_2
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:33749559476
SN - 3540374329
SN - 9783540374329
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 22
EP - 40
BT - Advances in Cryptology - CRYPTO 2006 - 26th Annual International Cryptology Conference, Proceedings
PB - Springer Verlag
T2 - 26th Annual International Cryptology Conference, CRYPTO 2006
Y2 - 20 August 2006 through 24 August 2006
ER -