Distinguishing Distributions Using Chernoff Information

  • Thomas Baignères
  • Pouyan Sepehrdad
  • Serge Vaudenay
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6402)


In this paper, we study the soundness amplification by repetition of cryptographic protocols. As a tool, we use the Chernoff Information. We specify the number of attempts or samples required to distinguish two distributions efficiently in various protocols. This includes weakly verifiable puzzles such as CAPTCHA-like challenge-response protocols, interactive arguments in sequential composition scenario and cryptanalysis of block ciphers. As our main contribution, we revisit computational soundness amplification by sequential repetition in the threshold case, i.e when completeness is not perfect. Moreover, we outline applications to the Leftover Hash Lemma and iterative attacks on block ciphers.


distinguishing distributions Chernoff Information proof systems block ciphers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ahn, L.V., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Baignères, T.: Quantitative Security of Block Ciphers: Designs and Cryptanalysis Tools. PhD thesis, EPFL (2008)Google Scholar
  3. 3.
    Barak, B., Goldreich, O.: Universal arguments and their applications. In: Electronic Colloquium on Computational Complexity (2001)Google Scholar
  4. 4.
    Bellare, M., Impagliazzo, R., Naor, M.: Does Parallel Repetition Lower the Error in Computationally Sound Protocols. In: Proceedings of the Thirty-Eighth Annual IEEE Symposium on Foundations of Computer Science, pp. 374–383 (1997)Google Scholar
  5. 5.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Blondeau, C., Gérard, B.: On the Data Complexity of Statistical Attacks Against Block Ciphers. In: Cryptology ePrint (2009)Google Scholar
  7. 7.
    Boneh, D.: The Decision Diffie-Hellman Problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Canetti, R., Halevi, S., Steiner, M.: Hardness Amplification of Weakly Verifiable Puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Chernoff, H.: Sequential Analysis and Optimal Design. CBMS-NSF Regional Conference Series in Applied Mathematics, vol. 8. SIAM, Philadelphia (1972)CrossRefzbMATHGoogle Scholar
  10. 10.
    Chor, B., Goldreich, O.: Unbiased bits from sources of weak randomness and probabilistic communication complexity. SIAM Journal on Computing 17(2), 230–261 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Chung, K., Vadhan, S.: Tight Bounds for Hashing Block Sources. In: Goel, A., Jansen, K., Rolim, J.D.P., Rubinfeld, R. (eds.) APPROX and RANDOM 2008. LNCS, vol. 5171, pp. 357–370. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley Series in Telecommunications. John Wiley & Sons, Chichester (1991)CrossRefzbMATHGoogle Scholar
  13. 13.
    Damgård, I., Pfitzmann, B.: Sequential Iteration of Interactive Arguments and an Efficient Zero-knowledge Argument for NP. Technical report, BRICS Report Series, Department of Computer Science, University of Aarhus (1997)Google Scholar
  14. 14.
    Feige, U., Verbitsky, O.: Error Reduction by Parallel Repetition - A Negative Result. Combinatorica 22, 461–478 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Goldreich, O.: Modern Cryptography, Probabilistic Proofs and Pseudo-randomness. Algorithms and Combinatorics. Springer, Heidelberg (1999)CrossRefzbMATHGoogle Scholar
  16. 16.
    Hoeffding, W.: Probability Inequalities for Sums of Bounded Random Variables. Journal of the American Statistical Association 58(301), 13–30 (1963)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Impagliazzo, R., Jaiswal, R., Kabanets, V.: Chernoff-Type Direct Product Theorems. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 500–516. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Impagliazzo, R., Jaiswal, R., Kabanets, V.: Chernoff-Type Direct Product Theorems. Journal of Cryptology 22(1), 75–92 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random Generation from One-way Functions. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 12–24. ACM Press, New York (1989)Google Scholar
  20. 20.
    Juta, C.S.: Almost Optimal Bounds for Direct Product Threshold Theorem. Technical report, ECCC (2010)Google Scholar
  21. 21.
    Jutla, C.S.: Almost Optimal Bounds for Direct Product Threshold Theorem. In: Theory of Cryptography Conference. Springer, Heidelberg (2010)Google Scholar
  22. 22.
    Kullback, S., Leibler, R.A.: On Information and Sufficiency. The Annals of Mathematical Statistics 22(1), 79–86 (1951)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Lai, X., Massey, J.L., Murphy, S.: Markov Ciphers and Differential Cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  24. 24.
    Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal of Computing 17, 373–386 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  26. 26.
    Mori, G., Malik, J.: Recognising Objects in Adversarial Clutter: Breaking a Visual CAPTCHA. In: IEEE Conference Compurt Vision and Pattern Recognition, pp. 134–141. IEEE CS Press, Los Alamitos (2003)Google Scholar
  27. 27.
    Pietrzak, K., Wikström, D.: Parallel Repetition of Computationally Sound Protocols Revisited. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 86–102. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Raz, R.: A parallel repetition theorem. SIAM Journal on Computing 27, 763–803 (1998)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Rényi, A.: On Measures of Information and Entropy. In: Proceedings of the 4th Berkeley Symposium on Mathematics, Statistics and Probability, pp. 547–561 (1960)Google Scholar
  30. 30.
    Yan, J., Salah, A.: CAPTCHA Security: A Case Study. Journal of IEEE Security and Privacy 7, 22–28 (2009)CrossRefGoogle Scholar
  31. 31.
    Zuckerman, D.: Simulating BPP using a general weak random source. Algorithmica 16(4-5), 367–391 (1996)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Thomas Baignères
    • 1
  • Pouyan Sepehrdad
    • 2
  • Serge Vaudenay
    • 2
  1. 1.CryptoExpertsParisFrance
  2. 2.EPFLSwitzerland

Personalised recommendations