Cryptology ePrint Archive: Report 2016/1186

On the Complexity of Breaking Pseudoentropy

Maciej Skorski

Abstract: Pseudoentropy has found a lot of important applications to cryptography and complexity theory. In this paper we focus on the foundational problem that has not been investigated so far, namely by how much pseudoentropy (the amount seen by computationally bounded attackers) differs from its information-theoretic counterpart (seen by unbounded observers), given certain limits on attacker's computational power?

We provide the following answer for HILL pseudoentropy, which exhibits a \emph{threshold behavior} around the size exponential in the entropy amount: \begin​{itemize} \item If the attacker size ($s$) and advantage ($\epsilon$) satisfy $s \gg 2^k\epsilon^{-2}$ where $k$ is the claimed amount of pseudoentropy, then the pseudoentropy boils down to the information-theoretic smooth entropy \item If $s \ll 2^k\epsilon^2$ then pseudoentropy could be arbitrarily bigger than the information-theoretic smooth entropy \end{itemize} Besides answering the posted question, we show an elegant application of our result to the complexity theory, namely that it implies the classical result on the existence of functions hard to approximate (due to Pippenger). In our approach we utilize non-constructive techniques: the duality of linear programming and the probabilistic method.

Category / Keywords: foundations / nonuniform attacks, pseudoentropy, smooth entropy, hardness of boolean functions

Original Publication (with minor differences): TAMC 2017

Date: received 29 Dec 2016, last revised 28 Mar 2017

Contact author: maciej skorski at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20170328:084614 (All versions of this report)

Short URL: ia.cr/2016/1186

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]