分野別セミナー

In ordinary implementations of cryptographic schemes, the random numbers, which are in theory supposed to be truly random, are actually approximated by pseudorandom number generators (PRGs). If both the cryptographic scheme and the PRG are computationally secure, then no problems would occur because the original computational security is kept. On the other hand, if the PRG is computationally secure (which is the situation usually recommended by cryptologists) but the cryptographic scheme is information-theoretically (or unconditionally) secure, then one would naively expect that the resulting scheme by implementation turns into computationally secure and it loses the original information-theoretic security. This talk focuses on this issue. In my talk, I introduce my recent result showing that, if we use a certain special kind of PRG and the cryptographic scheme is "appropriate" in some sense, then the resulting scheme is still information-theoretically secure. I give some examples of such a situation, with a certain kind of PRGs constructed by using Ramanujan graphs and some cryptographic schemes in the literature.