Skip to main content
SpringerLink
Log in
Book cover

Annual International Conference on the Theory and Applications of Cryptographic Techniques

EUROCRYPT 2022: Advances in Cryptology – EUROCRYPT 2022 pp 584–613Cite as

On Building Fine-Grained One-Way Functions from Strong Average-Case Hardness

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13276)

Abstract

Constructing one-way functions from average-case hardness is a long-standing open problem. A positive result would exclude Pessiland (Impagliazzo ’95) and establish a highly desirable win-win situation: either (symmetric) cryptography exists unconditionally, or all \(\mathsf {NP}\) problems can be solved efficiently on the average. Motivated by the lack of progress on this seemingly very hard question, we initiate the investigation of weaker yet meaningful candidate win-win results of the following type: either there are fine-grained one-way functions (FGOWF), or nontrivial speedups can be obtained for all \(\mathsf {NP} \) problems on the average. FGOWFs only require a fixed polynomial gap (as opposed to superpolynomial) between the running time of the function and the running time of an inverter. We obtain three main results:

Construction. We show that if there is an \(\mathsf {NP} \) language having a very strong form of average-case hardness, which we call block finding hardness, then FGOWF exist. We provide heuristic support for this very strong average-case hardness notion by showing that it holds for a random language. Then, we study whether weaker (and more natural) forms of average-case hardness could already suffice to obtain FGOWF, and obtain two negative results:

Separation I. We provide a strong oracle separation for the implication (\(\exists \) exponentially average-case hard language \(\implies \) \(\exists \) FGOWF).

Separation II. We provide a second strong negative result for an even weaker candidate win-win result. Namely, we rule out a black-box proof for the implication (\(\exists \) exponentially average-case hard language whose hardness amplifies optimally through parallel repetitions \(\implies \) \(\exists \) FGOWF). This separation forms the core technical contribution of our work.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Though we heard that lately, some cryptographers have been found dreaming of an even higher heaven, the mysterious land of Obfustopia.

  2. 2.

    Ralph Merkle, 1974 project proposal for CS 244 at U.C. Berkeley, http://www.merkle.com/1974/.

  3. 3.

    Of course, this heuristic is simplified: most real languages can have more than a single witness, and the choice of having \(|w| = |x|\) is a somewhat arbitrary way of tuning the hardness to make it exactly \(2^n\). Still, we believe that there is value in using a simple model to heuristically analyze the plausibility of an assumption – even though, as any heuristic model, it must fail on artificial counter examples.

  4. 4.

    More precisely, it requires \(2^{n-1}\) calls to \(\mathsf {Chk}\) on the average to find a witness of language membership if x is indeed in the language. In turn, it requires \(2^{n}\) calls to confirm that there is indeed no witness if x is not in the language.

  5. 5.

    More formally, since we consider an oracle sampled from a distribution over oracles, as for the Random Oracle Model, this captures average-case hard language distributions. I.e., the hardness of a language is averaged over the choice of the instance and the sampling of the oracle.

  6. 6.

    We thank an anonymous reviewer for pointing out this construction.

  7. 7.

    Determining an appropriate bound on much higher is crucial to avoid that deciding \(\mathcal {L}^{\mathsf {O}}\) becomes too easy. We return to this issue shortly.

References

  1. Akavia, A., Goldreich, O., Goldwasser, S., Moshkovitz, D.: On basing one-way functions on NP-hardness. In: 38th ACM STOC, pp. 701–710. ACM Press, May 2006

    Google Scholar 

  2. Bogdanov, A., Brzuska, C.: On basing size-verifiable one-way functions on NP-hardness. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part I. LNCS, vol. 9014, pp. 1–6. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46494-6_1

    CrossRef  Google Scholar 

  3. Baecher, P., Brzuska, C., Fischlin, M.: Notions of black-box reductions, revisited. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 296–315. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42033-7_16

    CrossRef  Google Scholar 

  4. Brzuska, C., Couteau, G.: Towards fine-grained one-way functions from strong average-case hardness. Cryptology ePrint Archive, Report 2020/1326 (2020). https://eprint.iacr.org/2020/1326

  5. Biham, E., Goren, Y.J., Ishai, Y.: Basing weak public-key cryptography on strong one-way functions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 55–72. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_4

    CrossRef  MATH  Google Scholar 

  6. Brassard, G., Høyer, P., Kalach, K., Kaplan, M., Laplante, S., Salvail, L.: Merkle puzzles in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 391–410. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_22

    CrossRef  MATH  Google Scholar 

  7. Barak, B., Mahmoody-Ghidary, M.: Merkle puzzles are optimal—an \(O(n^2)\)-query attack on any key exchange from a random oracle. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 374–390. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_22

    CrossRef  Google Scholar 

  8. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM CCS 1993, pp. 62–73. ACM Press, November 1993

    Google Scholar 

  9. Ball, M., Rosen, A., Sabin, M., Vasudevan, P.N.: Average-case fine-grained hardness. In: 49th ACM STOC, pp. 483–496. ACM Press, June 2017

    Google Scholar 

  10. Ball, M., Rosen, A., Sabin, M., Vasudevan, P.N.: Proofs of work from worst-case assumptions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 789–819. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_26

    CrossRef  Google Scholar 

  11. Brassard, G., Salvail, L.: Quantum Merkle puzzles. In: Second International Conference on Quantum, Nano and Micro Technologies (ICQNM 2008), pp. 76–79. IEEE (2008)

    Google Scholar 

  12. Bogdanov, A., Trevisan, L.: On worst-case to average-case reductions for NP problems. In: 44th FOCS, pp. 308–317. IEEE Computer Society Press, October 2003

    Google Scholar 

  13. Coretti, S., Dodis, Y., Guo, S., Steinberger, J.P.: Random oracles and non-uniformity. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part I. LNCS, vol. 10820, pp. 227–258. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_9

    CrossRef  Google Scholar 

  14. Dodis, Y., Guo, S., Katz, J.: Fixing cracks in the concrete: random oracles with auxiliary input, revisited. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 473–495. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_16

    CrossRef  Google Scholar 

  15. Degwekar, A., Vaikuntanathan, V., Vasudevan, P.N.: Fine-grained cryptography. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part III. LNCS, vol. 9816, pp. 533–562. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_19

    CrossRef  Google Scholar 

  16. Feigenbaum, J., Fortnow, L.: Random-self-reducibility of complete sets. SIAM J. Comput. 22(5), 994–1005 (1993)

    CrossRef  MathSciNet  Google Scholar 

  17. Gennaro, R., Trevisan, L.: Lower bounds on the efficiency of generic cryptographic constructions. In: 41st FOCS, pp. 305–313. IEEE Computer Society Press, November 2000

    Google Scholar 

  18. Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 26(4), 401–406 (1980)

    CrossRef  MathSciNet  Google Scholar 

  19. Holmgren, J., Lombardi, A.: Cryptographic hashing from strong one-way functions (or: one-way product functions and their applications). In: 59th FOCS, pp. 850–858. IEEE Computer Society Press, October 2018

    Google Scholar 

  20. Hsiao, C.-Y., Reyzin, L.: Finding collisions on a public road, or do secure hash functions need secret coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 92–105. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_6

    CrossRef  Google Scholar 

  21. Impagliazzo, R.: A personal view of average-case complexity. In: Proceedings of Structure in Complexity Theory. Tenth Annual IEEE Conference, pp. 134–147. IEEE (1995)

    Google Scholar 

  22. Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: 21st ACM STOC, pp. 44–61. ACM Press, May 1989

    Google Scholar 

  23. Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 8–26. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_2

    CrossRef  Google Scholar 

  24. Levin, L.A.: Average case complete problems. SIAM J. Comput. 15(1), 285–286 (1986)

    CrossRef  MathSciNet  Google Scholar 

  25. Levin, L.A.: One way functions and pseudorandom generators. Combinatorica 7(4), 357–363 (1987)

    CrossRef  MathSciNet  Google Scholar 

  26. LaVigne, R., Lincoln, A., Williams, V.V.: Public-key cryptography in the fine-grained setting. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part III. LNCS, vol. 11694, pp. 605–635. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_20

    CrossRef  MATH  Google Scholar 

  27. Merkle, R.C.: Secure communications over insecure channels. Commun. ACM 21(4), 294–299 (1978)

    CrossRef  Google Scholar 

  28. Pass, R., Liu, Y.: On one-way functions and Kolmogorov complexity. In: FOCS 2020 (2020)

    Google Scholar 

  29. Pass, R., Venkitasubramaniam, M.: Is it easier to prove statements that are guaranteed to be true? In: FOCS 2020 (2020)

    Google Scholar 

  30. Reingold, O., Trevisan, L., Vadhan, S.P.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24638-1_1

  31. Simon, D.R.: Finding collisions on a one-way street: can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054137

    CrossRef  Google Scholar 

  32. Sudan, M., Trevisan, L., Vadhan, S.: Pseudorandom generators without the XOR lemma. J. Comput. Syst. Sci. 62(2), 236–266 (2001)

    CrossRef  MathSciNet  Google Scholar 

  33. Sudan, M.: Decoding of Reed Solomon codes beyond the error-correction bound. J. Complex. 13(1), 180–193 (1997)

    CrossRef  MathSciNet  Google Scholar 

  34. Unruh, D.: Random oracles and auxiliary input. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 205–223. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_12

    CrossRef  Google Scholar 

  35. Valiant, L.G., Vazirani, V.V.: NP is as easy as detecting unique solutions. In: 17th ACM STOC, pp. 458–463. ACM Press, May 1985

    Google Scholar 

  36. Welch, L.R., Berlekamp, E.R.: Error correction for algebraic block codes (1986). US Patent 4,633,470

    Google Scholar 

  37. Wee, H.: Finding Pessiland. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 429–442. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_22

    CrossRef  Google Scholar 

  38. Yao, A.C.-C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd FOCS, pp. 80–91. IEEE Computer Society Press, November 1982

    Google Scholar 

Download references

Acknowledgements

We thank Félix Richart for help with the experimental verification of some probability claims, and the anonymous Eurocrypt reviewers for their careful proofreading of the paper. C. Brzuska supported by the academy of Finland. G. Couteau supported by the ANR SCENE.

Author information

Authors and Affiliations

  1. Aalto University, Espoo, Finland

    Chris Brzuska

  2. CNRS, IRIF, Université de Paris, Paris, France

    Geoffroy Couteau

Authors
  1. Chris Brzuska
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Geoffroy Couteau
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Chris Brzuska or Geoffroy Couteau .

Editor information

Editors and Affiliations

  1. University of Haifa, Haifa, Haifa, Israel

    Orr Dunkelman

  2. University of Warsaw, Warsaw, Poland

    Stefan Dziembowski

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brzuska, C., Couteau, G. (2022). On Building Fine-Grained One-Way Functions from Strong Average-Case Hardness. In: Dunkelman, O., Dziembowski, S. (eds) Advances in Cryptology – EUROCRYPT 2022. EUROCRYPT 2022. Lecture Notes in Computer Science, vol 13276. Springer, Cham. https://doi.org/10.1007/978-3-031-07085-3_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-07085-3_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-07084-6

  • Online ISBN: 978-3-031-07085-3

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation