Advances in Cryptology — CRYPTO’ 88: Proceedings

We present strong evidence that the implication, “if one-way permutations exist, then secure secret key agreement is possible”, is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show that the implication is false requires a new model. We consider a world where all parties have access to a black box for a randomly selected permutation. Being totally random, this permutation will be strongly oneway in a provable, information-theoretic way. We show that, if P = N P , no protocol for secret key agreement is secure in such a setting. Thus, to prove that a secret key agreement protocol which uses a one-way permutation as a black box is secure is as hard as proving P # N P . We also obtain, as a corollary, that there is an oracle relative to which the implication is false, i.e., there is a one-way permutation, yet secret-exchange is impossible. Thus, no technique which relativizes can prove that secret exchange can be based on any one-way permutation. Our results present a general framework for proving statements of the form, “Cryptographic application X is not likely possible based solely on complexity assumption Y .”

[1]  G. Hardy,et al.  An Introduction to the Theory of Numbers , 1938 .

[2]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[3]  R. Titsworth Correlation properties of cyclic sequences , 1962 .

[4]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[5]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[6]  L. Berman Polynomial reducibilities and complete sets. , 1977 .

[7]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[8]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9]  Paul Young,et al.  An introduction to the general theory of algorithms , 1978 .

[10]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[11]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[12]  David S. Johnson,et al.  Computers and In stractability: A Guide to the Theory of NP-Completeness. W. H Freeman, San Fran , 1979 .

[13]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[14]  Gerald J. Popek,et al.  Encryption and Secure Computer Networks , 1979, CSUR.

[15]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[16]  G. R. Blakley One time Pads are Key Safegaurding Schemes, not Cryptosystems. Fast Key Safeguarding Schemes (Threshold Schemes) Exist. , 1980, 1980 IEEE Symposium on Security and Privacy.

[17]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[18]  David R. Smith,et al.  Digital Transmission Systems , 1980 .

[19]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[20]  John Gill,et al.  Relative to a Random Oracle A, PA != NPA != co-NPA with Probability 1 , 1981, SIAM J. Comput..

[21]  R. J. McEliece,et al.  On sharing secrets and Reed-Solomon codes , 1981, CACM.

[22]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[23]  Richard A. Games,et al.  On the Complexities of de Bruijn Sequences , 1982, J. Comb. Theory, Ser. A.

[24]  Stephen M. Matyas,et al.  Cryptography: A New Dimension in Computer Data Security--A Guide for the Design and Implementation of Secure Systems , 1982 .

[25]  Rabe von Randow,et al.  The bank safe problem , 1982, Discret. Appl. Math..

[26]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[27]  Hideki Imai,et al.  DIRECTLY TRANSFORMED LINK ENCRYPTION. , 1982 .

[28]  Silvio Micali,et al.  Cryptographically Strong Sequences Of Pseudo Random Bits , 1982 .

[29]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[30]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[31]  David S. Johnson,et al.  The NP-Completeness Column: An Ongoing Guide , 1982, J. Algorithms.

[32]  Silvio Micali,et al.  Strong signature schemes , 1983, STOC '83.

[33]  Juris Hartmanis,et al.  Generalized Kolmogorov complexity and the structure of feasible computations , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[34]  S. Harari Secret Sharing Systems , 1983 .

[35]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[36]  Stuart A. Kurtz On the Random Oracle Hypothesis , 1983, Inf. Control..

[37]  Jeffrey C. Lagarias,et al.  Solving low density subset sum problems , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[38]  John H. Reif,et al.  The Complexity of Two-Player Games of Incomplete Information , 1984, J. Comput. Syst. Sci..

[39]  Tuvi Etzion,et al.  On the distribution of de Bruijn sequences of given complexity , 1984, IEEE Trans. Inf. Theory.

[40]  Joseph Y. Halpern,et al.  Knowledge and common knowledge in a distributed environment , 1984, JACM.

[41]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[42]  David Chaum,et al.  How to Keep a Secret Alive: Extensible Partial Key, Key Safeguarding, and Threshold Systems , 1984, CRYPTO.

[43]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[44]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[45]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[46]  Michael J. Fischer,et al.  A robust and verifiable cryptographically secure election scheme , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[47]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[48]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[49]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[50]  T. R. N. Rao,et al.  Private-Key Algebraic-Coded Cryptosystems , 1986, CRYPTO.

[51]  J. L. Massey,et al.  Cryptography ― a selective survey , 1986 .

[52]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[53]  Thomas Siegenthaler Methoden für den Entwurf von Stream-Cipher-Systemen , 1986 .

[54]  Leonid A. Levin,et al.  Average Case Complete Problems , 1986, SIAM J. Comput..

[55]  Gilles Brassard,et al.  Non-transitive transfer of confidence: A perfect zero-knowledge interactive protocol for SAT and beyond , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[56]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[57]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[58]  Richard E. Ladner,et al.  Probabilistic Game Automata , 1986, J. Comput. Syst. Sci..

[59]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[60]  Niv Ahituv,et al.  Processing encrypted data , 1987, CACM.

[61]  Ernest F. Brickell,et al.  Secure Audio Teleconference , 1987, CRYPTO.

[62]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[63]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge Proof Systems , 1987, CRYPTO.

[64]  Jean-Jacques Quisquater,et al.  Secret Distribution of Keys for Public-Key Systems , 1987, CRYPTO.

[65]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[66]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[67]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[68]  Josh Benaloh,et al.  Secret Sharing Homomorphisms: Keeping Shares of A Secret Sharing , 1986, CRYPTO.

[69]  Leonid A. Levin,et al.  Random instances of a graph coloring problem are hard , 1988, STOC '88.

[70]  Joe Kilian,et al.  Zero-knowledge with log-space verifiers , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[71]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[72]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[73]  Mark A. Fulk,et al.  Efficient Language Instance Generation , 1988 .

[74]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[75]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[76]  Silvio Micali,et al.  How To Sign Given Any Trapdoor Function , 1988, CRYPTO.

[77]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[78]  Gustavus J. Simmons,et al.  How to insure that data acquired to verify treaty compliance are trustworthy , 1988, Proc. IEEE.

[79]  Silvio Micali,et al.  The Notion of Security for Probabilistic Cryptosystems , 1986, CRYPTO.

[80]  L. Sanchis Test Instance Construction for NP-hard Problems , 1988 .

[81]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[82]  K. Ohta,et al.  Practical extension of Fiat-Shamir scheme , 1988 .

[83]  P. Mermelstein G.722: a new CCITT coding standard for digital transmission of wideband audio signals , 1988, IEEE Communications Magazine.

[84]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[85]  Mitsuru Ito,et al.  Secret sharing scheme realizing general access structure , 1989 .

[86]  Lance Fortnow,et al.  The Complexity of Perfect Zero-Knowledge , 1987, Proceeding Structure in Complexity Theory.

[87]  Rafael Hirschfeld,et al.  Pseudorandom Generators and Complexity Classes , 1989, Advances in Computational Research.