Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
A personal view of average-case complexity
SCT '95 Proceedings of the 10th Annual Structure in Complexity Theory Conference (SCT'95)
Quantum lower bounds for the collision and the element distinctness problems
Journal of the ACM (JACM)
Lossy trapdoor functions and their applications
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Efficient Non-interactive Universally Composable String-Commitment Schemes
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Hedged Public-Key Encryption: How to Protect against Bad Randomness
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Instantiability of RSA-OAEP under chosen-plaintext attack
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Chosen-Ciphertext Security via Correlated Products
SIAM Journal on Computing
More constructions of lossy and correlation-secure trapdoor functions
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Chosen-Ciphertext security from slightly lossy trapdoor functions
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Hi-index | 0.00 |
We consider the problem of amplifying the "lossiness" of functions. We say that an oracle circuit C*: {0,1}m→{0,1}* amplifies relative lossiness from ℓ/n to L/m if for every function f:{0,1}n→{0,1}n it holds that 1 If f is injective then so is Cf. 2 If f has image size of at most 2n−ℓ, then Cf has image size at most 2m−L. The question is whether such C* exists for L/m≫ℓ/n. This problem arises naturally in the context of cryptographic "lossy functions," where the relative lossiness is the key parameter. We show that for every circuit C* that makes at most t queries to f, the relative lossiness of Cf is at most L/m≤ℓ/n+O(logt)/n. In particular, no black-box method making a polynomial t=poly(n) number of queries can amplify relative lossiness by more than an O(logn)/n additive term. We show that this is tight by giving a simple construction (cascading with some randomization) that achieves such amplification.