Bit Security as Computational Cost for Winning Games with High Probability

We introduce a novel framework for quantifying the bit security of security games. Our notion is defined with an operational meaning that a λ-bit secure game requires a total computational cost of 2 for winning the game with high probability, e.g., 0.99. We define the bit security both for search-type and decision-type games. Since we identify that these two types of games should be structurally different, we treat them differently but define the bit security using the unified framework to guarantee the same operational interpretation. The key novelty of our notion of bit security is to employ two types of adversaries: inner adversary and outer adversary. While the inner adversary plays a “usual” security game, the outer adversary invokes the inner adversary many times to amplify the winning probability for the security game. We find from our framework that the bit security for decision games can be characterized by the information measure called the Rényi divergence of order 1/2 of the inner adversary. The conventional “advantage,” defined as the probability of winning the game, characterizes our bit security for searchtype games. We present several security reductions in our framework for justifying our notion of bit security. Many of our results quantitatively match the results for the bit security notion proposed by Micciancio and Walter in 2018. In this sense, our bit security strengthens the previous notion of bit security by adding an operational meaning. A difference from their work is that, in our framework, the Goldreich-Levin theorem gives an optimal reduction only for “balanced” adversaries who output binary values in a balanced manner.

[1]  Ron Steinfeld,et al.  GGHLite: More Efficient Multilinear Maps from Ideal Lattices , 2014, IACR Cryptol. ePrint Arch..

[2]  Mark Zhandry,et al.  Strong Hardness of Privacy from Weak Traitor Tracing , 2016, TCC.

[3]  Noga Alon,et al.  Simple Construction of Almost k-wise Independent Random Variables , 1992, Random Struct. Algorithms.

[4]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[5]  Holger Sambale,et al.  Higher order concentration for functions of weakly dependent random variables , 2018, Electronic Journal of Probability.

[6]  Ilya Mironov,et al.  Rényi Differential Privacy , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[7]  Alfred Menezes,et al.  Another look at non-uniformity , 2013, Groups Complex. Cryptol..

[8]  Ron Steinfeld,et al.  Improved Security Proofs in Lattice-Based Cryptography: Using the Rényi Divergence Rather than the Statistical Distance , 2015, Journal of Cryptology.

[9]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[10]  Daniele Micciancio,et al.  Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time , 2017, CRYPTO.

[11]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 1: Basic Techniques , 2001 .

[12]  Silas Richelson,et al.  On the Hardness of Learning with Rounding over Small Modulus , 2016, TCC.

[13]  Junji Shikata,et al.  Information Theoretic Security for Encryption Based on Conditional Rényi Entropies , 2013, ICITS.

[14]  Atsushi Takayasu,et al.  Tighter Security for Efficient Lattice Cryptography via the Rényi Divergence of Optimized Orders , 2015, ProvSec.

[15]  John P. Steinberger,et al.  Message Authentication Codes from Unpredictable Block Ciphers , 2009, CRYPTO.

[16]  Leonid A. Levin Randomness and Non-determinism , 2012, ArXiv.

[17]  Moni Naor,et al.  Small-bias probability spaces: efficient constructions and applications , 1990, STOC '90.

[18]  Jeroen van de Graaf,et al.  Cryptographic Distinguishability Measures for Quantum-Mechanical States , 1997, IEEE Trans. Inf. Theory.

[19]  Tanja Lange,et al.  Non-uniform cracks in the concrete: the power of free precomputation , 2012, IACR Cryptol. ePrint Arch..

[20]  Madhur Tulsiani,et al.  Time Space Tradeoffs for Attacks against One-Way Functions and PRGs , 2010, CRYPTO.

[21]  Sergio Verdú,et al.  $f$ -Divergence Inequalities , 2015, IEEE Transactions on Information Theory.

[22]  Daniele Micciancio,et al.  On the Bit Security of Cryptographic Primitives , 2018, IACR Cryptol. ePrint Arch..

[23]  Kenji Yasunaga,et al.  Replacing Probability Distributions in Security Games via Hellinger Distance , 2021, IACR Cryptol. ePrint Arch..

[24]  Goichiro Hanaoka,et al.  Improved Security Evaluation Techniques for Imperfect Randomness from Arbitrary Distributions , 2019, IACR Cryptol. ePrint Arch..

[25]  Peter Harremoës,et al.  Rényi Divergence and Kullback-Leibler Divergence , 2012, IEEE Transactions on Information Theory.

[26]  Thomas Prest,et al.  Sharper Bounds in Lattice-Based Cryptography Using the Rényi Divergence , 2017, ASIACRYPT.