Thomas Holenstein

Learn More
We consider the cryptographic problem of constructing an invertible random permutation from a public random function (i.e., which can be accessed by the adversary). This goal is formalized by the notion of indifferentiability of Maurer et al. (TCC 2004). This is the natural extension to the public setting of the well-studied problem of building random(More)
Consider a game where a referee chooses (x,y) according to a publicly known distribution, sends x to Alice, and y to Bob. Without communicating with each other, Alice responds with a value a and Bob responds with a value b. Alice and Bob jointly win if a publicly known predicate Q(x,y,a,b) is satisfied. Assume that the maximum probability that Alice and Bob(More)
Assume that Alice and Bob, given an authentic channel, have a protocol where they end up with a bit S<inf>A</inf> and S<inf>B</inf>, respectively, such that with probability 1+&#949;/2 these bits are equal. Further assume that conditioned on the event S<inf>A</inf> =n S<inf>B</inf> no polynomial time bounded algorithm can predict the bit better than with(More)
Consider a game where a refereed chooses (x,y) according to a publiclyknown distribution P<sub>X</sub>Y, sends x to Alice, and y to Bob. Withoutcommunicating with each other, Alice responds with a value "a" and Bobresponds with a value "b". Alice and Bob jointly win if a publiclyknown predicate Q(x,y,a,b) holds. Let such a game be given and assume that the(More)
We study the possibility of constructing encryption schemes secure under messages that are chosen depending on the key k of the encryption scheme itself. We give the following separation results that hold both in the private and in the public key settings: – Let H be the family of poly(n)-wise independent hash-functions. There exists no fully-black-box(More)
In a seminal paper, H̊astad, Impagliazzo, Levin, and Luby showed that pseudorandom generators exist if and only if one-way functions exist. The construction they propose to obtain a pseudorandom generator from an n-bit one-way function uses O(n) random bits in the input (which is the most important complexity measure of such a construction). In this work we(More)
It is well-known that <i>n</i> players, connected only by pairwise secure channels, can achieve Byzantine agreement only if the number <i>t</i> of cheaters satisfies <i>t</i> &lt; <i>n</i>/3, even with respect to computational security. However, for many applications it is sufficient to achieve <i>detectable broadcast.</i> With this primitive, broadcast is(More)
Secret-key agreement between two parties Alice and Bob, connected by an insecure channel, can be realized in an informationtheoretic sense if the parties share many independent pairs of correlated and partially secure bits. We study the special case where only one-way communication from Alice to Bob is allowed and where, for each of the bit pairs, with a(More)
Smooth entropies characterize basic information-theoretic properties of random variables, such as the number of bits required to store them or the amount of uniform randomness that can be extracted from them (possibly with respect to side information). In this paper, explicit and almost tight bounds on the smooth entropies of n-fold product distributions,(More)