Advertisement

Journal of Cryptology

, Volume 29, Issue 2, pp 283–335 | Cite as

Limits on the Usefulness of Random Oracles

Article
  • 398 Downloads

Abstract

In their seminal work, Impagliazzo and Rudich (STOC’89) showed that no key-agreement protocol exists in the random-oracle model, yielding that key agreement cannot be black-box reduced to one-way functions. In this work, we generalize their result, showing that, to a large extent, no-private-input, semi-honest, two-party functionalities that can be securely implemented in the random oracle model can be securely implemented information theoretically (where parties are assumed to be all powerful, and no oracle is given). Using a recent information-theoretic impossibility result by McGregor et al. (FOCS’10), our result yields that certain functionalities (e.g. inner product) cannot be computed both in an accurately and in a differentially private manner in the random oracle model, implying that protocols for computing these functionalities cannot be black-box reduced to the existence of one-way functions.

Keywords

Random oracles Black-box separations One-way functions Differential privacy Key agreement 

References

  1. 1.
    B. Barak and M. Mahmoody. Merkle puzzles are optimal - an \(O(n^{2})\)-query attack on any key exchange from a random oracle. In Advances in Cryptology - CRYPTO ’09, pages 374–390, 2009.Google Scholar
  2. 2.
    B. Barak and M. Mahmoody-Ghidary. Lower bounds on signatures from symmetric primitives. In Proceedings of the 48th Annual Symposium on Foundations of Computer Science (FOCS), 2007.Google Scholar
  3. 3.
    A. Beimel, K. Nissim, and E. Omri. Distributed private data analysis: On simultaneously solving how and what. CoRR, abs/1103.2626, 2011.Google Scholar
  4. 4.
    R. Canetti, O. Goldreich, and S. Halevi. On the random-oracle methodology as applied to length-restricted signature schemes. In Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004, 2004.Google Scholar
  5. 5.
    Y.-C. Chang, C.-Y. Hsiao, and C.-J. Lu. On the impossibilities of basing one-way permutations on central cryptographic primitives. In Advances in Cryptology - CRYPTO ’02, pages 110–124, 2002.Google Scholar
  6. 6.
    B. Chor and E. Kushilevitz. A zero-one law for boolean privacy. SIAM J. Discrete Math., 4(1):36–47, 1991.CrossRefMathSciNetMATHGoogle Scholar
  7. 7.
    D. Dachman-Soled, Y. Lindell, M. Mahmoody, and T. Malkin. On the black-box complexity of optimally-fair coin tossing. In tcc11, pages 450–467, 2011.Google Scholar
  8. 8.
    D. Dachman-Soled, M. Mahmoody, and T. Malkin. Can optimally-fair coin tossing be based on one-way functions? In TCC, pages 217–239, 2014.Google Scholar
  9. 9.
    C. Dwork, F. McSherry, K. Nissim, and A. Smith. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography, Third Theory of Cryptography Conference, TCC 2006, pages 265–284, 2006.Google Scholar
  10. 10.
    A. Fiat and A. Shamir. How to prove yourself: practical solutions to identification and signature problems. In Advances in Cryptology - CRYPTO ’86, pages 186–194, 1987.Google Scholar
  11. 11.
    R. Gennaro and L. Trevisan. Lower bounds on the efficiency of generic cryptographic constructions. In Proceedings of the 41st Annual Symposium on Foundations of Computer Science, pages 305–313, 2000.Google Scholar
  12. 12.
    R. Gennaro, Y. Gertner, J. Katz, and L. Trevisan. Bounds on the efficiency of generic cryptographic constructions. SIAM Journal on Computing, 35(1):217–246, 2005.CrossRefMathSciNetMATHGoogle Scholar
  13. 13.
    Y. Gertner, S. Kannan, T. Malkin, O. Reingold, and M. Viswanathan. The relationship between public key encryption and oblivious transfer. In Proceedings of the 32nd Annual ACM Symposium on Theory of Computing (STOC), 2000.Google Scholar
  14. 14.
    S. Goldwasser and Y. Tauman-Kalai. On the (in)security of the fiat-shamir paradigm. In Proceedings of the 44th Annual Symposium on Foundations of Computer Science (FOCS), 2003.Google Scholar
  15. 15.
    A. Groce, J. Katz, and A. Yerukhimovich. Limits of computational differential privacy in the client/server setting. In Theory of Cryptography, Eighth Theory of Cryptography Conference, TCC 2011, pages 417–431, 2011.Google Scholar
  16. 16.
    I. Haitner, J. J. Hoch, O. Reingold, and G. Segev. Finding collisions in interactive protocols - A tight lower bound on the round complexity of statistically-hiding commitments. In Proceedings of the 48th Annual Symposium on Foundations of Computer Science (FOCS), 2007.Google Scholar
  17. 17.
    I. Haitner, E. Omri, and H. Zarosim. Limits on the usefulness of random oracles. In Theory of Cryptography, Tenth Theory of Cryptography Conference, TCC 2013, pages 437–456, 2013.Google Scholar
  18. 18.
    R. Impagliazzo and S. Rudich. Limits on the provable consequences of one-way permutations. In Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC), pages 44–61. ACM Press, 1989.Google Scholar
  19. 19.
    J. Kahn, M. Saks, and C. Smyth. A dual version of reimer’s inequality and a proof of rudich’s conjecture. In Computational Complexity, 2000. Proceedings. 15th Annual IEEE Conference on, pages 98–103, 2000.Google Scholar
  20. 20.
    J. H. Kim, D. Simon, and P. Tetali. Limits on the efficiency of one-way permutation-based hash functions. In Foundations of Computer Science, 1999. 40th Annual Symposium on, pages 535–542, 1999.Google Scholar
  21. 21.
    M. Mahmoody, H. K. Maji, and M. Prabhakaran. Limits of random oracles in secure computation. Technical Report 1205.3554v1, arXiv, 2012. arXiv:1205.3554v1.
  22. 22.
    A. McGregor, I. Mironov, T. Pitassi, O. Reingold, K. Talwar, and S. P. Vadhan. The limits of two-party differential privacy. Electronic Colloquium on Computational Complexity (ECCC), page 106, 2011. Preliminary version in FOCS’10.Google Scholar
  23. 23.
    R. C. Merkle. Secure communications over insecure channels. In SIMMONS: Secure Communications and Asymmetric Cryptosystems, 1982.Google Scholar
  24. 24.
    I. Mironov, O. Pandey, O. Reingold, and S. P. Vadhan. Computational differential privacy. In Advances in Cryptology - CRYPTO ’09, pages 126–142, 2009.Google Scholar
  25. 25.
    D. Pointcheval and J. Stern. Security proofs for signature schemes. In Advances in Cryptology - EUROCRYPT ’96, pages 387–398, 1996.Google Scholar
  26. 26.
    O. Reingold, L. Trevisan, and S. P. Vadhan. Notions of reducibility between cryptographic primitives. In Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004, volume 2951 of Lecture Notes in Computer Science, pages 1–20. Springer, 2004.Google Scholar
  27. 27.
    S. Rudich. The use of interaction in public cryptosystems. In Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’91, pages 242–251, 1992.Google Scholar
  28. 28.
    M. Santha and U. V. Vazirani. Generating quasi-random sequences from semi-random sources. J. Comput. Syst. Sci., 33(1):75–87, 1986.CrossRefMathSciNetMATHGoogle Scholar
  29. 29.
    D. Simon. Finding collisions on a one-way street: Can secure hash functions be based on general assumptions? In Advances in Cryptology - EUROCRYPT ’98, pages 334–345, 1998.Google Scholar
  30. 30.
    H. Wee. One-way permutations, interactive hashing and statistically hiding commitments. In Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004, pages 419–433, 2007.Google Scholar

Copyright information

© International Association for Cryptologic Research 2014

Authors and Affiliations

  1. 1.School of Computer ScienceTel Aviv UniversityTel AvivIsrael
  2. 2.Department of Computer Science and MathematicsAriel UniversityArielIsrael
  3. 3.Department of Computer ScienceBar Ilan UniversityRamat GanIsrael

Personalised recommendations