Skip to main content

On the Impossibility of Basing Public-Coin One-Way Permutations on Trapdoor Permutations

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8349)

Abstract

One of the fundamental research themes in cryptography is to clarify what the minimal assumptions to realize various kinds of cryptographic primitives are, and up to now, a number of relationships among primitives have been investigated and established. Among others, it has been suggested (and sometimes explicitly claimed) that a family of one-way trapdoor permutations (TDP) is sufficient for constructing almost all the basic primitives/protocols in both ‘‘public-key” and ‘‘private-key” cryptography. In this paper, however, we show strong evidence that this is not the case for the constructions of a one-way permutation (OWP), one of the most fundamental primitives in private cryptography. Specifically, we show that there is no black-box construction of a OWP from a TDP, even if the TDP is ideally secure, where, roughly speaking, ideal security of a TDP corresponds to security satisfied by random permutations and thus captures major security notions of TDPs such as one-wayness, claw-freeness, security under correlated inputs, etc. Our negative result might at first sound unexpected because both OWP and (ideally secure) TDP are primitives that implement a ‘‘permutation” that is ‘‘one-way”. However, our result exploits the fact that a TDP is a ‘‘secret-coin” family of permutations whose permutations become available only after some sort of key generation is performed, while a OWP is a publicly computable function which does not have such key generation process.

Keywords

  • black-box separation
  • trapdoor permutation
  • one-way permutation
  • family of one-way permutations

References

  1. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  2. Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  3. Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)

    CrossRef  Google Scholar 

  4. Bellare, M., Rogaway, P.: The exact security of digital signatures – how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)

    CrossRef  Google Scholar 

  5. Bellare, M., Yung, M.: Certifying permutations: Noninteractive zero-knowledge based on any trapdoor permutation. J. of Cryptology 9(3), 149–166 (1996)

    CrossRef  MATH  MathSciNet  Google Scholar 

  6. Bhattacharyya, R., Mandal, A.: On the impossibility of instantiating PSS in the standard model. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 351–368. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  7. Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Computing 13(4), 850–864 (1984)

    CrossRef  MATH  MathSciNet  Google Scholar 

  8. Boneh, D., Papakonstantinou, P.A., Rackoff, C., Vahlis, Y., Waters, B.: On the impossibility of basing identity based encryption on trapdoor permutations. In: FOCS 2008, pp. 283–292 (2008)

    Google Scholar 

  9. Chang, Y.-C., Hsiao, C.-Y., Lu, C.-J.: The impossibility of basing one-way permutations on central cryptographic primitives. J. of Cryptology 19(1), 97–114 (2006)

    CrossRef  MATH  MathSciNet  Google Scholar 

  10. Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1–20. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  11. Dodis, Y., Oliveira, R., Pietrzak, K.: On the generic insecurity of the full domain hash. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 449–466. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  12. Fiore, D., Schröder, D.: Uniqueness is a different story: Impossibility of verifiable random functions from trapdoor permutations. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 636–653. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  13. Fischlin, M., Schröder, D.: On the impossibility of three-move blind signature schemes. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 197–215. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  14. Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: STOC 2011, pp. 99–108 (2011)

    Google Scholar 

  15. Gertner, Y., Malkin, T., Reingold, O.: On the impossibility of basing trapdoor functions on trapdoor predicates. In: FOCS 2001, pp. 126–135 (2001)

    Google Scholar 

  16. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)

    CrossRef  MathSciNet  Google Scholar 

  17. Goldreich, O., Levin, L.A., Nisan, N.: On constructing 1-1 one-way functions. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. LNCS, vol. 6650, pp. 13–25. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  18. Goldreich, O., Rothblum, R.D.: Enhancements of trapdoor permutations. J. of Cryptology 26(3), 484–512 (2013)

    CrossRef  MATH  MathSciNet  Google Scholar 

  19. Goldwasser, S., Micali, S., Rivest, R.: A digital signature schemes secure against adaptive chosen-message attacks. SIAM J. Computing 17(2), 281–308 (1988)

    CrossRef  MATH  MathSciNet  Google Scholar 

  20. Haitner, I.: Implementing oblivious transfer using collection of dense trapdoor permutations. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 394–409. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  21. Haitner, I., Holenstein, T.: On the (Im)Possibility of key dependent encryption. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 202–219. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  22. Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: Construction of a pseudorandom generator from any one-way function. SIAM J. Computing 28(4), 1364–1396 (1999)

    CrossRef  MATH  Google Scholar 

  23. Holenstein, T., Künzler, R., Tessaro, S.: The equivalence of the random oracle model and the ideal cipher model, revisited. In: STOC 2011, pp. 89–98 (2011)

    Google Scholar 

  24. Hsiao, C.-Y., Reyzin, L.: Finding collisions on a public road, or do secure hash functions need secret coins? In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 92–105. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  25. Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: STOC 1989, pp. 44–61 (1989)

    Google Scholar 

  26. Kahn, J., Saks, M., Smyth, C.: A dual version of Reimer’s inequality and a proof of Rudich’s conjecture. In: CoCo 2000, pp. 98–103 (2000)

    Google Scholar 

  27. Katz, J., Yerukhimovich, A.: On black-box constructions of predicate encryption from trapdoor permutations. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 197–213. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  28. Kiltz, E., Mohassel, P., O’Neill, A.: Adaptive trapdoor functions and chosen-ciphertext security. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 673–692. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  29. Kiltz, E., Pietrzak, K.: On the security of padding-based encryption schemes - or - why we cannot prove OAEP secure in the standard model. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 389–406. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  30. Lindell, Y., Zarosim, H.: Adaptive zero-knowledge proofs and adaptively secure oblivious transfer. In: Full version of [13] (2009), http://u.cs.biu.ac.il/~zarosih/papers/adaptive-fullversion.pdf

  31. Lindell, Y., Zarosim, H.: Adaptive zero-knowledge proofs and adaptively secure oblivious transfer. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 183–201. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  32. Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Computing 17(2), 373–386 (1988)

    CrossRef  MATH  MathSciNet  Google Scholar 

  33. Matsuda, T., Matsuura, K.: On black-box separations among injective one-way functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 597–614. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  34. Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  35. Naor, M.: Bit commitment using pseudorandomness. J. of Cryptology 4(2), 151–158 (1991)

    MATH  Google Scholar 

  36. Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  37. Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic applications. In: STOC 1989, pp. 33–43 (1989)

    Google Scholar 

  38. Pandey, O., Pass, R., Vaikuntanathan, V.: Adaptive one-way functions and applications. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 57–74. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  39. Pass, R.: Limits of provable security from standard assumptions. In: STOC 2011, pp. 109–118 (2011)

    Google Scholar 

  40. Rabin, M.O.: Digitalized signatures as intractable as factorization. Technical Report MIT/LCS/TR-212, MIT Laboratory for Computer Science (January 1979)

    Google Scholar 

  41. Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 1–20. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  42. Rosen, A., Segev, G.: Chosen-ciphertext security via correlated products. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 419–436. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  43. Rudich, S.: Limits on the provable consequences of one-way functions, PhD thesis, University of California at Berkeley (1988)

    Google Scholar 

  44. Vahlis, Y.: Two is a crowd? A black-box separation of one-wayness and security under correlated inputs. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 165–182. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  45. Wee, H.: On obfuscating point functions. In: STOC 2005, pp. 523–532 (2005)

    Google Scholar 

  46. Wichs, D.: Barriers in cryptography with weak, correlated and leaky sources. In: Proc of ITCS 2013, pp. 111–126 (2013)

    Google Scholar 

  47. Yao, A.C.-C.: Theory and application of trapdoor functions. In: FOCS 1982, pp. 80–91 (1982)

    Google Scholar 

  48. Yerukhimovich, A.: A study of separation in cryptography: New results and new models, PhD thesis, the University of Maryland (2011), http://www.cs.umd.edu/~arkady/thesis/thesis.pdf

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 International Association for Cryptologic Research

About this paper

Cite this paper

Matsuda, T. (2014). On the Impossibility of Basing Public-Coin One-Way Permutations on Trapdoor Permutations. In: Lindell, Y. (eds) Theory of Cryptography. TCC 2014. Lecture Notes in Computer Science, vol 8349. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54242-8_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-54242-8_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-54241-1

  • Online ISBN: 978-3-642-54242-8

  • eBook Packages: Computer ScienceComputer Science (R0)