Black-box use of One-way Functions is Useless for Optimal Fair Coin-Tossing

A two-party fair coin-tossing protocol guarantees output delivery to the honest party even when the other party aborts during the protocol execution. Cleve (STOC–1986) demonstrated that a computationally bounded fail-stop adversary could alter the output distribution of the honest party by (roughly) 1/r (in the statistical distance) in an r-message coin-tossing protocol. An optimal fair coin-tossing protocol ensures that no adversary can alter the output distribution beyond 1/r.

[1]  Tibor Jager,et al.  On the Impossibility of Tight Cryptographic Reductions , 2016, IACR Cryptol. ePrint Arch..

[2]  Marc Fischlin,et al.  On the Impossibility of Three-Move Blind Signature Schemes , 2010, EUROCRYPT.

[3]  Anna Lysyanskaya,et al.  On the Security of One-Witness Blind Signature Schemes , 2013, ASIACRYPT.

[4]  Steven Rudich,et al.  The Use of Interaction in Public Cryptosystems (Extended Abstract) , 1991, CRYPTO.

[5]  Yehuda Lindell,et al.  On the Black-Box Complexity of Optimally-Fair Coin Tossing , 2011, TCC.

[6]  Omer Reingold,et al.  Statistically-hiding commitment from any one-way function , 2007, STOC '07.

[7]  Marc Fischlin,et al.  PRF-ODH: Relations, Instantiations, and Impossibility Results , 2017, CRYPTO.

[8]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[9]  Leonid A. Levin,et al.  Pseudo-random Generation from one-way functions (Extended Abstracts) , 1989, STOC 1989.

[10]  Andrei Z. Broder,et al.  Flipping coins in many pockets (Byzantine agreement on uniformly random values) , 1984, FOCS.

[11]  Boaz Barak,et al.  Merkle Puzzles are Optimal , 2008, IACR Cryptol. ePrint Arch..

[12]  David Cash,et al.  Foundations of Non-malleable Hash and One-Way Functions , 2009, ASIACRYPT.

[13]  Rafael Pass,et al.  Limits of provable security from standard assumptions , 2011, STOC '11.

[14]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[15]  Leonid Reyzin,et al.  Finding Collisions on a Public Road, or Do Secure Hash Functions Need Secret Coins? , 2004, CRYPTO.

[16]  Tal Malkin,et al.  On the impossibility of basing trapdoor functions on trapdoor predicates , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[17]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[18]  Abhi Shelat,et al.  Lower Bounds on Assumptions Behind Indistinguishability Obfuscation , 2016, TCC.

[19]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[20]  Silvio Micali,et al.  How to Construct Random Functions (Extended Abstract) , 1984, FOCS.

[21]  Masayuki Fukumitsu,et al.  One-More Assumptions Do Not Help Fiat-Shamir-type Signature Schemes in NPROM , 2020, CT-RSA.

[22]  Stephen M. Rudich,et al.  Limits on the provable consequences of one-way functions , 1983, STOC 1983.

[23]  Marc Fischlin,et al.  Random Oracles with(out) Programmability , 2010, ASIACRYPT.

[24]  Daniel R. Simon,et al.  Limits on the efficiency of one-way permutation-based hash functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[25]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[26]  Eran Omri,et al.  Limits on the Usefulness of Random Oracles , 2013, Journal of Cryptology.

[27]  Jean-Sébastien Coron,et al.  The Random Oracle Model and the Ideal Cipher Model Are Equivalent , 2008, CRYPTO.

[28]  Jacob C. N. Schuldt,et al.  On the Impossibility of Constructing Efficient Key Encapsulation and Programmable Hash Functions in Prime Order Groups , 2012, CRYPTO.

[29]  Jonathan Katz,et al.  Impossibility of Blind Signatures from One-Way Permutations , 2011, TCC.

[30]  Manoj Prabhakaran,et al.  Limits of random oracles in secure computation , 2012, Electron. Colloquium Comput. Complex..

[31]  Manoj Prabhakaran,et al.  On Fair Exchange, Fair Coins and Fair Sampling , 2013, IACR Cryptol. ePrint Arch..

[32]  Justin M. Reyneri,et al.  Coin flipping by telephone , 1984, IEEE Trans. Inf. Theory.

[33]  Eran Omri,et al.  On the Complexity of Fair Coin Flipping , 2018, Electron. Colloquium Comput. Complex..

[34]  Yannick Seurin,et al.  On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model , 2012, IACR Cryptol. ePrint Arch..

[35]  Russell Impagliazzo,et al.  A personal view of average-case complexity , 1995, Proceedings of Structure in Complexity Theory. Tenth Annual IEEE Conference.

[36]  Steven Myers,et al.  Towards a Separation of Semantic and CCA Security for Public Key Encryption , 2007, TCC.

[37]  Marc Fischlin,et al.  Signatures from Sequential-OR Proofs , 2020, IACR Cryptol. ePrint Arch..

[38]  Sanjam Garg,et al.  Lower Bounds on Obfuscation from All-or-Nothing Encryption Primitives , 2017, CRYPTO.

[39]  Yevgeniy Dodis,et al.  On the Generic Insecurity of the Full Domain Hash , 2005, CRYPTO.

[40]  Mohammad Mahmoody,et al.  On the Power of Hierarchical Identity-Based Encryption , 2016, EUROCRYPT.

[41]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation , 1998, Journal of Cryptology.

[42]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[43]  Yehuda Lindell,et al.  Complete Fairness in Secure Two-Party Computation , 2011, JACM.

[44]  Iftach Haitner,et al.  An almost-optimally fair three-party coin-flipping protocol , 2014, STOC.

[45]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[46]  Donald Beaver Perfect Privacy For Two-Party Protocols , 1989, Distributed Computing And Cryptography.

[47]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[48]  Dan Boneh,et al.  Breaking RSA May Not Be Equivalent to Factoring , 1998, EUROCRYPT.

[49]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[50]  Marc Fischlin,et al.  Limitations of the Meta-Reduction Technique: The Case of Schnorr Signatures , 2013, IACR Cryptol. ePrint Arch..

[51]  Jonathan Katz,et al.  Lower bounds on the efficiency of encryption and digital signature schemes , 2003, STOC '03.

[52]  Hemanta K. Maji,et al.  Estimating Gaps in Martingales and Applications to Coin-Tossing: Constructions and Hardness , 2019, IACR Cryptol. ePrint Arch..

[53]  Manoj Prabhakaran,et al.  Complexity of Multiparty Computation Problems: The Case of 2-Party Symmetric Secure Function Evaluation , 2009, IACR Cryptol. ePrint Arch..

[54]  Manoj Prabhakaran,et al.  On the Power of Public-key Encryption in Secure Computation , 2013, Electron. Colloquium Comput. Complex..

[55]  Marc Fischlin,et al.  Notions of Black-Box Reductions, Revisited , 2013, IACR Cryptol. ePrint Arch..

[56]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[57]  Stefano Tessaro,et al.  The equivalence of the random oracle model and the ideal cipher model, revisited , 2010, STOC '11.

[58]  Niv Buchbinder,et al.  Fair Coin Flipping: Tighter Analysis and the Many-Party Case , 2017, SODA.

[59]  Zhenfeng Zhang,et al.  Black-Box Separations for One-More (Static) CDH and Its Generalization , 2014, ASIACRYPT.

[60]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[61]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[62]  Yevgeniy Vahlis,et al.  Two Is a Crowd? A Black-Box Separation of One-Wayness and Security under Correlated Inputs , 2010, TCC.

[63]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[64]  Dennis Hofheinz,et al.  Possibility and Impossibility Results for Selective Decommitments , 2011, Journal of Cryptology.

[65]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[66]  Dennis Hofheinz,et al.  On Tightly Secure Non-Interactive Key Exchange , 2018, IACR Cryptol. ePrint Arch..

[67]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[68]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[69]  Dario Fiore,et al.  Uniqueness is a Different Story: Impossibility of Verifiable Random Functions from Trapdoor Permutations , 2012, IACR Cryptol. ePrint Arch..

[70]  Yehuda Lindell,et al.  A Full Characterization of Functions that Imply Fair Coin Tossing and Ramifications to Fairness , 2013, TCC.

[71]  Jean-Sébastien Coron,et al.  Security Proof for Partial-Domain Hash Signature Schemes , 2002, CRYPTO.

[72]  Richard M. Karp,et al.  Reducibility Among Combinatorial Problems , 1972, 50 Years of Integer Programming.

[73]  Eran Omri,et al.  1/p-Secure Multiparty Computation without Honest Majority and the Best of Both Worlds , 2011, CRYPTO.

[74]  Hemanta K. Maji,et al.  Coin Tossing with Lazy Defense: Hardness of Computation Results , 2020, IACR Cryptol. ePrint Arch..

[75]  Gilad Asharov,et al.  Towards Characterizing Complete Fairness in Secure Two-Party Computation , 2014, IACR Cryptol. ePrint Arch..

[76]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[77]  Marc Fischlin,et al.  On the Impossibility of Constructing Non-interactive Statistically-Secret Protocols from Any Trapdoor One-Way Function , 2002, CT-RSA.

[78]  Luca Trevisan,et al.  Lower bounds on the efficiency of generic cryptographic constructions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[79]  Jonathan Katz,et al.  Partial Fairness in Secure Two-Party Computation , 2010, Journal of Cryptology.

[80]  Yevgeniy Dodis,et al.  On the Instantiability of Hash-and-Sign RSA Signatures , 2012, TCC.

[81]  Moni Naor,et al.  An Optimally Fair Coin Toss , 2015, Journal of Cryptology.

[82]  Takahiro Matsuda,et al.  On Black-Box Separations among Injective One-Way Functions , 2011, TCC.

[83]  Sanjam Garg,et al.  Limits on the Power of Garbling Techniques for Public-Key Encryption , 2018, IACR Cryptol. ePrint Arch..

[84]  Georg Fuchsbauer,et al.  Adaptive Security of Constrained PRFs , 2014, IACR Cryptol. ePrint Arch..

[85]  Andrew Morgan,et al.  On the Security Loss of Unique Signatures , 2018, IACR Cryptol. ePrint Arch..

[86]  Nikolaos Makriyannis On the Classification of Finite Boolean Functions up to Fairness , 2014, SCN.

[87]  Eran Omri,et al.  Computational Two-Party Correlation: A Dichotomy for Key-Agreement Protocols , 2018, 2018 IEEE 59th Annual Symposium on Foundations of Computer Science (FOCS).

[88]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[89]  Pascal Paillier,et al.  Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log , 2005, ASIACRYPT.

[90]  Sanjam Garg,et al.  When Does Functional Encryption Imply Obfuscation? , 2017, TCC.

[91]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[92]  Nir Bitansky,et al.  Why "Fiat-Shamir for Proofs" Lacks a Proof , 2013, TCC.

[93]  Eran Omri,et al.  Protocols for Multiparty Coin Toss with a Dishonest Majority , 2015, Journal of Cryptology.

[94]  Tal Malkin,et al.  Can Optimally-Fair Coin Tossing Be Based on One-Way Functions? , 2014, TCC.

[95]  Daniel R. L. Brown,et al.  Breaking RSA May Be As Difficult As Factoring , 2014, Journal of Cryptology.

[96]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[97]  Sanjam Garg,et al.  On the Round Complexity of OT Extension , 2018, IACR Cryptol. ePrint Arch..

[98]  Bar Alon,et al.  Almost-Optimally Fair Multiparty Coin-Tossing with Nearly Three-Quarters Malicious , 2016, TCC.

[99]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[100]  Miguel Ambrona,et al.  On Black-Box Extensions of Non-interactive Zero-Knowledge Arguments, and Signatures Directly from Simulation Soundness , 2020, Public Key Cryptography.

[101]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[102]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[103]  Leslie G. Valiant,et al.  Random Generation of Combinatorial Structures from a Uniform Distribution , 1986, Theor. Comput. Sci..

[104]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[105]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, IACR Cryptol. ePrint Arch..

[106]  Eran Omri,et al.  Complete Characterization of Fairness in Secure Two-Party Computation of Boolean Functions , 2015, TCC.

[107]  Mihir Bellare,et al.  Uniform Generation of NP-Witnesses Using an NP-Oracle , 2000, Inf. Comput..

[108]  Eike Kiltz,et al.  On the Security of Two-Round Multi-Signatures , 2019, 2019 IEEE Symposium on Security and Privacy (SP).