SlideShare ist ein Scribd-Unternehmen logo

20080330 cryptography hirsch_lecture07

Computer Science Club
Computer Science Club
TechnologieBildung
1 von 26
Downloaden Sie, um offline zu lesen
Ñëîæíîñòíàÿ êðèïòîãðàôèÿ Ýäóàðä Àëåêñååâè÷ Ãèðø http://logic.pdmi.ras.ru/~hirsch ÏÎÌÈ ÐÀÍ 30 ìàðòà 2008 ã. 1 / 13
Bit commitment Alice: Bob: α , , 2 / 13
Bit commitment Alice: Bob: α , , −→ α commitment α 2 / 13
Bit commitment Alice: Bob: α , , −→ α commitment α . . . æèçíü. . . 2 / 13
Bit commitment Alice: Bob: α , , −→ α commitment α . . . æèçíü. . . −→ α 2 / 13
Îïðåäåëåíèå (Bit commitment) . . . ýòî ïðîòîêîë îáùåíèÿ äâóõ ïîëèíîìèàëüíî îãðàíè÷åííûõ ó÷àñòíèêîâ, äëÿ êîòîðîãî âõîä ó÷àñòíèêà A áèò α, âõîä îáîèõ ó÷àñòíèêîâ A, B ïàðàìåòð íàä¼æíîñòè 1 ; n ïî îêîí÷àíèè ïðîòîêîëà âûõîä B áèò α ëèáî îøèáêà; ïîñëå íåêîòîðîãî ðàóíäà ïðîòîêîëà ñèòóàöèÿ òàêîâà: èìååòñÿ çíà÷åíèå α, òàêîå, ÷òî A èòîãîâûé îòâåò B áóäåò α = α = α; äëÿ ÷åñòíîãî äëÿ ëþáîãî A A) âåðîÿòíîñòü α = α ìàëà ( 1 ); (âìåñòî k íèêàêîé B (âìåñòî B ) åù¼ íå ìîæåò âûäàòü α ñî ñêîëü-íèáóäü n 1 1 ñóùåñòâåííîé âåðîÿòíîñòüþ ( 2 + k ); n èíôîðìàöèÿ, ïîëó÷åííàÿ B ê ýòîìó ìîìåíòó, íàçûâàåòñÿ ïðèâÿçêîé (commitment). Ïðîòîêîëû: (A, A) íåèíòåðàêòèâíûé, (AB ..., AB ...) èíòåðàêòèâíûé. 3 / 13
Íåèíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå owp (A, A)-ïðîòîêîë Ïóñòü f : {0, 1} → {0, 1} n n owp, B å¼ òðóäíûé áèò. Ïðèâÿçêà (f (s ), B (s ) ⊕ α), ãäå ñëó÷àéíîå s ∈ {0, 1} n , íàä¼æíà: ïîñëå å¼ îòïðàâêè Áîá íå ìîæåò óçíàòü α: òàêîãî Áîáà ìîæíî ïðîñèòü íàéòè B (s ); óçíàâ s ïîòîì, Áîá íàéä¼ò α; Àëèñà íå ìîæåò äàòü äðóãîå s , äëÿ êîòîðîãî f (s ) = f (s ) (åãî íåò!). 4 / 13
Íåèíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå owp (A, A)-ïðîòîêîë Ïóñòü f : {0, 1} → {0, 1} n n owp, B å¼ òðóäíûé áèò. Ïðèâÿçêà (f (s ), B (s ) ⊕ α), ãäå ñëó÷àéíîå s ∈ {0, 1} n , íàä¼æíà: ïîñëå å¼ îòïðàâêè Áîá íå ìîæåò óçíàòü α: òàêîãî Áîáà ìîæíî ïðîñèòü íàéòè B (s ); óçíàâ s ïîòîì, Áîá íàéä¼ò α; Àëèñà íå ìîæåò äàòü äðóãîå s , äëÿ êîòîðîãî f (s ) = f (s ) (åãî íåò!). Óïðàæíåíèå Ìîæíî áûëî îáîéòèñü è èíúåêòèâíîé owf f , îïðåäåë¼ííîé íå íà {0 , 1 } n , à íà ñòðîêàõ, âûäàâàåìûõ samplerîì. Êàêîå äîïîëíèòåëüíîå ñâîéñòâî îò owf ïîíàäîáèëîñü áû? 4 / 13
Íåèíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå owp (A, A)-ïðîòîêîë Ïóñòü f : {0, 1} → {0, 1} n n owp, B å¼ òðóäíûé áèò. Ïðèâÿçêà (f (s ), B (s ) ⊕ α), ãäå ñëó÷àéíîå s ∈ {0, 1} n , íàä¼æíà: ïîñëå å¼ îòïðàâêè Áîá íå ìîæåò óçíàòü α: òàêîãî Áîáà ìîæíî ïðîñèòü íàéòè B (s ); óçíàâ s ïîòîì, Áîá íàéä¼ò α; Àëèñà íå ìîæåò äàòü äðóãîå s , äëÿ êîòîðîãî f (s ) = f (s ) (åãî íåò!). Óïðàæíåíèå Ìîæíî áûëî îáîéòèñü è èíúåêòèâíîé owf f , îïðåäåë¼ííîé íå íà {0 , 1 } n , à íà ñòðîêàõ, âûäàâàåìûõ samplerîì. Êàêîå äîïîëíèòåëüíîå ñâîéñòâî îò owf ïîíàäîáèëîñü áû? Îòâåò: 4 / 13
Íåèíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå owp (A, A)-ïðîòîêîë Ïóñòü f : {0, 1} → {0, 1} n n owp, B å¼ òðóäíûé áèò. Ïðèâÿçêà (f (s ), B (s ) ⊕ α), ãäå ñëó÷àéíîå s ∈ {0, 1} n , íàä¼æíà: ïîñëå å¼ îòïðàâêè Áîá íå ìîæåò óçíàòü α: òàêîãî Áîáà ìîæíî ïðîñèòü íàéòè B (s ); óçíàâ s ïîòîì, Áîá íàéä¼ò α; Àëèñà íå ìîæåò äàòü äðóãîå s , äëÿ êîòîðîãî f (s ) = f (s ) (åãî íåò!). Óïðàæíåíèå Ìîæíî áûëî îáîéòèñü è èíúåêòèâíîé owf f , îïðåäåë¼ííîé íå íà {0 , 1 } n , à íà ñòðîêàõ, âûäàâàåìûõ samplerîì. Êàêîå äîïîëíèòåëüíîå ñâîéñòâî îò owf ïîíàäîáèëîñü áû? Îòâåò: ïîëèíîìèàëüíàÿ ðàçðåøèìîñòü îáëàñòè îïðåäåëåíèÿ f. 4 / 13
Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG (BA, A)-ïðîòîêîë Ïóñòü G 3n ãåíåðàòîð. Alice: Bob: ←− α ñëó÷àéíîå r ∈ {0, 1}3 n r −→ G (s ) ⊕ (r · α) 5 / 13
Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG (BA, A)-ïðîòîêîë Ïóñòü G 3n ãåíåðàòîð. Alice: Bob: ←− α ñëó÷àéíîå r ∈ {0, 1}3 n r −→ G (s ) ⊕ (r · α) G (s ) ëèáî G (s ) ⊕ r . . . æèçíü. . . 5 / 13
Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG (BA, A)-ïðîòîêîë Ïóñòü G 3n ãåíåðàòîð. Alice: Bob: ←− α ñëó÷àéíîå r ∈ {0, 1}3 n r −→ G (s ) ⊕ (r · α) G (s ) ëèáî G (s ) ⊕ r . . . æèçíü. . . −→ s α 5 / 13
Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG Íàä¼æíîñòü (BA, A)-ïðîòîêîëà 1. Áîá (äàæå âûáèðàâøèé r !) íå ìîæåò îòëè÷èòü G (s ) îò G (s ) ⊕ r: G (Un ) ïîõîæå íà U3n ïîõîæå íà U3n ⊕r ïîõîæå íà G (Un ) ⊕ r. 6 / 13
Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG Íàä¼æíîñòü (BA, A)-ïðîòîêîëà 1. Áîá (äàæå âûáèðàâøèé r !) íå ìîæåò îòëè÷èòü G (s ) îò G (s ) ⊕ r: G (Un ) ïîõîæå íà U3n ïîõîæå íà U3n ⊕r ïîõîæå íà G (Un ) ⊕ r. 2. Àëèñà íå ìîæåò ïîäìåíèòü α: G (s1 ) = G (s2 ) ⊕ r îçíà÷àåò r = G (s1 ) ⊕ G (s2 ). Òàêèõ ïàð (s1 , s2 ) èìååòñÿ 2 2n , è äëÿ êàæäîé èç íèõ îäíî r . 3n À âîçìîæíûõ r èìååòñÿ 2 . 22n 1 Âåðîÿòíîñòü, ÷òî Áîá ïîïàä¼ò â ïëîõîå r ìåíåå = 23n 2n . 6 / 13
1-out-of-2 Oblivious Transfer Ïåðåäà÷à îäíîãî áèòà èç äâóõ âîçìîæíûõ Àëèñà îòäà¼ò îäèí èç äâóõ ïðåäìåòîâ (ñàìà íå çíàåò, êàêîé!). Áîá ïîëó÷àåò òîëüêî îäèí èç íèõ (íè÷åãî íå çíàåò î äðóãîì!). Ôèçè÷åñêàÿ ðåàëèçàöèÿ: 7 / 13
1-out-of-2 Oblivious Transfer Ïåðåäà÷à îäíîãî áèòà èç äâóõ âîçìîæíûõ Àëèñà îòäà¼ò îäèí èç äâóõ ïðåäìåòîâ (ñàìà íå çíàåò, êàêîé!). Áîá ïîëó÷àåò òîëüêî îäèí èç íèõ (íè÷åãî íå çíàåò î äðóãîì!). Ôèçè÷åñêàÿ ðåàëèçàöèÿ: Âçÿòü äâà ïðåäìåòà, ïåðåìåøàòü ñ çàêðûòûìè ãëàçàìè.  ëåâîé ðóêå èëè â ïðàâîé? Òîæå ñ çàêðûòûìè ãëàçàìè. Îñòàâøååñÿ âûáðàñûâàåì. Íàä¼æíîñòü, êîíå÷íî, õðîìàåò. . . (êòî ïðîâåðèò Àëèñó?). Ê òîìó æå, Áîá íå ìîæåò âûáðàòü òîãî ïðåäìåòà, êîòîðûé åìó íóæåí, à âûíóæäåí íà ñàìîì äåëå áðàòü ñëó÷àéíûé. 7 / 13
Îïðåäåëåíèå ((1,2)Oblivious Transfer, (1,2)OT) . . . ýòî ïðîòîêîë îáùåíèÿ äâóõ ïîëèíîìèàëüíî îãðàíè÷åííûõ ó÷àñòíèêîâ, äëÿ êîòîðîãî. . . Âõîä ó÷àñòíèêà A äâà áèòà α0 , α1 , âõîä ó÷àñòíèêà B èíäåêñ i ∈ {0, 1}, âõîä îáîèõ ó÷àñòíèêîâ A, B ïàðàìåòð íàä¼æíîñòè 1 . n Âûõîä ïî îêîí÷àíèè ïðîòîêîëà: âûõîä B ïàðà1 áèòîâ (β0 , β1 ); âûõîä A èíäåêñ j . 2 Ôóíêöèîíàëüíîñòü: äëÿ ÷åñòíûõ β0 = α i . Íàä¼æíîñòü: äëÿ ëþáîãî B B ) âåðîÿòíîñòü β1 = α1− ìàëà ( 1 + 1 ); (âìåñòî 2 i k íèêàêîé A (âìåñòî A) åù¼ íå ìîæåò âûäàòü j = i ñî ñêîëü-íèáóäü n 1 1 ñóùåñòâåííîé âåðîÿòíîñòüþ ( 2 + k ). n 1 ×åñòíûé B âûäà¼ò òîëüêî îäèí áèò. 2 ×åñòíûé A íè÷åãî íå âûäà¼ò. 8 / 13
Ïðîòîêîë äëÿ (1,2)OT èç ðàñøèðåííîãî tdpf Ðàñøèðåííîå tdpf (e , s , s , d ) ñ òðóäíûì áèòîì B : åñòü äîïîëíèòåëüíûé sampler s ïî îáðàçó: s (r ) ðàñïðåäåëåíî ïîõîæå íà e (s (r )) äàæå äëÿ òîãî, êòî çíàåò d , 9 / 13
Ïðîòîêîë äëÿ (1,2)OT èç ðàñøèðåííîãî tdpf Ðàñøèðåííîå tdpf (e , s , s , d ) ñ òðóäíûì áèòîì B : åñòü äîïîëíèòåëüíûé sampler s ïî îáðàçó: s (r ) ðàñïðåäåëåíî ïîõîæå íà e (s (r )) äàæå äëÿ òîãî, êòî çíàåò d , íî d (s (r )) òðóäíî íàéòè áåç d , äàæå çíàÿ r . 9 / 13
Ïðîòîêîë äëÿ (1,2)OT èç ðàñøèðåííîãî tdpf Ðàñøèðåííîå tdpf (e , s , s , d ) ñ òðóäíûì áèòîì B : åñòü äîïîëíèòåëüíûé sampler s ïî îáðàçó: s (r ) ðàñïðåäåëåíî ïîõîæå íà e (s (r )) äàæå äëÿ òîãî, êòî çíàåò d , íî d (s (r )) òðóäíî íàéòè áåç d , äàæå çíàÿ r . Ïðåäïîëîæèì, ÷òî ó÷àñòíèêè ïàññèâíî ÷åñòíû (semi-honest): ñëåäóþò ïðîòîêîëó, íî ìîãóò âû÷èñëÿòü ÷òî-òî ëèøíåå íà îñíîâå óâèäåííîãî. Ïðîòîêîë: 1. Àëèñà ãåíåðèðóåò (e , s , s , d ) è ïîñûëàåò (e , s , s ) Áîáó. 2. Áîá âû÷èñëÿåò ai = e (s (r )) è a1−i = s (r ) è îòïðàâëÿåò Àëèñå. 3. Àëèñà âû÷èñëÿåò ∀k ck = b ⊕ B (d (a )), k k ïîñûëàåò Áîáó (c0 , c1 ). 4. Áîá âû÷èñëÿåò bi = B (s (r )) ⊕ c i è âûäàåò åãî. 9 / 13
Óïðàæíåíèÿ Óïðàæíåíèå Íàïèñàòü ôîðìàëüíî äîêàçàòåëüñòâî íàä¼æíîñòè (BA,A)-ïðîòîêîëà. Óêàçàíèå: ñ ïîìîùüþ âîçìîæíîãî ïðîòèâíèêà ìîæíî âçëîìàòü ëèáî òðóäíûé áèò, ëèáî îäíî èç ñâîéñòâ ðàñøèðåííîãî tdpf. Óïðàæíåíèå Èçâëå÷ü owf èç ïðîòîêîëà bit commitment. Óïðàæíåíèå À ÷òî ìîæíî èçâëå÷ü èç ïðîòîêîëà (1,2)-OT? 10 / 13
Secure Function Evaluation (SFE) Àëèñà è Áîá èìåþò ïî ïîëîâèíå àðãóìåíòîâ ôóíêöèè c = f (a1 , . . . , a , b 1 , . . . , b ) m m è õîòÿò å¼ âû÷èñëèòü, ñîõðàíèâ ñâîè àðãóìåíòû â òàéíå. Ïàññèâíî-÷åñòíàÿ Àëèñà íå ìîæåò âû÷èñëèòü íè÷åãî, êðîìå ïîëèíîìèàëüíî âû÷èñëèìîé ôóíêöèè îò a1 , . . . , am è c : ∀g ∀k ∀ ïîëèí. A ∃ ïîëèí. A 1 Pr{A (÷òî âèäåëà Àëèñà) = g (a, b )} ≤ Pr{A (a, f (a, b )) = g (a, b )} + k . n Òî æå è Áîá. 11 / 13
SFE: àëãîðèòì Yao Àëèñà êîäèðóåò ôóíêöèþ f (áóëåâó ñõåìó): òàáëèöà èñòèííîñòè êàæäîãî ãåéòà êîäèðóåòñÿ ñëó÷àéíûìè ñòðî÷êàìè, ðåçóëüòàòû øèôðóþòñÿ: 0 0 1 u0 v0 Eu0 (Ev0 (w1 )) 0 1 1 0 0 1 → u0 u1 v1 v0 Eu0 (Ev1 (w0 )) Eu1 (Ev0 (w1 )) 1 1 0 u1 v1 Eu1 (Ev1 (w0 )) Áîá âñ¼ âû÷èñëÿåò, äëÿ ýòîãî ïîëó÷àåò çàøèôðîâàííóþ ñõåìó, êîäû âõîäîâ Àëèñû, êîäû ñâîèõ âõîäîâ ïðè ïîìîùè (1,2)OT: ÷òî-òî èç v0 è v1 , ïîñëå âû÷èñëåíèÿ êëþ÷ äëÿ ðàñøèôðîâêè îòâåòà. 12 / 13
SFE: àëãîðèòì Yao Àëèñà êîäèðóåò ôóíêöèþ f (áóëåâó ñõåìó): òàáëèöà èñòèííîñòè êàæäîãî ãåéòà êîäèðóåòñÿ ñëó÷àéíûìè ñòðî÷êàìè, ðåçóëüòàòû øèôðóþòñÿ:  0 0 1 Eu0 (Ev0 (w1 ))  →  0 1 0 Eu0 (Ev1 (w0 ))  ïåðåñòàâèòü 1 0 1 Eu1 (Ev0 (w1 ))   Eu1 (Ev1 (w0 ))  1 1 0 Áîá âñ¼ âû÷èñëÿåò, äëÿ ýòîãî ïîëó÷àåò çàøèôðîâàííóþ ñõåìó, êîäû âõîäîâ Àëèñû, êîäû ñâîèõ âõîäîâ ïðè ïîìîùè (1,2)OT: ÷òî-òî èç v0 è v1 , ïîñëå âû÷èñëåíèÿ êëþ÷ äëÿ ðàñøèôðîâêè îòâåòà. 12 / 13
Ãîòîâèìñÿ ê ýêçàìåíó ðåøàåì óïðàæíåíèÿ è êîïèì âîïðîñû! 13 / 13

Empfohlen

Loi nhuan, rui ro va danh muc dau tu, lợi nhuận, rủi ro và danh mục đầu tư
Loi nhuan, rui ro va danh muc dau tu, lợi nhuận, rủi ro và danh mục đầu tưLoi nhuan, rui ro va danh muc dau tu, lợi nhuận, rủi ro và danh mục đầu tư
Loi nhuan, rui ro va danh muc dau tu, lợi nhuận, rủi ro và danh mục đầu tư
Việt Long Plaza
 
Sujet math-33
Sujet math-33Sujet math-33
Sujet math-33
math44
 
Lecture 4 abi
Lecture 4 abiLecture 4 abi
Lecture 4 abi
Uhaaral Beleglch
 
7 анги өнцөг 5 цаг
7 анги өнцөг 5 цаг7 анги өнцөг 5 цаг
7 анги өнцөг 5 цаг
ch-boldbayar
 
Ptk
PtkPtk
Ptk
COCommunityCollegeSystem
 
Paisajes Coloristas- Painter Phan Thu Trang
Paisajes Coloristas- Painter Phan Thu TrangPaisajes Coloristas- Painter Phan Thu Trang
Paisajes Coloristas- Painter Phan Thu Trang
maditabalnco
 
Adolescents 1
Adolescents 1Adolescents 1
Adolescents 1
teresa terrades pons
 
Practica calificada nª 02
Practica calificada nª 02Practica calificada nª 02
Practica calificada nª 02
mariavanel
 

Empfohlen

Loi nhuan, rui ro va danh muc dau tu, lợi nhuận, rủi ro và danh mục đầu tư
Loi nhuan, rui ro va danh muc dau tu, lợi nhuận, rủi ro và danh mục đầu tưLoi nhuan, rui ro va danh muc dau tu, lợi nhuận, rủi ro và danh mục đầu tư
Loi nhuan, rui ro va danh muc dau tu, lợi nhuận, rủi ro và danh mục đầu tư
Việt Long Plaza
 
Sujet math-33
Sujet math-33Sujet math-33
Sujet math-33
math44
 
Lecture 4 abi
Lecture 4 abiLecture 4 abi
Lecture 4 abi
Uhaaral Beleglch
 
7 анги өнцөг 5 цаг
7 анги өнцөг 5 цаг7 анги өнцөг 5 цаг
7 анги өнцөг 5 цаг
ch-boldbayar
 
Ptk
PtkPtk
Ptk
COCommunityCollegeSystem
 
Paisajes Coloristas- Painter Phan Thu Trang
Paisajes Coloristas- Painter Phan Thu TrangPaisajes Coloristas- Painter Phan Thu Trang
Paisajes Coloristas- Painter Phan Thu Trang
maditabalnco
 
Adolescents 1
Adolescents 1Adolescents 1
Adolescents 1
teresa terrades pons
 
Practica calificada nª 02
Practica calificada nª 02Practica calificada nª 02
Practica calificada nª 02
mariavanel
 
Andres felipe rodriguez
Andres felipe rodriguezAndres felipe rodriguez
Andres felipe rodriguez
feliperodriguezcortes
 
Bizantinos y carolingios
Bizantinos y carolingiosBizantinos y carolingios
Bizantinos y carolingios
la_jarillo16
 
Kenneths Collage
Kenneths CollageKenneths Collage
Kenneths Collage
Meghan (Cory) Morgan
 
Maria Seredyszyn Hames ,School And Students
Maria Seredyszyn Hames ,School And StudentsMaria Seredyszyn Hames ,School And Students
Maria Seredyszyn Hames ,School And Students
LucianeCurator, EUNEOS Social Media Manager and Trainer
 
Opinion rap ayelen soledad florez
Opinion rap ayelen soledad florezOpinion rap ayelen soledad florez
Opinion rap ayelen soledad florez
florezayelen
 
Actividad2 coronelpartesano-140806125017-phpapp02
Actividad2 coronelpartesano-140806125017-phpapp02Actividad2 coronelpartesano-140806125017-phpapp02
Actividad2 coronelpartesano-140806125017-phpapp02
VaninaSol
 
One piece volume 11(091-099)
One piece volume 11(091-099)One piece volume 11(091-099)
One piece volume 11(091-099)
Marcos Donato
 
Modelli Semantici e Gestione della Conoscenza: Social Network vs Knowledge Ma...
Modelli Semantici e Gestione della Conoscenza: Social Network vs Knowledge Ma...Modelli Semantici e Gestione della Conoscenza: Social Network vs Knowledge Ma...
Modelli Semantici e Gestione della Conoscenza: Social Network vs Knowledge Ma...
Paolo Nesi
 
Mystery shopping v knihovnách
Mystery shopping v knihovnáchMystery shopping v knihovnách
Mystery shopping v knihovnách
KISK FF MU
 
Tipo de ecuaciones
Tipo de ecuacionesTipo de ecuaciones
Tipo de ecuaciones
rosaorellanau
 
David Spáčil: Predikce videotrendů v blízké budoucnosti
David Spáčil: Predikce videotrendů v blízké budoucnostiDavid Spáčil: Predikce videotrendů v blízké budoucnosti
David Spáčil: Predikce videotrendů v blízké budoucnosti
KISK FF MU
 
Mi biografia diego viviescas
Mi biografia diego viviescasMi biografia diego viviescas
Mi biografia diego viviescas
diegoviviescas
 
La placa madre sesión 05
La placa madre sesión 05La placa madre sesión 05
La placa madre sesión 05
Josue Balboa Cardenas
 
Map reduce na veia
Map reduce na veiaMap reduce na veia
Map reduce na veia
Diego Pacheco
 
Las tics en la Educacion por Cecilia Verdugo
Las tics en la Educacion por Cecilia VerdugoLas tics en la Educacion por Cecilia Verdugo
Las tics en la Educacion por Cecilia Verdugo
ceciliaverdugo
 
Indice
IndiceIndice
Indice
Frida Vega
 
Evolucion de la web
Evolucion de la webEvolucion de la web
Evolucion de la web
Alberto Santiago
 
Sharebrary
SharebrarySharebrary
Sharebrary
KISK FF MU
 
Amore
AmoreAmore
Amore
lriux
 
Mapa c
Mapa cMapa c
Mapa c
mauxydelahoz
 
20141223 kuznetsov distributed
20141223 kuznetsov distributed20141223 kuznetsov distributed
20141223 kuznetsov distributed
Computer Science Club
 
Computer Vision
Computer VisionComputer Vision
Computer Vision
Computer Science Club
 

Weitere ähnliche Inhalte

Andere mochten auch

Opinion rap ayelen soledad florez
Opinion rap ayelen soledad florezOpinion rap ayelen soledad florez
Opinion rap ayelen soledad florez
florezayelen
 
Actividad2 coronelpartesano-140806125017-phpapp02
Actividad2 coronelpartesano-140806125017-phpapp02Actividad2 coronelpartesano-140806125017-phpapp02
Actividad2 coronelpartesano-140806125017-phpapp02
VaninaSol
 
Mystery shopping v knihovnách
Mystery shopping v knihovnáchMystery shopping v knihovnách
Mystery shopping v knihovnách
KISK FF MU
 
David Spáčil: Predikce videotrendů v blízké budoucnosti
David Spáčil: Predikce videotrendů v blízké budoucnostiDavid Spáčil: Predikce videotrendů v blízké budoucnosti
David Spáčil: Predikce videotrendů v blízké budoucnosti
KISK FF MU
 
Mi biografia diego viviescas
Mi biografia diego viviescasMi biografia diego viviescas
Mi biografia diego viviescas
diegoviviescas
 
Amore
AmoreAmore
Amore
lriux
 

Andere mochten auch (20)

Andres felipe rodriguez
Andres felipe rodriguezAndres felipe rodriguez
Andres felipe rodriguez
 
Bizantinos y carolingios
Bizantinos y carolingiosBizantinos y carolingios
Bizantinos y carolingios
 
Kenneths Collage
Kenneths CollageKenneths Collage
Kenneths Collage
 
Maria Seredyszyn Hames ,School And Students
Maria Seredyszyn Hames ,School And StudentsMaria Seredyszyn Hames ,School And Students
Maria Seredyszyn Hames ,School And Students
 
Opinion rap ayelen soledad florez
Opinion rap ayelen soledad florezOpinion rap ayelen soledad florez
Opinion rap ayelen soledad florez
 
Actividad2 coronelpartesano-140806125017-phpapp02
Actividad2 coronelpartesano-140806125017-phpapp02Actividad2 coronelpartesano-140806125017-phpapp02
Actividad2 coronelpartesano-140806125017-phpapp02
 
One piece volume 11(091-099)
One piece volume 11(091-099)One piece volume 11(091-099)
One piece volume 11(091-099)
 
Modelli Semantici e Gestione della Conoscenza: Social Network vs Knowledge Ma...
Modelli Semantici e Gestione della Conoscenza: Social Network vs Knowledge Ma...Modelli Semantici e Gestione della Conoscenza: Social Network vs Knowledge Ma...
Modelli Semantici e Gestione della Conoscenza: Social Network vs Knowledge Ma...
 
Mystery shopping v knihovnách
Mystery shopping v knihovnáchMystery shopping v knihovnách
Mystery shopping v knihovnách
 
Tipo de ecuaciones
Tipo de ecuacionesTipo de ecuaciones
Tipo de ecuaciones
 
David Spáčil: Predikce videotrendů v blízké budoucnosti
David Spáčil: Predikce videotrendů v blízké budoucnostiDavid Spáčil: Predikce videotrendů v blízké budoucnosti
David Spáčil: Predikce videotrendů v blízké budoucnosti
 
Mi biografia diego viviescas
Mi biografia diego viviescasMi biografia diego viviescas
Mi biografia diego viviescas
 
La placa madre sesión 05
La placa madre sesión 05La placa madre sesión 05
La placa madre sesión 05
 
Map reduce na veia
Map reduce na veiaMap reduce na veia
Map reduce na veia
 
Las tics en la Educacion por Cecilia Verdugo
Las tics en la Educacion por Cecilia VerdugoLas tics en la Educacion por Cecilia Verdugo
Las tics en la Educacion por Cecilia Verdugo
 
Indice
IndiceIndice
Indice
 
Evolucion de la web
Evolucion de la webEvolucion de la web
Evolucion de la web
 
Sharebrary
SharebrarySharebrary
Sharebrary
 
Amore
AmoreAmore
Amore
 
Mapa c
Mapa cMapa c
Mapa c
 

Mehr von Computer Science Club

20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs
Computer Science Club
 
20140531 serebryany lecture02_find_scary_cpp_bugs
20140531 serebryany lecture02_find_scary_cpp_bugs20140531 serebryany lecture02_find_scary_cpp_bugs
20140531 serebryany lecture02_find_scary_cpp_bugs
Computer Science Club
 
20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs
Computer Science Club
 
20140511 parallel programming_kalishenko_lecture12
20140511 parallel programming_kalishenko_lecture1220140511 parallel programming_kalishenko_lecture12
20140511 parallel programming_kalishenko_lecture12
Computer Science Club
 
20140427 parallel programming_zlobin_lecture11
20140427 parallel programming_zlobin_lecture1120140427 parallel programming_zlobin_lecture11
20140427 parallel programming_zlobin_lecture11
Computer Science Club
 
20140420 parallel programming_kalishenko_lecture10
20140420 parallel programming_kalishenko_lecture1020140420 parallel programming_kalishenko_lecture10
20140420 parallel programming_kalishenko_lecture10
Computer Science Club
 
20140413 parallel programming_kalishenko_lecture09
20140413 parallel programming_kalishenko_lecture0920140413 parallel programming_kalishenko_lecture09
20140413 parallel programming_kalishenko_lecture09
Computer Science Club
 
20140329 graph drawing_dainiak_lecture02
20140329 graph drawing_dainiak_lecture0220140329 graph drawing_dainiak_lecture02
20140329 graph drawing_dainiak_lecture02
Computer Science Club
 
20140329 graph drawing_dainiak_lecture01
20140329 graph drawing_dainiak_lecture0120140329 graph drawing_dainiak_lecture01
20140329 graph drawing_dainiak_lecture01
Computer Science Club
 
20140310 parallel programming_kalishenko_lecture03-04
20140310 parallel programming_kalishenko_lecture03-0420140310 parallel programming_kalishenko_lecture03-04
20140310 parallel programming_kalishenko_lecture03-04
Computer Science Club
 
20140216 parallel programming_kalishenko_lecture01
20140216 parallel programming_kalishenko_lecture0120140216 parallel programming_kalishenko_lecture01
20140216 parallel programming_kalishenko_lecture01
Computer Science Club
 

Mehr von Computer Science Club (20)

20141223 kuznetsov distributed
20141223 kuznetsov distributed20141223 kuznetsov distributed
20141223 kuznetsov distributed
 
Computer Vision
Computer VisionComputer Vision
Computer Vision
 
20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs
 
20140531 serebryany lecture02_find_scary_cpp_bugs
20140531 serebryany lecture02_find_scary_cpp_bugs20140531 serebryany lecture02_find_scary_cpp_bugs
20140531 serebryany lecture02_find_scary_cpp_bugs
 
20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs20140531 serebryany lecture01_fantastic_cpp_bugs
20140531 serebryany lecture01_fantastic_cpp_bugs
 
20140511 parallel programming_kalishenko_lecture12
20140511 parallel programming_kalishenko_lecture1220140511 parallel programming_kalishenko_lecture12
20140511 parallel programming_kalishenko_lecture12
 
20140427 parallel programming_zlobin_lecture11
20140427 parallel programming_zlobin_lecture1120140427 parallel programming_zlobin_lecture11
20140427 parallel programming_zlobin_lecture11
 
20140420 parallel programming_kalishenko_lecture10
20140420 parallel programming_kalishenko_lecture1020140420 parallel programming_kalishenko_lecture10
20140420 parallel programming_kalishenko_lecture10
 
20140413 parallel programming_kalishenko_lecture09
20140413 parallel programming_kalishenko_lecture0920140413 parallel programming_kalishenko_lecture09
20140413 parallel programming_kalishenko_lecture09
 
20140329 graph drawing_dainiak_lecture02
20140329 graph drawing_dainiak_lecture0220140329 graph drawing_dainiak_lecture02
20140329 graph drawing_dainiak_lecture02
 
20140329 graph drawing_dainiak_lecture01
20140329 graph drawing_dainiak_lecture0120140329 graph drawing_dainiak_lecture01
20140329 graph drawing_dainiak_lecture01
 
20140310 parallel programming_kalishenko_lecture03-04
20140310 parallel programming_kalishenko_lecture03-0420140310 parallel programming_kalishenko_lecture03-04
20140310 parallel programming_kalishenko_lecture03-04
 
20140223-SuffixTrees-lecture01-03
20140223-SuffixTrees-lecture01-0320140223-SuffixTrees-lecture01-03
20140223-SuffixTrees-lecture01-03
 
20140216 parallel programming_kalishenko_lecture01
20140216 parallel programming_kalishenko_lecture0120140216 parallel programming_kalishenko_lecture01
20140216 parallel programming_kalishenko_lecture01
 
20131106 h10 lecture6_matiyasevich
20131106 h10 lecture6_matiyasevich20131106 h10 lecture6_matiyasevich
20131106 h10 lecture6_matiyasevich
 
20131027 h10 lecture5_matiyasevich
20131027 h10 lecture5_matiyasevich20131027 h10 lecture5_matiyasevich
20131027 h10 lecture5_matiyasevich
 
20131027 h10 lecture5_matiyasevich
20131027 h10 lecture5_matiyasevich20131027 h10 lecture5_matiyasevich
20131027 h10 lecture5_matiyasevich
 
20131013 h10 lecture4_matiyasevich
20131013 h10 lecture4_matiyasevich20131013 h10 lecture4_matiyasevich
20131013 h10 lecture4_matiyasevich
 
20131006 h10 lecture3_matiyasevich
20131006 h10 lecture3_matiyasevich20131006 h10 lecture3_matiyasevich
20131006 h10 lecture3_matiyasevich
 
20131006 h10 lecture3_matiyasevich
20131006 h10 lecture3_matiyasevich20131006 h10 lecture3_matiyasevich
20131006 h10 lecture3_matiyasevich
 

20080330 cryptography hirsch_lecture07

  • 1. Ñëîæíîñòíàÿ êðèïòîãðàôèÿ Ýäóàðä Àëåêñååâè÷ Ãèðø http://logic.pdmi.ras.ru/~hirsch ÏÎÌÈ ÐÀÍ 30 ìàðòà 2008 ã. 1 / 13
  • 2. Bit commitment Alice: Bob: α , , 2 / 13
  • 3. Bit commitment Alice: Bob: α , , −→ α commitment α 2 / 13
  • 4. Bit commitment Alice: Bob: α , , −→ α commitment α . . . æèçíü. . . 2 / 13
  • 5. Bit commitment Alice: Bob: α , , −→ α commitment α . . . æèçíü. . . −→ α 2 / 13
  • 6. Îïðåäåëåíèå (Bit commitment) . . . ýòî ïðîòîêîë îáùåíèÿ äâóõ ïîëèíîìèàëüíî îãðàíè÷åííûõ ó÷àñòíèêîâ, äëÿ êîòîðîãî âõîä ó÷àñòíèêà A áèò α, âõîä îáîèõ ó÷àñòíèêîâ A, B ïàðàìåòð íàä¼æíîñòè 1 ; n ïî îêîí÷àíèè ïðîòîêîëà âûõîä B áèò α ëèáî îøèáêà; ïîñëå íåêîòîðîãî ðàóíäà ïðîòîêîëà ñèòóàöèÿ òàêîâà: èìååòñÿ çíà÷åíèå α, òàêîå, ÷òî A èòîãîâûé îòâåò B áóäåò α = α = α; äëÿ ÷åñòíîãî äëÿ ëþáîãî A A) âåðîÿòíîñòü α = α ìàëà ( 1 ); (âìåñòî k íèêàêîé B (âìåñòî B ) åù¼ íå ìîæåò âûäàòü α ñî ñêîëü-íèáóäü n 1 1 ñóùåñòâåííîé âåðîÿòíîñòüþ ( 2 + k ); n èíôîðìàöèÿ, ïîëó÷åííàÿ B ê ýòîìó ìîìåíòó, íàçûâàåòñÿ ïðèâÿçêîé (commitment). Ïðîòîêîëû: (A, A) íåèíòåðàêòèâíûé, (AB ..., AB ...) èíòåðàêòèâíûé. 3 / 13
  • 7. Íåèíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå owp (A, A)-ïðîòîêîë Ïóñòü f : {0, 1} → {0, 1} n n owp, B å¼ òðóäíûé áèò. Ïðèâÿçêà (f (s ), B (s ) ⊕ α), ãäå ñëó÷àéíîå s ∈ {0, 1} n , íàä¼æíà: ïîñëå å¼ îòïðàâêè Áîá íå ìîæåò óçíàòü α: òàêîãî Áîáà ìîæíî ïðîñèòü íàéòè B (s ); óçíàâ s ïîòîì, Áîá íàéä¼ò α; Àëèñà íå ìîæåò äàòü äðóãîå s , äëÿ êîòîðîãî f (s ) = f (s ) (åãî íåò!). 4 / 13
  • 8. Íåèíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå owp (A, A)-ïðîòîêîë Ïóñòü f : {0, 1} → {0, 1} n n owp, B å¼ òðóäíûé áèò. Ïðèâÿçêà (f (s ), B (s ) ⊕ α), ãäå ñëó÷àéíîå s ∈ {0, 1} n , íàä¼æíà: ïîñëå å¼ îòïðàâêè Áîá íå ìîæåò óçíàòü α: òàêîãî Áîáà ìîæíî ïðîñèòü íàéòè B (s ); óçíàâ s ïîòîì, Áîá íàéä¼ò α; Àëèñà íå ìîæåò äàòü äðóãîå s , äëÿ êîòîðîãî f (s ) = f (s ) (åãî íåò!). Óïðàæíåíèå Ìîæíî áûëî îáîéòèñü è èíúåêòèâíîé owf f , îïðåäåë¼ííîé íå íà {0 , 1 } n , à íà ñòðîêàõ, âûäàâàåìûõ samplerîì. Êàêîå äîïîëíèòåëüíîå ñâîéñòâî îò owf ïîíàäîáèëîñü áû? 4 / 13
  • 9. Íåèíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå owp (A, A)-ïðîòîêîë Ïóñòü f : {0, 1} → {0, 1} n n owp, B å¼ òðóäíûé áèò. Ïðèâÿçêà (f (s ), B (s ) ⊕ α), ãäå ñëó÷àéíîå s ∈ {0, 1} n , íàä¼æíà: ïîñëå å¼ îòïðàâêè Áîá íå ìîæåò óçíàòü α: òàêîãî Áîáà ìîæíî ïðîñèòü íàéòè B (s ); óçíàâ s ïîòîì, Áîá íàéä¼ò α; Àëèñà íå ìîæåò äàòü äðóãîå s , äëÿ êîòîðîãî f (s ) = f (s ) (åãî íåò!). Óïðàæíåíèå Ìîæíî áûëî îáîéòèñü è èíúåêòèâíîé owf f , îïðåäåë¼ííîé íå íà {0 , 1 } n , à íà ñòðîêàõ, âûäàâàåìûõ samplerîì. Êàêîå äîïîëíèòåëüíîå ñâîéñòâî îò owf ïîíàäîáèëîñü áû? Îòâåò: 4 / 13
  • 10. Íåèíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå owp (A, A)-ïðîòîêîë Ïóñòü f : {0, 1} → {0, 1} n n owp, B å¼ òðóäíûé áèò. Ïðèâÿçêà (f (s ), B (s ) ⊕ α), ãäå ñëó÷àéíîå s ∈ {0, 1} n , íàä¼æíà: ïîñëå å¼ îòïðàâêè Áîá íå ìîæåò óçíàòü α: òàêîãî Áîáà ìîæíî ïðîñèòü íàéòè B (s ); óçíàâ s ïîòîì, Áîá íàéä¼ò α; Àëèñà íå ìîæåò äàòü äðóãîå s , äëÿ êîòîðîãî f (s ) = f (s ) (åãî íåò!). Óïðàæíåíèå Ìîæíî áûëî îáîéòèñü è èíúåêòèâíîé owf f , îïðåäåë¼ííîé íå íà {0 , 1 } n , à íà ñòðîêàõ, âûäàâàåìûõ samplerîì. Êàêîå äîïîëíèòåëüíîå ñâîéñòâî îò owf ïîíàäîáèëîñü áû? Îòâåò: ïîëèíîìèàëüíàÿ ðàçðåøèìîñòü îáëàñòè îïðåäåëåíèÿ f. 4 / 13
  • 11. Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG (BA, A)-ïðîòîêîë Ïóñòü G 3n ãåíåðàòîð. Alice: Bob: ←− α ñëó÷àéíîå r ∈ {0, 1}3 n r −→ G (s ) ⊕ (r · α) 5 / 13
  • 12. Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG (BA, A)-ïðîòîêîë Ïóñòü G 3n ãåíåðàòîð. Alice: Bob: ←− α ñëó÷àéíîå r ∈ {0, 1}3 n r −→ G (s ) ⊕ (r · α) G (s ) ëèáî G (s ) ⊕ r . . . æèçíü. . . 5 / 13
  • 13. Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG (BA, A)-ïðîòîêîë Ïóñòü G 3n ãåíåðàòîð. Alice: Bob: ←− α ñëó÷àéíîå r ∈ {0, 1}3 n r −→ G (s ) ⊕ (r · α) G (s ) ëèáî G (s ) ⊕ r . . . æèçíü. . . −→ s α 5 / 13
  • 14. Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG Íàä¼æíîñòü (BA, A)-ïðîòîêîëà 1. Áîá (äàæå âûáèðàâøèé r !) íå ìîæåò îòëè÷èòü G (s ) îò G (s ) ⊕ r: G (Un ) ïîõîæå íà U3n ïîõîæå íà U3n ⊕r ïîõîæå íà G (Un ) ⊕ r. 6 / 13
  • 15. Èíòåðàêòèâíàÿ ïðèâÿçêà íà îñíîâå PRG Íàä¼æíîñòü (BA, A)-ïðîòîêîëà 1. Áîá (äàæå âûáèðàâøèé r !) íå ìîæåò îòëè÷èòü G (s ) îò G (s ) ⊕ r: G (Un ) ïîõîæå íà U3n ïîõîæå íà U3n ⊕r ïîõîæå íà G (Un ) ⊕ r. 2. Àëèñà íå ìîæåò ïîäìåíèòü α: G (s1 ) = G (s2 ) ⊕ r îçíà÷àåò r = G (s1 ) ⊕ G (s2 ). Òàêèõ ïàð (s1 , s2 ) èìååòñÿ 2 2n , è äëÿ êàæäîé èç íèõ îäíî r . 3n À âîçìîæíûõ r èìååòñÿ 2 . 22n 1 Âåðîÿòíîñòü, ÷òî Áîá ïîïàä¼ò â ïëîõîå r ìåíåå = 23n 2n . 6 / 13
  • 16. 1-out-of-2 Oblivious Transfer Ïåðåäà÷à îäíîãî áèòà èç äâóõ âîçìîæíûõ Àëèñà îòäà¼ò îäèí èç äâóõ ïðåäìåòîâ (ñàìà íå çíàåò, êàêîé!). Áîá ïîëó÷àåò òîëüêî îäèí èç íèõ (íè÷åãî íå çíàåò î äðóãîì!). Ôèçè÷åñêàÿ ðåàëèçàöèÿ: 7 / 13
  • 17. 1-out-of-2 Oblivious Transfer Ïåðåäà÷à îäíîãî áèòà èç äâóõ âîçìîæíûõ Àëèñà îòäà¼ò îäèí èç äâóõ ïðåäìåòîâ (ñàìà íå çíàåò, êàêîé!). Áîá ïîëó÷àåò òîëüêî îäèí èç íèõ (íè÷åãî íå çíàåò î äðóãîì!). Ôèçè÷åñêàÿ ðåàëèçàöèÿ: Âçÿòü äâà ïðåäìåòà, ïåðåìåøàòü ñ çàêðûòûìè ãëàçàìè.  ëåâîé ðóêå èëè â ïðàâîé? Òîæå ñ çàêðûòûìè ãëàçàìè. Îñòàâøååñÿ âûáðàñûâàåì. Íàä¼æíîñòü, êîíå÷íî, õðîìàåò. . . (êòî ïðîâåðèò Àëèñó?). Ê òîìó æå, Áîá íå ìîæåò âûáðàòü òîãî ïðåäìåòà, êîòîðûé åìó íóæåí, à âûíóæäåí íà ñàìîì äåëå áðàòü ñëó÷àéíûé. 7 / 13
  • 18. Îïðåäåëåíèå ((1,2)Oblivious Transfer, (1,2)OT) . . . ýòî ïðîòîêîë îáùåíèÿ äâóõ ïîëèíîìèàëüíî îãðàíè÷åííûõ ó÷àñòíèêîâ, äëÿ êîòîðîãî. . . Âõîä ó÷àñòíèêà A äâà áèòà α0 , α1 , âõîä ó÷àñòíèêà B èíäåêñ i ∈ {0, 1}, âõîä îáîèõ ó÷àñòíèêîâ A, B ïàðàìåòð íàä¼æíîñòè 1 . n Âûõîä ïî îêîí÷àíèè ïðîòîêîëà: âûõîä B ïàðà1 áèòîâ (β0 , β1 ); âûõîä A èíäåêñ j . 2 Ôóíêöèîíàëüíîñòü: äëÿ ÷åñòíûõ β0 = α i . Íàä¼æíîñòü: äëÿ ëþáîãî B B ) âåðîÿòíîñòü β1 = α1− ìàëà ( 1 + 1 ); (âìåñòî 2 i k íèêàêîé A (âìåñòî A) åù¼ íå ìîæåò âûäàòü j = i ñî ñêîëü-íèáóäü n 1 1 ñóùåñòâåííîé âåðîÿòíîñòüþ ( 2 + k ). n 1 ×åñòíûé B âûäà¼ò òîëüêî îäèí áèò. 2 ×åñòíûé A íè÷åãî íå âûäà¼ò. 8 / 13
  • 19. Ïðîòîêîë äëÿ (1,2)OT èç ðàñøèðåííîãî tdpf Ðàñøèðåííîå tdpf (e , s , s , d ) ñ òðóäíûì áèòîì B : åñòü äîïîëíèòåëüíûé sampler s ïî îáðàçó: s (r ) ðàñïðåäåëåíî ïîõîæå íà e (s (r )) äàæå äëÿ òîãî, êòî çíàåò d , 9 / 13
  • 20. Ïðîòîêîë äëÿ (1,2)OT èç ðàñøèðåííîãî tdpf Ðàñøèðåííîå tdpf (e , s , s , d ) ñ òðóäíûì áèòîì B : åñòü äîïîëíèòåëüíûé sampler s ïî îáðàçó: s (r ) ðàñïðåäåëåíî ïîõîæå íà e (s (r )) äàæå äëÿ òîãî, êòî çíàåò d , íî d (s (r )) òðóäíî íàéòè áåç d , äàæå çíàÿ r . 9 / 13
  • 21. Ïðîòîêîë äëÿ (1,2)OT èç ðàñøèðåííîãî tdpf Ðàñøèðåííîå tdpf (e , s , s , d ) ñ òðóäíûì áèòîì B : åñòü äîïîëíèòåëüíûé sampler s ïî îáðàçó: s (r ) ðàñïðåäåëåíî ïîõîæå íà e (s (r )) äàæå äëÿ òîãî, êòî çíàåò d , íî d (s (r )) òðóäíî íàéòè áåç d , äàæå çíàÿ r . Ïðåäïîëîæèì, ÷òî ó÷àñòíèêè ïàññèâíî ÷åñòíû (semi-honest): ñëåäóþò ïðîòîêîëó, íî ìîãóò âû÷èñëÿòü ÷òî-òî ëèøíåå íà îñíîâå óâèäåííîãî. Ïðîòîêîë: 1. Àëèñà ãåíåðèðóåò (e , s , s , d ) è ïîñûëàåò (e , s , s ) Áîáó. 2. Áîá âû÷èñëÿåò ai = e (s (r )) è a1−i = s (r ) è îòïðàâëÿåò Àëèñå. 3. Àëèñà âû÷èñëÿåò ∀k ck = b ⊕ B (d (a )), k k ïîñûëàåò Áîáó (c0 , c1 ). 4. Áîá âû÷èñëÿåò bi = B (s (r )) ⊕ c i è âûäàåò åãî. 9 / 13
  • 22. Óïðàæíåíèÿ Óïðàæíåíèå Íàïèñàòü ôîðìàëüíî äîêàçàòåëüñòâî íàä¼æíîñòè (BA,A)-ïðîòîêîëà. Óêàçàíèå: ñ ïîìîùüþ âîçìîæíîãî ïðîòèâíèêà ìîæíî âçëîìàòü ëèáî òðóäíûé áèò, ëèáî îäíî èç ñâîéñòâ ðàñøèðåííîãî tdpf. Óïðàæíåíèå Èçâëå÷ü owf èç ïðîòîêîëà bit commitment. Óïðàæíåíèå À ÷òî ìîæíî èçâëå÷ü èç ïðîòîêîëà (1,2)-OT? 10 / 13
  • 23. Secure Function Evaluation (SFE) Àëèñà è Áîá èìåþò ïî ïîëîâèíå àðãóìåíòîâ ôóíêöèè c = f (a1 , . . . , a , b 1 , . . . , b ) m m è õîòÿò å¼ âû÷èñëèòü, ñîõðàíèâ ñâîè àðãóìåíòû â òàéíå. Ïàññèâíî-÷åñòíàÿ Àëèñà íå ìîæåò âû÷èñëèòü íè÷åãî, êðîìå ïîëèíîìèàëüíî âû÷èñëèìîé ôóíêöèè îò a1 , . . . , am è c : ∀g ∀k ∀ ïîëèí. A ∃ ïîëèí. A 1 Pr{A (÷òî âèäåëà Àëèñà) = g (a, b )} ≤ Pr{A (a, f (a, b )) = g (a, b )} + k . n Òî æå è Áîá. 11 / 13
  • 24. SFE: àëãîðèòì Yao Àëèñà êîäèðóåò ôóíêöèþ f (áóëåâó ñõåìó): òàáëèöà èñòèííîñòè êàæäîãî ãåéòà êîäèðóåòñÿ ñëó÷àéíûìè ñòðî÷êàìè, ðåçóëüòàòû øèôðóþòñÿ: 0 0 1 u0 v0 Eu0 (Ev0 (w1 )) 0 1 1 0 0 1 → u0 u1 v1 v0 Eu0 (Ev1 (w0 )) Eu1 (Ev0 (w1 )) 1 1 0 u1 v1 Eu1 (Ev1 (w0 )) Áîá âñ¼ âû÷èñëÿåò, äëÿ ýòîãî ïîëó÷àåò çàøèôðîâàííóþ ñõåìó, êîäû âõîäîâ Àëèñû, êîäû ñâîèõ âõîäîâ ïðè ïîìîùè (1,2)OT: ÷òî-òî èç v0 è v1 , ïîñëå âû÷èñëåíèÿ êëþ÷ äëÿ ðàñøèôðîâêè îòâåòà. 12 / 13
  • 25. SFE: àëãîðèòì Yao Àëèñà êîäèðóåò ôóíêöèþ f (áóëåâó ñõåìó): òàáëèöà èñòèííîñòè êàæäîãî ãåéòà êîäèðóåòñÿ ñëó÷àéíûìè ñòðî÷êàìè, ðåçóëüòàòû øèôðóþòñÿ:  0 0 1 Eu0 (Ev0 (w1 ))  →  0 1 0 Eu0 (Ev1 (w0 ))  ïåðåñòàâèòü 1 0 1 Eu1 (Ev0 (w1 ))   Eu1 (Ev1 (w0 ))  1 1 0 Áîá âñ¼ âû÷èñëÿåò, äëÿ ýòîãî ïîëó÷àåò çàøèôðîâàííóþ ñõåìó, êîäû âõîäîâ Àëèñû, êîäû ñâîèõ âõîäîâ ïðè ïîìîùè (1,2)OT: ÷òî-òî èç v0 è v1 , ïîñëå âû÷èñëåíèÿ êëþ÷ äëÿ ðàñøèôðîâêè îòâåòà. 12 / 13
  • 26. Ãîòîâèìñÿ ê ýêçàìåíó ðåøàåì óïðàæíåíèÿ è êîïèì âîïðîñû! 13 / 13