How to construct random functions
Journal of the ACM (JACM)
The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
A Pseudorandom Generator from any One-way Function
SIAM Journal on Computing
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
ICALP '00 Proceedings of the 27th International Colloquium on Automata, Languages and Programming
Universally Composable Commitments
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
On the (Im)possibility of Obfuscating Programs
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
On the Existence of 3-Round Zero-Knowledge Protocols
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
On Defining Proofs of Knowledge
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Hard-core distributions for somewhat hard problems
FOCS '95 Proceedings of the 36th Annual Symposium on Foundations of Computer Science
On the Impossibility of Obfuscation with Auxiliary Input
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Extractable Perfectly One-Way Functions
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Equivocable and extractable commitment schemes
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
The cramer-shoup encryption scheme is plaintext aware in the standard model
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Salvaging Merkle-Damgård for Practical Applications
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Strong knowledge extractors for public-key encryption schemes
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Adaptive trapdoor functions and chosen-ciphertext security
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Point obfuscation and 3-round zero-knowledge
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Identity-Based (lossy) trapdoor functions and applications
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
OAKE: a new family of implicitly authenticated diffie-hellman protocols
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Extractable functions are functions where any adversary that outputs a point in the range of the function is guaranteed to "know" a corresponding preimage. Here, knowledge is captured by the existence of an efficient extractor that recovers the preimage from the internal state of the adversary . Extractability of functions was defined by the authors (ICALP'08) in the context of perfectly one-way functions. It can be regarded as an abstraction from specific knowledge assumptions, such as the Knowledge of Exponent assumption (Hada and Tanaka, Crypto 1998). We initiate a more general study of extractable functions. We explore two different approaches. The first approach is aimed at understanding the concept of extractability in of itself; in particular we demonstrate that a weak notion of extraction implies a strong one, and make rigorous the intuition that extraction and obfuscation are complementary notions. In the second approach, we study the possibility of constructing cryptographic primitives from simpler or weaker ones while maintaining extractability. Results are generally positive. Specifically, we show that several cryptographic reductions are either "knowledge-preserving" or can be modified to be so. Examples include reductions from extractable weak one-way functions to extractable strong ones, from extractable pseudorandom generators to extractable pseudorandom functions, and from extractable one-way functions to extractable commitments. Other questions, such as constructing extractable pseudorandom generators from extractable one way functions, remain open.