Hardness Amplification of Weakly Verifiable Puzzles

  • Ran Canetti
  • Shai Halevi
  • Michael Steiner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3378)


Is it harder to solve many puzzles than it is to solve just one? This question has different answers, depending on how you define puzzles. For the case of inverting one-way functions it was shown by Yao that solving many independent instances simultaneously is indeed harder than solving a single instance (cf. the transformation from weak to strong one-way functions). The known proofs of that result, however, use in an essential way the fact that for one-way functions, verifying candidate solutions to a given puzzle is easy. We extend this result to the case where solutions are efficiently verifiable only by the party that generated the puzzle. We call such puzzles weakly verifiable. That is, for weakly verifiable puzzles we show that if no efficient algorithm can solve a single puzzle with probability more than ε, then no efficient algorithm can solve n independent puzzles simultaneously with probability more than ε n . We also demonstrate that when the puzzles are not even weakly verifiable, solving many puzzles may be no harder than solving a single one.

Hardness amplification of weakly verifiable puzzles turns out to be closely related to the reduction of soundness error under parallel repetition in computationally sound arguments. Indeed, the proof of Bellare, Impagliazzo and Naor that parallel repetition reduces soundness error in three-round argument systems implies a result similar to our first result, albeit with considerably worse parameters. Also, our second result is an adaptation of their proof that parallel repetition of four-round systems may not reduce the soundness error.


Success Probability Proof System Online Phase Parallel Repetition Reference String 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    von Ahn, L., Blum, M., Hopper, N., Langford, J.: CAPTCHA: Using hard AI problems for security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Impagliazzo, R., Naor, M.: Does parallel repetition lower the error in computationally sound protocols? In: 38th Annual Symposium on Foundations of Computer Science (FOCS 1997), pp. 374–383. IEEE, Los Alamitos (1997)Google Scholar
  3. 3.
    Ben-David, S., Chor, B., Goldreich, O., Luby, M.: On the theory of average case complexity. Journal of Computer and System Sciences 44(2), 193–219 (1992); Preliminary version in STOC 1989 zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Di Crescenzo, G., Ishai, Y., Ostrovsky, R.: Non-interactive and non-malleable commitment. In: Proceedings of the thirtieth annual ACM symposium on theory of computing (STOC 1998), pp. 141–150. ACM Press, New York (1998)CrossRefGoogle Scholar
  5. 5.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. on Computing 30(2), 391–437 (2000); Preliminary version in STOC 1991 zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Goldreich, O.: Foundations of Cryptography, Basic tools. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  7. 7.
    Impagliazzo, R., Levin, L.A.: No better ways to generate hard NP instances than picking uniformly at random. In: 31st Annual Symposium on Foundations of Computer Science (FOCS 1990), pp. 812–821. IEEE, Los Alamitos (1990)CrossRefGoogle Scholar
  8. 8.
    Juels, A., Brainard, J.: Client puzzles: A cryptographic defense against connection depletion attacks. In: Proceedings of the 1999 Network and Distributed System Security Symposium (NDSS 1999), pp. 151–165. Internet Society (ISOC) (1999)Google Scholar
  9. 9.
    Levin, L.A.: Average case complete problems. SIAM Journal of Computing 15(1), 285–286 (1986); Preliminary version in STOC 1984 zbMATHCrossRefGoogle Scholar
  10. 10.
    Myers, S.: Efficient amplification of the security of weak pseudo-random function generators. Journal of Cryptology 16(1), 1–24 (2003); Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 358. Springer, Heidelberg (2001)Google Scholar
  11. 11.
    Naor, M.: Verification of a human in the loop or identification via the Turing test. Manuscript, available on-line (1996),
  12. 12.
    Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and time-released crypto. Technical Report MIT/LCS/TR-684, MIT laboratory for Computer Science (1996)Google Scholar
  13. 13.
    Yao, A.C.: Theory and applications of trapdoor functions. In: 23rd Annual Symposium on Foundations of Computer Science, pp. 80–91. IEEE, Los Alamitos (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Ran Canetti
    • 1
  • Shai Halevi
    • 1
  • Michael Steiner
    • 1
  1. 1.IBM T.J. Watson Research CenterHawthorneUSA

Personalised recommendations