260 likes | 414 Views
Indistinguishability. Of Random System. Introduction. Define the natural concept of a random system A general framework for proving the indistinguishability of two random system F and G by identifying internal events. (X,Y)-random system. (X,Y)-random system Input:
E N D
Indistinguishability Of Random System
Introduction • Define the natural concept of a random system • A general framework for proving the indistinguishability of two random system F and G by identifying internal events
(X,Y)-random system • (X,Y)-random system • Input: • Output: , depending probabilistically on • Cryptographic system can be modeled as random system • The security proof of such a system • Block ciphers, pseudo-random function
Indistinguishability • Indistinguishability of two system • introduced for defining pseudo-random bit generators • The success probability of the optimal distinguisher is just the distance of the two probability distribution • The indistinguishability of two interactive random system
Security proof based on PRF • Theoretical perfect system P • P is unbreakable • Idealized system I • Replacing the PRF by a truly random function • I and P are information-theoretically indistinguishable • Real system S • Underlying function is pseudo-random • S and I are computationally indistinguishable
Security proof based on PRF S:real system I:ideal system P:perfect system Cryptography system Cryptography system Pseudo Random function Random function key Computationally indistinguishable Information-theoretically indistinguishable
Theorems • Theorem1 • The success probability in distinguishing F and G with k queries and unbounded computing power is shown to be at most the probability of success in provoking one of these events not to occur
Theorems • Theorem2 • If a construction involves several components each indistinguishable from a certain perfect system, then the overall system is distinguishable from its perfect counterpart with some probability • Less than product of the maximal distinguishing prob. of the component systems
Notation and Preliminaries • S-sequence: infinite sequence • : the finite sequence • dist(L): the event that all value in L are distinct
Notation and Preliminaries • : prob. dist in the combined random experiment where D queries F • : prob. dist in the simpler random experiment involving only the selection of F • : conditional prob. Distribution • A, B are event • U, V are random variable • : the complement event of E
Equivalent of two random system • (X,Y)-random system F: infinite sequence of conditional prob. Distribution • F and G are equivalent, denoted F G, if
Definition • An (X,Y)-beacon B is a random system for which Y1,Y2,….are independent and uniformly distributed over Y, independent of the inputs X1,X2,…. • A uniform random function(URF) R : X->Y is a random function with uniform distribution over all functions from X to Y.
Monotone Conditions and Events Sequences • Internal conditions • Monotone conditions • Monotone event sequences(MES)
Lemma2 • C is an MES defined on the input of a system, then
Invocations of Random System • A random system C(.) invoking an internal random system F, then the combined random system is C(F). C(F) C(.) • If A is an MES defined for the invoked F, one can associate a natural corresponding MES F Yi Xi Aj with C(F) where is the event that the A-event occurs for F up to the evaluation of the ith input to C(F).
Definition definition8: definition9:
Theorem 1. • 如果兩個Random System F,G在某一些的monotone event下有相同的機率分配,則代表對任何的distinguisher 能分得清楚F,G的機率會有一個upper bound。
Theorem 2. • 白話:有一個大random system由許多小的random system組成,而且每一個小random system與perfect system分不清楚,則這個大random system與perfect system counterpart分清楚的機率小於小random system與perfect counterpart能分的清楚機率的乘積。