# Foundations of Cryptography, Volume 1: Basic Techniques

## Oded Goldreich

Language: English

Pages: 394

ISBN: 2:00220483

Format: PDF / Kindle (mobi) / ePub

Cryptography is concerned with the conceptualization, definition and construction of computing systems that address security concerns. This book presents a rigorous and systematic treatment of the foundational issues: defining cryptographic tasks and solving new cryptographic problems using existing tools. It focuses on the basic mathematical tools: computational difficulty (one-way functions), pseudorandomness and zero-knowledge proofs. Rather than describing ad-hoc approaches, this book emphasizes the clarification of fundamental concepts and the demonstration of the feasibility of solving cryptographic problems. It is suitable for use in a graduate course on cryptography and as a reference book for experts.

close if and only if for every set S ⊆ {0, 1} ∗ , def S (n) = |Pr [ Xn ∈ S ] − Pr [Yn ∈ S ] | is negligible in n. Guideline: Show that the statistical difference between Xn and Yn , as defined in Eq. (3.1), equals max S { S (n)}. Exercise 6: Statistical closeness implies computational indistinguishability : Prove that if two ensembles are statistically close, then they are polynomial-time-indistinguishable. Guideline: Use the result of Exercise 5, and define for every function f : {0, 1} ∗ →

the system. Other uses of oracle machines are discussed in Sections 3.6 and 4.7. Loosely speaking, an oracle machine is a machine that is augmented so that it can ask questions to the outside. We consider the case in which these questions (called queries) are answered consistently by some function f : {0, 1}∗ → {0, 1}∗ , called the oracle. That is, if the machine makes a query q, then the answer it obtains is f (q). In such a case, we say that the oracle machine is given access to the oracle f .

of this book, we provide only a rough idea of what is involved in this proof. The proof refers to the stochastic matrix obtained from the adjacency matrix of G by division with G’s degree, and it views probability distributions over the graph’s vertex set as linear combinations of the (orthogonal) eigenvectors of this matrix. The ratio of eigenvalues in the new matrix is as in the adjacency matrix of G. Furthermore, the largest eigenvalue is 1, and the eigenvector associated with it is the

comments on the latter aspect are provided in the relevant chapters of this volume. Acknowledgments First of all, I would like to thank three remarkable people who had a tremendous influence on my professional development: Shimon Even introduced me to theoretical computer science and closely guided my first steps. Silvio Micali and Shafi Goldwasser led my way in the evolving foundations of cryptography and shared with me their ongoing efforts toward further development of those foundations. I

we can use l(n 2 ) = n − 1, and hence Proposition 3.5.3 indicates that G is a pseudorandom generator. All that is left is to show that f has a hard-core function that maps n 2 -bit strings into n-bit strings. Assuming that b is a hard-core predicate of the function f , we can construct such a hard-core function for f . Specifically: Construction 3.5.4: Let f : {0, 1}∗ → {0, 1}∗ and b : {0, 1}∗ → {0, 1}. Define def f (x1 , . . . , xn ) = f (x1 ) · · · f (xn ) def g(x1 , . . . , xn ) = b(x1 ) · ·