A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data
SIAM Journal on Computing
Conditional Computational Entropy, or Toward Separating Pseudoentropy from Compressibility
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Dense Subsets of Pseudorandom Sets
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
A Computational Introduction to Number Theory and Algebra
A Computational Introduction to Number Theory and Algebra
One-way permutations, interactive hashing and statistically hiding commitments
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Separating succinct non-interactive arguments from all falsifiable assumptions
Proceedings of the forty-third annual ACM symposium on Theory of computing
Deniable encryption with negligible detection probability: an interactive construction
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Some notions of entropy for cryptography
ICITS'11 Proceedings of the 5th international conference on Information theoretic security
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Lower and upper bounds for deniable public-key encryption
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Hi-index | 0.00 |
A chain rule for an entropy notion H(·) states that the entropy H(X) of a variable X decreases by at most ℓ if conditioned on an ℓ-bit string A, i.e., H(X|A)≥H(X)−ℓ. More generally, it satisfies a chain rule for conditional entropy if H(X|Y,A)≥H(X|Y)−ℓ. All natural information theoretic entropy notions we are aware of (like Shannon or min-entropy) satisfy some kind of chain rule for conditional entropy. Moreover, many computational entropy notions (like Yao entropy, unpredictability entropy and several variants of HILL entropy) satisfy the chain rule for conditional entropy, though here not only the quantity decreases by ℓ, but also the quality of the entropy decreases exponentially in ℓ. However, for the standard notion of conditional HILL entropy (the computational equivalent of min-entropy) the existence of such a rule was unknown so far. In this paper, we prove that for conditional HILL entropy no meaningful chain rule exists, assuming the existence of one-way permutations: there exist distributions X,Y,A, where A is a distribution over a single bit, but HHILL(X|Y)≫ HHILL(X|Y,A), even if we simultaneously allow for a massive degradation in the quality of the entropy. The idea underlying our construction is based on a surprising connection between the chain rule for HILL entropy and deniable encryption.