Computational hardness. Feb 2 abhi shelat
|
|
|
- Randell Bond
- 5 years ago
- Views:
Transcription
1 L Computational hardness Feb 2 abhi shelat
2 Eve Alice Bob
3 Eve Alice Bob k Gen k
4 Eve Alice Bob c=enck(mi) k Gen k
5 Eve c Alice Bob c=enck(mi) k Gen k
6 Eve c Alice c=enck(mi) Bob m=deck(c) k Gen k
7 Eve c Alice c=enck(mi) Bob m=deck(c) k Gen k
8 c Eve Test if guess m1 if not. flip coin otherwise. analyze success:
9 c Eve Test if guess m1 if not. flip coin otherwise. analyze success:
10 c Eve Test if guess m1 if not. flip coin otherwise. analyze success:
11 c Eve Test if guess m1 if not. flip coin otherwise. analyze time:
12 c Eve Test if guess m1 if not. flip coin otherwise. analyze time: recall
13 c Eve Test if guess m1 if not. flip coin otherwise. analyze time: recall generic method takes time
14 EFFICIENT COMPUTATION AND EFFICIENT ADVERSARIES
15 WHAT IS AN ALGORITHM?
16 WHAT IS AN ALGORITHM? Turing machine
17 WHAT IS AN ALGORITHM? input tape Turing machine output tape work tape
18 WHAT IS AN ALGORITHM? input tape Turing machine output tape work tape running time is T(n) if machine always halts after at most T(n) steps on input of size n.
19 WHAT IS AN ALGORITHM? input tape Turing machine output tape work tape
20 WHAT IS AN ALGORITHM? input tape Turing machine output tape computes function f(x) if... work tape
21 RANDOMIZED ALGORITHM... input tape Turing machine output tape work tape
22 RANDOMIZED ALGORITHM... input tape Turing machine output tape work tape computes function f(x) if machine always halts with output f(x) on input of x.
23 RANDOMIZED ALGORITHM... input tape Turing machine output tape work tape p.p.t. algorithm probabilistic polynomial time
24 EXAMPLES
25 EXAMPLES Problems solvable by a p.p.t. machine:
26 EXAMPLES Problems solvable by a p.p.t. machine: Problems not known to be solvable by a p.p.t. machine:
27 HOW WE MODEL ADVERSARIES Turing machine 1 machine for all inputs
28 SORTING COMPETITION Quicksort machine
29 HOW WE MODEL ADVERSARIES Turing machine 1 machine for all inputs
30 HOW WE MODEL ADVERSARIES Turing machine Turing machine 1 machine for all inputs
31 HOW WE MODEL ADVERSARIES Turing machine Turing machine 1 machine for all inputs as inputs grow machine grows
32 HOW WE MODEL ADVERSARIES Turing machine Turing machine 1 machine for all inputs as inputs grow machine grows
33 HOW WE MODEL ADVERSARIES Turing machine Turing machine 1 machine for all inputs as inputs grow machine grows
34 NON-UNIFORM P.P.T.... input tape Turing machine output tape work tape for each input len n, adversary has a special Turing machine M n of size poly(n)
35 ALGORITHMS ADVERSARIES Turing machine Turing machine p.p.t. non-uniform p.p.t.
36 KEY PROPERTY OF ENC easy hard
37 WORST-CASE ONE WAY FUNC
38 CRITIQUE OF WORST-CASE
39 NEGLIGIBLE FUNCTION
40 NEGLIGIBLE FUNCTION Definition A function ε(n) is negligible if for every c, there exists some k 0 such that for all k 0 < k, (k) 1 k. Intuitively, a negligible function is c asymptotically smaller than the inverse of any fixed polynomial
41 NEGLIGIBLE FUNCTION Definition A function ε(n) is negligible if for every c, there exists some k 0 such that for all k 0 < k, (k) 1 k. Intuitively, a negligible function is c asymptotically smaller than the inverse of any fixed polynomial
42 NEGLIGIBLE FUNCTION Definition A function ε(n) is negligible if for every c, there exists some k 0 such that for all k 0 < k, (k) 1 k. Intuitively, a negligible function is c asymptotically smaller than the inverse of any fixed polynomial
43 NON-NEGLIGIBLE? Definition A function ε(n) is negligible if for every c, there exists some k 0 such that for all k 0 < k, (k) 1 k. Intuitively, a negligible function is c asymptotically smaller than the inverse of any fixed polynomial.
44 STRONG O.W.F.
45 STRONG O.W.F.
46 STRONG O.W.F.
47 STRONG O.W.F.
48 WEAK O.W.F.
49 DIAGRAM
50 WEAK OWF -> STRONG OWF
51 EXAMPLE MULT
52 Π n =
53 FACTORING ASSUMPTION
54 IS FMULT WEAK OWF?
55 NUMBER OF PRIMES there are certainly infinitely many # of primes < x
56 THM:
a Course in Cryptography rafael pass abhi shelat
a Course in Cryptography rafael pass abhi shelat LECTURE NOTES 2007 c 2007 Pass/shelat All rights reserved Printed online 11 11 11 11 11 15 14 13 12 11 10 9 First edition: June 2007 Contents Contents List
Lecture 17: Constructions of Public-Key Encryption
COM S 687 Introduction to Cryptography October 24, 2006 Lecture 17: Constructions of Public-Key Encryption Instructor: Rafael Pass Scribe: Muthu 1 Secure Public-Key Encryption In the previous lecture,
Lecture 5: Pseudo-Random Generators and Pseudo-Random Functions
CS 276 Cryptography Sept 22, 2014 Lecture 5: Pseudo-Random Generators and Pseudo-Random Functions Instructor: Sanjam Garg Scribe: Peihan Miao 1 PRG (Pseudo-Random Generator) extension In this section we
Scribe for Lecture #5
CSA E0 235: Cryptography 28 January 2016 Scribe for Lecture #5 Instructor: Dr. Arpita Patra Submitted by: Nidhi Rathi 1 Pseudo-randomness and PRG s We saw that computational security introduces two relaxations
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky Lecture 4 Lecture date: January 26, 2005 Scribe: Paul Ray, Mike Welch, Fernando Pereira 1 Private Key Encryption Consider a game between
Lecture 4: Computationally secure cryptography
CS 7880 Graduate Cryptography September 18, 017 Lecture 4: Computationally secure cryptography Lecturer: Daniel Wichs Scribe: Lucianna Kiffer 1 Topic Covered ε-security Computationally secure cryptography
Homework 7 Solutions
Homework 7 Solutions Due: March 22, 2018 CS 151: Intro. to Cryptography and Computer Security 1 Fun with PRFs a. F a s = F 0 k(x) F s (x) is not a PRF, for any choice of F. Consider a distinguisher D a
Computational Hardness
Chapter 2 Computational Hardness 2.1 Efficient Computation and Efficient Adversaries We start by formalizing what it means to compute a function. Definition 19.1 (Algorithm). An algorithm is a deterministic
Pr[C = c M = m] = Pr[C = c] Pr[M = m] Pr[M = m C = c] = Pr[M = m]
![Pr[C = c M = m] = Pr[C = c] Pr[M = m] Pr[M = m C = c] = Pr[M = m]](/thumbs/80/81622309.jpg "Pr[C = c M = m] = Pr[C = c] Pr[M = m] Pr[M = m C = c] = Pr[M = m]")
Midterm Review Sheet The definition of a private-key encryption scheme. It s a tuple Π = ((K n,m n,c n ) n=1,gen,enc,dec) where - for each n N, K n,m n,c n are sets of bitstrings; [for a given value of
Generic Case Complexity and One-Way Functions
Groups-Complexity-Cryptology Volume 1 2009), No. 1, 13 31 Generic Case Complexity and One-Way Functions Alex D. Myasnikov Department of Mathematical Sciences, Stevens Institute of Technology, Hoboken,
Introduction to Cryptography
B504 / I538: Introduction to Cryptography Spring 2017 Lecture 3 Assignment 0 is due today; Assignment 1 is out and is due in 2 weeks! 1 Review: Asymptotic notation Oh and Omega, Oh my! Defⁿ: Let f:n R
Public-Key Cryptography. Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange
Public-Key Cryptography Lecture 9 Public-Key Encryption Diffie-Hellman Key-Exchange Shared/Symmetric-Key Encryption (a.k.a. private-key encryption) SKE: Syntax KeyGen outputs K K E scheme E Syntax a.k.a.
Lecture 13: Private Key Encryption
COM S 687 Introduction to Cryptography October 05, 2006 Instructor: Rafael Pass Lecture 13: Private Key Encryption Scribe: Ashwin Machanavajjhala Till this point in the course we have learnt how to define
Indistinguishability and Pseudo-Randomness
Chapter 3 Indistinguishability and Pseudo-Randomness Recall that one main drawback of the One-time pad encryption scheme and its simple encryption operation Enc k (m) = m k is that the key k needs to be
Lecture 24: Randomized Complexity, Course Summary
6.045 Lecture 24: Randomized Complexity, Course Summary 1 1/4 1/16 1/4 1/4 1/32 1/16 1/32 Probabilistic TMs 1/16 A probabilistic TM M is a nondeterministic TM where: Each nondeterministic step is called
CS294: Pseudorandomness and Combinatorial Constructions September 13, Notes for Lecture 5
UC Berkeley Handout N5 CS94: Pseudorandomness and Combinatorial Constructions September 3, 005 Professor Luca Trevisan Scribe: Gatis Midrijanis Notes for Lecture 5 In the few lectures we are going to look
Computer Sciences Department
Computer Sciences Department 1 Reference Book: INTRODUCTION TO THE THEORY OF COMPUTATION, SECOND EDITION, by: MICHAEL SIPSER Computer Sciences Department 3 ADVANCED TOPICS IN C O M P U T A B I L I T Y
COMS W4995 Introduction to Cryptography October 12, Lecture 12: RSA, and a summary of One Way Function Candidates.
COMS W4995 Introduction to Cryptography October 12, 2005 Lecture 12: RSA, and a summary of One Way Function Candidates. Lecturer: Tal Malkin Scribes: Justin Cranshaw and Mike Verbalis 1 Introduction In
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 7
CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 7 Lecture date: Monday, 28 February, 2005 Scribe: M.Chov, K.Leung, J.Salomone 1 Oneway Trapdoor Permutations Recall that a
Turing Machines and Time Complexity
Turing Machines and Time Complexity Turing Machines Turing Machines (Infinitely long) Tape of 1 s and 0 s Turing Machines (Infinitely long) Tape of 1 s and 0 s Able to read and write the tape, and move
Computational security & Private key encryption
Computational security & Private key encryption Emma Arfelt Stud. BSc. Software Development Frederik Madsen Stud. MSc. Software Development March 2017 Recap Perfect Secrecy Perfect indistinguishability
CSE 105 THEORY OF COMPUTATION
CSE 105 THEORY OF COMPUTATION "Winter" 2018 http://cseweb.ucsd.edu/classes/wi18/cse105-ab/ Today's learning goals Sipser Ch 7 Distinguish between computability and complexity Articulate motivation questions
Time Complexity. CS60001: Foundations of Computing Science
Time Complexity CS60001: Foundations of Computing Science Professor, Dept. of Computer Sc. & Engg., Measuring Complexity Definition Let M be a deterministic Turing machine that halts on all inputs. The
Theory of Computation
Theory of Computation Dr. Sarmad Abbasi Dr. Sarmad Abbasi () Theory of Computation 1 / 33 Lecture 20: Overview Incompressible strings Minimal Length Descriptions Descriptive Complexity Dr. Sarmad Abbasi
Lecture 7: Pseudo Random Generators
Introduction to ryptography 02/06/2018 Lecture 7: Pseudo Random Generators Instructor: Vipul Goyal Scribe: Eipe Koshy 1 Introduction Randomness is very important in modern computational systems. For example,
Lecture 18: Message Authentication Codes & Digital Signa
Lecture 18: Message Authentication Codes & Digital Signatures MACs and Signatures Both are used to assert that a message has indeed been generated by a party MAC is the private-key version and Signatures
An Epistemic Characterization of Zero Knowledge
An Epistemic Characterization of Zero Knowledge Joseph Y. Halpern, Rafael Pass, and Vasumathi Raman Computer Science Department Cornell University Ithaca, NY, 14853, U.S.A. e-mail: {halpern, rafael, vraman}@cs.cornell.edu
6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch
6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch Today Probabilistic Turing Machines and Probabilistic Time Complexity Classes Now add a new capability to standard TMs: random
Tractability. Some problems are intractable: as they grow large, we are unable to solve them in reasonable time What constitutes reasonable time?
Tractability Some problems are intractable: as they grow large, we are unable to solve them in reasonable time What constitutes reasonable time?» Standard working definition: polynomial time» On an input
Lecture 11: Key Agreement
Introduction to Cryptography 02/22/2018 Lecture 11: Key Agreement Instructor: Vipul Goyal Scribe: Francisco Maturana 1 Hardness Assumptions In order to prove the security of cryptographic primitives, we
III. Pseudorandom functions & encryption
III. Pseudorandom functions & encryption Eavesdropping attacks not satisfactory security model - no security for multiple encryptions - does not cover practical attacks new and stronger security notion:
CS Communication Complexity: Applications and New Directions
CS 2429 - Communication Complexity: Applications and New Directions Lecturer: Toniann Pitassi 1 Introduction In this course we will define the basic two-party model of communication, as introduced in the
Lecture 15: Interactive Proofs
COM S 6830 Cryptography Tuesday, October 20, 2009 Instructor: Rafael Pass Lecture 15: Interactive Proofs Scribe: Chin Isradisaikul In this lecture we discuss a new kind of proofs that involves interaction
Foundation of Cryptography ( ), Lecture 1
Foundation of Cryptography (0368-4162-01), Lecture 1 Iftach Haitner, Tel Aviv University November 1-8, 2011 Section 1 Notation Notation I For t N, let [t] := {1,..., t}. Given a string x {0, 1} and 0 i
Lecture 7: CPA Security, MACs, OWFs
CS 7810 Graduate Cryptography September 27, 2017 Lecturer: Daniel Wichs Lecture 7: CPA Security, MACs, OWFs Scribe: Eysa Lee 1 Topic Covered Chosen Plaintext Attack (CPA) MACs One Way Functions (OWFs)
An Epistemic Characterization of Zero Knowledge
An Epistemic Characterization of Zero Knowledge Joseph Y. Halpern, Rafael Pass, and Vasumathi Raman Computer Science Department Cornell University Ithaca, NY, 14853, U.S.A. e-mail: {halpern, rafael, vraman}@cs.cornell.edu
Authentication. Chapter Message Authentication
Chapter 5 Authentication 5.1 Message Authentication Suppose Bob receives a message addressed from Alice. How does Bob ensure that the message received is the same as the message sent by Alice? For example,
Umans Complexity Theory Lectures
Umans Complexity Theory Lectures Lecture 8: Introduction to Randomized Complexity: - Randomized complexity classes, - Error reduction, - in P/poly - Reingold s Undirected Graph Reachability in RL Randomized
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 23 (rev. 1) Professor M. J. Fischer November 29, 2005 1 Oblivious Transfer Lecture Notes 23 In the locked
Learning to Impersonate
Learning to Impersonate Moni Naor Guy N. Rothblum Abstract Consider Alice, who is interacting with Bob. Alice and Bob have some shared secret which helps Alice identify Bob-impersonators. Now consider
CS 395T. Probabilistic Polynomial-Time Calculus
CS 395T Probabilistic Polynomial-Time Calculus Security as Equivalence Intuition: encryption scheme is secure if ciphertext is indistinguishable from random noise Intuition: protocol is secure if it is
Computational complexity
COMS11700 Computational complexity Department of Computer Science, University of Bristol Bristol, UK 2 May 2014 COMS11700: Computational complexity Slide 1/23 Introduction If we can prove that a language
CS3719 Theory of Computation and Algorithms
CS3719 Theory of Computation and Algorithms Any mechanically (automatically) discretely computation of problem solving contains at least three components: - problem description - computational tool - analysis
Lecture 2: From Classical to Quantum Model of Computation
CS 880: Quantum Information Processing 9/7/10 Lecture : From Classical to Quantum Model of Computation Instructor: Dieter van Melkebeek Scribe: Tyson Williams Last class we introduced two models for deterministic
Modern symmetric-key Encryption
Modern symmetric-key Encryption Citation I would like to thank Claude Crepeau for allowing me to use his slide from his crypto course to mount my course. Some of these slides are taken directly from his
Intro to Theory of Computation
Intro to Theory of Computation LECTURE 22 Last time Review Today: Finish recursion theorem Complexity theory Exam 2 solutions out Homework 9 out Sofya Raskhodnikova L22.1 I-clicker question (frequency:
Lecture Examples of problems which have randomized algorithms
6.841 Advanced Complexity Theory March 9, 2009 Lecture 10 Lecturer: Madhu Sudan Scribe: Asilata Bapat Meeting to talk about final projects on Wednesday, 11 March 2009, from 5pm to 7pm. Location: TBA. Includes
Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle
CS 7880 Graduate Cryptography October 20, 2015 Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle Lecturer: Daniel Wichs Scribe: Tanay Mehta 1 Topics Covered Review Collision-Resistant Hash Functions
CSA E0 235: Cryptography March 16, (Extra) Lecture 3
CSA E0 235: Cryptography March 16, 2015 Instructor: Arpita Patra (Extra) Lecture 3 Submitted by: Ajith S 1 Chosen Plaintext Attack A chosen-plaintext attack (CPA) is an attack model for cryptanalysis which
Cryptography CS 555. Topic 4: Computational Security
Cryptography CS 555 Topic 4: Computational Security 1 Recap Perfect Secrecy, One-time-Pads Theorem: If (Gen,Enc,Dec) is a perfectly secret encryption scheme then KK M 2 What if we want to send a longer
CS154, Lecture 17: conp, Oracles again, Space Complexity
CS154, Lecture 17: conp, Oracles again, Space Complexity Definition: conp = { L L NP } What does a conp computation look like? In NP algorithms, we can use a guess instruction in pseudocode: Guess string
Lecture 5, CPA Secure Encryption from PRFs
CS 4501-6501 Topics in Cryptography 16 Feb 2018 Lecture 5, CPA Secure Encryption from PRFs Lecturer: Mohammad Mahmoody Scribe: J. Fu, D. Anderson, W. Chao, and Y. Yu 1 Review Ralling: CPA Security and
20.1 2SAT. CS125 Lecture 20 Fall 2016
CS125 Lecture 20 Fall 2016 20.1 2SAT We show yet another possible way to solve the 2SAT problem. Recall that the input to 2SAT is a logical expression that is the conunction (AND) of a set of clauses,
CS6901: review of Theory of Computation and Algorithms
CS6901: review of Theory of Computation and Algorithms Any mechanically (automatically) discretely computation of problem solving contains at least three components: - problem description - computational
PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY
PERFECT SECRECY AND ADVERSARIAL INDISTINGUISHABILITY BURTON ROSENBERG UNIVERSITY OF MIAMI Contents 1. Perfect Secrecy 1 1.1. A Perfectly Secret Cipher 2 1.2. Odds Ratio and Bias 3 1.3. Conditions for Perfect
Modern Cryptography Lecture 4
Modern Cryptography Lecture 4 Pseudorandom Functions Block-Ciphers Modes of Operation Chosen-Ciphertext Security 1 October 30th, 2018 2 Webpage Page for first part, Homeworks, Slides http://pub.ist.ac.at/crypto/moderncrypto18.html
CPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 10 February 19, 2013 CPSC 467b, Lecture 10 1/45 Primality Tests Strong primality tests Weak tests of compositeness Reformulation
-bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE ATIME QSAT, GEOGRAPHY, SUCCINCT REACH.
CMPSCI 601: Recall From Last Time Lecture 26 Theorem: All CFL s are in sac. Facts: ITADD, MULT, ITMULT and DIVISION on -bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE
Reductions for One-Way Functions
Reductions for One-Way Functions by Mark Liu A thesis submitted in partial fulfillment of the requirements for degree of Bachelor of Science (Honors Computer Science) from The University of Michigan 2013
Introduction to Cryptography
B504 / I538: Introduction to Cryptography Spring 2017 Lecture 15 Assignment 3 is due! Assignment 4 is out and is due in three weeks! 1 Recall: One-way functions (OWFs) Intuitively, a one-way function (OWF)
CSCI 2200 Foundations of Computer Science Spring 2018 Quiz 3 (May 2, 2018) SOLUTIONS
CSCI 2200 Foundations of Computer Science Spring 2018 Quiz 3 (May 2, 2018) SOLUTIONS 1. [6 POINTS] For language L 1 = {0 n 1 m n, m 1, m n}, which string is in L 1? ANSWER: 0001111 is in L 1 (with n =
CPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 15 October 25, 2017 CPSC 467, Lecture 15 1/31 Primitive Roots Properties of primitive roots Lucas test Special form primes Functions
Definition: conp = { L L NP } What does a conp computation look like?
Space Complexity 28 Definition: conp = { L L NP } What does a conp computation look like? In NP algorithms, we can use a guess instruction in pseudocode: Guess string y of x k length and the machine accepts
Lecture 30: Hybrid Encryption and Prime Number Generation. Hybrid Encryption & Primes
Lecture 30: Hybrid Encryption and Prime Number Generation Recall: ElGamal Encryption I We begin by recalling the ElGamal Public-key Encryption Recall that to describe a private-key encryption scheme we
Harvard CS 121 and CSCI E-121 Lecture 20: Polynomial Time
Harvard CS 121 and CSCI E-121 Lecture 20: Polynomial Time Harry Lewis November 12, 20123 Review of Asymptotic Notation For f, g : N R + f = O(g): c > 0 s.t. f(n) c g(n) for all sufficiently large n. f
ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange
ENEE 457: Computer Systems Security 10/3/16 Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
CPA-Security. Definition: A private-key encryption scheme
CPA-Security The CPA Indistinguishability Experiment PrivK cpa A,Π n : 1. A key k is generated by running Gen 1 n. 2. The adversary A is given input 1 n and oracle access to Enc k, and outputs a pair of
COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Last Time Hardcore Bits Hardcore Bits Let F be a one- way function with domain x, range y Definition: A function h:xà {0,1} is
Review of unsolvability
Review of unsolvability L L H To prove unsolvability: show a reduction. To prove solvability: show an algorithm. Unsolvable problems (main insight) Turing machine (algorithm) properties Pattern matching
Intractable Problems [HMU06,Chp.10a]
![Intractable Problems [HMU06,Chp.10a]](/thumbs/89/100203097.jpg "Intractable Problems [HMU06,Chp.10a]")
Intractable Problems [HMU06,Chp.10a] Time-Bounded Turing Machines Classes P and NP Polynomial-Time Reductions A 10 Minute Motivation https://www.youtube.com/watch?v=yx40hbahx3s 1 Time-Bounded TM s A Turing
Computational Complexity
p. 1/24 Computational Complexity The most sharp distinction in the theory of computation is between computable and noncomputable functions; that is, between possible and impossible. From the example of
CPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 14 October 16, 2013 CPSC 467, Lecture 14 1/45 Message Digest / Cryptographic Hash Functions Hash Function Constructions Extending
Concurrent Non-malleable Commitments from any One-way Function
Concurrent Non-malleable Commitments from any One-way Function Margarita Vald Tel-Aviv University 1 / 67 Outline Non-Malleable Commitments Problem Presentation Overview DDN - First NMC Protocol Concurrent
Semantic Security and Indistinguishability in the Quantum World
Semantic Security and Indistinguishability in the Quantum World Tommaso Gagliardoni 1, Andreas Hülsing 2, Christian Schaffner 3 1 IBM Research, Swiss; TU Darmstadt, Germany 2 TU Eindhoven, The Netherlands
A Note on Negligible Functions
Appears in Journal of Cryptology Vol. 15, 2002, pp. 271 284. Earlier version was Technical Report CS97-529, Department of Computer Science and Engineering, University of California at San Diego, March
Randomness. What next?
Randomness What next? Random Walk Attribution These slides were prepared for the New Jersey Governor s School course The Math Behind the Machine taught in the summer of 2012 by Grant Schoenebeck Large
THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY
THE RANK METHOD AND APPLICATIONS TO POST- QUANTUM CRYPTOGRAPHY Mark Zhandry - Stanford University Joint work with Dan Boneh Classical Cryptography Post-Quantum Cryptography All communication stays classical
CSCE 551 Final Exam, Spring 2004 Answer Key
CSCE 551 Final Exam, Spring 2004 Answer Key 1. (10 points) Using any method you like (including intuition), give the unique minimal DFA equivalent to the following NFA: 0 1 2 0 5 1 3 4 If your answer is
Solutions for week 1, Cryptography Course - TDA 352/DIT 250
Solutions for week, Cryptography Course - TDA 352/DIT 250 In this weekly exercise sheet: you will use some historical ciphers, the OTP, the definition of semantic security and some combinatorial problems.
COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2018 Identification Identification Non- Repudiation Consider signature- based C- R sk ch=r res = Sig(vk,ch) Bob can prove to police
conp, Oracles, Space Complexity
conp, Oracles, Space Complexity 1 What s next? A few possibilities CS161 Design and Analysis of Algorithms CS254 Complexity Theory (next year) CS354 Topics in Circuit Complexity For your favorite course
CSE 105 THEORY OF COMPUTATION
CSE 105 THEORY OF COMPUTATION Fall 2016 http://cseweb.ucsd.edu/classes/fa16/cse105-abc/ Logistics HW7 due tonight Thursday's class: REVIEW Final exam on Thursday Dec 8, 8am-11am, LEDDN AUD Note card allowed
Cryptography: The Landscape, Fundamental Primitives, and Security. David Brumley Carnegie Mellon University
Cryptography: The Landscape, Fundamental Primitives, and Security David Brumley dbrumley@cmu.edu Carnegie Mellon University The Landscape Jargon in Cryptography 2 Good News: OTP has perfect secrecy Thm:
Friday Four Square! Today at 4:15PM, Outside Gates
P and NP Friday Four Square! Today at 4:15PM, Outside Gates Recap from Last Time Regular Languages DCFLs CFLs Efficiently Decidable Languages R Undecidable Languages Time Complexity A step of a Turing
CSCI 1590 Intro to Computational Complexity
CSCI 1590 Intro to Computational Complexity Randomized Computation John E. Savage Brown University April 15, 2009 John E. Savage (Brown University) CSCI 1590 Intro to Computational Complexity April 15,
Pseudorandom Generators
8 Pseudorandom Generators Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 andomness is one of the fundamental computational resources and appears everywhere. In computer science,
COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory
COMS W4995 Introduction to Cryptography September 29, 2005 Lecture 8: Number Theory Lecturer: Tal Malkin Scribes: Elli Androulaki, Mohit Vazirani Summary This lecture focuses on some basic Number Theory.
1 Distributional problems
CSCI 5170: Computational Complexity Lecture 6 The Chinese University of Hong Kong, Spring 2016 23 February 2016 The theory of NP-completeness has been applied to explain why brute-force search is essentially
Lecture 16: Time Complexity and P vs NP
6.045 Lecture 16: Time Complexity and P vs NP 1 Time-Bounded Complexity Classes Definition: TIME(t(n)) = { L there is a Turing machine M with time complexity O(t(n)) so that L = L(M) } = { L L is a language
Privacy and Computer Science (ECI 2015) Day 4 - Zero Knowledge Proofs Mathematics
Privacy and Computer Science (ECI 2015) Day 4 - Zero Knowledge Proofs Mathematics F. Prost Frederic.Prost@ens-lyon.fr Ecole Normale Supérieure de Lyon July 2015 F. Prost Frederic.Prost@ens-lyon.fr (Ecole
Randomized Complexity Classes; RP
Randomized Complexity Classes; RP Let N be a polynomial-time precise NTM that runs in time p(n) and has 2 nondeterministic choices at each step. N is a polynomial Monte Carlo Turing machine for a language
Zero-Knowledge Proofs and Protocols
Seminar: Algorithms of IT Security and Cryptography Zero-Knowledge Proofs and Protocols Nikolay Vyahhi June 8, 2005 Abstract A proof is whatever convinces me. Shimon Even, 1978. Zero-knowledge proof is
Lecture 15 & 16: Trapdoor Permutations, RSA, Signatures
CS 7810 Graduate Cryptography October 30, 2017 Lecture 15 & 16: Trapdoor Permutations, RSA, Signatures Lecturer: Daniel Wichs Scribe: Willy Quach & Giorgos Zirdelis 1 Topic Covered. Trapdoor Permutations.
Lecture 3: Interactive Proofs and Zero-Knowledge
CS 355 Topics in Cryptography April 9, 2018 Lecture 3: Interactive Proofs and Zero-Knowledge Instructors: Henry Corrigan-Gibbs, Sam Kim, David J. Wu So far in the class, we have only covered basic cryptographic
Constructing secure MACs Message authentication in action. Table of contents
Constructing secure MACs Message authentication in action Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents From last time Recall the definition of message
6.892 Computing on Encrypted Data September 16, Lecture 2
6.89 Computing on Encrypted Data September 16, 013 Lecture Lecturer: Vinod Vaikuntanathan Scribe: Britt Cyr In this lecture, we will define the learning with errors (LWE) problem, show an euivalence between
NP, polynomial-time mapping reductions, and NP-completeness
NP, polynomial-time mapping reductions, and NP-completeness In the previous lecture we discussed deterministic time complexity, along with the time-hierarchy theorem, and introduced two complexity classes:
U.C. Berkeley CS278: Computational Complexity Professor Luca Trevisan 9/6/2004. Notes for Lecture 3
U.C. Berkeley CS278: Computational Complexity Handout N3 Professor Luca Trevisan 9/6/2004 Notes for Lecture 3 Revised 10/6/04 1 Space-Bounded Complexity Classes A machine solves a problem using space s(
CS6902 Theory of Computation and Algorithms
CS6902 Theory of Computation and Algorithms Any mechanically (automatically) discretely computation of problem solving contains at least three components: - problem description - computational tool - procedure/analysis
the Bounded Player Model Vipul Goyal Microsoft Research, India Abhishek Jain MIT and Boston University Rafail Ostrovsky UCLA Silas Richelson UCLA
Concurrent Zero Knowledge in the Bounded Player Model Vipul Goyal Microsoft Research, India Abhishek Jain MIT and Boston University Rafail Ostrovsky UCLA Silas Richelson UCLA IvanVisconti University of