we will do a sample
reduction proof very soon but to be able to
do that
let us learn a new primitive
pseudorandom generator
so pseudorandom generator (PRG)
a pseudorandom generator
let's say G is a function
let's say that has
an N bit input and
some N' bit output
such that
N' is strictly
greater than N
and N' is indeed some
polynomial in N
such a G needs to be
a polynomial time
deterministic function this is very
important a PRG
a pseudorandom generator is a deterministic algorithm or
or function okay
so it's not randomized it is
going to produce something that looks random but it's going to produce it
in a deterministic way the security definition
for a PRG is as follows
now we will say that as usual for all
probabilistic polynomial time
let's say 
adversaries or distinguishers let me call it D
there must exist a neg(n)
function
let's say neg(n) in terms of the
security perimeter N
such that now what's
the probabilistic experiment in the
first experiment
we will pick a random
seed S from the
domain of G so from N bit
values and then what we're going to do
is we will compute R
which is G(s)
S so we apply we run G on this
random seed S it will give us back
some value R
and then we will give this value
first of all let's say the security parameter
I can explicitly write G here
so I can say for example that this
distinguisher
knows this function G but remember
functions are
always public only keys are secret
so I don't need to explicitly write it
and then I'm going to give
this value r to the distinguisher it will tell me
either random or ps-random so let's say
let's look at the probabilty that I pick a random seed
compute G of that and give the output to the distinguisher
and it says random okay and on the other hand
I will look at the probability that
now I'm not going to pick a seed and run
through G
but I will still compute a value R
but I will pick it uniformly randomly
now if I pick at with a different length
it's very easy to distinguish so I will
pick it
of the same length as the output
of G so I will pick
N' bit random value R I will
again give this to the distinguisher
together with the security parameter
and I will look at the probability that
the distinguisher says random in this case
again
so I give it a pseudorandom value
to distinguisher says random and I give it a random 
value and the distinguisher says random
what I want is that these
probabilities are
negligibly close so one is let's say
a plus-minus
neg(n) of the other
that is the security definiton of a PRG
on one hand
I am picking a random seed running it
through
G obtain a pseudorandom value give that 
pseudorandom value to the
distinguisher, the distinguisher
thinks that it is random on the other hand
I really pick a random value of the same length
as the output of G and give it to the
distinguisher and the distinguisher
again thinks it is
random and I want these probabilities to
be negligibly close
meaning that the distinguisher is indeed
cannot distinguish between pseudorandom and
random with better than the
negligible probabilty
one very important thing
that people keep forgetting is that
a PRG produces and
random looking outputs
as long as the input seed is random
that is very important
with the input seed is not random
this PRG security definiton does not
provide us with the any secrect
it provides us with 
indistinguishabilty from random output of the same length
only if our input..
now from this
what we're going to do is we are going
to do
something like a one time pad
such that now we can encrypt a
longer message so let's call it PRG
based
encryption and our
encryption algorithm will look as follows
remember to define an encryption scheme
we need four things. 1)Key generation
so we need a Gen algorithm
that outputs a key K and how this will work
is that
indeed our algorithm
so this algorithm will just pick a random key
that is from the domain of this PRG
N bit random key we need an
encryption algorithm that takes
this key
and a message in the message space and
produces a 
ciphertext it will works as follows
It will compute G
of our key K and then
as in one time pad it will xor with the message
m
and this will be the resulting ciphertext
when we want to decrypt this ciphertext
using the same key
what it will do is to again
compute G(k)
now we it will xor it with the ciphertext
and return the resulting value
because xor'ing a value with
itself results in all 0's it actually
cancels it out
this is a perfectly correct
encryption scheme
the next thing
we are going to prove is the following
so our theorem would be
if G is a secure
PRG
then
this encryption scheme here
and before but define message space
what will be the message space here
as you can guess it is
all N'
bit messages remember G(k)
will be a N' bit value
so let me call this
scheme let's say X
we will prove that if G is a secure
PRG
then X is a secure
encryption scheme under
single message one
message we will look it into this maybe later
eavesdropper
so remember the eavesdropper security
game that we defined we already defined it for a
single message actually. So X will be secure under
that game.
We are going to prove this next.
