TY - GEN

T1 - Lossy functions do not amplify well

AU - Pietrzak, Krzysztof

AU - Rosen, Alon

AU - Segev, Gil

PY - 2012

Y1 - 2012

N2 - We consider the problem of amplifying the "lossiness" of functions. We say that an oracle circuit C*: {0,1}m → {0,1}* amplifies relative lossiness from ℓ/n to L/m if for every function f:{0,1}n → {0,1}n it holds that 1 If f is injective then so is Cf. 2 If f has image size of at most 2 n-ℓ, then Cf has image size at most 2m-L. The question is whether such C* exists for L/m ≫ ℓ/n. This problem arises naturally in the context of cryptographic "lossy functions," where the relative lossiness is the key parameter. We show that for every circuit C* that makes at most t queries to f, the relative lossiness of Cf is at most L/m ≤ ℓ/n + O(log t)/n. In particular, no black-box method making a polynomial t = poly(n) number of queries can amplify relative lossiness by more than an O(logn)/n additive term. We show that this is tight by giving a simple construction (cascading with some randomization) that achieves such amplification.

AB - We consider the problem of amplifying the "lossiness" of functions. We say that an oracle circuit C*: {0,1}m → {0,1}* amplifies relative lossiness from ℓ/n to L/m if for every function f:{0,1}n → {0,1}n it holds that 1 If f is injective then so is Cf. 2 If f has image size of at most 2 n-ℓ, then Cf has image size at most 2m-L. The question is whether such C* exists for L/m ≫ ℓ/n. This problem arises naturally in the context of cryptographic "lossy functions," where the relative lossiness is the key parameter. We show that for every circuit C* that makes at most t queries to f, the relative lossiness of Cf is at most L/m ≤ ℓ/n + O(log t)/n. In particular, no black-box method making a polynomial t = poly(n) number of queries can amplify relative lossiness by more than an O(logn)/n additive term. We show that this is tight by giving a simple construction (cascading with some randomization) that achieves such amplification.

UR - http://www.scopus.com/inward/record.url?scp=84858310873&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-28914-9_26

DO - 10.1007/978-3-642-28914-9_26

M3 - Conference contribution

AN - SCOPUS:84858310873

SN - 9783642289132

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 458

EP - 475

BT - Theory of Cryptography - 9th Theory of Cryptography Conference, TCC 2012, Proceedings

T2 - 9th Theory of Cryptography Conference, TCC 2012

Y2 - 19 March 2012 through 21 March 2012

ER -