# On bit correlations among preimages of “Many to one” One-way functions

A new approach to study on randomness and hardness of one-way functions

Conference paper

First Online:

## Abstract

This paper presents a new measure of the complexity of *many to one* functions. We study bit correlations among the preimages of an element of the range of many to one one-way functions. Especially, we investigate the correlation among the least significant bit of the preimages of 2 to 1 one-way functions based on algebraic problems such as the factorization and the discrete logarithm.

## Preview

Unable to display preview. Download preview PDF.

## References

- [ACGS88]Alexi,W., Chor,B., Goldreich,O., and Schnorr, C.P., “RSA and Rabin functions: Certain Parts are as Hard as the Whole,”
*SIAM J. on Computing*, Vol.17, No.2, pp.194–209 (April 1988).Google Scholar - [Ba84]Bach, E., “Discrete Logarithms and Factoring,”
*Report No. UCB/CSD 84/186*, Univ. of California (1984).Google Scholar - [BCC88]Brassard, G., Chaum, D., and Crépeau, C., “Minimum Disclosure Proofs of Knowledge,”
*Journal of Computer and System Sciences*, Vol.37, No.2, pp.156–189 (1988).Google Scholar - [BCS83]Ben-Or, M., Chor, B., and Shamir, A., “On the cryptographic security of single RSA bits,”
*Proceedings of the 15th Annual ACM Symposium on Theory of Computing*, pp.421–430 (1983).Google Scholar - [BFM88]Blum, M., Feldman,P., and Micali, S., “Non-interactive zero-knowledge and its applications,”
*Proceedings of the 20th Annual ACM Symposium on Theory of Computing*, pp.103–112 (1988).Google Scholar - [B182]Blum, M., “Coin Flipping by Telephone,”
*IEEE Spring COMPCOM*(1982).Google Scholar - [BM84]Blum, M., and Micali, S., “How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits,”
*SIAM J. on Computing*, Vol.13, pp.850–864 (1984).Google Scholar - [CGG86]Chor, B., Goldreich, O., and Goldwasser, S., “The bit security of modular squaring given partial factorization of the modulus,”
*Proceedings of CRYPTO'85*, Lecture Notes in Computer Science 218, pp.448–457, Springer-Verlag, Berlin (1986).Google Scholar - [Da87]Damgård,I.B., “Collision Free Hash Functions and Public Key Signature Scheme,”
*Proceedings of EUROCRYPT87*, Lecture Notes in Computer Science 304, Springer-Verlag, pp.203–216, Berlin (1988).Google Scholar - [FLS90]Feige, U., Lapidot, D., and Shamir A., “Multiple Non-Interactive Zero-Knowledge Proofs Based on a Single Random String,”
*Proceedings of the 31st Annual Symposium on Foundations of Computer Science*, pp.308–318 (1990).Google Scholar - [GKL88]Goldreich, O., Krawczyk, H. and Luby, M., “On the Existence of Pseudorandom Generator,”
*Proceedings of the 29st Annual Symposium on Foundations of Computer Science*, pp.12–24 (1988).Google Scholar - [GMT82]Goldwasser, S., Micali, S., and Tong, P., “Why and how to establish a private code on a public network,”
*Proceedings of the 23st Annual Symposium on Foundations of Computer Science*, pp.134–144 (1982).Google Scholar - [GMR88]Goldwasser, S., Micali, S., and Rivest, L., “A digital signature scheme against adaptive chosen-message attack,”
*SIAM J. on Computing*, Vol.17, No.2, pp.281–308 (April 1988).Google Scholar - [GL89]Goldreich.O., and Levin, L.A., “A Hard-Core Predicate for all One-Way Functions,”
*Proceedings of the 21th Annual ACM Symposium on Theory of Computing*, pp.25–32 (May 1989).Google Scholar - [GO92]Goldwasser, S. and Ostrovsky, R. “Non-Interactive Zero-Knowledge Proofs and Invariant Signature are Equivalent,” Preproceedings of CRYPTO'92 (1992).Google Scholar
- [Ha90]Håstad, J., “Pseudo-Random Generator under Uniform Assumptions,”
*Proceedings of the 22th Annual ACM Symposium on Theory of Computing*, pp.12–24 (May 1990).Google Scholar - [ILL89]Impagliazzo, R., Levin, L.A., and Luby, M., “Pseudo-random generation from one-way functions,”
*Proceedings of the 21th Annual ACM Symposium on Theory of Computing*, pp.12–24 (May 1989).Google Scholar - [KOT90]Kurosawa, K., Ogata, W., and Tsujii, S., “4 Move ZKIP,”
*IEICE Technical Report*, Vol.90, No.125, pp.63–69 (July 1990).Google Scholar - [KOSIT90]Kurosawa, K., Ogata, W., Sakurai, K., Itoh, T., and Tsujii, S., “4-move zero-knowledge interactive proof systems,”
*IEICE Technical Report*, Vol.90, No.365, pp.7–10 (Dec. 1990).Google Scholar - [Kra86]Kranakis, E., “Primality and cryptography,” Wiley-Teubner Series in Computer Science (1986).Google Scholar
- [Mi76]Miller, G., “Riemann's Hypothesis and Test for Primality,”
*Journal of Computer and System Sciences*, Vol.13, pp.300–317 (1976).Google Scholar - [Na90]Naor,M., “Bit Commitments using Pseudo-Randomness,”
*Proceedings of CRYPTO'89*, Lecture Notes in Computer Science 435, pp.128–136, Springer-Verlag, Berlin (1990).Google Scholar - [NY89]Naor,M., and Yung,M., “Universal One-way Hash functions and their Cryptographic Applications,”
*Proceedings of the 21th Annual ACM Symposium on Theory of Computing*, pp.33–43 (May 1989).Google Scholar - [Oka90]Okamoto, T.,
*private communication*(Oct. 1990).Google Scholar - [Ra79]Rabin,M.O., “Digital Signatures and public key functions as intractable as factorization,”
*Technical Memo TM-212, LCS/MIT (1919)*.Google Scholar - [Ru92]Russell A., “Necessary and Sufficient Conditions for Collision-Free Hashing,”
*Preproceedings of Crypto'92*, (1992).Google Scholar - [SI90]Sakurai,K., and Itoh,T., “On the Distribution of a Hard Bit of Square Roots Modulo a Product of Two Distinct Odd Primes,”
*Manuscript*(Oct. 1990).Google Scholar - [SS90]Schrift, A.W. and Shamir, A. “The Discrete Log is very Discrete,”
*Proceedings of the 22th Annual ACM Symposium on Theory of Computing*, pp.405–415 (May 1990).Google Scholar - [Wo72]Woll, H., “Reductions among Number Theoretic Problems,”
*Information and computation*, 72, pp.167–179 (1987).Google Scholar - [Ya82]Yao, A.C. “Theory and applications of trapdoor functions,”
*Proceedings of the 23st Annual Symposium on Foundations of Computer Science*, pp.80–91 (1982).Google Scholar

## Copyright information

© Springer-Verlag Berlin Heidelberg 1993