Unified view for notions of bit security. (English) Zbl 07913477
Guo, Jian (ed.) et al., Advances in cryptology – ASIACRYPT 2023. 29th international conference on the theory and application of cryptology and information security, Guangzhou, China, December 4–8, 2023. Proceedings. Part VI. Singapore: Springer. Lect. Notes Comput. Sci. 14443, 361-389 (2023).
Summary: A theoretical framework of the bit security of cryptographic primitives/games was first introduced in a pioneering work by D. Micciancio and M. Walter [Lect. Notes Comput. Sci. 10820, 3–28 (2018; Zbl 1423.94090)], and an alternative framework was introduced by the authors [ibid. 13092, 161–188 (2021; Zbl 1514.94139)]. First, we observe that quantitative results in the latter framework are preserved even if adversaries are allowed to output the failure symbol. With this slight modification, we show that the notion of bit security in the latter framework is equivalent to that in the former framework up to constant bits. Also, we demonstrate that several existing notions of advantages can be captured in a unified way. Based on this equivalence, we show that the reduction algorithm of G. Hast [J. Cryptology 17, No. 3, 209–229 (2004; Zbl 1089.94019)] gives a tight reduction of the Goldreich-Levin hard-core predicate to the hardness of one-way functions. These two results resolved open problems that remained.
Furthermore, in the latter framework, we show that all games we need to care about are decision games. Namely, for every search game \(G\), there is the corresponding decision game \(G'\) such that \(G\) has \(\lambda \)-bit security if and only if \(G'\) has \(\lambda \)-bit security. The game \(G'\) consists of the real and the ideal games, where attacks in the ideal game are never approved. Such games often appear in game-hopping security proofs. The result justifies such security proofs because they lose no security. Finally, we provide a distribution replacement theorem. Suppose a game using distribution \(Q\) in a black-box manner is \(\lambda \)-bit secure, and two distributions \(P\) and \(Q\) are computationally \(\lambda \)-bit secure indistinguishable. In that case, the game where \(Q\) is replaced by \(P\) is also \(\lambda \)-bit secure.
For the entire collection see [Zbl 07831382].
Furthermore, in the latter framework, we show that all games we need to care about are decision games. Namely, for every search game \(G\), there is the corresponding decision game \(G'\) such that \(G\) has \(\lambda \)-bit security if and only if \(G'\) has \(\lambda \)-bit security. The game \(G'\) consists of the real and the ideal games, where attacks in the ideal game are never approved. Such games often appear in game-hopping security proofs. The result justifies such security proofs because they lose no security. Finally, we provide a distribution replacement theorem. Suppose a game using distribution \(Q\) in a black-box manner is \(\lambda \)-bit secure, and two distributions \(P\) and \(Q\) are computationally \(\lambda \)-bit secure indistinguishable. In that case, the game where \(Q\) is replaced by \(P\) is also \(\lambda \)-bit secure.
For the entire collection see [Zbl 07831382].
References:
| [1] | Alon, N.; Goldreich, O.; Hastad, J.; Peralta, R., Simple construction of almost \(k\)-wise independent random variables, Random Struct. Algor., 3, 3, 289-304, 1992 · Zbl 0755.60002 · doi:10.1002/rsa.3240030308 |
| [2] | Baignères, T.; Sepehrdad, P.; Vaudenay, S.; Heng, S-H; Kurosawa, K., Distinguishing distributions using Chernoff information, Provable Security, 144-165, 2010, Heidelberg: Springer, Heidelberg · Zbl 1286.94043 · doi:10.1007/978-3-642-16280-0_10 |
| [3] | Barak, B.; Rogaway, P., Leftover hash lemma, revisited, Advances in Cryptology - CRYPTO 2011, 1-20, 2011, Heidelberg: Springer, Heidelberg · Zbl 1287.94047 · doi:10.1007/978-3-642-22792-9_1 |
| [4] | Bellare, M.; Rogaway, P.; Vaudenay, S., The security of triple encryption and a framework for code-based game-playing proofs, Advances in Cryptology - EUROCRYPT 2006, 409-426, 2006, Heidelberg: Springer, Heidelberg · Zbl 1140.94321 · doi:10.1007/11761679_25 |
| [5] | Bennett, C.H., Brassard, G., Crépeau, C., Maurer, U.M.: Generalized privacy amplification. IEEE Trans. Inf. Theory 41(6), 1915-1923 (1995). doi:10.1109/18.476316 · Zbl 0856.94018 |
| [6] | Bennett, CH; Brassard, G.; Robert, J-M; Williams, HC, How to reduce your enemy’s information (extended abstract), Advances in Cryptology — CRYPTO ’85 Proceedings, 468-476, 1986, Heidelberg: Springer, Heidelberg · doi:10.1007/3-540-39799-X_37 |
| [7] | Chernoff, H., A measure of asymptotic efficiency for tests of a hypothesis based on the sum of observations, Ann. Math. Stat., 23, 4, 493-507, 1952 · Zbl 0048.11804 · doi:10.1214/aoms/1177729330 |
| [8] | Dodis, Y.; Steinberger, J.; Halevi, S., Message authentication codes from unpredictable block ciphers, Advances in Cryptology - CRYPTO 2009, 267-285, 2009, Heidelberg: Springer, Heidelberg · Zbl 1252.94058 · doi:10.1007/978-3-642-03356-8_16 |
| [9] | Goldreich, O.: The foundations of cryptography - volume 1: basic techniques. Cambridge University Press (2001). http://www.wisdom.weizmann.ac.il/ · Zbl 1007.94016 |
| [10] | Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: Johnson, D.S. (ed.) Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 25-32, 14-17 May 1989, Seattle, Washigton, USA. ACM (1989). doi:10.1145/73007.73010 |
| [11] | Goldwasser, S.; Tauman Kalai, Y.; Kushilevitz, E.; Malkin, T., Cryptographic assumptions: a position paper, Theory of Cryptography, 505-522, 2016, Heidelberg: Springer, Heidelberg · Zbl 1388.94056 · doi:10.1007/978-3-662-49096-9_21 |
| [12] | Götze, F.; Sambale, H.; Sinulis, A., Higher order concentration for functions of weakly dependent random variables, Electron. J. Probab., 24, 85, 1-19, 2019 · Zbl 1451.60027 |
| [13] | Hast, G., Nearly one-sided tests and the Goldreich-Levin predicate, J. Cryptol., 17, 209-229, 2004 · Zbl 1089.94019 · doi:10.1007/s00145-003-0141-4 |
| [14] | Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions (extended abstracts). In: Johnson, D.S. (ed.) Proceedings of the 21st Annual ACM Symposium on Theory of Computing, 14-17 May 1989, Seattle, Washigton, USA, pp. 12-24. ACM (1989). doi:10.1145/73007.73009 |
| [15] | Levin, L.A.: Randomness and non-determinism. J. Symbolic Logic 58(3), 1102-1103 (1993). doi:10.1137/S0895480197329508 |
| [16] | Micciancio, D.; Walter, M.; Nielsen, JB; Rijmen, V., On the bit security of cryptographic primitives, Advances in Cryptology - EUROCRYPT 2018, 3-28, 2018, Cham: Springer, Cham · Zbl 1423.94090 · doi:10.1007/978-3-319-78381-9_1 |
| [17] | Radhakrishnan, J., Ta-Shma, A.: Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM J. Discrete Math. 13(1), 2-24 (2000). doi:10.1137/S0895480197329508 · Zbl 1023.94025 |
| [18] | Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. IACR Cryptology ePrint Archive, p. 332 (2004). http://eprint.iacr.org/2004/332 |
| [19] | van Erven, T.; Harremoës, P., Rényi divergence and Kullback-Leibler divergence, IEEE Trans. Inform. Theory, 60, 7, 3797-3820, 2014 · Zbl 1360.94180 · doi:10.1109/TIT.2014.2320500 |
| [20] | Watanabe, S.; Yasunaga, K.; Tibouchi, M.; Wang, H., Bit security as computational cost for winning games with high probability, Advances in Cryptology - ASIACRYPT 2021, 161-188, 2021, Cham: Springer, Cham · Zbl 1514.94139 · doi:10.1007/978-3-030-92078-4_6 |
| [21] | Yasunaga, K.: Replacing probability distributions in security games via Hellinger distance. In: Tessaro, S., (ed.) 2nd Conference on Information-Theoretic Cryptography (ITC 2021), volume 199 of Leibniz International Proceedings in Informatics (LIPIcs), pp. 1-15, Dagstuhl, Germany (2021). Schloss Dagstuhl - Leibniz-Zentrum für Informatik. https://drops.dagstuhl.de/opus/volltexte/2021/14336. doi:10.4230/LIPIcs.ITC.2021.17 · Zbl 1517.94167 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
