TY - GEN

T1 - Leaky Pseudo-Entropy Functions

AU - Braverman, Mark

AU - Hassidim, A.

AU - Kalai, Yael Tauman

N1 - Place of conference:China

PY - 2011

Y1 - 2011

N2 - Pseudo-random functions (PRFs) introduced by Goldwasser, Goldreich, and Micali (FOCS 1984),
are one of the most important building blocks in cryptography. A PRF family is a family of seeded functions
{fs}, with the property that no efficient adversary can tell the difference between getting oracle access to a
random PRF function fs, and getting oracle access to a truly random function.
In this work, we consider the problem of constructing pseudo-random functions that are resilient to leakage.
Unfortunately, even if a single bit about the secret seed s ∈ {0, 1}
k
is leaked, then there is no hope to construct
a PRF, since the leakage can simply be the first bit of fs(0), and thus fs(0) is distinguishable from uniform.
Therefore, when dealing with leakage, we must relax the definition.
We consider the following relaxation: Instead of requiring that for each input x, the value fs(x) looks random,
we require that it looks like it has high min-entropy, even given oracle access to fs everywhere except point x.
We call such a function family a pseudo-entropy function (PEF) family. In particular, a leakage-resilient PEF
family has the property that given leakage L(s) and given oracle access to fs, it is hard to predict fs on any
input that was not queried. We construct such a leakage-resilient PEF family under the DDH assumption (or
more generally, assuming the existence of lossy functions with the property that the output size is not much
larger than the input size).
We also show that leakage-resilient PEFs imply leakage-resilient random-input PRFs, where the requirement is
that for a random input r, the value fs(r) looks uniform, even given the leakage L(s) and given oracle access to
fs anywhere accept at point r (the leakage L(s) is independent of r, but the oracle fs is present even after the pair (r, fs(r)) is given).

AB - Pseudo-random functions (PRFs) introduced by Goldwasser, Goldreich, and Micali (FOCS 1984),
are one of the most important building blocks in cryptography. A PRF family is a family of seeded functions
{fs}, with the property that no efficient adversary can tell the difference between getting oracle access to a
random PRF function fs, and getting oracle access to a truly random function.
In this work, we consider the problem of constructing pseudo-random functions that are resilient to leakage.
Unfortunately, even if a single bit about the secret seed s ∈ {0, 1}
k
is leaked, then there is no hope to construct
a PRF, since the leakage can simply be the first bit of fs(0), and thus fs(0) is distinguishable from uniform.
Therefore, when dealing with leakage, we must relax the definition.
We consider the following relaxation: Instead of requiring that for each input x, the value fs(x) looks random,
we require that it looks like it has high min-entropy, even given oracle access to fs everywhere except point x.
We call such a function family a pseudo-entropy function (PEF) family. In particular, a leakage-resilient PEF
family has the property that given leakage L(s) and given oracle access to fs, it is hard to predict fs on any
input that was not queried. We construct such a leakage-resilient PEF family under the DDH assumption (or
more generally, assuming the existence of lossy functions with the property that the output size is not much
larger than the input size).
We also show that leakage-resilient PEFs imply leakage-resilient random-input PRFs, where the requirement is
that for a random input r, the value fs(r) looks uniform, even given the leakage L(s) and given oracle access to
fs anywhere accept at point r (the leakage L(s) is independent of r, but the oracle fs is present even after the pair (r, fs(r)) is given).

UR - https://scholar.google.co.il/scholar?q=Leaky+Pseudo-Entropy+Functions&btnG=&hl=en&as_sdt=0%2C5

UR - https://conference.iiis.tsinghua.edu.cn/ICS2011/

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

SP - 353

EP - 366

BT - Innovations in Computer Science 2011

ER -