Minimal assumptions in cryptography

Virtually all of modern cryptography relies on unproven assumptions. This is necessary, as the existence of cryptography would have wide ranging implications. In particular, it would hold that P , NP, which is not known to be true. Nevertheless, there clearly is a risk that the assumptions may be wrong. Therefore, an important field of research explores which assumptions are strictly necessary under different circumstances. This thesis contributes to this field by establishing lower bounds on the minimal assumptions in three different areas of cryptography. We establish that assuming the existence of physically uncloneable functions (PUF), a specific kind of secure hardware, is not by itself sufficient to allow for secure two-party computation protocols without trusted setup. Specifically, we prove that unconditionally secure oblivious transfer can in general not be constructed from PUFs. Secondly, we establish a bound on the potential tightness of security proofs for Schnorr signatures. Essentially, no security proof based on virtually arbitrary non-interactive assumptions defined over an abstract group can be significantly tighter than the known, forking lemma based, proof. Thirdly, for very weak forms of program obfuscation, namely approximate indistinguishability obfuscation, we prove that they cannot exist with statistical security and computational assumptions are therefore necessary. This result holds unless the polynomial hierarchy collapses or one-way functions do not exist.

[1]  Tibor Jager,et al.  On Tight Security Proofs for Schnorr Signatures , 2014, ASIACRYPT.

[2]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[3]  Mark Manulis,et al.  A Modular Framework for Multi-Factor Authentication and Key Exchange , 2014, SSR.

[4]  Abhi Shelat,et al.  Lower Bounds on Assumptions Behind Indistinguishability Obfuscation , 2016, TCC.

[5]  Sven Schäge,et al.  Tight Proofs for Signature Schemes without Random Oracles , 2011, EUROCRYPT.

[6]  Leonid Reyzin,et al.  Finding Collisions on a Public Road, or Do Secure Hash Functions Need Secret Coins? , 2004, CRYPTO.

[7]  Marc Fischlin,et al.  Limitations of the Meta-Reduction Technique: The Case of Schnorr Signatures , 2013, IACR Cryptol. ePrint Arch..

[8]  Rafael Pass,et al.  Output-Compressing Randomized Encodings and Applications , 2016, TCC.

[9]  Oded Goldreich,et al.  Computational complexity - a conceptual perspective , 2008 .

[10]  Marc Fischlin,et al.  On the Impossibility of Three-Move Blind Signature Schemes , 2010, EUROCRYPT.

[11]  Mohammad Mahmoody,et al.  On the Power of Randomized Reductions and the Checkability of SAT , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[12]  Giulio Malavolta,et al.  Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys , 2018, IET Inf. Secur..

[13]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[14]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[15]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[16]  Raghav Bhaskar,et al.  Improved Bounds on Security Reductions for Discrete Log Based Signatures , 2008, CRYPTO.

[17]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[18]  Yuval Ishai,et al.  Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography , 2010, Electron. Colloquium Comput. Complex..

[19]  Gregory Neven,et al.  Hash function requirements for Schnorr signatures , 2009, J. Math. Cryptol..

[20]  Rafael Pass,et al.  Limits of provable security from standard assumptions , 2011, STOC '11.

[21]  Tal Malkin,et al.  On the impossibility of basing trapdoor functions on trapdoor predicates , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  Amit Sahai,et al.  A complete promise problem for statistical zero-knowledge , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[23]  U. Rührmair Oblivious Transfer based on Physical Unclonable Functions ( Extended Abstract ) , 2010 .

[24]  Aggelos Kiayias,et al.  Delegatable pseudorandom functions and applications , 2013, IACR Cryptol. ePrint Arch..

[25]  Steven Rudich,et al.  The Use of Interaction in Public Cryptosystems (Extended Abstract) , 1991, CRYPTO.

[26]  Vinod Vaikuntanathan,et al.  On Basing Private Information Retrieval on NP-Hardness , 2016, TCC.

[27]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[28]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[29]  Frank Sehnke,et al.  On the Foundations of Physical Unclonable Functions , 2009, IACR Cryptol. ePrint Arch..

[30]  Moni Naor,et al.  One-Way Functions and (Im)Perfect Obfuscation , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[31]  Stefan Katzenbeisser,et al.  PUFs: Myth, Fact or Busted? A Security Evaluation of Physically Unclonable Functions (PUFs) Cast in Silicon , 2012, CHES.

[32]  Pascal Paillier,et al.  Discrete-Log-Based Signatures May Not Be Equivalent to Discrete Log , 2005, ASIACRYPT.

[33]  Leslie G. Valiant,et al.  A theory of the learnable , 1984, CACM.

[34]  Rafail Ostrovsky,et al.  Universally Composable Secure Computation with (Malicious) Physically Uncloneable Functions , 2012, IACR Cryptol. ePrint Arch..

[35]  Marc Fischlin,et al.  On the Impossibility of Constructing Non-interactive Statistically-Secret Protocols from Any Trapdoor One-Way Function , 2002, CT-RSA.

[36]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[37]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[38]  Gregor Leander,et al.  Sufficient Conditions for Intractability over Black-Box Groups: Generic Lower Bounds for Generalized DL and DH Problems , 2007, IACR Cryptol. ePrint Arch..

[39]  Mohammad Mahmoody,et al.  On the Impossibility of Virtual Black-Box Obfuscation in Idealized Models , 2016, TCC.

[40]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[41]  Yunlei Zhao,et al.  Black-Box Separations of Hash-and-Sign Signatures in the Non-Programmable Random Oracle Model , 2015, ProvSec.

[42]  Max Mühlhäuser,et al.  SDF — Solar-aware distributed flow in wireless sensor networks , 2011, 2011 IEEE 36th Conference on Local Computer Networks.

[43]  Leslie G. Valiant,et al.  NP is as easy as detecting unique solutions , 1985, STOC '85.

[44]  Ingrid Verbauwhede,et al.  Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions , 2010, Towards Hardware-Intrinsic Security.

[45]  Thomas Holenstein,et al.  Strengthening key agreement using hard-core sets , 2006 .

[46]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[47]  Oded Goldreich,et al.  On the possibility of basing Cryptography on the assumption that P ≠ NP , 1998, IACR Cryptol. ePrint Arch..

[48]  Ulrich Rührmair,et al.  Strong PUFs: Models, Constructions, and Security Proofs , 2010, Towards Hardware-Intrinsic Security.

[49]  Michael Backes,et al.  Efficient Cryptographic Password Hardening Services from Partially Oblivious Commitments , 2016, CCS.

[50]  Zhenfeng Zhang,et al.  Black-Box Separations for One-More (Static) CDH and Its Generalization , 2014, ASIACRYPT.

[51]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[52]  Yehuda Lindell,et al.  A Proof of Security of Yao’s Protocol for Two-Party Computation , 2009, Journal of Cryptology.

[53]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, TCC.

[54]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[55]  Franziskus Kiefer,et al.  Pseudorandom signatures , 2013, ASIA CCS '13.

[56]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[57]  Silvio Micali,et al.  How to Construct Random Functions (Extended Abstract) , 1984, FOCS.

[58]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[59]  Jonathan Katz,et al.  Impossibility of Blind Signatures from One-Way Permutations , 2011, TCC.

[60]  Saqib A. Kakvi,et al.  Optimal security proofs for full domain hash, revisited , 2012 .

[61]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[62]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[63]  Abhi Shelat,et al.  Impossibility of VBB Obfuscation with Ideal Constant-Degree Graded Encodings , 2016, TCC.

[64]  Marc Fischlin,et al.  Random Oracles with(out) Programmability , 2010, ASIACRYPT.

[65]  Ueli Maurer,et al.  Abstract Models of Computation in Cryptography , 2005, IMACC.

[66]  Ulrich Rührmair,et al.  PUFs in Security Protocols: Attack Models and Security Evaluations , 2013, 2013 IEEE Symposium on Security and Privacy.

[67]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[68]  Yannick Seurin,et al.  On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model , 2012, IACR Cryptol. ePrint Arch..

[69]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[70]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[71]  Dario Fiore,et al.  Uniqueness is a Different Story: Impossibility of Verifiable Random Functions from Trapdoor Permutations , 2012, IACR Cryptol. ePrint Arch..

[72]  Eike Kiltz,et al.  Optimal Security Proofs for Signatures from Identification Schemes , 2016, CRYPTO.

[73]  Dennis Hofheinz,et al.  Possibility and Impossibility Results for Selective Decommitments , 2011, Journal of Cryptology.