Limits on the provable consequences of one-way permutations

Authors:
R. Impagliazzo

Computer Science Division, University of California at Berkeley, Berkeley, California

Computer Science Division, University of California at Berkeley, Berkeley, California
View Profile

,
S. Rudich

Computer Science Department, University of Toronto, Toronto, Canada M5S 1A4

Computer Science Department, University of Toronto, Toronto, Canada M5S 1A4
View Profile

STOC '89: Proceedings of the twenty-first annual ACM symposium on Theory of computingFebruary 1989Pages 44–61https://doi.org/10.1145/73007.73012

Published:01 February 1989Publication History

STOC '89: Proceedings of the twenty-first annual ACM symposium on Theory of computing

Pages 44–61

ABSTRACT

We present strong evidence that the implication, “if one-way permutations exist, then secure secret key agreement is possible”, is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show that the implication is false requires a new model. We consider a world where all parties have access to a black box for a randomly selected permutation. Being totally random, this permutation will be strongly one-way in a provable, information-theoretic way. We show that, if P = N P, no protocol for secret key agreement is secure in such a setting. Thus, to prove that a secret key agreement protocol which uses a one-way permutation as a black box is secure is as hard as proving P ≠ N P. We also obtain, as a corollary, that there is an oracle relative to which the implication is false, i.e., there is a one-way permutation, yet secret-exchange is impossible. Thus, no technique which relativizes can prove that secret exchange can be based on any one-way permutation. Our results present a general framework for proving statements of the form, “Cryptographic application X is not likely possible based solely on complexity assumption Y.”

References

BGS75.T. Baker, J. Gill, and R. Solovay. Relativizations of the P=NP question. SIAM J. Comp., 4 (1975) pp. 431-442.Google ScholarCross Ref
BG81.C.H. Bennett and J. Gill. Relative to a random oracle A, pAneNpAneCo- NPA with probability 1. SIAM J. Comp. 10 (1981)Google ScholarCross Ref
BCC87.G. Brassard, D. Chaum, and C. Crepeau. Minimum disclosure proofs of knowledge. Technical Report PM- tl.8710, Centre for Mathematics and Computer Science, Amsterdam, The Netherlands, 1987.Google Scholar
Ben87.J. Cohen Benaloh. Verifiable Secret- Ballot Elections. PhD thesis, Yale University, Sept 1987. YALEU/DCS/TR- 561. Google ScholarDigital Library
Blu81.M. Blum. Three ~pplic~tions of the oblivions transfer: Part i: Coin flipping by telephone; part ii: How to exchange secrets; part iii: How to send certified electronic mail. Department of EECS, University of CMifornia, Berkeley, CA, 1981.Google Scholar
Blu82.M. Blum. Coin flipping by telephone: A protoc91 for solving impossible problems. In Proceedings of the 2,1th IEEE Computer Conference (CornpC'on), pages 133-137, 1982. reprinted in SIGACT News, vol. 15, no. 1, 1983, pp. 23-27.Google Scholar
BM84.M. Blum and S. Micali. How to generate cryptogra~phicaily strong sequences of pseudo-random bits. SIAM J. Comp. 13 (1984) pp. 850-864 Google ScholarDigital Library
Bra.G. Brassard. An optimally secure relativized cryptosystem. Advances in Cryptography, a Report on CR YPTO 81, Technical Report no. 82-04, Department of ECE, University of California, Santa Barbara, CA, 1982, pp. 54-58; reprinted in $IGACT News vol. 15, no. 1, 1983, pp. 28-a3.Google Scholar
Bra83.G. Brassard. Relativized cryptography. IEEE Transactions on Information Theory, IT-19:877-894, t983.Google Scholar
CKS81.A.K. Chandra, D. Kozen, and L. Stockmeyer. Alternation. JACM, 28:114- 133, 198t. Google ScholarDigital Library
DH76.W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT- 22:644-654, 1976.Google ScholarDigital Library
FFS86.U. Feige, A. Fiat and A. Shamir. Zeroknowledge proofs of identity. STOC, 1987. Google ScholarDigital Library
GGM84.O. Goldreich, S. Goldwasser, and S. Micall. How to construct random functions. In Proceedings of the 25th Annual Foundations of Computer Science. ACM, 1984.Google Scholar
GMW87.O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for protocols with honest majority. In Proceedings of the 19th Annual Symposium on Theory of Computing. ACM, 1987. Google ScholarDigital Library
GM84.S. Goldwasser and S. Micali. Probabalistic Encryption. JCSS, 28:270-299, 1984.Google ScholarCross Ref
GMR84.S. Goldwasser, S. Micali, and R. Rivest. A "paradoxical" solution to the signature problem. In Proceedings of the 25th Annual Foundations of Computer Science. ACM, 1984.Google ScholarDigital Library
I88.R. Impagliazzo Proofs that relativize, and proofs that do not. Unpublished manuscript, 1988.Google Scholar
IY87.R. impagli~Lzzo and M. Yung. Direct minimum-knowledge computations, in Proceedings of Advances in Cryptography. CRYPTO, 1987. Google ScholarDigital Library
JVV86.Mark Jerrum, Leslie Valiant, and Vijay Vazirani. Random generation of combinatorial structures from a uniform distribution. Theoretical Computer Scieace, 43:169-188, 1986. Google ScholarDigital Library
LR86.M. Luby and C. Rackoff. How to construct pseudo-random permutations from pseudo-random functions. In P~'oceedings of the Eighteenth Annual A CM Symposium on Theory of Computing, 1986. Google ScholarDigital Library
Mer78.tL. C. Merkle. Secure communications over insecure channels. CA CM, 21(4):294-299, April 1978. Google ScholarDigital Library
NY.M. Naor and M. Yung. Universal One- Way Hash Functions and Their Applications. These precedings. Google ScholarDigital Library
P74.G.P. Purdy A high security log-in procedure. CACM, 17:442-445, 1974. Google ScholarDigital Library
Rab81.M.O. Rabin. How to exchange secrets by oblivious transfer. Technical Report TP~-81, Harva,rd University, 1981.Google Scholar
Rac88.C. Rackoff. A basic theory of public and private cryptosystems. Cryp{o 88. Google ScholarDigital Library
Yao82.A.C. Yao. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pages 80-91/. IEEE, 1982.Google ScholarDigital Library

Index Terms

Limits on the provable consequences of one-way permutations

Recommendations

Limits on the Provable Consequences of One-way Functions
Read More
Limits on the provable consequences of one-way permutations (invited talk)
CRYPTO '88: Proceedings on Advances in cryptology

We present strong evidence that the implication, "if one-way permutations exist, then secure secret key agreement is possible", is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show ...
Read More
Tag-KEM from set partial domain one-way permutations
ACISP'06: Proceedings of the 11th Australasian conference on Information Security and Privacy

Recently a framework called Tag-KEM/DEM was introduced to construct efficient hybrid encryption schemes. Although it is known that generic encode-then-encrypt construction of chosen ciphertext secure public-key encryption also applies to secure Tag-KEM ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
STOC '89: Proceedings of the twenty-first annual ACM symposium on Theory of computing
February 1989
600 pages
ISBN:0897913078
DOI:10.1145/73007
Editor:
D. S. Johnson
Copyright © 1989 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 February 1989
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- Article
Conference

Acceptance Rates
STOC '89 Paper Acceptance Rate56of196submissions,29%Overall Acceptance Rate1,469of4,586submissions,32%
More
Upcoming Conference
STOC '24

Sponsor:

sigact

56th Annual ACM Symposium on Theory of Computing (STOC 2024)

June 24 - 28, 2024

Vancouver , BC , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 363
  Total Citations
  View Citations
- 1,883
  Total Downloads
- Downloads (Last 12 months)433
- Downloads (Last 6 weeks)47
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Limits on the provable consequences of one-way permutations

STOC '89: Proceedings of the twenty-first annual ACM symposium on Theory of computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

Limits on the Provable Consequences of One-way Functions

Limits on the provable consequences of one-way permutations (invited talk)

Tag-KEM from set partial domain one-way permutations