Limits of random oracles in secure computation

The seminal result of Impagliazzo and Rudich (STOC 1989) gave a black-box separation between one-way functions and public-key encryption: a public-key encryption scheme cannot be constructed using one-way functions in a black-box way. In addition, their result implied black-box separations between one-way functions and protocols for certain Secure Function Evaluation (SFE) functionalities (in particular, Oblivious Transfer). Surprisingly, however, since then there has been no further progress in separating one-way functions and SFE functionalities. In this work, we present the complete picture for finite deterministic 2-party SFE functionalities, vis a vis one-way functions. We show that in case of semi-honest adversaries, one-way functions are black-box separated from all such SFE functionalities, except the ones which have unconditionally secure protocols (and hence do not rely on any computational hardness). In the case of active adversaries, a black-box one-way function is indeed useful for SFE, but we show that it is useful only as much as access to an ideal commitment functionality is useful. Technically, our main result establishes the limitations of random oracles for secure computation. We show that a two-party deterministic functionality f has a secure protocol in the random oracle model that is (statistically) secure against semi-honest adversaries if and only if f has a protocol in the plain model that is (perfectly) secure against semi-honest adversaries. Further, in the case of active adversaries, a deterministic SFE functionality f has a (UC or standalone) statistically secure protocol in the random oracle model if and only if f has a (UC or standalone) statistically secure protocol in the commitment-hybrid model. Our proof is based on a "frontier analysis" of two-party protocols, combining it with (extensions of) the "independence learners" of Impagliazzo-Rudich/Barak-Mahmoody. We make essential use of a combinatorial property, originally discovered by Kushilevitz (FOCS 1989), of functions that have semi-honest secure protocols in the plain model (and hence our analysis applies only to functions of polynomial-sized domains, for which such a characterization is known). Our result could be seen as a first step towards proving a conjecture that we put forth in this work and call it the Many-Worlds Conjecture. For every 2-party SFE functionality f, one can consider a "world" where f can be semi-honest securely realized in the computational setting. Many-Worlds Conjecture states that there are infinitely many "distinct worlds" between minicrypt and cryptomania in the universe of Impagliazzo's Worlds.

[1]  Joe Kilian More general completeness theorems for secure two-party computation , 2000, STOC '00.

[2]  Eyal Kushilevitz,et al.  A zero-one law for Boolean privacy , 1989, STOC '89.

[3]  Eran Omri,et al.  On the Power of Random Oracles , 2012, Electron. Colloquium Comput. Complex..

[4]  Manoj Prabhakaran,et al.  Complexity of Multiparty Computation Problems: The Case of 2-Party Symmetric Secure Function Evaluation , 2009, IACR Cryptol. ePrint Arch..

[5]  Jörn Müller-Quade,et al.  Secure Computability of Functions in the IT Setting with Dishonest Majority and Applications to Long-Term Security , 2009, TCC.

[6]  Boaz Barak,et al.  Lower Bounds on Signatures From Symmetric Primitives , 2008, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[7]  Osamu Watanabe On One-Way Functions , 1989 .

[8]  30th Annual Symposium on Foundations of Computer Science, Research Triangle Park, North Carolina, USA, 30 October - 1 November 1989 , 1989, FOCS.

[9]  Daniel R. Simon,et al.  Limits on the efficiency of one-way permutation-based hash functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[10]  Xi Chen,et al.  How to compress interactive communication , 2010, STOC '10.

[11]  Manoj Prabhakaran,et al.  On the Power of Public-key Encryption in Secure Computation , 2013, Electron. Colloquium Comput. Complex..

[12]  Yehuda Lindell,et al.  On the Black-Box Complexity of Optimally-Fair Coin Tossing , 2011, TCC.

[13]  Manoj Prabhakaran,et al.  A Zero-One Law for Cryptographic Complexity with Respect to Computational UC Security , 2010, CRYPTO.

[14]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[15]  Manoj Prabhakaran,et al.  Exploring the Limits of Common Coins Using Frontier Analysis of Protocols , 2011, TCC.

[16]  Rafail Ostrovsky,et al.  One-way functions, hard on average problems, and statistical zero-knowledge proofs , 1991, [1991] Proceedings of the Sixth Annual Structure in Complexity Theory Conference.

[17]  Amit Sahai,et al.  A Full Characterization of Completeness for Two-Party Randomized Function Evaluation , 2014, EUROCRYPT.

[18]  Iftach Haitner,et al.  Semi-honest to Malicious Oblivious Transfer - The Black-Box Way , 2008, TCC.

[19]  D. S. Johnson,et al.  Proceedings of the twenty-first annual ACM symposium on Theory of computing , 1989, STOC 1989.

[20]  Joe Kilian,et al.  A general completeness theorem for two party games , 1991, STOC '91.

[21]  Russell Impagliazzo,et al.  A personal view of average-case complexity , 1995, Proceedings of Structure in Complexity Theory. Tenth Annual IEEE Conference.

[22]  Manoj Prabhakaran,et al.  Cryptographic Complexity Classes and Computational Intractability Assumptions , 2009, ICS.

[23]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[24]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[25]  References , 1971 .

[26]  Silvio Micali,et al.  The All-or-Nothing Nature of Two-Party Secure Computation , 1999, CRYPTO.

[27]  Boaz Barak,et al.  Merkle Puzzles are Optimal , 2008, IACR Cryptol. ePrint Arch..

[28]  Tal Malkin,et al.  On the impossibility of basing trapdoor functions on trapdoor predicates , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[29]  Rafail Ostrovsky,et al.  Reducibility and Completeness in Private Computations , 2000, SIAM J. Comput..

[30]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[31]  Luca Trevisan,et al.  On Hardness Amplification of One-Way Functions , 2005, TCC.

[32]  Gunnar Kreitz A Zero-One Law for Secure Multi-Party Computation with Ternary Outputs (full version) , 2011, IACR Cryptol. ePrint Arch..

[33]  Leonard J. Schulman Proceedings of the 42nd ACM Symposium on Theory of Computing, STOC 2010, Cambridge, Massachusetts, USA, 5-8 June 2010 , 2010, STOC.

[34]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[35]  Rafail Ostrovsky,et al.  One-way functions are essential for non-trivial zero-knowledge , 1993, [1993] The 2nd Israel Symposium on Theory and Computing Systems.

[36]  Eran Omri,et al.  Limits on the Usefulness of Random Oracles , 2013, Journal of Cryptology.

[37]  Donald Beaver Perfect Privacy For Two-Party Protocols , 1989, Distributed Computing And Cryptography.

[38]  Manoj Prabhakaran,et al.  On computational intractability assumptions in cryptography , 2011 .

[39]  Omer Reingold,et al.  Statistically Hiding Commitments and Statistical Zero-Knowledge Arguments from Any One-Way Function , 2009, SIAM J. Comput..

[40]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[41]  Jonathan Katz,et al.  Impossibility of Blind Signatures from One-Way Permutations , 2011, TCC.

[42]  Eyal Kushilevitz,et al.  A Zero-One Law for Boolean Privacy (extended abstract) , 1989, STOC 1989.

[43]  I. G. BONNER CLAPPISON Editor , 1960, The Electric Power Engineering Handbook - Five Volume Set.

[44]  Jörn Müller-Quade,et al.  Completeness Theorems with Constructive Proofs for Finite Deterministic 2-Party Functions , 2010, TCC.

[45]  Takahiro Matsuda,et al.  On Black-Box Separations among Injective One-Way Functions , 2011, TCC.

[46]  Eyal Kushilevitz,et al.  Privacy and communication complexity , 1989, 30th Annual Symposium on Foundations of Computer Science.

[47]  Omer Reingold,et al.  Finding Collisions in Interactive Protocols - A Tight Lower Bound on the Round Complexity of Statistically-Hiding Commitments , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[48]  Manoj Prabhakaran,et al.  A Unified Characterization of Completeness and Triviality for Secure Function Evaluation , 2012, INDOCRYPT.