Advertisement

Enhancements are Blackbox Non-trivial: Impossibility of Enhanced Trapdoor Permutations from Standard Trapdoor Permutations

  • Mohammad HajiabadiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11239)

Abstract

Trapdoor permutations (TDP) are a fundamental primitive in cryptography. Several variants of this notion have emerged as a result of different applications. However, it is not clear whether these variants can be based on the standard notion of TDPs.

We study the question of whether enhanced trapdoor permutations can be based on classical trapdoor permutations. The main motivation of our work is in the context of existing TDP-based constructions of oblivious transfer and non-interactive zero knowledge protocols, which require enhancements to the classical TDP notion. We prove that these enhancements are non-trivial, in the sense that there does not exist fully blackbox constructions of enhanced TDPs from classical TDPs.

On the technical side, we show that the enhanced TDP security of any construction in the random TDP oracle world can be broken via a polynomial number of queries to the TDP oracle as well as a weakening oracle, which provides inversion with respect to randomness. We also show that the standard one-wayness of the random TDP oracle stays intact in the presence of this weakening oracle.

Notes

Acknowledgements

I am grateful to the anonymous reviewers for their useful comments, and especially to one reviewer for their very elaborate comments. I would also like to thank Bruce Kapron for commenting on an earlier draft of the paper.

References

  1. [AS16]
    Asharov, G., Segev, G.: On constructing one-way permutations from indistinguishability obfuscation. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 512–541. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49099-0_19CrossRefzbMATHGoogle Scholar
  2. [BBF13]
    Baecher, P., Brzuska, C., Fischlin, M.: Notions of black-box reductions, revisited. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 296–315. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42033-7_16CrossRefGoogle Scholar
  3. [BPR+08]
    Boneh, D., Papakonstantinou, P.A., Rackoff, C., Vahlis, Y., Waters, B.: On the impossibility of basing identity based encryption on trapdoor permutations. In: 49th FOCS, 25–28 October 2008, Philadelphia, PA, USA, pp. 283–292. IEEE Computer Society Press (2008)Google Scholar
  4. [BPW16]
    Bitansky, N., Paneth, O., Wichs, D.: Perfect structure on the edge of chaos. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 474–502. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49096-9_20CrossRefzbMATHGoogle Scholar
  5. [BY93]
    Bellare, M., Yung, M.: Certifying cryptographic tools: the case of trapdoor permutations. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 442–460. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-48071-4_31CrossRefGoogle Scholar
  6. [CL17]
    Canetti, R., Lichtenberg, A.: Certifying trapdoor permutations, revisited. Cryptology ePrint Archive, Report 2017/631 (2017). http://eprint.iacr.org/2017/631
  7. [EGL82]
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO 1982, Santa Barbara, CA, USA, pp. 205–210. Plenum Press, New York (1982)CrossRefGoogle Scholar
  8. [Fis02]
    Fischlin, M.: On the impossibility of constructing non-interactive statistically-secret protocols from any trapdoor one-way function. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 79–95. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45760-7_7CrossRefGoogle Scholar
  9. [FLS90]
    Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero knowledge proofs based on a single random string (extended abstract). In: 31st FOCS, 22–24 October 1990, St. Louis, Missouri, pp. 308–317. IEEE Computer Society Press (1990)Google Scholar
  10. [FS12]
    Fiore, D., Schröder, D.: Uniqueness is a different story: impossibility of verifiable random functions from trapdoor permutations. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 636–653. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-28914-9_36CrossRefzbMATHGoogle Scholar
  11. [GKM+00]
    Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: 41st FOCS, 12–14 November 2000, Redondo Beach, CA, USA, pp. 325–335. IEEE Computer Society Press (2000)Google Scholar
  12. [GMR01]
    Gertner, Y., Malkin, T., Reingold, O.: On the impossibility of basing trapdoor functions on trapdoor predicates. In: 42nd FOCS, 14–17 October 2001, pp. 126–135, Las Vegas, NV, USA. IEEE Computer Society Press (2001)Google Scholar
  13. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A. (ed.) 19th ACM STOC, pp. 218–229, 25–27 May 1987, New York City, NY, USA. ACM Press, New York (1987)Google Scholar
  14. [Gol04]
    Goldreich, O.: Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)CrossRefGoogle Scholar
  15. [Gol11]
    Goldreich, O.: Basing non-interactive zero-knowledge on (enhanced) trapdoor permutations: the state of the art. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation. LNCS, vol. 6650, pp. 406–421. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22670-0_28CrossRefGoogle Scholar
  16. [GR13]
    Goldreich, O., Rothblum, R.D.: Enhancements of trapdoor permutations. J. Cryptol. 26(3), 484–512 (2013)MathSciNetCrossRefGoogle Scholar
  17. [Hai04]
    Haitner, I.: Implementing oblivious transfer using collection of dense trapdoor permutations. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 394–409. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24638-1_22CrossRefzbMATHGoogle Scholar
  18. [HHRS07]
    Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols - a tight lower bound on the round complexity of statistically-hiding commitments. In: 48th FOCS, pp. 669–679, 20–23 October 2007, Providence, RI, USA. IEEE Computer Society Press (2007)Google Scholar
  19. [HR04]
    Hsiao, C.-Y., Reyzin, L.: Finding collisions on a public road, or do secure hash functions need secret coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 92–105. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_6CrossRefGoogle Scholar
  20. [IR89]
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st ACM STOC, 15–17 May, Seattle, WA, USA, pp. 44–61. ACM Press (1989)Google Scholar
  21. [KKM12]
    Kakvi, S.A., Kiltz, E., May, A.: Certifying RSA. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 404–414. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34961-4_25CrossRefGoogle Scholar
  22. [NR99]
    Naor, M., Reingold, O.: Synthesizers and their application to the parallel construction of pseudo-random functions. J. Comput. Syst. Sci. 58(2), 336–375 (1999)MathSciNetCrossRefGoogle Scholar
  23. [Rab79]
    Rabin, M.O.: Digital signatures and public key functions as intractable as factorization. Technical report MIT/LCS/TR-212, Massachusetts Institute of Technology, January 1979Google Scholar
  24. [RSA78]
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signature and public-key cryptosystems. Commun. Assoc. Comput. Mach. 21(2), 120–126 (1978)MathSciNetzbMATHGoogle Scholar
  25. [RTV04]
    Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24638-1_1CrossRefzbMATHGoogle Scholar
  26. [Sim98]
    Simon, D.R.: Finding collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054137CrossRefGoogle Scholar
  27. [Vah10]
    Vahlis, Y.: Two Is a crowd? a black-box separation of one-wayness and security under correlated inputs. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 165–182. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-11799-2_11CrossRefzbMATHGoogle Scholar
  28. [Yao82]
    Yao, A.C.-C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd FOCS, pp. 80–91, 3–5 November, Chicago, Illinois. IEEE Computer Society Press (1982)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.University of California BerkeleyBerkeleyUSA
  2. 2.University of VirginiaCharlottesvilleUSA

Personalised recommendations