Cryptographic Hashing From Strong One-Way Functions

Constructing collision-resistant hash families (CRHFs) from one-way functions is a long-standing open problem and source of frustration in theoretical cryptography. In fact, there are strong negative results: black-box separations from one-way functions that are 2−(1−o(1))n-secure against polynomial time adversaries (Simon, EUROCRYPT ’98) and even from indistinguishability obfuscation (Asharov and Segev, FOCS ’15). In this work, we formulate a mild strengthening of exponentially secure one-way functions, and we construct CRHFs from such functions. Specifically, our security notion requires that every polynomial time algorithm has at most 2−n · negl(n) probability of inverting two independent challenges. More generally, we consider the problem of simultaneously inverting k functions f1, . . . , fk, which we say constitute a “one-way product function” (OWPF). We show that sufficiently hard OWPFs yield hash families that are multi-input correlation intractable (Canetti, Goldreich, and Halevi, STOC ’98) with respect to all sparse (bounded arity) output relations. Additionally assuming indistinguishability obfuscation, we construct hash families that achieve a broader notion of correlation intractability, extending the recent work of Kalai, Rothblum, and Rothblum (CRYPTO ’17). In particular, these families are sufficient to instantiate the Fiat-Shamir heuristic in the plain model for a natural class of interactive proofs. An interesting consequence of our results is a potential new avenue for bypassing black-box separations. In particular, proving (with necessarily non-black-box techniques) that parallel repetition amplifies the hardness of specific one-way functions – for example, all oneway permutations – suffices to directly bypass Simon’s impossibility result.

[1]  Yevgeniy Dodis,et al.  Counterexamples to Hardness Amplification Beyond Negligible , 2012, IACR Cryptol. ePrint Arch..

[2]  Gil Segev,et al.  Limits on the Power of Indistinguishability Obfuscation and Functional Encryption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[3]  Ran Canetti,et al.  Perfectly one-way probabilistic hash functions (preliminary version) , 1998, STOC '98.

[4]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[5]  Yael Tauman Kalai,et al.  Cryptographic Assumptions: A Position Paper , 2016, TCC.

[6]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[7]  Moni Naor,et al.  White-Box vs. Black-Box Complexity of Search Problems: Ramsey and Graph Property Testing , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[8]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[9]  Henry Corrigan-Gibbs,et al.  The Discrete-Logarithm Problem with Preprocessing , 2018, IACR Cryptol. ePrint Arch..

[10]  Joe Kilian,et al.  On the complexity of bounded-interaction and noninteractive zero-knowledge proofs , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[11]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[12]  Mark Zhandry The Magic of ELFs , 2016, CRYPTO.

[13]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  Yael Tauman Kalai,et al.  From Obfuscation to the Security of Fiat-Shamir for Proofs , 2017, CRYPTO.

[16]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[17]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[18]  Yuval Ishai,et al.  Basing Weak Public-Key Cryptography on Strong One-Way Functions , 2008, TCC.

[19]  Ron Rothblum,et al.  Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption , 2018, IACR Cryptol. ePrint Arch..

[20]  Moni Naor,et al.  Collision Resistant Hashing for Paranoids: Dealing with Multiple Collisions , 2018, IACR Cryptol. ePrint Arch..

[21]  Vinod Vaikuntanathan,et al.  Worst-Case Hardness for LPN and Cryptographic Hashing via Code Smoothing , 2019, IACR Cryptol. ePrint Arch..

[22]  Alex Lombardi,et al.  Cryptographic Hashing from Strong One-Way Functions (Or: One-Way Product Functions and Their Applications) , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[23]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[24]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[25]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[26]  Mihir Bellare,et al.  Multi-instance Security and Its Application to Password-Based Cryptography , 2012, CRYPTO.

[27]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[28]  Nir Bitansky,et al.  One-Message Zero Knowledge and Non-Malleable Commitments , 2018, IACR Cryptol. ePrint Arch..

[29]  Yael Tauman Kalai,et al.  Multi-collision resistance: a paradigm for keyless hash functions , 2018, IACR Cryptol. ePrint Arch..

[30]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, TCC.

[31]  Jian Weng,et al.  Collision Resistant Hashing from Learning Parity with Noise , 2017, IACR Cryptol. ePrint Arch..

[32]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[33]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[34]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[35]  Brent Waters,et al.  Lossy Trapdoor Functions and Their Applications , 2011, SIAM J. Comput..

[36]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[37]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[38]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.

[39]  Gil Segev,et al.  Chosen-Ciphertext Security via Correlated Products , 2009, SIAM J. Comput..

[40]  Ran Canetti,et al.  On the Correlation Intractability of Obfuscated Pseudorandom Functions , 2016, TCC.

[41]  Nir Bitansky,et al.  Structure vs. Hardness Through the Obfuscation Lens , 2017, CRYPTO.

[42]  Ron Rothblum,et al.  Multi Collision Resistant Hash Functions and their Applications , 2018, Electron. Colloquium Comput. Complex..