The Community for Technology Leaders
2013 IEEE 54th Annual Symposium on Foundations of Computer Science (2002)
Vancouver, BC, Canada
Nov. 16, 2002 to Nov. 19, 2002
ISSN: 0272-5428
ISBN: 0-7695-1822-2
pp: 376
Yevgeniy Dodis , New York University
Joel Spencer , New York University
<p>Randomization is vital in cryptography: secret keys should be randomly generated and most cryptographic primitives (e.g., encryption) must be probabilistic. As a common abstraction, it is assumed that there is a source of truly random bits available to all the participants of the system. While convenient, this assumption is often highly unrealistic, and cryptographic systems have to be built based on imperfect sources of randomness. Remarkably, this fundamental problem has received little or no attention so far, despite the fact that a related question of simulating probabilistic (BPP) algorithms with imperfect random sources has a long and rich history.</p> <p>In this work we initiate the quantitative study concerning feasibility of building secure cryptographic primitives using imperfect random sources. Specifically, we concentrate on symmetric-key encryption and message authentication, where the shared secret key comes from an imperfect random source instead of being assumed truly random. In each case, we compare the class of "cryptographic" sources for the task at hand with the classes of "extractable" and "simulatable" sources, where: (1) "cryptographic" refers to sources for which the corresponding symmetric-key primitive can be build; (2) "extractable" refers to a very narrow class of sources from which one can extract nearly perfect randomness; and (3) "simulatable" refers to a very general class of weak random sources which are known to suffice for BPP simulation. For both encryption and authentication, we show that the corresponding cryptographic sources lie strictly in between extractable and simulatable sources, which implies that "cryptographic usage" of randomness is more demanding than the corresponding "algorithmic usage", but still does not require perfect randomness. Interestingly, cryptographic sources for encryption and authentication are also quite different from each other, which suggests that there might not be an elegant way to describe imperfect sources sufficient for "general cryptographic use". We believe that our initial investigation in this new area will inspire a lot of further research.</p>
Yevgeniy Dodis, Joel Spencer, "On the (non)Universality of the One-Time Pad", 2013 IEEE 54th Annual Symposium on Foundations of Computer Science, vol. 00, no. , pp. 376, 2002, doi:10.1109/SFCS.2002.1181962
95 ms
(Ver )