Quite surprisingly, we show that both limitations of the LHL --- large entropy loss and large seed --- can often be overcome (or, at least, mitigated) in various quite general scenarios. First, we show that entropy loss could be reduced to L=log(1/e) for the setting of deriving secret keys for a wide range of cryptographic applications. Specifically, the security of these schemes gracefully degrades from e to at most e + sqrt(e * 2^{-L}). (Notice that, unlike standard LHL, this bound is meaningful even for negative entropy loss, when we extract more bits than the the min-entropy we have!) Based on these results we build a general *computational extractor* that enjoys low entropy loss and can be used to instantiate a generic key derivation function for *any* cryptographic application.
存档附件原文地址
原文发布时间:2011/9/3
引用本文:
Boaz Barak;Yevgeniy Dodis;Hugo Krawczyk;Olivier Pereira;Krzysztof Pietrzak;Francois-Xavier Standaert;Yu Yu.Leftover Hash Lemma, Revisited.http://ynau.firstlight.cn/View.aspx?infoid=3065236&cb=Z07870000000.
发布时间:2011/9/3.检索时间:2024/12/13