On the power of nonuniformity in proofs of security

Nonuniform proofs of security are common in cryptography, but traditional black-box separations consider only uniform security reductions. In this paper, we initiate a formal study of the power and limits of nonuniform black-box proofs of security. We first show that a known protocol (based on the existence of one-way permutations) that uses a nonuniform proof of security, and it cannot be proven secure through a uniform security reduction. Therefore, nonuniform proofs of security are indeed provably more powerful than uniform ones. We complement this result by showing that many known black-box separations in the uniform regime actually do extend to the nonuniform regime. We prove our results by providing general techniques for extending certain types of black-box separations to handle nonuniformity.

[1]  Gilles Brassard,et al.  Relativized cryptography , 1979, 20th Annual Symposium on Foundations of Computer Science (sfcs 1979).

[2]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[3]  Thomas Holenstein,et al.  On the (Im)Possibility of Key Dependent Encryption , 2009, TCC.

[4]  Emmanuel Bresson,et al.  Separation Results on the "One-More" Computational Problems , 2008, CT-RSA.

[5]  Madhur Tulsiani,et al.  Time Space Tradeoffs for Attacks against One-Way Functions and PRGs , 2010, CRYPTO.

[6]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[7]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[8]  Luca Trevisan,et al.  On Hardness Amplification of One-Way Functions , 2005, TCC.

[9]  Joan Feigenbaum,et al.  Random-Self-Reducibility of Complete Sets , 1993, SIAM J. Comput..

[10]  Boaz Barak,et al.  Lower Bounds on Signatures From Symmetric Primitives , 2008, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[11]  Chi-Jen Lu,et al.  On the Security Loss in Cryptographic Reductions , 2009, EUROCRYPT.

[12]  Yehuda Lindell,et al.  On the Black-Box Complexity of Optimally-Fair Coin Tossing , 2011, TCC.

[13]  Guy N. Rothblum,et al.  Are PCPs Inherent in Efficient Arguments? , 2009, Computational Complexity Conference.

[14]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[15]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[16]  Boaz Barak,et al.  Merkle Puzzles are Optimal , 2008, IACR Cryptol. ePrint Arch..

[17]  Aggelos Kiayias,et al.  A Little Honesty Goes a Long Way - The Two-Tier Model for Secure Multiparty Computation , 2015, TCC.

[18]  Rafael Pass,et al.  Concurrent Non-malleable Commitments from Any One-Way Function , 2008, TCC.

[19]  Michael Backes,et al.  Limits of Constructive Security Proofs , 2008, ASIACRYPT.

[20]  Oded Goldreich,et al.  A uniform-complexity treatment of encryption and zero-knowledge , 1993, Journal of Cryptology.

[21]  Oded Goldreich,et al.  Definitions and properties of zero-knowledge proof systems , 1994, Journal of Cryptology.

[22]  Ronen Shaltiel,et al.  Lower Bounds on the Query Complexity of Non-uniform and Adaptive Reductions Showing Hardness Amplification , 2012, computational complexity.

[23]  Yevgeniy Dodis,et al.  On the Generic Insecurity of the Full Domain Hash , 2005, CRYPTO.

[24]  Rafael Pass,et al.  Limits of provable security from standard assumptions , 2011, STOC '11.

[25]  Emanuele Viola,et al.  Hardness amplification proofs require majority , 2008, SIAM J. Comput..

[26]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[27]  Sampath Kannan,et al.  The relationship between public key encryption and oblivious transfer , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[28]  Luca Trevisan,et al.  Lower bounds on the efficiency of generic cryptographic constructions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[29]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[30]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[31]  Takahiro Matsuda,et al.  On Black-Box Separations among Injective One-Way Functions , 2011, TCC.

[32]  Tal Malkin,et al.  On the impossibility of basing trapdoor functions on trapdoor predicates , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[33]  Johan Håstad,et al.  Pseudo-random generators under uniform assumptions , 1990, STOC '90.

[34]  Oded Goldreich,et al.  On basing one-way functions on NP-hardness , 2006, STOC '06.

[35]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[36]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[37]  Jonathan Katz,et al.  Impossibility of Blind Signatures from One-Way Permutations , 2011, TCC.

[38]  Rafael Pass,et al.  Parallel repetition of zero-knowledge proofs and the possibility of basing cryptography on NP-hardness , 2006, 21st Annual IEEE Conference on Computational Complexity (CCC'06).

[39]  Jonathan Katz,et al.  Lower bounds on the efficiency of encryption and digital signature schemes , 2003, STOC '03.

[40]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[41]  Rafael Pass,et al.  Towards Non-Black-Box Lower Bounds in Cryptography , 2011, TCC.

[42]  Hovav Shacham,et al.  Advances in Cryptology – CRYPTO 2018 , 2002, Lecture Notes in Computer Science.

[43]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[44]  Daniel R. Simon,et al.  Limits on the efficiency of one-way permutation-based hash functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[45]  Dan Boneh,et al.  Breaking RSA May Not Be Equivalent to Factoring , 1998, EUROCRYPT.

[46]  Alfred Menezes,et al.  Another look at non-uniformity , 2013, Groups Complex. Cryptol..

[47]  Rafael Pass,et al.  The Curious Case of Non-Interactive Commitments - On the Power of Black-Box vs. Non-Black-Box Use of Primitives , 2012, CRYPTO.

[48]  Ronen Shaltiel,et al.  On the (Im)Possibility of Arthur-Merlin Witness Hiding Protocols , 2009, TCC.

[49]  Yevgeniy Vahlis,et al.  Two Is a Crowd? A Black-Box Separation of One-Wayness and Security under Correlated Inputs , 2010, TCC.

[50]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[51]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[52]  Omer Reingold,et al.  Finding Collisions in Interactive Protocols - A Tight Lower Bound on the Round Complexity of Statistically-Hiding Commitments , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[53]  Dominique Unruh,et al.  Random Oracles and Auxiliary Input , 2007, CRYPTO.

[54]  Luca Trevisan,et al.  On worst-case to average-case reductions for NP problems , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[55]  Marc Fischlin,et al.  On the Impossibility of Three-Move Blind Signature Schemes , 2010, EUROCRYPT.