Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Pseudorandomness and Cryptographic Applications
Pseudorandomness and Cryptographic Applications
Lower bounds on the efficiency of encryption and digital signature schemes
Proceedings of the thirty-fifth annual ACM symposium on Theory of computing
Limits on the Efficiency of One-Way Permutation-Based Hash Functions
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Lower bounds on the efficiency of generic cryptographic constructions
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
The relationship between public key encryption and oblivious transfer
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
Bounds on the Efficiency of Generic Cryptographic Constructions
SIAM Journal on Computing
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Optimally tight security proofs for hash-then-publish time-stamping
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Hi-index | 0.00 |
We establish a framework for bounding the efficiency of cryptographic reductions in terms of their security transfer. While efficiency bounds for the reductions have been studied for about ten years, the main focus has been the efficiency of the construction mostly measured by the number of calls to the basic primitive by the constructed primitive. Our work focuses on the efficiency of the wrapper construction that builds an adversary for the basic primitive and has black-box access to an adversary for the constructed primitive. We present and prove a general upper bound theorem for the efficiency of black-box reductions. We also provide an example about upper bound for reductions between two security notions of cryptographic hash functions, which gives a negative answer to the open question about the existence of linear-preserving reductions from the so-called hash-then-publish time-stamping schemes to the collision resistance of the underlying hash function.