首页    期刊浏览 2024年12月02日 星期一
登录注册

文章基本信息

  • 标题:Algebraic Attacks against Random Local Functions and Their Countermeasures
  • 本地全文:下载
  • 作者:Benny Applebaum ; Shachar Lovett
  • 期刊名称:Electronic Colloquium on Computational Complexity
  • 印刷版ISSN:1433-8092
  • 出版年度:2015
  • 卷号:2015
  • 出版社:Universität Trier, Lehrstuhl für Theoretische Computer-Forschung
  • 摘要:

    Suppose that you have n truly random bits x = ( x 1 x n ) and you wish to use them to generate m n pseudorandom bits y = ( y 1 y m ) using a local mapping, i.e., each y i should depend on at most d = O (1) bits of x . In the polynomial regime of m = n s , 1"> s 1 , the only known solution, originates from (Goldreich, ECCC 2000), is based on \emph{Random Local Functions}: Compute y i by applying some fixed (public) d -ary predicate P to a random (public) tuple of distinct inputs ( x i 1 x i d ) . Our goal in this paper is to understand, for any value of s , how the pseudorandomness of the resulting sequence depends on the choice of the underlying predicate. We derive the following results:

    (1) We show that pseudorandomness against \F 2 -linear adversaries (i.e., the distribution y has low-bias) is achieved if the predicate is (a) k = ( s ) -resilience, i.e., uncorrelated with any k -subset of its inputs, and (b) has algebraic degree of ( s ) even after fixing ( s ) of its inputs. We also show that these requirements are necessary, and so they form a tight characterization (up to constants) of security against linear attacks. Our positive result shows that a d -local low-bias generator can have output length of n ( d ) , answering an open question of Mossel, Shpilka and Trevisan (FOCS, 2003). Our negative result shows that a candidate for pseudorandom generator proposed by the first author (ECCC 2015) and by O'Donnell and Witmer (CCC 2014) is insecure. We use similar techniques to refute a conjecture of Feldman, Perkins and Vempala (STOC 2015) regarding the hardness of planted constraint satisfaction problems.

    (2) Motivated by the cryptanalysis literature, we consider security against \emph{algebraic attacks}. We provide the first theoretical treatment of such attacks by formalizing a general notion of algebraic inversion and distinguishing attacks based on the Polynomial Calculus proof system. We show that algebraic attacks succeed if and only if there exist a degree e = ( s ) non-zero polynomial Q whose roots cover the roots of P or cover the roots of P 's complement. As a corollary, we obtain the first example of a predicate P for which the generated sequence y passes all linear tests but fails to pass some polynomial-time computable test, answering an open question posed by the first author (Question~4.9, ECCC 2015).

  • 关键词:constant-depth circuits ; cryptography ; local functions ; NC0 ; Pseudorandomness
国家哲学社会科学文献中心版权所有