Abstract
In the ideal world, cryptographic models take for granted that the secret sources (e.g. secret keys and other secret randomness) are derived from uniform distribution. However, in reality, we may only obtain some ‘weak’ random sources guaranteed with high unpredictability (e.g. biometric data, physical sources, and secrets with partial leakage). Formally, the security of cryptographic models is measured by the expectation of some function, called ‘perfect’ expectation in the ideal model and ‘weak’ expectation in the real model respectively. We propose some elementary inequalities which show that the ‘weak’ expectation is not much worse than the ‘perfect’ expectation. Instead of discussing the results based on the min-entropy and collision entropy by Dodis and Yu [TCC 2013], we present how to overcome weak expectations dependent on the R\(\acute{e}\)nyi entropy and the expanded computational entropy. We achieve these results via employing the discrete form of the H\(\ddot{o}\)lder inequality. We also use some techniques to guarantee that the expanded computational entropy is useful in the security model. Thus our results are more general, and we also obtain some results from a computational perspective. The results apply to all ‘unpredictability’ applications and some indistinguishability applications including CPA-secure symmetric-key encryption schemes, weak Pseudorandom Functions and Weaker Computational Extractors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
“unpredictability” means the adversary’s unpredictable property in the security game.
- 2.
“indistinguishability” means the adversary’s indistinguishable property in the security game.
- 3.
- 4.
For space limitation, this definition is in Appendix A.
- 5.
For space limitation, this definition is in Appendix A.
References
Abualrub, M.S., Sulaiman, W.T.: A note on Hölder’s inequality. Int. Math. Forum 4(40), 1993–1995 (2009)
Barak, B., Dodis, Y., Krawczyk, H., Pereira, O., Pietrzak, K., Standaert, F.-X., Yu, Y.: Leftover hash lemma, revisited. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 1–20. Springer, Heidelberg (2011)
Barak, B., Halevi, S.: A model and architecture for pseudo-random generation with applications to /dev/random. In: Proceedings of the 12th ACM Conference on Computer and Communication Security, pp. 203–212 (2005)
Barak, B., Shaltiel, R., Tromer, E.: True random number generators secure in a changing environment. In: Proceedings of the 5th Cryptographic Hardware and Embedded Systems, pp. 166–180 (2003)
Barak, B., Shaltiel, R., Wigderson, A.: Computational analogues of entropy. In: Arora, S., Jansen, K., Rolim, J., Sahai, A. (eds.) RANDOM 2003 and APPROX 2003. LNCS, vol. 2764, pp. 200–215. Springer, Heidelberg (2003)
Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13(4), 850–864 (1984)
Boneh, D., Shoup, V.: A graduate Course in Applied Cryptography. http://cs.nyu.edu/courses/fall12/CSCI-GA.3210-001/index.html
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 147–163. Springer, Heidelberg (2005)
Bromiley, P.A., Thacker, N.A., Bouhova-Thacker, E., Shannon Entropy, R\(\acute{e}\)nyi Entropy, and Information (2004)
Dachman-Soled, D., Gennaro, R., Krawczyk, H., Malkin, T.: Computational extractors and pseudorandomness. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 383–403. Springer, Heidelberg (2012)
Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)
Dodis, Y., Ristenpart, T., Vadhan, S.P.: Randomness condensers for efficiently samplable, seed-dependent sources. In: 9th Theory of Cryptography Conference, pp. 618–635 (2012)
Dodis, Y., Yu, Y.: Overcoming weak expectations. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 1–22. Springer, Heidelberg (2013)
Fuller, B., O’Neill, A., Reyzin, L.: A unified approach to deterministic encryption: new constructions and a connection to computational entropy. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 582–599. Springer, Heidelberg (2012)
Fuller, B., Reyzin, L.: Computational entropy and information leakage. Technical report, IACR Cryptology e-Print Archive http://eprint.iacr.org/2012/466.pdf (2012)
Gennaro, R., Krawczyk, H., Rabin, T.: Secure hashed diffie-hellman over non-DDH groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 361–381. Springer, Heidelberg (2004)
Hȧstad, J., Impagliazzo, R., Levin, L.A., Luby, L.M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)
Hayashi, M.: Exponential decreasing rate of leaked information in universal random privacy amplification. IEEE Trans. Inf. Theory 57(6), 3989–4001 (2011)
Hayashi, M.: Tight exponential evaluation for universal composablity with privacy amplification and its applications. Accepted in IEEE Trans. Inf. Theory (arXiv:1010.1358) (2010)
Holenstein, T., Maurer, U.M., Sjödin, J.: Complete classification of bilinear hard-core functions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 73–91. Springer, Heidelberg (2004)
Hsiao, C.-Y., Lu, C.-J., Reyzin, L.: Conditional computational entropy, or toward separating pseudoentropy from compressibility. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 169–186. Springer, Heidelberg (2007)
Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631–648. Springer, Heidelberg (2010)
Pietrzak, K.: A leakage-resilient mode of operation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 462–482. Springer, Heidelberg (2009)
R\(\acute{e}\)nyi, A.: On measures of information and entropy. In: Proceedings of the 4th Berkeley Symposium on Mathematics, Statistics and Probability, pp. 547–561 (1960)
Yao Andrew, C.: Theory and applications of trapdoor functions. In: Proceedings of 23rd FOCS, pp. 80–91. IEEE (1982)
Acknowledgments
We would like to thank Yevgeniy Dodis and Divesh Aggraval for helpful discussions. In particular, Divesh showed us Lemma 3.3 and how to prove it. We also wish to thank the anonymous reviewers for useful comments. This work is supported by the Natural Science Foundation of China (60973105, 61370126, 61170189, and 61170107), the Fund for the Doctoral Program of Higher Education of China (20111102130003 and20101303110004), the Fund of the State Key Laboratory of Software Development Environment ( SKLSDE-2013ZX-19, SKLSDE-2012ZX-11), the Innovation Foundation of Beihang University for Ph.D. Graduates under Grant No. 2011106014, the Fund of the Scholarship Award for Excellent Doctoral Student granted by Ministry of Education under Grant No.400618, and the Fund for CSC Scholarship Programme under Grant No. 201206020063.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Definitions
Definition 1
(see [13]) We say that an indistinguishability application \(P\) is \(((T', T, \gamma )\)-simulatable, if for any secret key \(r\) and any legal, \(T\)-bounded attacker \(\mathsf A \), there exists a (possibly illegal!) \(T'-\)bounded attacker \(\mathsf B \) (for some \(T' \ge T\)) such that:
-
(1)
The execution between \(\mathsf B \) and ‘real’ \(\mathsf C (r)\) defines two independent executions between a copy \(\mathsf A _i\) of \(\mathsf A \) and a ‘simulated’ challenger \(\mathsf C _i(r)\) , for \(i = 1, 2\). In particular, except reusing the same \(r\), \(\mathsf A _1\), \(\mathsf C _1(r)\), \(\mathsf A _2\), \(\mathsf C _2(r)\) use fresh and independent randomness, including independent challenge bits \(b_1\) and \(b_2\).
-
(2)
The challenge \(b\) used by ‘real’ \(\mathsf C (r)\) is equal to the challenge \(b_2\) used by ‘simulated’ \(\mathsf C _2\).
-
(3)
Before making its guess \(b'\) of the challenge bit \(b\), \(B\) learns the values \(b_1\), \(b'_1\) and \(b'_2\).
-
(4)
The probability of \(\mathsf B \) violating the failure predicate \(F\) is at most \(\gamma \).
Definition 2
We say that an indistinguishability application \(P\) is \(((T', s'), (T, s), \gamma )-\)simulatable, if for any secret key \(r\) and any legal, \(T\)-bounded attacker \(\mathsf A \) with the advantage circuit size \(s\), there exists a (possibly illegal!) \(T'-\)bounded attacker \(\mathsf B \) (for some \(T' \ge T\)) with the advantage circuit size \(s'\) such that it satisfies items (1)-(4) of Definition 1.
Remark
The definition here is essentially equivalent to Definition 1, as the definition here is obtained via adding the parameters \(s\) and \(s'\) to Definition 1.
B Proof
Proof
Since \(1 < \beta < 2\), we have \(\frac{2}{\beta } > 1\). From the H\(\ddot{o}\)lder inequality, we have
Therefore,
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Yao, Y., Li, Z. (2014). Overcoming Weak Expectations via the R\(\acute{e}\)nyi Entropy and the Expanded Computational Entropy. In: Padró, C. (eds) Information Theoretic Security. ICITS 2013. Lecture Notes in Computer Science(), vol 8317. Springer, Cham. https://doi.org/10.1007/978-3-319-04268-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-04268-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04267-1
Online ISBN: 978-3-319-04268-8
eBook Packages: Computer ScienceComputer Science (R0)