Distributional Collision Resistance Beyond One-Way Functions

  • Nir Bitansky
  • Iftach Haitner
  • Ilan Komargodski
  • Eylon YogevEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11478)


Distributional collision resistance is a relaxation of collision resistance that only requires that it is hard to sample a collision (xy) where x is uniformly random and y is uniformly random conditioned on colliding with x. The notion lies between one-wayness and collision resistance, but its exact power is still not well-understood. On one hand, distributional collision resistant hash functions cannot be built from one-way functions in a black-box way, which may suggest that they are stronger. On the other hand, so far, they have not yielded any applications beyond one-way functions.

Assuming distributional collision resistant hash functions, we construct constant-round statistically hiding commitment scheme. Such commitments are not known based on one-way functions, and are impossible to obtain from one-way functions in a black-box way. Our construction relies on the reduction from inaccessible entropy generators to statistically hiding commitments by Haitner et al. (STOC ’09). In the converse direction, we show that two-message statistically hiding commitments imply distributional collision resistance, thereby establishing a loose equivalence between the two notions.

A corollary of the first result is that constant-round statistically hiding commitments are implied by average-case hardness in the class \({\textsf {SZK}}\) (which is known to imply distributional collision resistance). This implication seems to be folklore, but to the best of our knowledge has not been proven explicitly. We provide yet another proof of this implication, which is arguably more direct than the one going through distributional collision resistance.



Nir Bitansky is a member of the Check Point Institute of Information Security. Supported by ISF grant 18/484, the Alon Young Faculty Fellowship, and by Len Blavatnik and the Blavatnik Family foundation. Iftach Haitner is a member of the Check Point Institute for Information Security. Research supported by ERC starting grant 638121. Ilan Komargodski is supported in part by an AFOSR grant FA9550-15-1-0262. Eylon Yogev is supported by the European Union’s Horizon 2020 research and innovation program under grant agreement No. 742754.


  1. 1.
    Applebaum, B., Haramaty, N., Ishai, Y., Kushilevitz, E., Vaikuntanathan, V.: Low-complexity cryptographic hash functions. In: 8th Innovations in Theoretical Computer Science Conference, ITCS, pp. 7:1–7:31 (2017)Google Scholar
  2. 2.
    Asharov, G., Segev, G.: Limits on the power of indistinguishability obfuscation and functional encryption. SIAM J. Comput. 45(6), 2117–2176 (2016)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Barak, B.: How to go beyond the black-box simulation barrier. In: 42nd IEEE Annual Symposium on Foundations of Computer Science, FOCS, pp. 106–115 (2001)Google Scholar
  4. 4.
    Berman, I., Degwekar, A., Rothblum, R.D., Vasudevan, P.N.: Multi-collision resistant hash functions and their applications. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 133–161. Springer, Cham (2018). Scholar
  5. 5.
    Bitansky, N., Degwekar, A., Vaikuntanathan, V.: Structure vs. hardness through the obfuscation lens. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 696–723. Springer, Cham (2017). Scholar
  6. 6.
    Bitansky, N., Kalai, Y.T., Paneth, O.: Multi-collision resistance: a paradigm for keyless hash functions. In: Proceedings of the 50th Annual ACM SIGACT Symposium on Theory of Computing, STOC, pp. 671–684 (2018)Google Scholar
  7. 7.
    Blum, M.: Coin flipping by telephone. In: Advances in Cryptology - CRYPTO, pp. 11–15 (1981)Google Scholar
  8. 8.
    Damgård, I.B., Pedersen, T.P., Pfitzmann, B.: On the existence of statistically hiding bit commitment schemes and fail-stop signatures. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 250–265. Springer, Heidelberg (1994). Scholar
  9. 9.
    Dubrov, B., Ishai, Y.: On the randomness complexity of efficient sampling. In: Proceedings of the 38th Annual ACM Symposium on Theory of Computing, pp. 711–720 (2006)Google Scholar
  10. 10.
    Dvir, Z., Gutfreund, D., Rothblum, G.N., Vadhan, S.P.: On approximating the entropy of polynomial mappings. In: Innovations in Computer Science - ICS, pp. 460–475 (2011)Google Scholar
  11. 11.
    Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, STOC, pp. 416–426 (1990)Google Scholar
  12. 12.
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. J. Cryptology 9(3), 167–190 (1996)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the 19th Annual ACM Symposium on Theory of Computing, STOC, pp. 218–229 (1987)Google Scholar
  14. 14.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols - tight lower bounds on the round and communication complexities of statistically hiding commitments. SIAM J. Comput. 44(1), 193–242 (2015)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Haitner, I., Nguyen, M., Ong, S.J., Reingold, O., Vadhan, S.P.: Statistically hiding commitments and statistical zero-knowledge arguments from any one-way function. SIAM J. Comput. 39(3), 1153–1218 (2009)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Haitner, I., Reingold, O., Vadhan, S., Wee, H.: Inaccessible entropy I: inaccessible entropy generators and statistically hiding commitments from one-way functions (2018). Prelimanry version, named Inaccessible Entropy, appeared in STOC 2009
  18. 18.
    Haitner, I., Reingold, O., Vadhan, S.P., Wee, H.: Inaccessible entropy. In: Mitzenmacher, M. (ed.) Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC, pp. 611–620 (2009)Google Scholar
  19. 19.
    Haitner, I., Vadhan, S.: The many entropies in one-way functions. Tutorials on the Foundations of Cryptography. ISC, pp. 159–217. Springer, Cham (2017). Scholar
  20. 20.
    Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996). Scholar
  21. 21.
    Harnik, D., Naor, M.: On the compressibility of NP instances and cryptographic applications. SIAM J. Comput. 39(5), 1667–1713 (2010)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography (extended abstract). In: 30th IEEE Annual Symposium on Foundations of Computer Science, FOCS, pp. 230–235 (1989)Google Scholar
  24. 24.
    Komargodski, I., Naor, M., Yogev, E.: White-box vs. black-box complexity of search problems: Ramsey and graph property testing. In: 58th IEEE Annual Symposium on Foundations of Computer Science, FOCS, pp. 622–632 (2017)Google Scholar
  25. 25.
    Komargodski, I., Naor, M., Yogev, E.: Collision resistant hashing for paranoids: dealing with multiple collisions. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 162–194. Springer, Cham (2018). Scholar
  26. 26.
    Komargodski, I., Yogev, E.: On distributional collision resistant hashing. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 303–327. Springer, Cham (2018). Scholar
  27. 27.
    Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988). Scholar
  28. 28.
    Naor, M.: Bit commitment using pseudorandomness. J. Cryptology 4(2), 151–158 (1991)CrossRefGoogle Scholar
  29. 29.
    Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP can be based on general complexity assumptions. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 196–214. Springer, Heidelberg (1993). Scholar
  30. 30.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 33–43. ACM (1989)Google Scholar
  31. 31.
    Ong, S.J., Vadhan, S.P.: An equivalence between zero knowledge and commitments. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 482–500. Springer, Heidelberg (2008). Scholar
  32. 32.
    Ostrovsky, R., Wigderson, A.: One-way functions are essential for non-trivial zero-knowledge. In: Second Israel Symposium on Theory of Computing Systems, ISTCS, pp. 3–17. IEEE Computer Society (1993)Google Scholar
  33. 33.
    Pass, R., Rosen, A.: Concurrent nonmalleable commitments. SIAM J. Comput. 37(6), 1891–1925 (2008). Scholar
  34. 34.
    Simon, D.R.: Finding collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Berlin (1998). Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Nir Bitansky
    • 1
  • Iftach Haitner
    • 1
  • Ilan Komargodski
    • 2
  • Eylon Yogev
    • 3
    Email author
  1. 1.School of Computer ScienceTel Aviv UniversityTel AvivIsrael
  2. 2.Cornell TechNew YorkUSA
  3. 3.TechnionHaifaIsrael

Personalised recommendations