; 03
Documents
User Generated
Resources
Learning Center
Your Federal Quarterly Tax Payments are due April 15th

03

VIEWS: 23 PAGES: 19

• pg 1
```									One-way and trapdoor functions

Based on the
Lecture Notes on Cryptography
Shafi Goldwasser, Mihir Bellare
MIT
Abstract
• easy to compute and hard to invert.
• Namely, in a time-shared computer system,
can store, for each password w, the value f(w).
• Passwords can easily be checked for correctness
not deduce any user's password by examining the
stored table.
One-Way Functions: Motivation
• In secure encryption schemes, the legitimate user is
able to decipher the messages (using some private
information available to him), yet for an adversary (not
having this private information) the task of decrypting
the ciphertext (i.e., \breaking" the encryption) should
be infeasible.
• the breaking task can be performed by a non-
deterministic polynomial-time machine.
• the security requirement states that breaking should
not be feasible, namely could not be performed by a
probabilistic polynomial-time machine.
• the existence of secure encryption schemes
implies the existence of an efficient way (i.e.
probabilistic polynomial-time algorithm) of
generating instances with corresponding auxiliary
input so that
1. it is easy to solve these instances given the
auxiliary input; and
2. it is hard on the average to solve these instances
(when not given the auxiliary input).
One-Way Functions: Definitions
• The most basic primitive for cryptographic
applications
• a function which is “easy" to compute but
“hard" to invert.
• any probabilistic polynomial time (PPT)
algorithm attempting to invert the one-way
function on a element in its range, will
succeed with no more than negligible"
probability
One-Way Functions
• strong one-way function (or just one-way
function)
• Weak one-way functions
• non-uniform one-way functions.
• Example: f: ZxZ  Z where f(x,y) = x.y
Collections Of One Way Functions
• it is often convenient to talk about collections
of functions, each dened over some nite
domain and nite ranges.
Trapdoor Functions
• a trapdoor function f is a one-way function with an extra
property.
• The trapdoor is the secret inverse function that allows its
possessor to eciently invert f at any point in the domain of
his choosing
• It should be easy to compute f on any point, but infeasible
to invert f on any point without knowledge of the inverse
function .
• it should be easy to generate matched pairs of f's and
corresponding trapdoor.
• Once a matched pair is generated, the publication of f
should not reveal anything about how to compute its
inverse on any point.
Number theory
• provides a source of candidates for one way
and trapdoor functions.

• Finding a generator of cyclic group
• The Legendre Symbol
The Discrete Logarithm Function
•                         has a unique inverse
can easily be computed in polynomial time

• it is unknown whether or not its inverse DL
can be computed in polynomial time
• Index-calculus algorithm.
• the number eld sieve algorithm
The RSA function
• 1977 Rivest, Shamir, and Adleman

• n is the product of two large primes p and q

• The corresponding trapdoor information is d such
that
• RSA is easy to compute.
• the best way known to invert RSA is to factor n.
Attacks on RSA
• Dixon's random squares algorithms
• Elliptic Curve Algorithm
• l = |p| where p is the smallest prime divisor of n.
• new number field sieve algorithm
• The recommended size for n these days is
1024 bits.
Connection Between The Factorization
Problem And Inverting RSA
• If some PPT algorithm A can factor n then
there exists a PPT A’ that can invert RSA(n,e)

• The trapdoor information d can be found by
using the extended Euclidean algorithm
The Squaring Trapdoor Function
Candidate by Rabin
• n = pq where p and q are distinct odd primes.

• The trapdoor information of n = pq is gcd(p,q).
• Computing square roots modulo n is as hard
as factoring n.
Topics for practical seminars
• Skills
– Using software professionally
– Presentation
– Documentation
• Dates of discussing
– The last 5 days of the course (begin in Nov 2007).
– Slides are distributed 7 days before the
presentation.
1. GPG (GNU Privacy Guard)
•   Free cryptographic software
•   www.gnupg.org
•   www.gpg4win.org
•   www.glump.net/dokuwiki/gpg/gpg_intro
•   1 group of 4 students
2. Open SSH (OpenBSD Secure Shell)
• a set of computer programs providing
encrypted communication sessions over a
computer network using the ssh protocol.
• www.openssh.org
• www.openssh.org/windows.html
• Focus on PuTTY and FileZilla
• 1 group of 2 students
3. Cryptool
• a free software illustrating the cryptographic
concepts.
• www.cryptool.org
• 3 groups
– Classical cryptology (4)
– Modern Symmetric and asymmetric encryption (3)
– Digital Signature, Hash function and random
generator (4)

```
To top