Oracle Separation in the Non-uniform Model
Oracle separation methods are used in cryptography to rule out black-box reductions between cryptographic primitives. It is sufficient to find an oracle relative to which the base primitive exists but there are no secure instances of the constructed primitive. In practice, it is beyond our current reach to construct a fixed oracle with such properties for most of the reductions because it is difficult to guarantee the existence of secure base primitives. For example, to show that there exist no black-box reductions from collision-free functions to one-way permutations we have to show that secure one-way permutations exist relative to the oracle. However, no deterministic constructions for unconditionally secure one-way permutations are known yet. To overcome this gap, randomized oracles are used to create random base primitives that are secure on average. After that, a fixed oracle with the desired properties is extracted from the probability distribution by using non-constructive combinatorial arguments such as the first Borel-Cantelli lemma. This oracle extraction argument only applies to uniform reductions because it uses the countability of the set of all uniform Turing machines. In this work, we show how to adapt oracle separation results to the non-uniform security model. We consider the known separation techniques that are capable of ruling out the so-called fully black-box reductions and show that they can be extended to the non-uniform model with only minor modifications. As almost all separation results known to date fit into our separation framework, we conclude that they imply non-existence of fully black-box reductions in the non-uniform model. We also generalize our approach to a certain strong form of semi-black-box reductions. However, it stays an open question whether it is possible to adapt our technique to the weaker notions of black-box reductions in the non-uniform model.
Unable to display preview. Download preview PDF.
- 1.Gennaro, R., Gertner, Y., Katz, J.: Lower bounds on the efficiency of encryption and digital signature schemes. In: Proceedings of the thirty-fifth annual ACM symposium on Theory of computing, pp. 417–425 (2003)Google Scholar
- 3.Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: 41st Annual Symposium on Foundations of Computer Science, Redondo Beach, California, November 2000, pp. 325–335 (2000)Google Scholar
- 4.Hsiao, C.Y., Reyzin, L.: Finding Collisions on a Public Road, or Do Secure Hash Functions Need Secret Coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 92–105. Springer, Heidelberg (2004)Google Scholar
- 5.Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proc. of the Twenty First Annual ACM Symp. on Theory of Comp., pp. 44–61 (1989)Google Scholar
- 6.Kim, J.H., Simon, D.R., Tetali, P.: Limits on the efficiency of one-way permutation-based hash functions. In: Proc. of the 40th Annual Symposium on Foundations of Computer Science, pp. 535–542 (1999)Google Scholar
- 7.Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)Google Scholar