Counterexamples to Hardness Amplification beyond Negligible

  • Yevgeniy Dodis
  • Abhishek Jain
  • Tal Moran
  • Daniel Wichs
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7194)


If we have a problem that is mildly hard, can we create a problem that is significantly harder? A natural approach to hardness amplification is the “direct product”; instead of asking an attacker to solve a single instance of a problem, we ask the attacker to solve several independently generated ones. Interestingly, proving that the direct product amplifies hardness is often highly non-trivial, and in some cases may be false. For example, it is known that the direct product (i.e. “parallel repetition”) of general interactive games may not amplify hardness at all. On the other hand, positive results show that the direct product does amplify hardness for many basic primitives such as one-way functions, weakly-verifiable puzzles, and signatures.

Even when positive direct product theorems are shown to hold for some primitive, the parameters are surprisingly weaker than what we may have expected. For example, if we start with a weak one-way function that no poly-time attacker can break with probability \(> \frac{1}{2}\), then the direct product provably amplifies hardness to some negligible probability. Naturally, we would expect that we can amplify hardness exponentially, all the way to 2− n probability, or at least to some fixed/known negligible such as n − logn in the security parameter n, just by taking sufficiently many instances of the weak primitive. Although it is known that such parameters cannot be proven via black-box reductions, they may seem like reasonable conjectures, and, to the best of our knowledge, are widely believed to hold. In fact, a conjecture along these lines was introduced in a survey of Goldreich, Nisan and Wigderson (ECCC ’95). In this work, we show that such conjectures are false by providing simple but surprising counterexamples. In particular, we construct weakly secure signatures and one-way functions, for which standard hardness amplification results are known to hold, but for which hardness does not amplify beyond just negligible. That is, for any negligible function \(\ensuremath{\varepsilon} (n)\), we instantiate these primitives so that the direct product can always be broken with probability \(\ensuremath{\varepsilon} (n)\), no matter how many copies we take.


Direct Product Hash Function Signature Scheme Random Oracle Security Parameter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Alwen, J., Dodis, Y., Naor, M., Segev, G., Walfish, S., Wichs, D.: Public-Key Encryption in the Bounded-Retrieval Model. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 113–134. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Alwen, J., Dodis, Y., Wichs, D.: Leakage-Resilient Public-Key Cryptography in the Bounded-Retrieval Model. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 36–54. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Barak, B., Goldreich, O., Goldwasser, S., Lindell, Y.: Resettably-sound zero-knowledge and its applications. In: FOCS, pp. 116–125 (2001)Google Scholar
  4. 4.
    Bellare, M.: A note on negligible functions. J. Cryptology 15(4), 271–284 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Bellare, M., Impagliazzo, R., Naor, M.: Does parallel repetition lower the error in computationally sound protocols? In: FOCS, pp. 374–383 (1997)Google Scholar
  6. 6.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Resettable zero-knowledge (extended abstract). In: STOC, pp. 235–244 (2000)Google Scholar
  7. 7.
    Canetti, R., Halevi, S., Steiner, M.: Hardness Amplification of Weakly Verifiable Puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Canetti, R., Rivest, R., Sudan, M., Trevisan, L., Vadhan, S.P., Wee, H.: Amplifying Collision Resistance: A Complexity-Theoretic Treatment. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 264–283. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Chung, K.-M., Liu, F.-H., Lu, C.-J., Yang, B.-Y.: Efficient String-Commitment from Weak Bit-Commitment. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 268–282. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Deng, Y., Goyal, V., Sahai, A.: Resolving the simultaneous resettability conjecture and a new non-black-box simulation strategy. In: FOCS, pp. 251–260 (2009)Google Scholar
  11. 11.
    Dodis, Y., Impagliazzo, R., Jaiswal, R., Kabanets, V.: Security Amplification for Interactive Cryptographic Primitives. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 128–145. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Dwork, C., Naor, M., Reingold, O.: Immunizing Encryption Schemes from Decryption Errors. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 342–360. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press (2001)Google Scholar
  14. 14.
    Goldreich, O., Nisan, N., Wigderson, A.: On Yao’s XOR-Lemma. Electronic Colloquium on Computational Complexity (ECCC) 2(50) (1995)Google Scholar
  15. 15.
    Goyal, V., Maji, H.K.: Stateless cryptographic protocols. In: FOCS (2011)Google Scholar
  16. 16.
    Goyal, V., Sahai, A.: Resettably Secure Computation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 54–71. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Haitner, I.: A parallel repetition theorem for any interactive argument. In: FOCS, pp. 241–250 (2009)Google Scholar
  18. 18.
    Halevi, S., Rabin, T.: Degradation and Amplification of Computational Hardness. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 626–643. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Håstad, J., Pass, R., Wikström, D., Pietrzak, K.: An Efficient Parallel Repetition Theorem. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 1–18. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Impagliazzo, R., Jaiswal, R., Kabanets, V.: Chernoff-Type Direct Product Theorems. Journal of Cryptology (September 2008); In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 500–516. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Jain, A., Pietrzak, K.: Parallel Repetition for Leakage Resilience Amplification Revisited. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 58–69. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  22. 22.
    Jutla, C.S.: Almost Optimal Bounds for Direct Product Threshold Theorem. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 37–51. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Lewko, A., Waters, B.: On the insecurity of parallel repetition for leakage resilience. In: FOCS, pp. 521–530 (2010)Google Scholar
  24. 24.
    Luby, M., Rackoff, C.: Pseudo-random permutation generators and cryptographic composition. In: STOC, pp. 356–363 (1986)Google Scholar
  25. 25.
    Maurer, U., Tessaro, S.: Computational Indistinguishability Amplification: Tight Product Theorems for System Composition. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 355–373. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Maurer, U., Tessaro, S.: A Hardcore Lemma for Computational Indistinguishability: Security Amplification for Arbitrarily Weak PRGs with Optimal Stretch. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 237–254. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    Naor, M., Reingold, O.: On the construction of pseudo-random permutations: Luby-Rackoff revisited. J. of Cryptology 12, 29–66 (1999); Preliminary version in: Proc. STOC 1997 MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Pass, R., Venkitasubramaniam, M.: An efficient parallel repetition theorem for Arthur-Merlin games. In: STOC, pp. 420–429 (2007)Google Scholar
  29. 29.
    Pietrzak, K., Wikström, D.: Parallel Repetition of Computationally Sound Protocols Revisited. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 86–102. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Tessaro, S.: Security Amplification for the Cascade of Arbitrarily Weak PRPs: Tight Bounds via the Interactive Hardcore Lemma. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 37–54. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  31. 31.
    Unruh, D.: Random Oracles and Auxiliary Input. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 205–223. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Yao, A.C.-C.: Theory and applications of trapdoor functions (extended abstract). In: FOCS, pp. 80–91 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Yevgeniy Dodis
    • 1
  • Abhishek Jain
    • 2
  • Tal Moran
    • 3
  • Daniel Wichs
    • 4
  1. 1.New York University (NYU)USA
  2. 2.University of California (UCLA)Los AngelesUSA
  3. 3.Interdisciplinary Center (IDC)HerzliyaIsrael
  4. 4.IBM Research, T.J. WatsonUSA

Personalised recommendations