Complexity Measures for Public-Key Cryptosystems (Preliminary Report)

The first part of this paper gives results about promise problems. A "promise problem" is a formulation of a partial decision problem that is useful for describing cracking problems for public-key cryptosystems (PKCS). We prove that every NP-hard promise problem is uniformly NP-hard, and we show that a number of results and a conjecture about promise problems are equivalent to separability assertions that are the natural analogues of well-known results in classical recursion theory. The conjecture, if it is true, implies nonexistence of PKCS having NP-hard cracking problems. The second part of the paper studies more appropriate measures for PKCS. Among the results obtained are the following: One-way functions exist if an only if P /spl ne/ U and one-way functions f such that range f /spl epsiv/ P exist if and only if U /spl cap/ co-U /spl ne/ P. It will allow that there exist PKCS that cannot be cracked in polynomial time (and that satisfy other reasonable assumptions) only if P /spl ne/ U.

[1]  Yacov Yacobi,et al.  The Complexity of Promise Problems with Applications to Public-Key Cryptography , 1984, Inf. Control..

[2]  M. Rabin Degree of difficulty of computing a function and a partial ordering of recursive sets , 1960 .

[3]  Paul Young,et al.  Some structural properties of polynomial reducibilities and sets in NP , 1983, STOC.

[4]  Wolfgang Maass,et al.  Oracle-Dependent Properties of the Lattice of NP Sets , 1983, Theor. Comput. Sci..

[5]  Joseph R. Shoenfield,et al.  Degrees of formal systems , 1958, Journal of Symbolic Logic.

[6]  Joachim Grollmann,et al.  Relativizations of Unambiguous and Random Polynomial Time Classes , 1986, SIAM J. Comput..

[7]  Leonard Berman,et al.  On the structure of complete sets: Almost everywhere complexity and infinitely often speedup , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[8]  Jr. Hartley Rogers Theory of Recursive Functions and Effective Computability , 1969 .

[9]  Gilles Brassard,et al.  A note on the complexity of cryptography (Corresp.) , 1979, IEEE Trans. Inf. Theory.

[10]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[11]  Ronald V. Book,et al.  Positive Relativizations of Complexity Classes , 1983, SIAM J. Comput..

[12]  A. Selman,et al.  On the structure of NP , 1974 .

[13]  Philippe Flajolet,et al.  On Sets Having Only Hard Subsets , 1974, ICALP.

[14]  Timothy J. Long,et al.  Quantitative Relativizations of Complexity Classes , 1984, SIAM J. Comput..

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Charles Rackoff,et al.  Relativized questions involving probabilistic algorithms , 1978, STOC 1978.

[17]  Leslie G. Valiant,et al.  Relative Complexity of Checking and Evaluating , 1976, Inf. Process. Lett..

[18]  Yacov Yacobi,et al.  Cryptocomplexity and NP-Completeness , 1980, ICALP.

[19]  Daniel J. Moore,et al.  Completeness, Approximation and Density , 1981, SIAM J. Comput..

[20]  Mihalis Yannakakis,et al.  The complexity of facets (and some facets of complexity) , 1982, STOC '82.

[21]  William I. Gasarch,et al.  Relativizations Comparing NP and Exponential Time , 1984, Inf. Control..

[22]  Gary L. Miller Riemann's Hypothesis and Tests for Primality , 1976, J. Comput. Syst. Sci..