Towards a Theory of Extractable Functions
Extractable functions are functions where any adversary that outputs a point in the range of the function is guaranteed to “know” a corresponding preimage. Here, knowledge is captured by the existence of an efficient extractor that recovers the preimage from the internal state of the adversary. Extractability of functions was defined by the authors (ICALP’08) in the context of perfectly one-way functions. It can be regarded as an abstraction from specific knowledge assumptions, such as the Knowledge of Exponent assumption (Hada and Tanaka, Crypto 1998).
We initiate a more general study of extractable functions. We explore two different approaches. The first approach is aimed at understanding the concept of extractability in of itself; in particular we demonstrate that a weak notion of extraction implies a strong one, and make rigorous the intuition that extraction and obfuscation are complementary notions.
In the second approach, we study the possibility of constructing cryptographic primitives from simpler or weaker ones while maintaining extractability. Results are generally positive. Specifically, we show that several cryptographic reductions are either “knowledge-preserving” or can be modified to be so. Examples include reductions from extractable weak one-way functions to extractable strong ones, from extractable pseudorandom generators to extractable pseudorandom functions, and from extractable one-way functions to extractable commitments. Other questions, such as constructing extractable pseudorandom generators from extractable one way functions, remain open.
KeywordsAuxiliary Information Random String Commitment Scheme Pseudorandom Generator Noticeable Error
- 6.Blum, M.: Coin flipping by phone. In: IEEE Computer conference (1982)Google Scholar
- 13.Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACM 33 (1986)Google Scholar
- 14.Goldwasser, S., Kalai, Y.T.: On the impossibility of obfuscation with auxiliary input. In: FOCS (2005)Google Scholar
- 15.Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. In: STOC (1985)Google Scholar
- 17.Hastad, J., Levin, L., Impagliazzo, R., Luby, M.: Construction of a pseudorandom generator from any one-way function. SIAM Journal on Computing (1999)Google Scholar
- 19.Impagliazzo, R.: Hard-core distributions for somewhat hard problems. In: FOCS (1995)Google Scholar
- 20.Lepinski, M.: On the existence of 3-round zero-knowledge proofs. M.S. Thesis (2002)Google Scholar
- 21.Naor, M.: Bit commitments using pseudorandom generators. Journal of Cryptology (1991)Google Scholar
- 23.Ventre, C., Visconti, I.: Message-aware commitment schemes (unpublished manuscript, 2008)Google Scholar
- 24.Yao, A.C.: Theory and application of trapdoor functions. In: FOCS (1982)Google Scholar
- 25.Zheng, Y., Seberry, J.: Immunizing public key cryptosystems against chosen ciphertext attacks. Journal on Selected Areas in Communication (1993)Google Scholar