update typo and structures
This commit is contained in:
Trance-0
@@ -4,7 +4,9 @@ All algorithms $C(x)\to y$, $x,y\in \{0,1\}^*$
|
||||
|
||||
P.P.T= Probabilistic Polynomial-time Turing Machine.
|
||||
|
||||
## Turing Machine: Mathematical model for a computer program
|
||||
## Chapter 2: Computational Hardness
|
||||
|
||||
### Turing Machine: Mathematical model for a computer program
|
||||
|
||||
A machine that can:
|
||||
|
||||
@@ -16,7 +18,7 @@ A machine that can:
|
||||
|
||||
Anything can be accomplished by a real computer program can be accomplished by a "sufficiently complicated" Turing Machine (TM).
|
||||
|
||||
## Polynomial time
|
||||
### Polynomial time
|
||||
|
||||
We say $C(x),|x|=n,n\to \infty$ runs in polynomial time if it uses at most $T(n)$ operations bounded by some polynomials. $\exist c>0$ such that $T(n)=O(n^c)$
|
||||
|
||||
@@ -28,29 +30,28 @@ $p(n)+q(n),p(n)q(n),p(q(n))$ are polynomial of $n$.
|
||||
|
||||
Polynomial-time $\approx$ "efficient" for this course.
|
||||
|
||||
## Probabilistic
|
||||
### Probabilistic
|
||||
|
||||
Our algorithm's have access to random "coin-flips" we can produce poly(n) random bits.
|
||||
|
||||
$P[C(x)$ takes at most $T(n)$ steps $]=1$
|
||||
$P[C(x)\text{ takes at most }T(n)\text{ steps }]=1$
|
||||
|
||||
Our adversary $a(x)$ will be a P.P.T which is non-uniform (n.u.) (programs description size can grow polynomially in n)
|
||||
|
||||
## Efficient private key encryption scheme
|
||||
### Efficient private key encryption scheme
|
||||
|
||||
$m=\{0,1\}^n$
|
||||
#### Definition 3.2 (Efficient private key encryption scheme)
|
||||
|
||||
$Gen(1^n)$ p.p.t output $k\in \mathcal{K}$
|
||||
The triple $(Gen,Enc,Dec)$ is an efficient private key encryption scheme over the message space $M$ and key space $K$ if:
|
||||
|
||||
$Enc_k(m)$ p.p.t outputs $c$
|
||||
1. $Gen(1^n)$ is a randomized p.p.t that outputs $k\in K$
|
||||
2. $Enc_k(m)$ is a potentially randomized p.p.t that outputs $c$ given $m\in M$
|
||||
3. $Dec_k(c')$ is a deterministic p.p.t that outputs $m$ or "null"
|
||||
4. $P_k[Dec_k(Enc_k(m))=m]=1,\forall m\in M$
|
||||
|
||||
$Dec_k(c')$ p.p.t outputs $m$ or "null"
|
||||
### Negligible function
|
||||
|
||||
$P_k[Dec_k(Enc_k(m))=m]=1$
|
||||
|
||||
## Negligible function
|
||||
|
||||
$\epsilon:\mathbb{N}\to \mathbb{R}$ is a negligible function if $\forall c>0$, $\exists N\in\mathbb{N}$ such that $\forall n\geq N, \epsilon(n)<\frac{1}{n^c}$
|
||||
$\epsilon:\mathbb{N}\to \mathbb{R}$ is a negligible function if $\forall c>0$, $\exists N\in\mathbb{N}$ such that $\forall n\geq N, \epsilon(n)<\frac{1}{n^c}$ (looks like definition of limits huh) (Definition 27.2)
|
||||
|
||||
Idea: for any polynomial, even $n^{100}$, in the long run $\epsilon(n)\leq \frac{1}{n^{100}}$
|
||||
|
||||
@@ -58,7 +59,7 @@ Example: $\epsilon (n)=\frac{1}{2^n}$, $\epsilon (n)=\frac{1}{n^{\log (n)}}$
|
||||
|
||||
Non-example: $\epsilon (n)=O(\frac{1}{n^c})\forall c$
|
||||
|
||||
## One-way function
|
||||
### One-way function
|
||||
|
||||
Idea: We are always okay with our chance of failure being negligible.
|
||||
|
||||
@@ -66,21 +67,19 @@ Foundational concept of cryptography
|
||||
|
||||
Goal: making $Enc_k(m),Dec_k(c')$ easy and $Dec^{-1}(c')$ hard.
|
||||
|
||||
### Strong one-way function
|
||||
|
||||
#### Definition: Strong one-way function
|
||||
#### Definition 27.3 (Strong one-way function)
|
||||
|
||||
$$
|
||||
f:\{0,1\}^n\to \{0,1\}^*(n\to \infty)
|
||||
$$
|
||||
|
||||
There is a negligible function $\epsilon (n)$ such that for any adversary $a$ (n.u.p.p.t)
|
||||
There is a negligible function $\epsilon (n)$ such that for any adversary $\mathcal{A}$ (n.u.p.p.t)
|
||||
|
||||
$$
|
||||
P[x\gets\{0,1\}^n;y=f(x):f(a(y))=y,a(y)=x']\leq\epsilon(n)
|
||||
P[x\gets\{0,1\}^n;y=f(x):f(\mathcal{A}(y))=y]\leq\epsilon(n)
|
||||
$$
|
||||
|
||||
_Probability of guessing correct message is negligible_
|
||||
_Probability of guessing a message $x'$ with the same output as the correct message $x$ is negligible_
|
||||
|
||||
and
|
||||
|
||||
@@ -95,11 +94,11 @@ Example: Suppose $f$ is one-to-one, then $a$ must find our $x$, $P[x'=x]=\frac{1
|
||||
|
||||
Why do we allow $a$ to get a different $x'$?
|
||||
|
||||
> Suppose the definition is $P[x\gets\{0,1\}^n;y=f(x):a(y)=x]\neq\epsilon(n)$, then a trivial function $f(x)=x$ would also satisfy the definition.
|
||||
> Suppose the definition is $P[x\gets\{0,1\}^n;y=f(x):\mathcal{A}(y)=x]\neq\epsilon(n)$, then a trivial function $f(x)=x$ would also satisfy the definition.
|
||||
|
||||
To be technically fair, $a(y)=a(y,1^n)$, size of input $\approx n$, let them use $poly(n)$ operations.
|
||||
To be technically fair, $\mathcal{A}(y)=\mathcal{A}(y,1^n)$, size of input $\approx n$, let them use $poly(n)$ operations. (we also tells the input size is $n$ to $\mathcal{A}$)
|
||||
|
||||
### Do one-way function exists?
|
||||
#### Do one-way function exists?
|
||||
|
||||
Unknown, actually...
|
||||
|
||||
@@ -107,7 +106,9 @@ But we think so!
|
||||
|
||||
We will need to use various assumptions. one that we believe very strongly based on evidence/experience
|
||||
|
||||
Ex. $p,q$ are large random primes
|
||||
Example:
|
||||
|
||||
$p,q$ are large random primes
|
||||
|
||||
$N=p\cdot q$
|
||||
|
||||
|
||||
Reference in New Issue
Block a user