The Chain Rule for HILL Pseudoentropy, Revisited

  • Krzysztof Pietrzak
  • Maciej Skórski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9230)


Computational notions of entropy (a.k.a. pseudoentropy) have found many applications, including leakage-resilient cryptography, deterministic encryption or memory delegation. The most important tools to argue about pseudoentropy are chain rules, which quantify by how much (in terms of quantity and quality) the pseudoentropy of a given random variable X decreases when conditioned on some other variable Z (think for example of X as a secret key and Z as information leaked by a side-channel). In this paper we give a very simple and modular proof of the chain rule for HILL pseudoentropy, improving best known parameters. Our version allows for increasing the acceptable length of leakage in applications up to a constant factor compared to the best previous bounds. As a contribution of independent interest, we provide a comprehensive study of all known versions of the chain rule, comparing their worst-case strength and limitations.


Chain Rule Stream Cipher Security Proof Winning Probability Circuit Size 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BM84]
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudorandom bits. SIAM J. Comput. 13(4), 850–864 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  2. [BSW03]
    Barak, B., Shaltiel, R., Wigderson, A.: Computational analogues of entropy. In: Arora, S., Jansen, K., Rolim, J.D.P., Sahai, A. (eds.) RANDOM 2003 and APPROX 2003. LNCS, vol. 2764, pp. 200–215. Springer, Heidelberg (2003) Google Scholar
  3. [CKLR11]
    Chung, K.-M., Kalai, Y.T., Liu, F.-H., Raz, R.: Memory delegation. Cryptology ePrint Archive, Report 2011/273 (2011).
  4. [DP08a]
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: FOCS, pp. 293–302 (2008)Google Scholar
  5. [DP08b]
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography in the standard model. IACR Cryptology ePrint Archive 2008, 240 (2008)Google Scholar
  6. [DRS04]
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  7. [DTT09]
    De, A., Trevisan, L., Tulsiani, M.: Non-uniform attacks against one-way functions and prgs. Electron. Colloquium Comput. Complex. (ECCC) 16, 113 (2009)Google Scholar
  8. [DY13]
    Dodis, Y., Yu, Y.: Overcoming weak expectations. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 1–22. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  9. [FOR12]
    Fuller, B., O’Neill, A., Reyzin, L.: A unified approach to deterministic encryption: new constructions and a connection to computational entropy. Cryptology ePrint Archive, Report 2012/005 (2012).
  10. [FR12]
    Fuller, B., Reyzin, L.: Computational entropy and information leakage. Cryptology ePrint Archive, Report 2012/466 (2012).
  11. [GW10]
    Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. Cryptology ePrint Archive, Report 2010/610 (2010).
  12. [GW11]
    Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: STOC 2011, pp. 99–108 (2011)Google Scholar
  13. [HILL99]
    Hastad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  14. [HLR07]
    Hsiao, C.-Y., Lu, C.-J., Reyzin, L.: Conditional computational entropy, or toward separating pseudoentropy from compressibility. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 169–186. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  15. [HRV10]
    Haitner, I., Reingold, O., Vadhan, S.: Efficiency improvements in constructing pseudorandom generators from one-way functions. In: Proceedings of the 42nd ACM Symposium on Theory of Computing, STOC 2010, pp. 437–446. ACM, New York (2010)Google Scholar
  16. [JP14]
    Jetchev, D., Pietrzak, K.: How to fake auxiliary input. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 566–590. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  17. [KPWW14]
    Krenn, S., Pietrzak, K., Wadia, A., Wichs, D.: A counterexample to the chain rule for conditional HILL entropy. IACR Cryptology ePrint Archive 2014, 678 (2014)Google Scholar
  18. [Lub96]
    Luby, M.: Pseudorandomness and Cryptographic Applications. Princeton Computer Science Notes. Princeton University Press, Princeton (1996) zbMATHGoogle Scholar
  19. [Pie09]
    Pietrzak, K.: A leakage-resilient mode of operation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 462–482. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  20. [Rey11]
    Reyzin, L.: Some notions of entropy for cryptography (invited talk). In: Fehr, S. (ed.) ICITS 2011. LNCS, vol. 6673, pp. 138–142. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  21. [RTTV08a]
    Reingold, O., Trevisan, L., Tulsiani, M., Vadhan, S.P.: Dense subsets of pseudorandom sets. In: Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2008, pp. 76–85. IEEE Computer Society, Washington, DC (2008)Google Scholar
  22. [SGP15]
    Skórski, M., Golovnev, A., Pietrzak, K.: Condensed unpredictability. In: Halldórsson, M.M., Iwama, K., Kobayashi, N., Speckmann, B. (eds.) ICALP 2015. LNCS, vol. 9134, pp. 1046–1057. Springer, Heidelberg (2015) CrossRefGoogle Scholar
  23. [Sko15a]
    Skorski, M.: Metric pseudoentropy: characterizations, transformations and applications. In: Lehmann, A., Wolf, S. (eds.) Information Theoretic Security. LNCS, vol. 9063, pp. 105–122. Springer, Heidelberg (2015) Google Scholar
  24. [VZ13]
    Vadhan, S., Zheng, C.J.: A uniform min-max theorem with applications in cryptography. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 93–110. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  25. [Yao82]
    Yao, A.C.-C.: Theory and applications of trapdoor functions (extended abstract). In: FOCS, pp. 80–91 (1982)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.IST AustriaKlosterneuburgAustria
  2. 2.University of WarsawWarsawPoland

Personalised recommendations