The relationship between public key encryption and oblivious transfer

In this paper we study the relationships among some of the most fundamental primitives and protocols in cryptography: public-key encryption (i.e. trapdoor predicates), oblivious transfer (which is equivalent to general secure multi-party computation), key agreement and trapdoor permutations. Our main results show that public-key encryption and oblivious transfer are incomparable under black-box reductions. These separations are tightly matched by our positive results where a restricted (strong) version of one primitive does imply the other primitive. We also show separations between oblivious transfer and key agreement. Finally, we conclude that neither oblivious transfer nor trapdoor predicates imply trapdoor permutations. Our techniques for showing negative results follow the oracle separations of R. Impagliazzo and S. Rudich (1989).

[1]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[2]  Daniel R. Simon,et al.  Limits on the efficiency of one-way permutation-based hash functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[3]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[4]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[5]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[6]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[7]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[8]  Chanathip Namprempre,et al.  The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme , 2002, Financial Cryptography.

[9]  Amit Sahai,et al.  Many-to-One Trapdoor Functions and Their Ralation to Public-Key Cryptosystems , 1998, CRYPTO.

[10]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[11]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[12]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13]  Ueli Maurer,et al.  A Non-interactive Public-Key Distribution System , 1996, Des. Codes Cryptogr..

[14]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[15]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[16]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[17]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[18]  M. Rabin,et al.  Randomized algorithms in number theory , 1985 .

[19]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[20]  Colin Boyd Advances in Cryptology - ASIACRYPT 2001, 7th International Conference on the Theory and Application of Cryptology and Information Security, Gold Coast, Australia, December 9-13, 2001, Proceedings , 2001, ASIACRYPT.

[21]  Moni Naor,et al.  Oblivious Transfer with Adaptive Queries , 1999, CRYPTO.

[22]  Joe Kilian More general completeness theorems for secure two-party computation , 2000, STOC '00.

[23]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[24]  Shafi Goldwasser,et al.  New directions in cryptography: twenty some years later (or cryptograpy and complexity theory: a match made in heaven) , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[25]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[26]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[27]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[28]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[29]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[30]  Joe Kilian,et al.  Achieving oblivious transfer using weakened security assumptions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[31]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[32]  Ivan Damgård,et al.  Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions , 2000, Public Key Cryptography.

[33]  Michael E. Saks,et al.  A dual version of Reimer's inequality and a proof of Rudich's conjecture , 2000, Proceedings 15th Annual IEEE Conference on Computational Complexity.

[34]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[35]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[36]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[37]  Bruce Schneier,et al.  Cryptographic Support for Secure Logs on Untrusted Machines , 1998, USENIX Security Symposium.

[38]  László Babai,et al.  Arthur-Merlin Games: A Randomized Proof System, and a Hierarchy of Complexity Classes , 1988, J. Comput. Syst. Sci..

[39]  Phong Q. Nguyen,et al.  Noisy Polynomial Interpolation and Noisy Chinese Remaindering , 2000, EUROCRYPT.

[40]  Miklos Santha,et al.  On the Reversibility of Oblivious Transfer , 1991, EUROCRYPT.

[41]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[42]  Manuel Blum How to exchange (secret) keys , 1983, STOC '83.

[43]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[44]  Rafail Ostrovsky,et al.  Reducibility and Completeness in Private Computations , 2000, SIAM J. Comput..

[45]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[46]  Luca Trevisan,et al.  Lower bounds on the efficiency of generic cryptographic constructions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[47]  Leslie G. Valiant,et al.  Random Generation of Combinatorial Structures from a Uniform Distribution , 1986, Theor. Comput. Sci..

[48]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[49]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[50]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[51]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[52]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[53]  Silvio Micali,et al.  Non-Interactive Oblivious Transfer and Spplications , 1989, CRYPTO.

[54]  Ueli Maurer,et al.  The Relationship Between Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms , 1999, SIAM J. Comput..

[55]  Silvio Micali,et al.  The All-or-Nothing Nature of Two-Party Secure Computation , 1999, CRYPTO.

[56]  D. C. Cooper,et al.  Sequential Machines and Automata Theory , 1968, Comput. J..

[57]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[58]  Ueli Maurer,et al.  Lower Bounds on Generic Algorithms in Groups , 1998, EUROCRYPT.

[59]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[60]  Claude Crépeau,et al.  Equivalence Between Two Flavours of Oblivious Transfers , 1987, CRYPTO.

[61]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[62]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[63]  Joe Kilian,et al.  A general completeness theorem for two party games , 1991, STOC '91.

[64]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[65]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[66]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[67]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[68]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[69]  I. Damgård,et al.  Average case error estimates for the strong probable prime test , 1993 .