Two Is a Crowd? A Black-Box Separation of One-Wayness and Security under Correlated Inputs

A family of trapdoor functions is one-way under correlated inputs if no efficient adversary can invert it even when given the value of the function on multiple correlated inputs. This powerful primitive was introduced at TCC 2009 by Rosen and Segev, who use it in an elegant black box construction of a chosen ciphertext secure public key encryption. In this work we continue the study of security under correlated inputs, and prove that there is no black box construction of correlation secure injective trapdoor functions from classic trapdoor permutations, even if the latter is assumed to be one-way for inputs from high entropy, rather than uniform distributions. Our negative result holds for all input distributions where each xi is determined by the remaining n−1 coordinates. The techniques we employ for proving lower bounds about trapdoor permutations are new and quite general, and we believe that they will find other applications in the area of black-box separations.

[1]  Amit Sahai,et al.  Resettably Secure Computation , 2009, EUROCRYPT.

[2]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[3]  Gil Segev,et al.  Chosen-Ciphertext Security via Correlated Products , 2009, SIAM J. Comput..

[4]  Steven Myers,et al.  Towards a Separation of Semantic and CCA Security for Public Key Encryption , 2007, TCC.

[5]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[6]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[7]  Tal Malkin,et al.  On the impossibility of basing trapdoor functions on trapdoor predicates , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[8]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[9]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[10]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[11]  Thomas Holenstein,et al.  On the (Im)Possibility of Key Dependent Encryption , 2009, TCC.

[12]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[13]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[14]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[15]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2006 .

[16]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[17]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[18]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[19]  Omer Reingold,et al.  Finding Collisions in Interactive Protocols - A Tight Lower Bound on the Round Complexity of Statistically-Hiding Commitments , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[20]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[21]  Ran Canetti,et al.  Resettable zero-knowledge (extended abstract) , 2000, STOC '00.

[22]  Adam O'Neill,et al.  Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles , 2008, CRYPTO.

[23]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.