update typo and structures
This commit is contained in:
Trance-0
@@ -2,13 +2,15 @@
|
||||
|
||||
Exam info posted tonight.
|
||||
|
||||
## Pseudo-randomness
|
||||
## Chapter 3: Indistinguishability and pseudo-randomness
|
||||
|
||||
### Pseudo-randomness
|
||||
|
||||
Idea: **Efficiently** produce many bits
|
||||
|
||||
which "appear" truly random.
|
||||
|
||||
### One-time pad
|
||||
#### One-time pad
|
||||
|
||||
$m\in\{0,1\}^n$
|
||||
|
||||
@@ -42,29 +44,29 @@ For $1\leq i<j\leq n,P[x_i=1 \textup{ and } x_j=1]=\frac{1}{4}$ (by independence
|
||||
|
||||
Let $\{X_n\}_n$ and $\{Y_n\}_n$ be probability ensembles (separate of dist over $\{0,1\}^{l(n)}$)
|
||||
|
||||
$\{X_n\}_n$ and $\{Y_n\}_n$ are computationally **in-distinguishable** if for all non-uniform p.p.t adversary $D$ ("distinguishers")
|
||||
$\{X_n\}_n$ and $\{Y_n\}_n$ are computationally **in-distinguishable** if for all non-uniform p.p.t adversary $\mathcal{D}$ ("distinguishers")
|
||||
|
||||
$$
|
||||
|P[x\gets X_n:D(x)=1]-P[y\gets Y_n:D(y)=1]|<\epsilon(n)
|
||||
|P[x\gets X_n:\mathcal{D}(x)=1]-P[y\gets Y_n:\mathcal{D}(y)=1]|<\epsilon(n)
|
||||
$$
|
||||
|
||||
this basically means that the probability of finding any pattern in the two array is negligible.
|
||||
|
||||
If there is a $D$ such that
|
||||
If there is a $\mathcal{D}$ such that
|
||||
|
||||
$$
|
||||
|P[x\gets X_n:D(x)=1]-P[y\gets Y_n:D(y)=1]|\geq \mu(n)
|
||||
|P[x\gets X_n:\mathcal{D}(x)=1]-P[y\gets Y_n:\mathcal{D}(y)=1]|\geq \mu(n)
|
||||
$$
|
||||
|
||||
then $D$ is distinguishing with probability $\mu(n)$
|
||||
then $\mathcal{D}$ is distinguishing with probability $\mu(n)$
|
||||
|
||||
If $\mu(n)\geq\frac{1}{p(n)}$, then $D$ is distinguishing the two $\implies X_n\cancel{\approx} Y_n$
|
||||
If $\mu(n)\geq\frac{1}{p(n)}$, then $\mathcal{D}$ is distinguishing the two $\implies X_n\cancel{\approx} Y_n$
|
||||
|
||||
### Prediction lemma
|
||||
|
||||
$X_n^0$ and $X_n^1$ ensembles over $\{0,1\}^{l(n)}$
|
||||
|
||||
Suppose $\exists$ distinguisher $D$ which distinguish by $\geq \mu(n)$. Then $\exists$ adversary $\mathcal{A}$ such that
|
||||
Suppose $\exists$ distinguisher $\mathcal{D}$ which distinguish by $\geq \mu(n)$. Then $\exists$ adversary $\mathcal{A}$ such that
|
||||
|
||||
$$
|
||||
P[b\gets\{0,1\};t\gets X_n^b]:\mathcal{A}(t)=b]\geq \frac{1}{2}+\frac{\mu(n)}{2}
|
||||
@@ -75,7 +77,7 @@ Proof:
|
||||
Without loss of generality, suppose
|
||||
|
||||
$$
|
||||
P[t\gets X^1_n:D(t)=1]-P[t\gets X_n^0:D(t)=1]\geq \mu(n)
|
||||
P[t\gets X^1_n:\mathcal{D}(t)=1]-P[t\gets X_n^0:\mathcal{D}(t)=1]\geq \mu(n)
|
||||
$$
|
||||
|
||||
$\mathcal{A}=\mathcal{D}$ (Outputs 1 if and only if $D$ outputs 1, otherwise 0.)
|
||||
@@ -98,15 +100,15 @@ Example:
|
||||
|
||||
Building distinguishers
|
||||
|
||||
1. $X_n$: always outputs $0^n$, $D$: [outputs $1$ if $t=0^n$]
|
||||
1. $X_n$: always outputs $0^n$, $\mathcal{D}$: [outputs $1$ if $t=0^n$]
|
||||
$$
|
||||
\vert P[t\gets X_n:D(t)=1]-P[t\gets U_n:D(t)=1]\vert=1-\frac{1}{2^n}\approx 1
|
||||
\vert P[t\gets X_n:\mathcal{D}(t)=1]-P[t\gets U_n:\mathcal{D}(t)=1]\vert=1-\frac{1}{2^n}\approx 1
|
||||
$$
|
||||
2. $X_n$: 1st $n-1$ bits are truly random $\gets U_{n-1}$ nth bit is $1$ with probability 0.50001 and $0$ with 0.49999, $D$: [outputs $1$ if $X_n=1$]
|
||||
$$
|
||||
\vert P[t\gets X_n:D(t)=1]-P[t\gets U_n:D(t)=1]\vert=0.5001-0.5=0.001\neq 0
|
||||
\vert P[t\gets X_n:\mathcal{D}(t)=1]-P[t\gets U_n:\mathcal{D}(t)=1]\vert=0.5001-0.5=0.001\neq 0
|
||||
$$
|
||||
3. $X_n$: For each bit $x_i\gets\{0,1\}$ **unless** there have been 1 million $0$'s. in a row. Then outputs $1$, $D$: [outputs $1$ if $x_1=x_2=...=x_{1000001}=0$]
|
||||
$$
|
||||
\vert P[t\gets X_n:D(t)=1]-P[t\gets U_n:D(t)=1]\vert=|0-\frac{1}{2^{1000001}}|\neq 0
|
||||
\vert P[t\gets X_n:\mathcal{D}(t)=1]-P[t\gets U_n:\mathcal{D}(t)=1]\vert=|0-\frac{1}{2^{1000001}}|\neq 0
|
||||
$$
|
||||
|
||||
Reference in New Issue
Block a user