6,197 research outputs found
Simple extractors via constructions of cryptographic pseudo-random generators
Trevisan has shown that constructions of pseudo-random generators from hard
functions (the Nisan-Wigderson approach) also produce extractors. We show that
constructions of pseudo-random generators from one-way permutations (the
Blum-Micali-Yao approach) can be used for building extractors as well. Using
this new technique we build extractors that do not use designs and
polynomial-based error-correcting codes and that are very simple and efficient.
For example, one extractor produces each output bit separately in
time. These extractors work for weak sources with min entropy , for
arbitrary constant , have seed length , and their
output length is .Comment: 21 pages, an extended abstract will appear in Proc. ICALP 2005; small
corrections, some comments and references adde
Pseudorandom States, Non-Cloning Theorems and Quantum Money
We propose the concept of pseudorandom states and study their constructions,
properties, and applications. Under the assumption that quantum-secure one-way
functions exist, we present concrete and efficient constructions of
pseudorandom states. The non-cloning theorem plays a central role in our
study---it motivates the proper definition and characterizes one of the
important properties of pseudorandom quantum states. Namely, there is no
efficient quantum algorithm that can create more copies of the state from a
given number of pseudorandom states. As the main application, we prove that any
family of pseudorandom states naturally gives rise to a private-key quantum
money scheme.Comment: 20 page
Towards Practical Oblivious RAM
We take an important step forward in making Oblivious RAM (O-RAM) practical.
We propose an O-RAM construction achieving an amortized overhead of 20X-35X
(for an O-RAM roughly 1 terabyte in size), about 63 times faster than the best
existing scheme. On the theoretic front, we propose a fundamentally novel
technique for constructing Oblivious RAMs: specifically, we partition a bigger
O-RAM into smaller O-RAMs, and employ a background eviction technique to
obliviously evict blocks from the client-side cache into a randomly assigned
server-side partition. This novel technique is the key to achieving the gains
in practical performance
Communication Complexity and Secure Function Evaluation
We suggest two new methodologies for the design of efficient secure
protocols, that differ with respect to their underlying computational models.
In one methodology we utilize the communication complexity tree (or branching
for f and transform it into a secure protocol. In other words, "any function f
that can be computed using communication complexity c can be can be computed
securely using communication complexity that is polynomial in c and a security
parameter". The second methodology uses the circuit computing f, enhanced with
look-up tables as its underlying computational model. It is possible to
simulate any RAM machine in this model with polylogarithmic blowup. Hence it is
possible to start with a computation of f on a RAM machine and transform it
into a secure protocol.
We show many applications of these new methodologies resulting in protocols
efficient either in communication or in computation. In particular, we
exemplify a protocol for the "millionaires problem", where two participants
want to compare their values but reveal no other information. Our protocol is
more efficient than previously known ones in either communication or
computation
On optimal language compression for sets in PSPACE/poly
We show that if DTIME[2^O(n)] is not included in DSPACE[2^o(n)], then, for
every set B in PSPACE/poly, all strings x in B of length n can be represented
by a string compressed(x) of length at most log(|B^{=n}|)+O(log n), such that a
polynomial-time algorithm, given compressed(x), can distinguish x from all the
other strings in B^{=n}. Modulo the O(log n) additive term, this achieves the
information-theoretic optimum for string compression. We also observe that
optimal compression is not possible for sets more complex than PSPACE/poly
because for any time-constructible superpolynomial function t, there is a set A
computable in space t(n) such that at least one string x of length n requires
compressed(x) to be of length 2 log(|A^=n|).Comment: submitted to Theory of Computing System
Pseudo-random graphs and bit probe schemes with one-sided error
We study probabilistic bit-probe schemes for the membership problem. Given a
set A of at most n elements from the universe of size m we organize such a
structure that queries of type "Is x in A?" can be answered very quickly.
H.Buhrman, P.B.Miltersen, J.Radhakrishnan, and S.Venkatesh proposed a bit-probe
scheme based on expanders. Their scheme needs space of bits, and
requires to read only one randomly chosen bit from the memory to answer a
query. The answer is correct with high probability with two-sided errors. In
this paper we show that for the same problem there exists a bit-probe scheme
with one-sided error that needs space of O(n\log^2 m+\poly(\log m)) bits. The
difference with the model of Buhrman, Miltersen, Radhakrishnan, and Venkatesh
is that we consider a bit-probe scheme with an auxiliary word. This means that
in our scheme the memory is split into two parts of different size: the main
storage of bits and a short word of bits that is
pre-computed once for the stored set A and `cached'. To answer a query "Is x in
A?" we allow to read the whole cached word and only one bit from the main
storage. For some reasonable values of parameters our space bound is better
than what can be achieved by any scheme without cached data.Comment: 19 page
Information-theoretic Physical Layer Security for Satellite Channels
Shannon introduced the classic model of a cryptosystem in 1949, where Eve has
access to an identical copy of the cyphertext that Alice sends to Bob. Shannon
defined perfect secrecy to be the case when the mutual information between the
plaintext and the cyphertext is zero. Perfect secrecy is motivated by
error-free transmission and requires that Bob and Alice share a secret key.
Wyner in 1975 and later I.~Csisz\'ar and J.~K\"orner in 1978 modified the
Shannon model assuming that the channels are noisy and proved that secrecy can
be achieved without sharing a secret key. This model is called wiretap channel
model and secrecy capacity is known when Eve's channel is noisier than Bob's
channel.
In this paper we review the concept of wiretap coding from the satellite
channel viewpoint. We also review subsequently introduced stronger secrecy
levels which can be numerically quantified and are keyless unconditionally
secure under certain assumptions. We introduce the general construction of
wiretap coding and analyse its applicability for a typical satellite channel.
From our analysis we discuss the potential of keyless information theoretic
physical layer security for satellite channels based on wiretap coding. We also
identify system design implications for enabling simultaneous operation with
additional information theoretic security protocols
- …