Memory Lower Bounds of Reductions Revisited

  • Yuyu Wang
  • Takahiro Matsuda
  • Goichiro Hanaoka
  • Keisuke Tanaka
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10820)

Abstract

In Crypto 2017, Auerbach et al. initiated the study on memory-tight reductions and proved two negative results on the memory-tightness of restricted black-box reductions from multi-challenge security to single-challenge security for signatures and an artificial hash function. In this paper, we revisit the results by Auerbach et al. and show that for a large class of reductions treating multi-challenge security, it is impossible to avoid loss of memory-tightness unless we sacrifice the efficiency of their running-time. Specifically, we show three lower bound results. Firstly, we show a memory lower bound of natural black-box reductions from the multi-challenge unforgeability of unique signatures to any computational assumption. Then we show a lower bound of restricted reductions from multi-challenge security to single-challenge security for a wide class of cryptographic primitives with unique keys in the multi-user setting. Finally, we extend the lower bound result shown by Auerbach et al. treating a hash function to one treating any hash function with a large domain.

Keywords

Memory Tightness Lower bound Uniqueness Black-box reduction 

Notes

Acknowledgement

A part of this work was supported by Input Output Cryptocurrency Collaborative Research Chair funded by IOHK, Nomura Research Institute, NTT Secure Platform Laboratories, Mitsubishi Electric, I-System, JSPS Fellowship for Young Scientists, JST CREST JPMJCR14D6 and JPMJCR1688, JST OPERA, JSPS KAKENHI JP16H01705, 16J10697, JP17H01695.

References

  1. 1.
    Auerbach, B., Cash, D., Fersch, M., Kiltz, E.: Memory-tight reductions. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 101–132. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63688-7_4CrossRefGoogle Scholar
  2. 2.
    Bader, C.: Efficient signatures with tight real world security in the random-oracle model. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 370–383. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-12280-9_24Google Scholar
  3. 3.
    Bader, C., Hofheinz, D., Jager, T., Kiltz, E., Li, Y.: Tightly-secure authenticated key exchange. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part I. LNCS, vol. 9014, pp. 629–658. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46494-6_26Google Scholar
  4. 4.
    Bader, C., Jager, T., Li, Y., Schäge, S.: On the impossibility of tight cryptographic reductions. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 273–304. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_10CrossRefGoogle Scholar
  5. 5.
    Boyen, X., Mei, Q., Waters, B.: Direct chosen ciphertext security from identity-based techniques. In: ACM CCS 2005, pp. 320–329 (2005)Google Scholar
  6. 6.
    Coron, J.-S.: Optimal security proofs for PSS and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_18CrossRefGoogle Scholar
  7. 7.
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. ACM Trans. Inf. Syst. Secur. 3(3), 161–185 (2000)CrossRefGoogle Scholar
  8. 8.
    Gamal, T.E.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Gentry, C.: Practical identity-based encryption without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 445–464. Springer, Heidelberg (2006).  https://doi.org/10.1007/11761679_27CrossRefGoogle Scholar
  10. 10.
    Goldwasser, S., Ostrovsky, R.: Invariant signatures and non-interactive zero-knowledge proofs are equivalent (extended abstract). In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 228–245. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-48071-4_16CrossRefGoogle Scholar
  11. 11.
    Haitner, I., Holenstein, T.: On the (Im)possibility of key dependent encryption. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 202–219. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00457-5_13CrossRefGoogle Scholar
  12. 12.
    Haralambiev, K., Jager, T., Kiltz, E., Shoup, V.: Simple and efficient public-key encryption from computational diffie-hellman in the standard model. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 1–18. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13013-7_1CrossRefGoogle Scholar
  13. 13.
    Hofheinz, D., Jager, T., Knapp, E.: Waters signatures with optimal security reduction. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 66–83. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_5CrossRefGoogle Scholar
  14. 14.
    Hohenberger, S., Waters, B.: Short and stateless signatures from the RSA assumption. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 654–670. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_38CrossRefGoogle Scholar
  15. 15.
    Kakvi, S.A., Kiltz, E.: Optimal security proofs for full domain hash, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 537–553. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_32CrossRefGoogle Scholar
  16. 16.
    Kalyanasundaram, B., Schnitger, G.: The probabilistic communication complexity of set intersection. SIAM J. Discrete Math. 5(4), 545–557 (1992)MathSciNetCrossRefMATHGoogle Scholar
  17. 17.
    Kravitz, D.W.: Digital signature algorithm. US Patent 5,231,668, 27 July 1993Google Scholar
  18. 18.
    Krawczyk, H., Rabin, T.: Chameleon signatures. In: NDSS. The Internet Society (2000)Google Scholar
  19. 19.
    Lysyanskaya, A.: Unique signatures and verifiable random functions from the DH-DDH separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 597–612. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_38CrossRefGoogle Scholar
  20. 20.
    Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: FOCS, pp. 120–130. IEEE Computer Society (1999)Google Scholar
  21. 21.
    Razborov, A.A.: On the distributional complexity of disjointness. Theor. Comput. Sci. 106(2), 385–390 (1992)MathSciNetCrossRefMATHGoogle Scholar
  22. 22.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems (reprint). Commun. ACM 26(1), 96–99 (1983)CrossRefMATHGoogle Scholar
  23. 23.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_7CrossRefGoogle Scholar
  24. 24.
    Wichs, D.: Barriers in cryptography with weak, correlated and leaky sources. In: ITCS, pp. 111–126. ACM (2013)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Tokyo Institute of TechnologyTokyoJapan
  2. 2.National Institute of Advanced Industrial Science and Technology (AIST)TokyoJapan
  3. 3.IOHKTokyoJapan

Personalised recommendations