Limits on the Provable Consequences of One-way Permutations

  • Russell Impagliazzo
  • Steven Rudich
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 403)


We present strong evidence that the implication, “if one-way permutations exist, then secure secret key agreement is possible”, is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show that the implication is false requires a new model. We consider a world where all parties have access to a black box for a randomly selected permutation. Being totally random, this permutation will be strongly one-way in a provable, information-theoretic way. We show that, if P = NP, no protocol for secret key agreement is secure in such a setting. Thus, to prove that a secret key agreement protocol which uses a one-way permutation as a black box is secure is as hard as proving PNP. We also obtain, as a corollary, that there is an oracle relative to which the implication is false, i.e., there is a one-way permutation, yet secret-exchange is impossible. Thus, no technique which relativizes can prove that secret exchange can be based on any one-way permutation. Our results present a general framework for proving statements of the form, “Cryptographic application X is not likely possible based solely on complexity assumption Y.”


Random Oracle Satisfying Assignment Oblivious Transfer Uniform Generation Oracle Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BGS75]
    T. Baker, J. Gill, and R. Solovay. Relativizations of the P=NP question. SIAM J. Comp., 4 (1975) pp. 431–442.CrossRefzbMATHMathSciNetGoogle Scholar
  2. [BG81]
    C. H. Bennett and J. Gill. Relative to a random oracle A, P A neNP A neCoNP A with probability 1. SIAM J. Comp. 10 (1981)Google Scholar
  3. [BCC87]
    G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. Technical Report PM-RS710, Centre for Mathematics and Computer Science, Amsterdam, The Netherlands, 1987.Google Scholar
  4. [Ben87]
    J. Cohen Benaloh. Verifiable Secret-Ballot Elections. PhD thesis, Yale University, Sept 1987. YALEU/DCS/TR-561.Google Scholar
  5. [Blu81]
    M. Blum. Three applications of the oblivious transfer: Part i: Coin flipping by telephone; part ii: How to exchange secrets; part iii: How to send certified electronic mail. Department of EECS, University of California, Berkeley, CA, 1981.Google Scholar
  6. [Blu82]
    M. Blum. Coin flipping by telephone: A protocol for solving impossible problems. In Proceedings of the 24th IEEE Computer Conference (Com-pCon), pages 133–137, 1982. reprinted in SIGACT News, vol. 15, no. 1, 1983, pp. 23–27.Google Scholar
  7. [BM84]
    M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comp. 13 (1984) pp. 850–864CrossRefzbMATHMathSciNetGoogle Scholar
  8. [Bra]
    G. Brassard. An optimally secure relativized cryptosystem. Advances in Cryptography, a Report on CRYPTO 81, Technical Report no. 82-04, Department of ECE, University of California, Santa Barbara, CA, 1982, pp. 54–58; reprinted in SIGACT News vol. 15, no. 1, 1983, pp. 28–33.Google Scholar
  9. [Bra83]
    G. Brassard. Relativized cryptography. IEEE Transactions on Information Theory, IT-19:877–894, 1983.CrossRefMathSciNetGoogle Scholar
  10. [CKS81]
    A.K. Chandra, D. Kozen, and L. Stockmeyer. Alternation. JACM, 28:114–133, 1981.CrossRefzbMATHMathSciNetGoogle Scholar
  11. [DH76]
    W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22:644–654, 1976.CrossRefMathSciNetGoogle Scholar
  12. [FFS86]
    U. Feige, A. Fiat and A. Shamir. Zero-knowledge proofs of identity. STOC, 1987.Google Scholar
  13. [GGM84]
    O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. In Proceedings of the 25th Annual Foundations of Computer Science. ACM, 1984.Google Scholar
  14. [GMW87]
    O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for proto cols with honest majority. In Proceedings of the 19th Annual Symposium on Theory of Computing. ACM, 1987.Google Scholar
  15. [GM84]
    S. Goldwasser and S. Micali. Probabalistic Encryption. JCSS, 28:270–299, 1984.zbMATHMathSciNetGoogle Scholar
  16. [GMR84]
    S. Goldwasser, S. Micali, and R. Rivest. A “paradoxical” solution to the signature problem. In Proceedings of the 25th Annual Foundations of Computer Science. ACM, 1984.Google Scholar
  17. [I88]
    R. Impagliazzo Proofs that relativize, and proofs that do not. Unpublished manuscript, 1988.Google Scholar
  18. [IY87]
    R. Impagliazzo and M. Yung. Direct minimum-knowledge computations. In Proceedings of Advances in Cryptography. CRYPTO, 1987.Google Scholar
  19. [JVV86]
    Mark Jerrum, Leslie Valiant, and Vijay Vazirani. Random generation of combinatorial structures from a uniform distribution. Theoretical Computer Science, 43:169–188, 1986.CrossRefzbMATHMathSciNetGoogle Scholar
  20. [LR86]
    M. Luby and C. Rackoff. How to construct pseudo-random permutations from pseudo-random functions. In Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, 1986.Google Scholar
  21. [Mer78]
    R. C. Merkle. Secure communications over insecure channels. CACM, 21(4):294–299, April 1978.Google Scholar
  22. [NY]
    M. Naor and M. Yung. Universal One-Way Hash Functions and Their Applications. These precedings.Google Scholar
  23. [P74]
    G. P. Purdy A high security log-in procedure. CACM, 17:442–445, 1974.MathSciNetGoogle Scholar
  24. [Rab81]
    M. O. Rabin. How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard University, 1981.Google Scholar
  25. [Rac88]
    C. Rackoff. A basic theory of public and private cryptosystems. CryptoGoogle Scholar
  26. [Yao82]
    A.C. Yao. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pages 80–91. IEEE, 1982.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1990

Authors and Affiliations

  • Russell Impagliazzo
    • 1
  • Steven Rudich
    • 2
  1. 1.Computer Science DivisionUniversity of California at BerkeleyBerkeley
  2. 2.Computer Science DepartmentUniversity of TorontoTorontoCanada

Personalised recommendations