Finding Collisions in Interactive Protocols - Tight Lower Bounds on the Round and Communication Complexities of Statistically Hiding Commitments

We study the round and communication complexities of various cryptographic protocols. We give tight lower bounds on the round and communication complexities of any fully black-box reduction of a statistically hiding commitment scheme from one-way permutations and from trapdoor permutations. As a corollary, we derive similar tight lower bounds for several other cryptographic protocols, such as single-server private information retrieval, interactive hashing, and oblivious transfer that guarantees statistical security for one of the parties. Our techniques extend the collision-finding oracle due to Simon [Advances in Cryptology---EUROCRYPT'98, Lecture Notes in Comput. Sci. 1403, Springer, Berlin, 1998, pp. 334--345] to the setting of interactive protocols and the reconstruction paradigm of Gennaro and Trevisan [Proceedings of the 41st Annual Symposium on Foundations of Computer Science (FOCS), IEEE Press, Piscataway, NJ, 2000, pp. 305--313].

[1]  Yevgeniy Dodis,et al.  On the Instantiability of Hash-and-Sign RSA Signatures , 2012, TCC.

[2]  Krzysztof Pietrzak,et al.  Compression from Collisions, or Why CRHF Combiners Have a Long Output , 2008, CRYPTO.

[3]  Omer Reingold,et al.  Statistically Hiding Commitments and Statistical Zero-Knowledge Arguments from Any One-Way Function , 2009, SIAM J. Comput..

[4]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[5]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[6]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation , 1998, Journal of Cryptology.

[7]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[8]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[9]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[10]  Gil Segev,et al.  Lossy Functions Do Not Amplify Well , 2012, TCC.

[11]  Yuval Ishai,et al.  One-way functions are essential for single-server private information retrieval , 1999, STOC '99.

[12]  Yan-Cheng Chang,et al.  Single Database Private Information Retrieval with Logarithmic Communication , 2004, ACISP.

[13]  Aravind Srinivasan,et al.  Computing with very weak random sources , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[14]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[15]  Stephen M. Rudich,et al.  Limits on the provable consequences of one-way functions , 1983, STOC 1983.

[16]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[17]  Stefan Wolf,et al.  Oblivious Transfer Is Symmetric , 2006, EUROCRYPT.

[18]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[19]  Iftach Haitner,et al.  Implementing Oblivious Transfer Using Collection of Dense Trapdoor Permutations , 2004, TCC.

[20]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[21]  Arkady Yerukhimovich,et al.  On the Round Complexity of Zero-Knowledge Proofs Based on One-Way Permutations , 2010, LATINCRYPT.

[22]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[23]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[24]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[25]  Salil P. Vadhan,et al.  Statistical Zero-Knowledge Arguments for NP from Any One-Way Function , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[26]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[27]  Jonathan Katz,et al.  Lower bounds on the efficiency of encryption and digital signature schemes , 2003, STOC '03.

[28]  Rafail Ostrovsky,et al.  A Survey of Single Database PIR: Techniques and Applications , 2007, IACR Cryptol. ePrint Arch..

[29]  Rafail Ostrovsky,et al.  One-Way Trapdoor Permutations Are Sufficient for Non-trivial Single-Server Private Information Retrieval , 2000, EUROCRYPT.

[30]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[31]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[32]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[33]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[34]  Omer Reingold,et al.  A New Interactive Hashing Theorem , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[35]  Yehuda Lindell,et al.  Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, Journal of Cryptology.

[36]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[37]  Takeshi Koshiba,et al.  Round-Efficient One-Way Permutation Based Perfectly Concealing Bit Commitment Scheme , 2006, Electron. Colloquium Comput. Complex..

[38]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[39]  Joan Boyar,et al.  A discrete logarithm implementation of perfect zero-knowledge blobs , 1990, Journal of Cryptology.

[40]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[41]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[42]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[43]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[44]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[45]  Gil Segev,et al.  Chosen-Ciphertext Security via Correlated Products , 2009, SIAM J. Comput..

[46]  Silvio Micali,et al.  On the Cryptographic Applications of Random Functions , 1984, CRYPTO.

[47]  Marc Fischlin,et al.  On the Impossibility of Constructing Non-interactive Statistically-Secret Protocols from Any Trapdoor One-Way Function , 2002, CT-RSA.

[48]  Joe Kilian,et al.  Lower Bounds For Concurrent Zero Knowledge* , 2005, Comb..

[49]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[50]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[51]  Rudolf Ahlswede,et al.  Founding Cryptography on Oblivious Transfer , 2016 .

[52]  Rafael Pass,et al.  Private Coins versus Public Coins in Zero-Knowledge Proof Systems , 2010, TCC.

[53]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds , 2002, SIAM J. Comput..

[54]  Luca Trevisan,et al.  Lower bounds on the efficiency of generic cryptographic constructions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[55]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[56]  Thomas Holenstein,et al.  On the (Im)Possibility of Key Dependent Encryption , 2009, TCC.

[57]  Toshiaki Tanaka,et al.  On the Existence of 3-Round Zero-Knowledge Protocols , 1998, CRYPTO.

[58]  Omer Reingold,et al.  Inaccessible entropy , 2009, STOC '09.

[59]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[60]  Jonathan Katz,et al.  Limits on the Power of Zero-Knowledge Proofs in Cryptographic Constructions , 2011, TCC.

[61]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[62]  Omer Reingold,et al.  Finding Collisions in Interactive Protocols - A Tight Lower Bound on the Round Complexity of Statistically-Hiding Commitments , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[63]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[64]  Gil Segev,et al.  A Linear Lower Bound on the Communication Complexity of Single-Server Private Information Retrieval , 2008, TCC.

[65]  SahaiAmit,et al.  A complete problem for statistical zero knowledge , 2003 .

[66]  Jonathan Katz,et al.  Bounds on the efficiency of black-box commitment schemes , 2010, Theor. Comput. Sci..

[67]  Daniel R. Simon,et al.  Limits on the efficiency of one-way permutation-based hash functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[68]  Helger Lipmaa,et al.  An Oblivious Transfer Protocol with Log-Squared Communication , 2005, ISC.

[69]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[70]  Alon Rosen,et al.  A Note on Constant-Round Zero-Knowledge Proofs for NP , 2004, TCC.

[71]  Ivan Damgård,et al.  On the existence of statistically hiding bit commitment schemes and fail-stop signatures , 1994, Journal of Cryptology.

[72]  Hoeteck Wee,et al.  One-Way Permutations, Interactive Hashing and Statistically Hiding Commitments , 2007, TCC.

[73]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[74]  Jonathan Katz,et al.  Reducing Complexity Assumptions for Statistically-Hiding Commitment , 2009, Journal of Cryptology.

[75]  Iftach Haitner,et al.  A New Sampling Protocol and Applications to Basing Cryptographic Primitives on the Hardness of NP , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.