Paper 2021/110

Replacing Probability Distributions in Security Games via Hellinger Distance

Kenji Yasunaga


Security of cryptographic primitives is usually proved by assuming ``ideal'' probability distributions. We need to replace them with approximated ``real'' distributions in the real-world systems without losing the security level. We demonstrate that the Hellinger distance is useful for this problem, while the statistical distance is mainly used in the cryptographic literature. First, we show that for preserving $\lambda$-bit security of a given security game, the closeness of $2^{-\lambda/2}$ to the ideal distribution is sufficient for the Hellinger distance, whereas $2^{-\lambda}$ is generally required for the statistical distance. The result can be applied to both search and decision primitives through the bit security framework of Micciancio and Walter (Eurocrypt 2018). We also show that the Hellinger distance gives a tighter evaluation of closeness than the max-log distance when the distance is small. Finally, we show that the leftover hash lemma can be strengthened to the Hellinger distance. Namely, a universal family of hash functions gives a strong randomness extractor with optimal entropy loss for the Hellinger distance. Based on the results, a $\lambda$-bit entropy loss in randomness extractors is sufficient for preserving $\lambda$-bit security. The current understanding based on the statistical distance is that a $2\lambda$-bit entropy loss is necessary.

Available format(s)
Publication info
Published elsewhere. MINOR revision.ITC 2021
bit securityHellinger distanceleftover hash lemmarandomness extractor
Contact author(s)
yasunaga @ ist osaka-u ac jp
2021-07-19: revised
2021-02-01: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kenji Yasunaga},
      title = {Replacing Probability Distributions in Security Games via Hellinger Distance},
      howpublished = {Cryptology ePrint Archive, Paper 2021/110},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.