Abstract
We present strong evidence that the implication, “if one-way permutations exist, then secure secret key agreement is possible”, is not provable by standard techniques. Since both sides of this implication are widely believed true in real life, to show that the implication is false requires a new model. We consider a world where all parties have access to a black box for a randomly selected permutation. Being totally random, this permutation will be strongly one-way in a provable, information-theoretic way. We show that, if P = NP, no protocol for secret key agreement is secure in such a setting. Thus, to prove that a secret key agreement protocol which uses a one-way permutation as a black box is secure is as hard as proving P ≠ NP. We also obtain, as a corollary, that there is an oracle relative to which the implication is false, i.e., there is a one-way permutation, yet secret-exchange is impossible. Thus, no technique which relativizes can prove that secret exchange can be based on any one-way permutation. Our results present a general framework for proving statements of the form, “Cryptographic application X is not likely possible based solely on complexity assumption Y.”
Research partially supported by NSF grant CCR 88-13632.
Research partially supported by NSF grant CCR 88-13632 and an IBM doctoral fellowship.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
T. Baker, J. Gill, and R. Solovay. Relativizations of the P=NP question. SIAM J. Comp., 4 (1975) pp. 431–442.
C. H. Bennett and J. Gill. Relative to a random oracle A, P AneNP AneCo — NP A with probability 1. SIAM J. Comp. 10 (1981)
G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. Technical Report PM-RS710, Centre for Mathematics and Computer Science, Amsterdam, The Netherlands, 1987.
J. Cohen Benaloh. Verifiable Secret-Ballot Elections. PhD thesis, Yale University, Sept 1987. YALEU/DCS/TR-561.
M. Blum. Three applications of the oblivious transfer: Part i: Coin flipping by telephone; part ii: How to exchange secrets; part iii: How to send certified electronic mail. Department of EECS, University of California, Berkeley, CA, 1981.
M. Blum. Coin flipping by telephone: A protocol for solving impossible problems. In Proceedings of the 24th IEEE Computer Conference (Com-pCon), pages 133–137, 1982. reprinted in SIGACT News, vol. 15, no. 1, 1983, pp. 23–27.
M. Blum and S. Micali. How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comp. 13 (1984) pp. 850–864
G. Brassard. An optimally secure relativized cryptosystem. Advances in Cryptography, a Report on CRYPTO 81, Technical Report no. 82-04, Department of ECE, University of California, Santa Barbara, CA, 1982, pp. 54–58; reprinted in SIGACT News vol. 15, no. 1, 1983, pp. 28–33.
G. Brassard. Relativized cryptography. IEEE Transactions on Information Theory, IT-19:877–894, 1983.
A.K. Chandra, D. Kozen, and L. Stockmeyer. Alternation. JACM, 28:114–133, 1981.
W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22:644–654, 1976.
U. Feige, A. Fiat and A. Shamir. Zero-knowledge proofs of identity. STOC, 1987.
O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. In Proceedings of the 25th Annual Foundations of Computer Science. ACM, 1984.
O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for proto cols with honest majority. In Proceedings of the 19th Annual Symposium on Theory of Computing. ACM, 1987.
S. Goldwasser and S. Micali. Probabalistic Encryption. JCSS, 28:270–299, 1984.
S. Goldwasser, S. Micali, and R. Rivest. A “paradoxical” solution to the signature problem. In Proceedings of the 25th Annual Foundations of Computer Science. ACM, 1984.
R. Impagliazzo Proofs that relativize, and proofs that do not. Unpublished manuscript, 1988.
R. Impagliazzo and M. Yung. Direct minimum-knowledge computations. In Proceedings of Advances in Cryptography. CRYPTO, 1987.
Mark Jerrum, Leslie Valiant, and Vijay Vazirani. Random generation of combinatorial structures from a uniform distribution. Theoretical Computer Science, 43:169–188, 1986.
M. Luby and C. Rackoff. How to construct pseudo-random permutations from pseudo-random functions. In Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, 1986.
R. C. Merkle. Secure communications over insecure channels. CACM, 21(4):294–299, April 1978.
M. Naor and M. Yung. Universal One-Way Hash Functions and Their Applications. These precedings.
G. P. Purdy A high security log-in procedure. CACM, 17:442–445, 1974.
M. O. Rabin. How to exchange secrets by oblivious transfer. Technical Report TR-81, Harvard University, 1981.
C. Rackoff. A basic theory of public and private cryptosystems. Crypto
A.C. Yao. Theory and applications of trapdoor functions. In Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, pages 80–91. IEEE, 1982.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1990 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Impagliazzo, R., Rudich, S. (1990). Limits on the Provable Consequences of One-way Permutations. In: Goldwasser, S. (eds) Advances in Cryptology — CRYPTO’ 88. CRYPTO 1988. Lecture Notes in Computer Science, vol 403. Springer, New York, NY. https://doi.org/10.1007/0-387-34799-2_2
Download citation
DOI: https://doi.org/10.1007/0-387-34799-2_2
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-97196-4
Online ISBN: 978-0-387-34799-8
eBook Packages: Springer Book Archive