The GGM Function Family Is a Weakly One-Way Family of Functions

Conference paper

DOI: 10.1007/978-3-662-53641-4_4

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9985)
Cite this paper as:
Cohen A., Klein S. (2016) The GGM Function Family Is a Weakly One-Way Family of Functions. In: Hirt M., Smith A. (eds) Theory of Cryptography. TCC 2016. Lecture Notes in Computer Science, vol 9985. Springer, Berlin, Heidelberg


We give the first demonstration of the cryptographic hardness of the Goldreich-Goldwasser-Micali (GGM) function family when the secret key is exposed. We prove that for any constant \(\epsilon >0\), the GGM family is a \(1/n^{2+\epsilon }\)-weakly one-way family of functions, when the lengths of secret key, inputs, and outputs are equal. Namely, any efficient algorithm fails to invert GGM with probability at least \(1/n^{2+\epsilon }\)even when given the secret key.

Additionally, we state natural conditions under which the GGM family is strongly one-way.

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.MITCambridgeUSA
  2. 2.Tel Aviv UniversityTel AvivIsrael

Personalised recommendations