Degradation and Amplification of Computational Hardness

What happens when you use a partially defective bitcommitment protocol to commit to the same bit many times? For example, suppose that the protocol allows the receiver to guess the committed bit with advantage Ɛ, and that you used that protocol to commit to the same bit more than 1/Ɛ times. Or suppose that you encrypted some message many times (to many people), only to discover later that the encryption scheme that you were using is partially defective, and an eavesdropper has some noticeable advantage in guessing the encrypted message from the ciphertext. Can we at least show that even after many such encryptions, the eavesdropper could not have learned the message with certainty? In this work we take another look at amplification and degradation of computational hardness. We describe a rather generic setting where one can argue about amplification or degradation of computational hardness via sequential repetition of interactive protocols, and prove that in all the cases that we consider, it behaves as one would expect from the corresponding information theoretic bounds. In particular, for the example above we can prove that after committing to the same bit for n times, the receiver's advantage in guessing the encrypted bit is negligibly close to 1 - (1 - Ɛ)n. Our results for hardness amplification follow just by observing that some of the known proofs for Yao's lemmas can be easily extended also to handle interactive protocols. On the other hand, the question of hardness degradation was never considered before as far as we know, and we prove these results from scratch.

[1]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[2]  Russell Impagliazzo,et al.  Hard-core distributions for somewhat hard problems , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[3]  Thomas Holenstein,et al.  One-Way Secret-Key Agreement and Applications to Circuit Polarization and Immunization of Public-Key Encryption , 2005, CRYPTO.

[4]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[5]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[6]  Jürg Wullschleger Oblivious-transfer amplification , 2007, Ausgezeichnete Informatikdissertationen.

[7]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[8]  Noam Nisan,et al.  On Yao's XOR-Lemma , 1995, Electron. Colloquium Comput. Complex..

[9]  Ivan Damgård,et al.  On the (Im)possibility of Basing Oblivious Transfer and Bit Commitment on Weakened Security Assumptions , 1998, EUROCRYPT.

[10]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[11]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[12]  Thomas Holenstein,et al.  Key agreement from weak bit agreement , 2005, STOC '05.

[13]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[14]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[15]  Ran Canetti,et al.  Hardness Amplification of Weakly Verifiable Puzzles , 2005, TCC.