Article

Free access

Limits on the provable consequences of one-way permutations

Authors:

R. Impagliazzo,

S. RudichAuthors Info & Claims

STOC '89: Proceedings of the twenty-first annual ACM symposium on Theory of computing

Pages 44 - 61

https://doi.org/10.1145/73007.73012

Published: 01 February 1989 Publication History

Abstract

We present strong evidence that the implication, “if one-way permutations exist, then secure secret key agreement is possible”, is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show that the implication is false requires a new model. We consider a world where all parties have access to a black box for a randomly selected permutation. Being totally random, this permutation will be strongly one-way in a provable, information-theoretic way. We show that, if P = N P, no protocol for secret key agreement is secure in such a setting. Thus, to prove that a secret key agreement protocol which uses a one-way permutation as a black box is secure is as hard as proving P ≠ N P. We also obtain, as a corollary, that there is an oracle relative to which the implication is false, i.e., there is a one-way permutation, yet secret-exchange is impossible. Thus, no technique which relativizes can prove that secret exchange can be based on any one-way permutation. Our results present a general framework for proving statements of the form, “Cryptographic application X is not likely possible based solely on complexity assumption Y.”

References

[1]

T. Baker, J. Gill, and R. Solovay. Relativizations of the P=NP question. SIAM J. Comp., 4 (1975) pp. 431-442.

[2]

C.H. Bennett and J. Gill. Relative to a random oracle A, pAneNpAneCo- NPA with probability 1. SIAM J. Comp. 10 (1981)

[3]

G. Brassard, D. Chaum, and C. Crepeau. Minimum disclosure proofs of knowledge. Technical Report PM- tl.8710, Centre for Mathematics and Computer Science, Amsterdam, The Netherlands, 1987.

[4]

J. Cohen Benaloh. Verifiable Secret- Ballot Elections. PhD thesis, Yale University, Sept 1987. YALEU/DCS/TR- 561.

Digital Library

[5]

M. Blum. Three ~pplic~tions of the oblivions transfer: Part i: Coin flipping by telephone; part ii: How to exchange secrets; part iii: How to send certified electronic mail. Department of EECS, University of CMifornia, Berkeley, CA, 1981.

[6]

M. Blum. Coin flipping by telephone: A protoc91 for solving impossible problems. In Proceedings of the 2,1th IEEE Computer Conference (CornpC'on), pages 133-137, 1982. reprinted in SIGACT News, vol. 15, no. 1, 1983, pp. 23-27.

[7]

M. Blum and S. Micali. How to generate cryptogra~phicaily strong sequences of pseudo-random bits. SIAM J. Comp. 13 (1984) pp. 850-864

Digital Library

[8]

G. Brassard. An optimally secure relativized cryptosystem. Advances in Cryptography, a Report on CR YPTO 81, Technical Report no. 82-04, Department of ECE, University of California, Santa Barbara, CA, 1982, pp. 54-58; reprinted in $IGACT News vol. 15, no. 1, 1983, pp. 28-a3.

[9]

G. Brassard. Relativized cryptography. IEEE Transactions on Information Theory, IT-19:877-894, t983.

[10]

A.K. Chandra, D. Kozen, and L. Stockmeyer. Alternation. JACM, 28:114- 133, 198t.

Digital Library

[11]

W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT- 22:644-654, 1976.

Digital Library

[12]

U. Feige, A. Fiat and A. Shamir. Zeroknowledge proofs of identity. STOC, 1987.

Digital Library

[13]

O. Goldreich, S. Goldwasser, and S. Micall. How to construct random functions. In Proceedings of the 25th Annual Foundations of Computer Science. ACM, 1984.

[14]

O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In Proceedings of the 19th Annual Symposium on Theory of Computing. ACM, 1987.

Digital Library

[15]

S. Goldwasser and S. Micali. Probabalistic Encryption. JCSS, 28:270-299, 1984.

[16]

S. Goldwasser, S. Micali, and R. Rivest. A "paradoxical" solution to the signature problem. In Proceedings of the 25th Annual Foundations of Computer Science. ACM, 1984.

Digital Library

[17]

R. Impagliazzo Proofs that relativize, and proofs that do not. Unpublished manuscript, 1988.

[18]

R. impagli~Lzzo and M. Yung. Direct minimum-knowledge computations, in Proceedings of Advances in Cryptography. CRYPTO, 1987.

Digital Library

[19]

Mark Jerrum, Leslie Valiant, and Vijay Vazirani. Random generation of combinatorial structures from a uniform distribution. Theoretical Computer Scieace, 43:169-188, 1986.

Digital Library

[20]

M. Luby and C. Rackoff. How to construct pseudo-random permutations from pseudo-random functions. In P~'oceedings of the Eighteenth Annual A CM Symposium on Theory of Computing, 1986.

Digital Library

[21]

tL. C. Merkle. Secure communications over insecure channels. CA CM, 21(4):294-299, April 1978.

Digital Library

[22]

M. Naor and M. Yung. Universal One- Way Hash Functions and Their Applications. These precedings.

Digital Library

[23]

G.P. Purdy A high security log-in procedure. CACM, 17:442-445, 1974.

Digital Library

[24]

M.O. Rabin. How to exchange secrets by oblivious transfer. Technical Report TP~-81, Harva,rd University, 1981.

[25]

C. Rackoff. A basic theory of public and private cryptosystems. Cryp{o 88.

Digital Library

[26]

A.C. Yao. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pages 80-91/. IEEE, 1982.

Digital Library

Cited By

Huguenin-Dumittan LVaudenay S(2024)Impossibility of Post-Quantum Shielding Black-Box Constructions of CCA from CPAIACR Communications in Cryptology10.62056/akp2fhbmoOnline publication date: 9-Apr-2024
https://doi.org/10.62056/akp2fhbmo
Bouaziz–Ermann SGrilo AVergnaud DVu Q(2024)Towards the Impossibility of Quantum Public Key Encryption with Classical Keys from One-Way FunctionsIACR Communications in Cryptology10.62056/ahvr-11zn4Online publication date: 9-Apr-2024
https://doi.org/10.62056/ahvr-11zn4
Yamakawa TZhandry M(2024)Verifiable Quantum Advantage without StructureJournal of the ACM10.1145/365866571:3(1-50)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3658665
Show More Cited By

Index Terms

Limits on the provable consequences of one-way permutations

Recommendations

Limits on the Provable Consequences of One-way Functions
Limits on the provable consequences of one-way permutations (invited talk)
CRYPTO '88: Proceedings on Advances in cryptology

We present strong evidence that the implication, "if one-way permutations exist, then secure secret key agreement is possible", is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show ...
Tag-KEM from set partial domain one-way permutations
ACISP'06: Proceedings of the 11th Australasian conference on Information Security and Privacy

Recently a framework called Tag-KEM/DEM was introduced to construct efficient hybrid encryption schemes. Although it is known that generic encode-then-encrypt construction of chosen ciphertext secure public-key encryption also applies to secure Tag-KEM ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STOC '89: Proceedings of the twenty-first annual ACM symposium on Theory of computing

February 1989

600 pages

ISBN:0897913078

DOI:10.1145/73007

Editor:
D. S. Johnson

Copyright © 1989 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 February 1989

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

STOC89

Sponsor:

SIGACT

STOC89: 21st Annual ACM Symposium on the Theory of Computing

May 14 - 17, 1989

Washington, Seattle, USA

Acceptance Rates

STOC '89 Paper Acceptance Rate 56 of 196 submissions, 29%;

Overall Acceptance Rate 1,469 of 4,586 submissions, 32%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

373
Total Citations
View Citations
2,013
Total Downloads

Downloads (Last 12 months)442
Downloads (Last 6 weeks)73

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Huguenin-Dumittan LVaudenay S(2024)Impossibility of Post-Quantum Shielding Black-Box Constructions of CCA from CPAIACR Communications in Cryptology10.62056/akp2fhbmoOnline publication date: 9-Apr-2024
https://doi.org/10.62056/akp2fhbmo
Bouaziz–Ermann SGrilo AVergnaud DVu Q(2024)Towards the Impossibility of Quantum Public Key Encryption with Classical Keys from One-Way FunctionsIACR Communications in Cryptology10.62056/ahvr-11zn4Online publication date: 9-Apr-2024
https://doi.org/10.62056/ahvr-11zn4
Yamakawa TZhandry M(2024)Verifiable Quantum Advantage without StructureJournal of the ACM10.1145/365866571:3(1-50)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3658665
Hosoyamada AYamakawa T(2024)Finding Collisions in a Quantum World: Quantum Black-Box Separation of Collision-Resistance and One-WaynessJournal of Cryptology10.1007/s00145-024-09517-237:4Online publication date: 20-Aug-2024
https://doi.org/10.1007/s00145-024-09517-2
Alamati NPatranabis S(2024)Cryptographic Primitives with Hinting PropertyJournal of Cryptology10.1007/s00145-024-09502-937:3Online publication date: 23-Apr-2024
https://doi.org/10.1007/s00145-024-09502-9
Tanishita YHayashi RIshii RMatsuda TMatsuura K(2024)On the Implications from Updatable Encryption to Public-Key Cryptographic PrimitivesInformation Security and Privacy10.1007/978-981-97-5025-2_16(303-323)Online publication date: 16-Jul-2024
https://doi.org/10.1007/978-981-97-5025-2_16
Li LLi QLi XLiu Q(2024)How (not) to Build Quantum PKE in MinicryptAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68394-7_6(152-183)Online publication date: 18-Aug-2024
https://doi.org/10.1007/978-3-031-68394-7_6
Malavolta GWalter M(2024)Robust Quantum Public-Key Encryption with Applications to Quantum Key DistributionAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68394-7_5(126-151)Online publication date: 18-Aug-2024
https://doi.org/10.1007/978-3-031-68394-7_5
Kitagawa FMorimae TNishimaki RYamakawa T(2024)Quantum Public-Key Encryption with Tamper-Resilient Public Keys from One-Way FunctionsAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68394-7_4(93-125)Online publication date: 18-Aug-2024
https://doi.org/10.1007/978-3-031-68394-7_4
Lu GZhandry M(2024)Limits on the Power of Prime-Order Groups: Separating Q-Type from Static AssumptionsAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68388-6_3(46-74)Online publication date: 17-Aug-2024
https://doi.org/10.1007/978-3-031-68388-6_3
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents