On the Complexity of Collision Resistant Hash Functions: New and Old Black-Box Separations

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11891)


The complexity of collision-resistant hash functions has been long studied in the theory of cryptography. While we often think about them as a Minicrypt primitive, black-box separations demonstrate that constructions from one-way functions are unlikely. Indeed, theoretical constructions of collision-resistant hash functions are based on rather structured assumptions.

We make two contributions to this study:
  1. 1.

    A New Separation: We show that collision-resistant hashing does not imply hard problems in the class Statistical Zero Knowledge in a black-box way.

  2. 2.

    New Proofs: We show new proofs for the results of Simon, ruling out black-box reductions of collision-resistant hashing to one-way permutations, and of Asharov and Segev, ruling out black-box reductions to indistinguishability obfuscation. The new proofs are quite different from the previous ones and are based on simple coupling arguments.




Nir Bitansky is a member of the Check Point Institute of Information Security. Supported by the Alon Young Faculty Fellowship, by Len Blavatnik and the Blavatnik Family foundation, and an ISF grant 18/484. Akshay Degwekar did part of this work while visiting the FACT Center in IDC Herzliya, supported in part by ISF grant 1861/16 and AFOSR Award FA9550-17-1-0069. Also supported in part by NSF Grants CNS-1413920 and CNS-1350619, and by the Defense Advanced Research Projects Agency (DARPA) and the U.S. Army Research Office under contracts W911NF-15-C-0226 and W911NF-15-C-0236.


  1. [AGGM06]
    Akavia, A., Goldreich, O., Goldwasser, S., Moshkovitz, D.: On Basing One-way Functions on NP-hardness. In: STOC (2006)Google Scholar
  2. [AHI+17]
    Applebaum, B., Haramaty, N., Kushilevitz, E., Vaikuntanathan, V.: Low-complexity cryptographic hash functions. In: ITCS, Yuval Ishai (2017)Google Scholar
  3. [AR16]
    Applebaum, B., Raykov, P.: On the relationship between statistical zero-knowledge and statistical randomized encodings. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 449–477. Springer, Heidelberg (2016). Scholar
  4. [AS15]
    Asharov, G., Segev, G.: Limits on the power of indistinguishability obfuscation and functional encryption. In: FOCS (2015)Google Scholar
  5. [BB15]
    Bogdanov, A., Brzuska, C.: On basing size-verifiable one-way functions on NP-hardness. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 1–6. Springer, Heidelberg (2015). Scholar
  6. [BBF13]
    Baecher, P., Brzuska, C., Fischlin, M.: Notions of black-box reductions, revisited. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 296–315. Springer, Heidelberg (2013). Scholar
  7. [BDRV18]
    Berman, I., Degwekar, A., Rothblum, R.D., Vasudevan, P.N.: Multi-collision resistant hash functions and their applications. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 133–161. Springer, Cham (2018). Scholar
  8. [BDRV19]
    Berman, I., Degwekar, A., Rothblum, R.D., Vasudevan, P.N.: Statistical Difference Beyond the Polarizing Regime. In: ECCC (2019)Google Scholar
  9. [BDV17]
    Bitansky, N., Degwekar, A., Vaikuntanathan, V.: Structure vs. hardness through the obfuscation lens. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 696–723. Springer, Cham (2017). Scholar
  10. [BEG+94]
    Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. Algorithmica 12(2/3), 225–244 (1994)MathSciNetCrossRefGoogle Scholar
  11. [BKSY11]
    Brakerski, Z., Katz, J., Segev, G., Yerukhimovich, A.: Limits on the power of zero-knowledge proofs in cryptographic constructions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 559–578. Springer, Heidelberg (2011). Scholar
  12. [BL13]
    Bogdanov, A., Lee, C.H.: Limits of provable security for homomorphic encryption. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 111–128. Springer, Heidelberg (2013). Scholar
  13. [BLVW19]
    Brakerski, Z., Lyubashevsky, V., Vaikuntanathan, V., Wichs, D.: Worst-case hardness for LPN and cryptographic hashing via code smoothing. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 619–635. Springer, Cham (2019). Scholar
  14. [BM09]
    Barak, B., Mahmoody-Ghidary, M.: Merkle puzzles are optimal—an \({O}(n^{2})\)-query attack on any key exchange from a random oracle. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 374–390. Springer, Heidelberg (2009). Scholar
  15. [BT03]
    Bogdanov, A., Trevisan, L.: On worst-case to average-case reductions for NP problems. In: FOCS (2003)Google Scholar
  16. [CDGS18]
    Coretti, S., Dodis, Y., Guo, S., Steinberger, J.: Random oracles and non-uniformity. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 227–258. Springer, Cham (2018). Scholar
  17. [Dam87]
    Damgård, I.B.: Collision free hash functions and public key signature schemes. In: Chaum, D., Price, W.L. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988). Scholar
  18. [DHT12]
    Dodis, Y., Haitner, I., Tentes, A.: On the instantiability of hash-and-sign RSA signatures. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 112–132. Springer, Heidelberg (2012). Scholar
  19. [DLMM11]
    Dachman-Soled, D., Lindell, Y., Mahmoody, M., Malkin, T.: On the black-box complexity of optimally-fair coin tossing. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 450–467. Springer, Heidelberg (2011). Scholar
  20. [DPP93]
    Damgård, I.B., Pedersen, T.P., Pfitzmann, B.: On the existence of statistically hiding bit commitment schemes and fail-stop signatures. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 250–265. Springer, Heidelberg (1994). Scholar
  21. [Fis12]
    Fischlin, M.: Black-box reductions and separations in cryptography. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 413–422. Springer, Heidelberg (2012). Scholar
  22. [GG98]
    Goldreich, O., Goldwasser, S.: On the Possibility of basing Cryptography on the assumption that P \(\ne \) NP. IACR Cryptology ePrint Archive (1998)Google Scholar
  23. [GGH96]
    Goldreich, O., Goldwasser, S., Halevi, S.: Collision-free hashing from lattice problems. IACR Cryptology ePrint Archive, 1996:9 (1996)Google Scholar
  24. [GGKT05]
    Gennaro, R., Gertner, Y., Katz, J., Trevisan, L.: Bounds on the efficiency of generic cryptographic constructions. SIAM J. Comput. 35(1), 217–246 (2005)MathSciNetCrossRefGoogle Scholar
  25. [GHMM18]
    Garg, S., Hajiabadi, M., Mahmoody, M., Mohammed, A.: Limits on the power of garbling techniques for public-key encryption. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10993, pp. 335–364. Springer, Cham (2018). Scholar
  26. [GK93]
    Goldreich, O., Kushilevitz, E.: A perfect zero-knowledge proof system for a problem equivalent to the discrete logarithm. J. Cryptol. 6(2), 97–116 (1993)MathSciNetCrossRefGoogle Scholar
  27. [GKLM12]
    Goyal, V., Kumar, V., Lokam, S., Mahmoody, M.: On black-box reductions between predicate encryption schemes. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 440–457. Springer, Heidelberg (2012). Scholar
  28. [GKM+00]
    Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: FOCS (2000)Google Scholar
  29. [GMM07]
    Gertner, Y., Malkin, T., Myers, S.: Towards a separation of semantic and CCA security for public key encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 434–455. Springer, Heidelberg (2007). Scholar
  30. [GMR85]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems (Extended Abstract). In: STOC (1985)Google Scholar
  31. [GMR01]
    Gertner, Y., Malkin, T., Reingold, O.: On the impossibility of basing trapdoor functions on trapdoor predicates. In: FOCS (2001)Google Scholar
  32. [GT00]
    Gennaro, R., Trevisan, L.: Lower bounds on the efficiency of generic cryptographic constructions. In: FOCS (2000)Google Scholar
  33. [HH09]
    Haitner, I., Holenstein, T.: On the (im)possibility of key dependent encryption. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 202–219. Springer, Heidelberg (2009). Scholar
  34. [HHRS15]
    Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols-tight lower bounds on the round and communication complexities of statistically hiding commitments. SIAM J. Comput. 44(1), 193–242 (2015)MathSciNetCrossRefGoogle Scholar
  35. [HL18]
    Holmgren, J., Lombardi, A.: Cryptographic hashing from strong one-way functions (or: one-way product functions and their applications). In: FOCS (2018)Google Scholar
  36. [HM96]
    Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996). Scholar
  37. [HR04]
    Hsiao, C.-Y., Reyzin, L.: Finding collisions on a public road, or do secure hash functions need secret coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 92–105. Springer, Heidelberg (2004). Scholar
  38. [IKO05]
    Ishai, Y., Kushilevitz, E., Ostrovsky, R.: Sufficient conditions for collision-resistant hashing. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 445–456. Springer, Heidelberg (2005). Scholar
  39. [Imp95]
    Impagliazzo, R.: A personal view of average-case complexity. In: CCC (1995)Google Scholar
  40. [IR89]
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: STOC (1989)Google Scholar
  41. [Kil92]
    Kilian, J.: A note on efficient zero-knowledge proofs and arguments (extended abstract). In: STOC (1992)Google Scholar
  42. [KNY17]
    Komargodski, I., Naor, M., Yogev, E.: White-box vs. black-box complexity of search problems: ramsey and graph property testing. In: FOCS (2017)Google Scholar
  43. [KNY18]
    Komargodski, I., Naor, M., Yogev, E.: Collision resistant hashing for paranoids: dealing with multiple collisions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 162–194. Springer, Cham (2018). Scholar
  44. [KSS11]
    Kahn, J., Saks, M.E., Smyth, C.D.: The dual BKR inequality and rudich’s conjecture. Comb. Probab. Comput. 20(2), 257–266 (2011)MathSciNetCrossRefGoogle Scholar
  45. [KST99]
    Kim, J.H., Simon, D.R., Tetali, P.: Limits on the efficiency of one-way permutation-based hash functions. In: FOCS (1999)Google Scholar
  46. [KY18]
    Komargodski, I., Yogev, E.: On distributional collision resistant hashing. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 303–327. Springer, Cham (2018). Scholar
  47. [LM06]
    Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144–155. Springer, Heidelberg (2006). Scholar
  48. [LV16]
    Liu, T., Vaikuntanathan, V.: On basing private information retrieval on NP-hardness. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 372–386. Springer, Heidelberg (2016). Scholar
  49. [Mer89]
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, New York (1990). Scholar
  50. [MP91]
    Megiddo, N., Papadimitriou, C.H.: On total functions, existence theorems and computational complexity. Theor. Comput. Sci. 81(2), 317–324 (1991)MathSciNetCrossRefGoogle Scholar
  51. [MV03]
    Micciancio, D., Vadhan, S.P.: Statistical zero-knowledge proofs with efficient provers: lattice problems and more. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 282–298. Springer, Heidelberg (2003). Scholar
  52. [MX10]
    Mahmoody, M., Xiao, D.: On the power of randomized reductions and the checkability of SAT. In: CCC (2010)Google Scholar
  53. [OK91]
    Ogata, W., Kurosawa, K.: On claw free families. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 111–123. Springer, Heidelberg (1993). Scholar
  54. [Pas06]
    Pass, R.: Parallel repetition of zero-knowledge proofs and the possibility of basing cryptography on NP-hardness. In: CCC (2006)Google Scholar
  55. [Pas13]
    Pass, R.: Unprovable security of perfect NIZK and non-interactive non-malleable commitments. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 334–354. Springer, Heidelberg (2013). Scholar
  56. [Per]
    Personal communication with the authors of [KNY18]Google Scholar
  57. [PR06]
    Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145–166. Springer, Heidelberg (2006). Scholar
  58. [PVW08]
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008). Scholar
  59. [RTV04]
    Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004). Scholar
  60. [Rud88]
    Rudich, S.: Limits on the Provable Consequences of One-Way Functions. Ph.D. thesis, University of California, Berkeley (1988)Google Scholar
  61. [Rus95]
    Russell, A.: Necessary and sufficient condtions for collision-free hashing. J. Cryptol. 8(2), 87–100 (1995)MathSciNetzbMATHGoogle Scholar
  62. [Sim98]
    Simon, D.R.: Finding collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998). Scholar
  63. [SV03]
    Sahai, A., Vadhan, S.: A complete problem for statistical zero knowledge. J. ACM (JACM) 50(2), 196–249 (2003)MathSciNetCrossRefGoogle Scholar
  64. [Unr07]
    Unruh, D.: Random oracles and auxiliary input. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 205–223. Springer, Heidelberg (2007). Scholar
  65. [Vad99]
    Vadhan, S.P.: A study of statistical zero-knowledge proofs. Ph.D. thesis, Massachusetts Institute of Technology (1999)Google Scholar
  66. [YZW+17]
    Yu, Y., Zhang, J., Weng, J., Guo, C., Li, X.: Collision resistant hashing from learning parity with noise. IACR Cryptology ePrint Archive, 2017:1260 (2017)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Tel Aviv UniversityTel AvivIsrael
  2. 2.MITCambridgeUSA

Personalised recommendations