Hybrid Argument (cryptography)
   HOME

TheInfoList



Click Here for Items Related To - Hybrid Argument (cryptography)
OR:
Hybrid Argument (cryptography) on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, the hybrid argument is a proof technique used to show that two distributions are computationally indistinguishable.


History

Hybrid arguments had their origin in a papers by Andrew Yao in 1982 and Shafi Goldwasser and Silvio Micali in 1983.


Formal description

Formally, to show two distributions ''D''1 and ''D''2 are computationally indistinguishable, we can define a sequence of ''hybrid distributions'' ''D''1 := ''H''0, ''H''1, ..., ''H''''t'' =: ''D''2 where ''t'' is polynomial in the security parameter ''n''. Define the advantage of any probabilistic efficient (polynomial-bounded time) algorithm A as :\mathsf_^(\mathbf) := \left, \Pr \stackrel H_i : \mathbf(x)=1- \Pr \stackrel H_ : \mathbf(x)=1\, where the dollar symbol ($) denotes that we sample an element from the distribution at random. By
triangle inequality In mathematics, the triangle inequality states that for any triangle, the sum of the lengths of any two sides must be greater than or equal to the length of the remaining side. This statement permits the inclusion of Degeneracy (mathematics)#T ...
, it is clear that for any probabilistic polynomial time algorithm A, :\mathsf_^(\mathbf) \leq \sum_^\mathsf_^(\mathbf). Thus there must exist some ''k'' s.t. 0 ≤ ''k'' < ''t(n)'' and :\mathsf_^(\mathbf) \geq \mathsf_^(\mathbf)/t(n). Since ''t'' is polynomial-bounded, for any such algorithm A, if we can show that it has a negligible advantage function between distributions ''H''''i'' and ''H''''i''+1 for every ''i'', that is, :\epsilon(n) \ge \mathsf_^(\mathbf) \geq \mathsf_^(\mathbf)/t(n), then it immediately follows that its advantage to distinguish the distributions ''D''''1'' = ''H''0 and ''D''''2'' = ''H''''t'' must also be negligible. This fact gives rise to the hybrid argument: it suffices to find such a sequence of hybrid distributions and show each pair of them is computationally indistinguishable.


Applications

The hybrid argument is extensively used in cryptography. Some simple proofs using hybrid arguments are: * If one cannot efficiently predict the next bit of the output of some number generator, then this generator is a
pseudorandom number generator A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG), is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random number generation, random n ...
(PRG). * We can securely expand a PRG with 1-bit output into a PRG with ''n''-bit output.Lemma 80.5, Corollary 81.7 in Pass's notes.


See also

* Interactive proof system *
Universal composability The framework of universal composability (UC) is a general-purpose model for the analysis of cryptographic protocols. It guarantees very strong security properties. Protocols remain secure even if arbitrarily composed with other instances of the sa ...


Notes


References

* * * {{cite web, last1=Fischlin, first1=Marc, last2=Mittelbach, first2=Arno, title=An Overview of the Hybrid Argument, url=https://eprint.iacr.org/2021/088.pdf Cryptography