Hardness Amplification of Weakly Verifiable Puzzles
Is it harder to solve many puzzles than it is to solve just one? This question has different answers, depending on how you define puzzles. For the case of inverting one-way functions it was shown by Yao that solving many independent instances simultaneously is indeed harder than solving a single instance (cf. the transformation from weak to strong one-way functions). The known proofs of that result, however, use in an essential way the fact that for one-way functions, verifying candidate solutions to a given puzzle is easy. We extend this result to the case where solutions are efficiently verifiable only by the party that generated the puzzle. We call such puzzles weakly verifiable. That is, for weakly verifiable puzzles we show that if no efficient algorithm can solve a single puzzle with probability more than ε, then no efficient algorithm can solve n independent puzzles simultaneously with probability more than ε n . We also demonstrate that when the puzzles are not even weakly verifiable, solving many puzzles may be no harder than solving a single one.
Hardness amplification of weakly verifiable puzzles turns out to be closely related to the reduction of soundness error under parallel repetition in computationally sound arguments. Indeed, the proof of Bellare, Impagliazzo and Naor that parallel repetition reduces soundness error in three-round argument systems implies a result similar to our first result, albeit with considerably worse parameters. Also, our second result is an adaptation of their proof that parallel repetition of four-round systems may not reduce the soundness error.
KeywordsSuccess Probability Proof System Online Phase Parallel Repetition Reference String
- 2.Bellare, M., Impagliazzo, R., Naor, M.: Does parallel repetition lower the error in computationally sound protocols? In: 38th Annual Symposium on Foundations of Computer Science (FOCS 1997), pp. 374–383. IEEE, Los Alamitos (1997)Google Scholar
- 8.Juels, A., Brainard, J.: Client puzzles: A cryptographic defense against connection depletion attacks. In: Proceedings of the 1999 Network and Distributed System Security Symposium (NDSS 1999), pp. 151–165. Internet Society (ISOC) (1999)Google Scholar
- 10.Myers, S.: Efficient amplification of the security of weak pseudo-random function generators. Journal of Cryptology 16(1), 1–24 (2003); Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 358. Springer, Heidelberg (2001)Google Scholar
- 11.Naor, M.: Verification of a human in the loop or identification via the Turing test. Manuscript, available on-line (1996), http://www.wisdom.weizmann.ac.il/~naor/PAPERS/human_abs.html
- 12.Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and time-released crypto. Technical Report MIT/LCS/TR-684, MIT laboratory for Computer Science (1996)Google Scholar
- 13.Yao, A.C.: Theory and applications of trapdoor functions. In: 23rd Annual Symposium on Foundations of Computer Science, pp. 80–91. IEEE, Los Alamitos (1982)Google Scholar