ABSTRACT
Consider Alice and Bob, who have some shared secret which helps Alice to identify Bob-impersonators, and Eve, who does not know their secret. Eve wants to impersonate Bob and "fool" Alice. If Eve is computationally unbounded, how long does she need to observe Bob before she can impersonate him? What is a good strategy for Eve? If (cryptographic) one-way functions exist, an efficient Eve cannot impersonate even very simple Bobs, but if they do not exist, can Eve learn to impersonate any efficient Bob?We formalize these questions in a new computational learning model, which we believe captures a wide variety of natural learning tasks, and tightly bound the number of observations Eve makes in terms of the secret's entropy. We then show that if one-way functions do not exist, then an efficient Eve can learn to impersonate any efficient Bob nearly as well as an unbounded Eve.For the full version of this work see (Naor & Rothblum, 2006).
- Abe, N., & Warmuth, M. K. (1992) On the Computational Complexity of Approximating Distributions by Probabilistic Automata. Machine Learning 9: 205--260. Google ScholarDigital Library
- Applebaum, B., Ishai, Y., & Kushilevitz, E. (2004) Cryptography in NCO. FOCS 2004: 166--175. Google ScholarDigital Library
- Baum, L. E. (1972) An inequality and associated maximization technique in statistical estimation of probabilistic functions of a Markov process. Inequalities 627(3): 1--8.Google Scholar
- Baum, L. E., Petrie, T., Soules, G., & Weiss, N. (1970) A maximization technique occurring in the statistical analysis of probabilistic functions of Markov chains. Annals of Mathematical Statistics 41: 164--171.Google ScholarCross Ref
- Gillman, D., & Sipser, M. (1994) Inference and Minimization of Hidden Markov Chains. COLT 1994: 147--158. Google ScholarDigital Library
- Goldreich, O. (1990). A Note on Computational In-distinguishability. Information Processing Letters 34(6): 277--281. Google ScholarDigital Library
- Goldreich, O. (2001) Foundations of Cryptography. Cambridge University Press. Google ScholarCross Ref
- Håstad, J., Impagliazzo, R., Levin, L. A., & Luby, M. (1999) A Pseudorandom Generator from any One-way Function. SIAM Journal on Computing 28(4): 1364--1396. Google ScholarDigital Library
- Helmbold, D. P. & Long, P. M. (1994) Tracking Drifting Concepts By Minimizing Disagreements. Machine Learning 14(1): 27--45. Google ScholarDigital Library
- Impagliazzo, R. (1995) A Personal View of Average-Case Complexity. Structure in Complexity Theory Conference 1995: 134--147. Google ScholarDigital Library
- Impagliazzo, R., & Levin, L. A. (1990) No Better Ways to Generate Hard NP Instances than Picking Uniformly at Random. FOCS 1990: 812--821.Google ScholarDigital Library
- Impagliazzo, R., & Luby, M. (1989) One-way Functions are Essential for Complexity Based Cryptography. FOCS 1989: 230--235.Google ScholarDigital Library
- Kearns, M. J., Mansour, Y., Ron, D., Rubinfeld, R., Schapire, R. E., & Sellie, L. (1994) "On the learnability of discrete distributions". STOC 1994: 273--282. Google ScholarDigital Library
- Kearns, M. J., & Schapire, R. E. (1994) Efficient Distribution-Free Learning of Probabilistic Concepts. Journal of Computer and System Sciences 48(3): 464--497. Google ScholarDigital Library
- Kearns, M. J., & Vazirani, U. V. (1994) An Introduction to Computational Learning Theory. MIT Press. Google ScholarCross Ref
- Maurer, U. M. (2000) Authentication theory and hypothesis testing. IEEE Transactions on Information Theory 46(4): 1350--1356. Google ScholarDigital Library
- Naor, M., & Rothblum, G. N. (2005) The Complexity of Online Memory Checking. FOCS 2005: 573--584. Google ScholarDigital Library
- Naor, M., & Rothblum, G. N. (2006) Learning to Impersonate. Full version available at: www.wisdom.weizmann.ac.il/~naor/PAPERS/acd_abs.html. Google ScholarDigital Library
- Rabiner, L. R. (1989) "A tutorial on hidden Markov models and selected applications in speech recognition". Proceedings of the IEEE 77 (2): 257--286.Google ScholarCross Ref
- Ron, D., Singer, Y., & Tishby, N. (1996) The Power of Amnesia: Learning Probabilistic Automata with Variable Memory Length. Machine Learning 25(2-3): 117--149 Google ScholarDigital Library
- Shannon, C. E. (1949) Communication Theory of Secrecy Systems. Bell System Technical Journal 28: 656--715.Google ScholarCross Ref
- Simmons, G. J. (1984). Authentication Theory/Coding Theory. CRYPTO 1984: 411--431. Google ScholarDigital Library
- Valiant, L. G. (1984) A Theory of the Learnable. Communications of the ACM 27(11): 1134--1142. Google ScholarDigital Library
Index Terms
- Learning to impersonate
Recommendations
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part IDesign a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Identity-based strong designated verifier signature schemes: Attacks and new construction
A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party ...
A novel identity-based strong designated verifier signature scheme
Unlike ordinary digital signatures, a designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third ...
Comments