# How to construct a family of strong one way permutations

## Abstract

Much effort has been spent to identify the hard bits of one way functions, such as RSA and Rabin encryption functions. These efforts have been restricted to *O*(log *n*) hard bits. In this paper, we propose practical solutions for constructing a family of strong one way permutations such that when a member is chosen uniformly at random, with a high probability we get a one way permutation *m*, with *t<n −O*(log *n*), the maximum number of simultaneous hard bits. We propose two schemes. In the first scheme *m* is constructed with *O*(log *n*) fold iteration of *f* o *g*, where *f* is any one way permutation, *g ∈*_{ r }*G* and G is a strongly *universal*_{2} family of polynomials in Galois field. In the second scheme *m = f* o *g* o *h*, where *h* is a hiding permutation. We suggest a practical solution based on this scheme. The strong one way permutations can be applied as an efficient tool to build pseudorandom bit generators and universal one way hash functions.

## Preview

Unable to display preview. Download preview PDF.

## References

- [1]W. Alexi, B. Chor, O. Goldreich, and C. P. Schnorr. RSA and Rabin functions: Certain parts are as hard as the whole.
*SIAM Journal on Computing*, 17(2):194–209, 1988.CrossRefGoogle Scholar - [2]M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo-random bits.
*SIAM Journal on Computing*, 13(4):850–864, 1984.CrossRefGoogle Scholar - [3]Manuel Blum and Shafi Goldwasser. An efficient probabilistic public-key encryption scheme which hides all partial information. In
*Advances in Cryptology — CRYPTO '84*, volume 196 of*Lecture Notes in Computer Science*, pages 289–299. Springer-Verlag, 1985.Google Scholar - [4]O. Goldreich, H. Krawczyk, and M. Luby. On the existence of pseudorandom generators. In
*Proceedings of the 29th IEEE Symposium on the Foundations of Computer Science*, pages 12–24, 1988.Google Scholar - [5]O. Goldreich and L. A. Levin. A hard-core predicate for all one-way functions. In
*the 21st ACM Symposium on Theory of Computing*, pages 25–32, 1989.Google Scholar - [6]Shafi Goldwasser and Silvio Micali. Probabilistic encryption.
*Journal of Computer and System-Sciences*, 28:270–299, 1984.CrossRefGoogle Scholar - [7]R. Impagliazzo, L. A. Levin, and M. Luby. Pseudo-random generation from oneway functions. In
*the 21st ACM Symposium on Theory of Computing*, pages 12–24, 1989.Google Scholar - [8]Douglas L. Long and Avi Wigderson. The Discrete Logarithm Hides
*O*(log*n*) Bits.*SIAM Journal on Computing*, 17(2):363–372, 1988.CrossRefGoogle Scholar - [9]J. Rompel. One-way functions are necessary and sufficient for secure signatures. In
*the 22nd ACM Symposium on Theory of Computing*, pages 387–394, 1990.Google Scholar - [10]B. Sadeghiyan and J. Pieprzyk. A construction for one way hash functions and pseudorandom bit generators. Technical Report CS 91/2, University College, The University of New South Wales, 1991. Also in the Abstracts of EUROCRYPT '91.Google Scholar
- [11]A. Scherift and A. Shamir. Discrete logarithm is very discreet. In
*Proceedings of the ACM Symposium on Theory of Computing*, pages 405–415, 1990.Google Scholar - [12]U. V. Vazirani and V. V. Vazirani. Efficient and Secure Pseudo-random Number Generation. In
*Proceedings of the IEEE Symposium on Foundations of Computer Science*, pages 458–463, 1984.Google Scholar - [13]M. N. Wegman and J. L. Carter. New hash functions and their use in authentication and set equality.
*Journal of Computer and System Sciences*, 22:265–279, 1981.CrossRefGoogle Scholar - [14]Y. Zheng, T. Matsumoto, and H. Imai. Duality between Two Cryptographic Primitives. In
*the 8-th International Conference on Applied Algebra, Algebraic Algorithms and Error Correcting Codes*, page 15, 1990.Google Scholar