The Curious Case of Non-Interactive Commitments – On the Power of Black-Box vs. Non-Black-Box Use of Primitives

  • Mohammad Mahmoody
  • Rafael Pass
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7417)

Abstract

It is well-known that one-way permutations (and even one-to-one one-way functions) imply the existence of non-interactive commitments. Furthermore the construction is black-box (i.e., the underlying one-way function is used as an oracle to implement the commitment scheme, and an adversary attacking the commitment scheme is used as an oracle in the proof of security).

We rule out the possibility of black-box constructions of non-interactive commitments from general (possibly not one-to-one) one-way functions. As far as we know, this is the first result showing a natural cryptographic task that can be achieved in a black-box way from one-way permutations but not from one-way functions.

We next extend our black-box separation to constructions of non-interactive commitments from a stronger notion of one-way functions, which we refer to as hitting one-way functions. Perhaps surprisingly, Barak, Ong, and Vadhan (Siam JoC ’07) showed that there does exist a non-black-box construction of non-interactive commitments from hitting one-way functions. As far as we know, this is the first result to establish a “separation” between the power of black-box and non-black-box use of a primitive to implement a natural cryptographic task.

We finally show that unless the complexity class \(\mathsf {NP} \) has program checkers, the above separations extend also to non-interactive instance-based commitments, and 3-message public-coin honest-verifier zero-knowledge protocols with \(O(\log n)\)-bit verifier messages. The well-known classical zero-knowledge proof for \(\mathsf {NP} \) fall into this category.

Keywords

Non-Black-Box Constructions Black-Box Separations One-Way Functions Non-Interactive Commitments Zero-Knowledge Proofs Program Checkers Hitting Set Generators 

References

  1. 1.
    Agrawal, M., Kayal, N., Saxena, N.: PRIMES is in P. Report, Department of Computer Science and Engineering, Indian Institute of Technology Kanpur, Kanpur-208016, India (August 2002)Google Scholar
  2. 2.
    Alon, N., Spencer, J.H.: The probabilistic method, 3rd edn. Wiley, New York (2008)CrossRefMATHGoogle Scholar
  3. 3.
    Andreev, A.E., Clementi, A.E.F., Rolim, J.D.P.: A new general derandomization method. JACM: Journal of the ACM 45 (1998)Google Scholar
  4. 4.
    Andreev, A.E., Clementi, A.E.F., Rolim, J.D.P., Trevisan, L.: Weak random sources, hitting sets, and BPP simulations. SICOMP: SIAM Journal on Computing 28 (1999)Google Scholar
  5. 5.
    Barak, B.: How to go beyond the black-box simulation barrier. In: Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS), pp. 106–115 (2001)Google Scholar
  6. 6.
    Barak, B., Mahmoody, M.: Lower bounds on signatures from symmetric primitives. In: FOCS: IEEE Symposium on Foundations of Computer Science (2007)Google Scholar
  7. 7.
    Barak, B., Ong, S.J., Vadhan, S.: Derandomization in Cryptography. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 299–315. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Blum, Impagliazzo: Generic oracles and oracle classes. In: FOCS: IEEE Symposium on Foundations of Computer Science (1987)Google Scholar
  9. 9.
    Blum, M.: Coin flipping by telephone. In: CRYPTO, pp. 11–15 (1981)Google Scholar
  10. 10.
    Blum, M., Kannan, S.: Designing programs that check their work. J. ACM 42(1), 269–291 (1995)Google Scholar
  11. 11.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo random bits, pp. 112–117 (1982)Google Scholar
  12. 12.
    Boneh, Papakonstantinou, Rackoff, Vahlis, Waters: On the impossibility of basing identity based encryption on trapdoor permutations. In: FOCS: IEEE Symposium on Foundations of Computer Science (2008)Google Scholar
  13. 13.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences 37(2), 156–189 (1988)Google Scholar
  14. 14.
    Brassard, G., Crépeau, C., Yung, M.: Constant-round perfect zero-knowledge computationally convincing protocols. Theoretical Computer Science 84(1), 23–52 (1991)Google Scholar
  15. 15.
    Choi, S.G., Dachman-Soled, D., Malkin, T., Wee, H.: Black-Box Construction of a Non-malleable Encryption Scheme from Any Semantically Secure One. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 427–444. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Choi, S.G., Dachman-Soled, D., Malkin, T., Wee, H.: Simple, Black-Box Constructions of Adaptively Secure Protocols. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 387–402. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Dachman-Soled, D., Lindell, Y., Mahmoody, M., Malkin, T.: On the Black-Box Complexity of Optimally-Fair Coin Tossing. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 450–467. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Damgård, I.B., Pedersen, T.P., Pfitzmann, B.: Statistical secrecy and multibit commitments. IEEE Transactions on Information Theory 44(3), 1143–1151 (1998)Google Scholar
  19. 19.
    Gennaro, R., Gertner, Y., Katz, J., Trevisan, L.: Bounds on the efficiency of generic cryptographic constructions. SIAM Journal on Computing 35(1), 217–246 (2005)Google Scholar
  20. 20.
    Gennaro, R., Trevisan, L.: Lower bounds on the efficiency of generic cryptographic constructions. In: Proceedings of the 41st Annual Symposium on Foundations of Computer Science, pp. 305–313 (2000)Google Scholar
  21. 21.
    Gertner, Y., Kannan, S., Malkin, T., Reingold, O., Viswanathan, M.: The relationship between public key encryption and oblivious transfer. In: Proceedings of the 41st Annual IEEE Symposium on Foundations of Computer Science (2000)Google Scholar
  22. 22.
    Gertner, Y., Malkin, T., Reingold, O.: On the impossibility of basing trapdoor functions on trapdoor predicates. In: FOCS, pp. 126–135 (2001)Google Scholar
  23. 23.
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. Journal of Cryptology 9(3), 167–190 (1996)Google Scholar
  24. 24.
    Goldreich, O., Krawczyk, H.: Sparse pseudorandom distributions. Random Structures & Algorithms 3(2), 163–174 (1992)Google Scholar
  25. 25.
    Goldreich, O., Krawczyk, H., Luby, M.: On the existence of pseudorandom generators. SIAM Journal on Computing 22(6), 1163–1175 (1993)Google Scholar
  26. 26.
    Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC), pp. 25–32 (1989)Google Scholar
  27. 27.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority, pp. 218–229 (1987)Google Scholar
  28. 28.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM 38(1), 691–729 (1991); Preliminary version in FOCS 1986Google Scholar
  29. 29.
    Goldreich, O., Wigderson, A.: Improved Derandomization of BPP Using a Hitting Set Generator. In: Hochbaum, D.S., Jansen, K., Rolim, J.D.P., Sinclair, A. (eds.) RANDOM-APPROX 1999. LNCS, vol. 1671, pp. 131–137. Springer, Heidelberg (1999)Google Scholar
  30. 30.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–208 (1989); Preliminary version in STOC 1985Google Scholar
  31. 31.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281–308 (1988); Preliminary version in FOCS 1984Google Scholar
  32. 32.
    Goyal, V.: Constant round non-malleable protocols using one way functions (2011)Google Scholar
  33. 33.
    Haitner, I.: Semi-honest to Malicious Oblivious Transfer—The Black-Box Way. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 412–426. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  34. 34.
    Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols - A tight lower bound on the round complexity of statistically-hiding commitments. In: Proceedings of the 47th Annual Symposium on Foundations of Computer Science (FOCS). IEEE Computer Society (2007)Google Scholar
  35. 35.
    Haitner, I., Horvitz, O., Katz, J., Koo, C.-Y., Morselli, R., Shaltiel, R.: Reducing Complexity Assumptions for Statistically-Hiding Commitment. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 58–77. Springer, Heidelberg (2005), See also preliminary draft of full version www.wisdom.weizmann.ac.il/~iftachh/papers/SCfromRegularOWF.pdf CrossRefGoogle Scholar
  36. 36.
    Haitner, I., Ishai, Y., Kushilevitz, E., Lindell, Y., Petrank, E.: Black-box constructions of protocols for secure computation. SIAM J. Comput. 40(2), 225–266 (2011)Google Scholar
  37. 37.
    Haitner, I., Nguyen, M.-H., Ong, S.J., Reingold, O., Vadhan, S.: Statistically-hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM Journal on Computing (November 2007)Google Scholar
  38. 38.
    Haitner, I., Omri, E.: Coin flipping with constant bias implies one-way functions (2011)Google Scholar
  39. 39.
    Haitner, I., Reingold, O.: Statistically-hiding commitment from any one-way function. In: Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC). ACM Press (2007)Google Scholar
  40. 40.
    Haitner, I., Reingold, O., Vadhan, S.P., Wee, H.: Inaccessible entropy (2009)Google Scholar
  41. 41.
    Hartmanis, J., Hemachandra, L.A.: One-way functions, robustness, and the non-isomorphism of \({NP}\)-complete sets. Technical Report, 86–796, Department of Computer Science, Cornell University, (January 1987)Google Scholar
  42. 42.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999); Preliminary versions in STOC 1989 and STOC 1990Google Scholar
  43. 43.
    Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography. In: Proceedings of the 30th Annual Symposium on Foundations of Computer Science (FOCS), pp. 230–235 (1989)Google Scholar
  44. 44.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing (STOC), pp. 44–61. ACM Press (1989)Google Scholar
  45. 45.
    Kahn, J., Saks, M., Smyth, C.: A dual version of Reimer’s inequality and a proof of Rudich’s conjecture. In: 15th Annual IEEE Conference on Computational Complexity, pp. 98–103 (2000)Google Scholar
  46. 46.
    Katz, J., Schröder, D., Yerukhimovich, A.: Impossibility of Blind Signatures from One-Way Permutations. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 615–629. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  47. 47.
    Kim, J.H., Simon, D.R., Tetali, P.: Limits on the efficiency of one-way permutation-based hash functions. In: FOCS, pp. 535–542 (1999)Google Scholar
  48. 48.
    Lenstra, A.K., Lenstra Jr., H.W. (eds.): The development of the number field sieve. Lecture Notes in Mathematics, vol. 1554. Springer, Berlin (1993)MATHGoogle Scholar
  49. 49.
    Levin, L.A.: One-way functions and pseudorandom generators. Combinatorica 7, 357–363 (1987)Google Scholar
  50. 50.
    Lin, H., Trevisan, L., Wee, H.: On Hardness Amplification of One-Way Functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 34–49. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  51. 51.
    Matsuda, T., Matsuura, K.: On Black-Box Separations among Injective One-Way Functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 597–614. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  52. 52.
    Miller, G.L.: Riemann’s hypothesis and tests for primality. Journal of Computer and System Sciences 13(3), 300–317 (1976)Google Scholar
  53. 53.
    Naor, M.: On Cryptographic Assumptions and Challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  54. 54.
    Naor, M.: Bit commitment using pseudorandomness. Journal of Cryptology 4(2), 151–158 (1991); Preliminary version In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 128–136. Springer, Heidelberg (1990)Google Scholar
  55. 55.
    Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP using any one-way permutation. CRYPTO 1992 11(2), 87–108 (1998); Preliminary version in Brickell, E.F. (ed.): CRYPTO 1992. LNCS, vol. 740. Springer, Heidelberg (1993)Google Scholar
  56. 56.
    Nguyen, M.-H., Ong, S.J., Vadhan, S.: Statistical zero-knowledge arguments for NP from any one-way function. In: Proceedings of the 47th Annual Symposium on Foundations of Computer Science (FOCS), pp. 3–14 (2006)Google Scholar
  57. 57.
    Ostrovsky, R., Wigderson, A.: One-way fuctions are essential for non-trivial zero-knowledge. In: ISTCS, pp. 3–17 (1993)Google Scholar
  58. 58.
    Pass, R., Wee, H.: Black-Box Constructions of Two-Party Protocols from One-Way Functions. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 403–418. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  59. 59.
    Rabin, M.O.: Probabilistic algorithm for testing primality. Journal of Number Theory 12(1), 128–138 (1980)Google Scholar
  60. 60.
    Reingold, O., Trevisan, L., Vadhan, S.P.: Notions of Reducibility between Cryptographic Primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  61. 61.
    Rudich, S.: Limits on the Provable Consequences of One-Way Functions. PhD. thesis, U.C. Berkeley (1988)Google Scholar
  62. 62.
    Simon, D.R.: Findings Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  63. 63.
    Tardos, G.: Query complexity, or why is it difficult to seperate \(\text{ NP }^{A}\) cap co \(\text{ NP }^{A}\) from \(\text{ P }^{A}\) by random oracles A? Combinatorica 9(4), 385–392 (1989)Google Scholar
  64. 64.
    Vahlis, Y.: Two Is a Crowd? A Black-Box Separation of One-Wayness and Security under Correlated Inputs. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 165–182. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  65. 65.
    Wee, H.: Black-box, round-efficient secure computation via non-malleability amplification. In: FOCS, pp. 531–540. IEEE Computer Society (2010)Google Scholar
  66. 66.
    Yao, A.C.: Theory and applications of trapdoor functions, pp. 80–91 (1982)Google Scholar

Copyright information

© International Association for Cryptologic Research 2012 2012

Authors and Affiliations

  • Mohammad Mahmoody
    • 1
  • Rafael Pass
    • 1
  1. 1.Cornell UniversityIthacaUSA

Personalised recommendations