Unprovable Security of Perfect NIZK and Non-interactive Non-malleable Commitments

We present barriers to provable security of two fundamental (and well-studied) cryptographic primitives perfect non-interactive zero knowledge (NIZK), and non-malleable commitments: · Black-box reductions cannot be used to demonstrate adaptive soundness (i.e., that soundness holds even if the statement to be proven is chosen as a function of the common reference string) of any statistical (and thus also perfect) NIZK for ${\cal NP}$ based on any 'standard' intractability assumptions. · Black-box reductions cannot be used to demonstrate non-malleability of non-interactive, or even 2-message, commitment schemes based on any 'standard' intractability assumptions. We emphasize that the above separations apply even if the construction of the considered primitives makes a non-black-box use of the underlying assumption As an independent contribution, we suggest a taxonomy of game-based intractability assumption based on 1) the security threshold, 2) the number of communication rounds in the security game, 3) the computational complexity of the game challenger, 4) the communication complexity of the challenger, and 5) the computational complexity of the security reduction.

[1]  Russell Impagliazzo,et al.  Chernoff-Type Direct Product Theorems , 2007, CRYPTO.

[2]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[3]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[4]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[5]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[6]  Rafael Pass,et al.  Parallel repetition of zero-knowledge proofs and the possibility of basing cryptography on NP-hardness , 2006, 21st Annual IEEE Conference on Computational Complexity (CCC'06).

[7]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[8]  Moti Yung,et al.  Certifying Permutations: Noninteractive zero-knowledge based on any trapdoor permutation , 1996, Journal of Cryptology.

[9]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[10]  Rafael Pass,et al.  Non-malleability amplification , 2009, STOC '09.

[11]  Rafael Pass,et al.  Bounded-concurrent secure two-party computation in a constant number of rounds , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[12]  Rafail Ostrovsky,et al.  Non-interactive and non-malleable commitment , 1998, STOC '98.

[13]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[14]  Rafael Pass,et al.  Limits of provable security from standard assumptions , 2011, STOC '11.

[15]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[16]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[17]  Dan Boneh,et al.  Breaking RSA May Not Be Equivalent to Factoring , 1998, EUROCRYPT.

[18]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[19]  Russell Impagliazzo,et al.  A personal view of average-case complexity , 1995, Proceedings of Structure in Complexity Theory. Tenth Annual IEEE Conference.

[20]  Luca Trevisan,et al.  On worst-case to average-case reductions for NP problems , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[21]  Adi Shamir,et al.  Multiple non-interactive zero knowledge proofs based on a single random string , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[22]  Ron Rothblum,et al.  Enhancements of Trapdoor Permutations , 2012, Journal of Cryptology.

[23]  Hoeteck Wee,et al.  Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[24]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[25]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[26]  Vinod Vaikuntanathan,et al.  Adaptive One-Way Functions and Applications , 2008, CRYPTO.

[27]  Vipul Goyal,et al.  Constant round non-malleable protocols using one way functions , 2011, STOC '11.

[28]  Marc Fischlin,et al.  On the Impossibility of Three-Move Blind Signature Schemes , 2010, EUROCRYPT.

[29]  Abhi Shelat,et al.  Unconditional Characterizations of Non-interactive Zero-Knowledge , 2005, CRYPTO.

[30]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[31]  Russell Impagliazzo,et al.  Limits on the Provable Consequences of One-way Permutations , 1988, CRYPTO.

[32]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[33]  Rafael Pass,et al.  Constant-round non-malleable commitments from any one-way function , 2011, STOC '11.

[34]  Emmanuel Bresson,et al.  Separation Results on the "One-More" Computational Problems , 2008, CT-RSA.

[35]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[36]  Yevgeniy Dodis,et al.  On the Generic Insecurity of the Full Domain Hash , 2005, CRYPTO.

[37]  Rafail Ostrovsky,et al.  One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[38]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[39]  Guy N. Rothblum,et al.  Are PCPs Inherent in Efficient Arguments? , 2009, Computational Complexity Conference.

[40]  Ronen Shaltiel,et al.  On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols , 2009, TCC.

[41]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[42]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[43]  Serge Fehr,et al.  Perfect NIZK with Adaptive Soundness , 2007, TCC.

[44]  Rafael Pass,et al.  Simulation in Quasi-Polynomial Time, and Its Application to Protocol Composition , 2003, EUROCRYPT.

[45]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[46]  Mihir Bellare,et al.  GQ and Schnorr Identification Schemes: Proofs of Security against Impersonation under Active and Concurrent Attacks , 2002, CRYPTO.

[47]  Gilles Brassard,et al.  Relativized cryptography , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[48]  Ran Canetti,et al.  Resettable Zero-Knowledge , 1999, IACR Cryptol. ePrint Arch..

[49]  Thomas Holenstein,et al.  On the (Im)Possibility of Key Dependent Encryption , 2009, TCC.

[50]  Rafael Pass,et al.  On Deniability in the Common Reference String and Random Oracle Model , 2003, CRYPTO.

[51]  Kai-Min Chung,et al.  On the power of nonuniformity in proofs of security , 2013, ITCS '13.

[52]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, IACR Cryptol. ePrint Arch..

[53]  Oded Goldreich,et al.  On basing one-way functions on NP-hardness , 2006, STOC '06.

[54]  Hoeteck Wee,et al.  Constant-Round Non-malleable Commitments from Sub-exponential One-Way Functions , 2010, EUROCRYPT.

[55]  Joan Feigenbaum,et al.  Random-Self-Reducibility of Complete Sets , 1993, SIAM J. Comput..

[56]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[57]  Rafael Pass,et al.  Concurrent Non-malleable Commitments from Any One-Way Function , 2008, TCC.

[58]  Silvio Micali,et al.  Mutually Independent Commitments , 2001, ASIACRYPT.

[59]  Rafael Pass,et al.  Concurrent non-malleable commitments , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[60]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[61]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[62]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[63]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[64]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[65]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[66]  Kai-Min Chung,et al.  Unprovable Security of Two-Message Zero Knowledge , 2012, IACR Cryptol. ePrint Arch..

[67]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[68]  Rafael Pass,et al.  An Efficient Parallel Repetition Theorem , 2010, TCC.

[69]  Rafael Pass,et al.  Towards Non-Black-Box Lower Bounds in Cryptography , 2011, TCC.