On Constructing One-Way Permutations from Indistinguishability Obfuscation

We prove that there is no black-box construction of a one-way permutation family from a one-way function and an indistinguishability obfuscator for the class of all oracle-aided circuits, where the construction is “domain invariant” (i.e., where each permutation may have its own domain, but these domains are independent of the underlying building blocks). Following the framework of Asharov and Segev (FOCS ’15), by considering indistinguishability obfuscation for oracle-aided circuits we capture the common techniques that have been used so far in constructions based on indistinguishability obfuscation. These include, in particular, non-black-box techniques such as the punctured programming approach of Sahai and Waters (STOC ’14) and its variants, as well as sub-exponential security assumptions. For example, we fully capture the construction of a trapdoor permutation family from a one-way function and an indistinguishability obfuscator due to Bitansky, Paneth, and Wichs (TCC ’16). Their construction is not domain invariant, and our result shows that this, somewhat undesirable property, is unavoidable using the common techniques. In fact, we observe that constructions which are not domain invariant circumvent all known negative results for constructing one-way permutations based on one-way functions, starting with Rudich’s seminal work (PhD thesis ’88). We revisit this classic and fundamental problem and resolve this somewhat surprising gap by ruling out all such black-box constructions—even those that are not domain invariant.

[1]  Ran Canetti,et al.  Adaptively Secure Two-Party Computation from Indistinguishability Obfuscation , 2015, TCC.

[2]  Omer Reingold,et al.  Finding Collisions in Interactive Protocols - Tight Lower Bounds on the Round and Communication Complexities of Statistically Hiding Commitments , 2015, SIAM J. Comput..

[3]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[4]  Rafael Pass,et al.  The Curious Case of Non-Interactive Commitments - On the Power of Black-Box vs. Non-Black-Box Use of Primitives , 2012, CRYPTO.

[5]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[6]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[7]  Yehuda Lindell,et al.  On the Black-Box Complexity of Optimally-Fair Coin Tossing , 2011, TCC.

[8]  Sanjam Garg,et al.  Two-Round Adaptively Secure MPC from Indistinguishability Obfuscation , 2015, TCC.

[9]  Guy N. Rothblum,et al.  Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[10]  Brent Waters,et al.  A Punctured Programming Approach to Adaptively Secure Functional Encryption , 2015, CRYPTO.

[11]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[12]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, Algorithmica.

[13]  Jonathan Katz,et al.  Limits on the Power of Zero-Knowledge Proofs in Cryptographic Constructions , 2011, TCC.

[14]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[15]  Stephen M. Rudich,et al.  Limits on the provable consequences of one-way functions , 1983, STOC 1983.

[16]  Pooya Farshim,et al.  Random-Oracle Uninstantiability from Indistinguishability Obfuscation , 2015, TCC.

[17]  Boaz Barak,et al.  Merkle Puzzles are Optimal , 2008, IACR Cryptol. ePrint Arch..

[18]  Mark Zhandry,et al.  Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation , 2014, CRYPTO.

[19]  Gil Segev,et al.  On Constructing One-Way Permutations from Indistinguishability Obfuscation , 2016, TCC.

[20]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[21]  Nir Bitansky,et al.  Indistinguishability Obfuscation from Functional Encryption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[22]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[23]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[24]  Yael Tauman Kalai,et al.  The Impossibility of Obfuscation with Auxiliary Input or a Universal Simulator , 2014, CRYPTO.

[25]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[26]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[27]  Oded Goldreich,et al.  On Security Preserving Reductions - Revised Terminology , 2000, Studies in Complexity and Cryptography.

[28]  Nir Bitansky,et al.  On the Cryptographic Hardness of Finding a Nash Equilibrium , 2015, FOCS.

[29]  Michael E. Saks,et al.  A dual version of Reimer's inequality and a proof of Rudich's conjecture , 2000, Proceedings 15th Annual IEEE Conference on Computational Complexity.

[30]  Chi-Jen Lu,et al.  The Impossibility of Basing One-Way Permutations on Central Cryptographic Primitives , 2005, Journal of Cryptology.

[31]  Steven Myers,et al.  Towards a Separation of Semantic and CCA Security for Public Key Encryption , 2007, TCC.

[32]  Nir Bitansky,et al.  ZAPs and Non-Interactive Witness Indistinguishability from Indistinguishability Obfuscation , 2015, TCC.

[33]  Abhishek Jain,et al.  Indistinguishability Obfuscation from Compact Functional Encryption , 2015, CRYPTO.

[34]  Mihir Bellare,et al.  Poly-Many Hardcore Bits for Any One-Way Function and a Framework for Differing-Inputs Obfuscation , 2014, ASIACRYPT.

[35]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[36]  Brent Waters,et al.  Replacing a Random Oracle: Full Domain Hash From Indistinguishability Obfuscation , 2014, IACR Cryptol. ePrint Arch..

[37]  Vinod Vaikuntanathan,et al.  From Selective to Adaptive Security in Functional Encryption , 2015, CRYPTO.

[38]  Yael Tauman Kalai,et al.  On Virtual Grey Box Obfuscation for General Circuits , 2017, Algorithmica.

[39]  Gil Segev,et al.  Limits on the Power of Indistinguishability Obfuscation and Functional Encryption , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[40]  Kai-Min Chung,et al.  On the power of nonuniformity in proofs of security , 2013, ITCS '13.

[41]  Andrej Bogdanov,et al.  On Basing Size-Verifiable One-Way Functions on NP-Hardness , 2015, TCC.

[42]  Ran Canetti,et al.  Obfuscation of Probabilistic Circuits and Applications , 2015, TCC.

[43]  Kai-Min Chung,et al.  Constant-Round Concurrent Zero-Knowledge from Indistinguishability Obfuscation , 2015, CRYPTO.

[44]  Tal Malkin,et al.  Can Optimally-Fair Coin Tossing Be Based on One-Way Functions? , 2014, TCC.

[45]  Manoj Prabhakaran,et al.  On the Power of Public-key Encryption in Secure Computation , 2013, Electron. Colloquium Comput. Complex..

[46]  Marc Fischlin,et al.  Notions of Black-Box Reductions, Revisited , 2013, IACR Cryptol. ePrint Arch..

[47]  Brent Waters,et al.  How to use indistinguishability obfuscation: deniable encryption, and more , 2014, IACR Cryptol. ePrint Arch..

[48]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2012, JACM.

[49]  Nir Bitansky,et al.  Perfect Structure on the Edge of Chaos - Trapdoor Permutations from Indistinguishability Obfuscation , 2016, TCC.

[50]  Michael E. Saks,et al.  The Dual BKR Inequality and Rudich's Conjecture , 2011, Comb. Probab. Comput..

[51]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 1: Basic Techniques , 2001 .

[52]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[53]  Takahiro Matsuda,et al.  On Black-Box Separations among Injective One-Way Functions , 2011, TCC.

[54]  Hoeteck Wee,et al.  One-Way Permutations, Interactive Hashing and Statistically Hiding Commitments , 2007, TCC.

[55]  Dana Dachman-Soled,et al.  Adaptively Secure, Universally Composable, Multiparty Computation in Constant Rounds , 2015, TCC.

[56]  Nir Bitansky,et al.  Perfect Structure on the Edge of Chaos , 2015, IACR Cryptol. ePrint Arch..

[57]  Marc Fischlin,et al.  Notions of Black-Box Reductions , 2013 .

[58]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[59]  Amit Sahai,et al.  Multi-Input Functional Encryption , 2014, IACR Cryptol. ePrint Arch..

[60]  Craig Gentry,et al.  Two-Round Secure MPC from Indistinguishability Obfuscation , 2014, TCC.

[61]  Leonid Reyzin,et al.  Finding Collisions on a Public Road, or Do Secure Hash Functions Need Secret Coins? , 2004, CRYPTO.

[62]  Tal Malkin,et al.  On the impossibility of basing trapdoor functions on trapdoor predicates , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[63]  Takahiro Matsuda On the Impossibility of Basing Public-Coin One-Way Permutations on Trapdoor Permutations , 2014, TCC.

[64]  Rafael Pass,et al.  Towards Non-Black-Box Lower Bounds in Cryptography , 2011, TCC.

[65]  Yael Tauman Kalai,et al.  On Obfuscation with Random Oracles , 2015, TCC.

[66]  Moni Naor,et al.  One-Way Functions and (Im)Perfect Obfuscation , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[67]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.