当前位置: X-MOL 学术arXiv.cs.CR › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Revisiting the Concrete Security of Goldreich's Pseudorandom Generator
arXiv - CS - Cryptography and Security Pub Date : 2021-03-03 , DOI: arxiv-2103.02668
Jing Yang, Qian Guo, Thomas Johansson, Michael Lentmaier

Local pseudorandom generators are a class of fundamental cryptographic primitives having very broad applications in theoretical cryptography. Following Couteau et al.'s work in ASIACRYPT 2018, this paper further studies the concrete security of one important class of local pseudorandom generators, i.e., Goldreich's pseudorandom generators. Our first attack is of the guess-and-determine type. Our result significantly improves the state-of-the-art algorithm proposed by Couteau et al., in terms of both asymptotic and concrete complexity, and breaks all the challenge parameters they proposed. For instance, for a parameter set suggested for 128 bits of security, we could solve the instance faster by a factor of about $2^{61}$, thereby destroying the claimed security completely. Our second attack further exploits the extremely sparse structure of the predicate $P_5$ and combines ideas from iterative decoding. This novel attack, named guess-and-decode, substantially improves the guess-and-determine approaches for cryptographic-relevant parameters. All the challenge parameter sets proposed in Couteau et al.'s work in ASIACRYPT 2018 aiming for 80-bit (128-bit) security levels can be solved in about $2^{58}$ ($2^{78}$) operations. We suggest new parameters for achieving 80-bit (128-bit) security with respect to our attacks. We also extend the attack to other promising predicates and investigate their resistance.

中文翻译:

重新审视Goldreich伪随机发生器的具体安全性

本地伪随机数生成器是一类基本的密码基元,在理论密码学中具有非常广泛的应用。继Couteau等人在ASIACRYPT 2018中的工作之后,本文进一步研究了一类重要的本地伪随机生成器(即Goldreich的伪随机生成器)的具体安全性。我们的第一次攻击是猜测和确定类型的攻击。我们的结果在渐进性和具体复杂性两方面都大大改进了Couteau等人提出的最新算法,并打破了他们提出的所有挑战性参数。例如,对于建议用于128位安全性的参数集,我们可以以大约$ 2 ^ {61} $的系数更快地解决实例,从而完全破坏了要求保护的安全性。我们的第二次攻击进一步利用谓词$ P_5 $的极为稀疏的结构,并结合了迭代解码的思想。这种称为猜测和解码的新颖攻击,大大改善了与密码相关的参数的猜测和确定方法。Couteau等人在ASIACRYPT 2018中针对80位(128位)安全级别的工作中提出的所有挑战参数集都可以通过大约$ 2 ^ {58} $($ 2 ^ {78} $)的运算来解决。我们建议使用新参数来实现针对我们的攻击的80位(128位)安全性。我们还将攻击扩展到其他有前途的谓词,并调查它们的抵抗力。Couteau等人在ASIACRYPT 2018中针对80位(128位)安全级别的工作中提出的所有挑战参数集都可以通过大约$ 2 ^ {58} $($ 2 ^ {78} $)的运算来解决。我们建议使用新参数来实现针对我们的攻击的80位(128位)安全性。我们还将攻击扩展到其他有前途的谓词,并调查它们的抵抗力。Couteau等人在ASIACRYPT 2018中针对80位(128位)安全级别的工作中提出的所有挑战参数集都可以通过大约$ 2 ^ {58} $($ 2 ^ {78} $)的运算来解决。我们建议使用新参数来实现针对我们的攻击的80位(128位)安全性。我们还将攻击扩展到其他有前途的谓词,并调查它们的抵抗力。
更新日期:2021-03-05
down
wechat
bug