One-way functions and Pseudorandom generators
Combinatorica - Theory of Computing
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Conditionally-perfect secrecy and a provably-secure randomized cipher
Journal of Cryptology - Eurocrypt '90
A fast quantum mechanical algorithm for database search
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
SIAM Journal on Computing
Rigorous Time/Space Trade-offs for Inverting Functions
SIAM Journal on Computing
Secure communications over insecure channels
Communications of the ACM
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
Unconditional Security Against Memory-Bounded Adversaries
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
The relationship between public key encryption and oblivious transfer
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
On obfuscating point functions
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Key agreement from weak bit agreement
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
On the randomness complexity of efficient sampling
Proceedings of the thirty-eighth annual ACM symposium on Theory of computing
One-way functions are essential for complexity based cryptography
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Efficient pseudorandom generators from exponentially hard one-way functions
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Pseudorandom generators from one-way functions: a simple construction for any hardness
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Security Notions and Generic Constructions for Client Puzzles
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Public-key cryptography from different assumptions
Proceedings of the forty-second ACM symposium on Theory of computing
Time-lock puzzles in the random oracle model
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Weak oblivious transfer from strong one-way functions
ProvSec'11 Proceedings of the 5th international conference on Provable security
Hi-index | 0.00 |
In one of the pioneering papers on public-key cryptography, Ralph Merkle suggested a heuristic protocol for exchanging a secret key over an insecure channel by using an idealized private-key encryption scheme. Merkle's protocol is presumed to remain secure as long as the gap between the running time of the adversary and that of the honest parties is at most quadratic (rather than super-polynomial). In this work, we initiate an effort to base similar forms of public-key cryptography on well-founded assumptions. We suggest a variant of Merkle's protocol whose security can be based on the one-wayness of the underlying primitive. Specifically, using a one-way function of exponential strength, we obtain a key agreement protocol resisting adversaries whose running time is nearly quadratic in the running time of the honest parties. This protocol gives the adversary a small (but non-negligible) advantage in guessing the key. We show that the security of the protocol can be amplified by using a one-way function with a strong form of a hard-core predicate, whose existence follows from a conjectured "dream version" of Yao's XOR lemma. On the other hand, we show that this type of hard-core predicate cannot be based on (even exponentially strong) one-wayness by using a black-box construction. In establishing the above results, we reveal interesting connections between the problem under consideration and problems from other domains. In particular, we suggest a paradigm for converting (unconditionally) secure protocols in Maurer's bounded storage model into (computationally) secure protocols in the random oracle model, translating storage advantage into computational advantage. Our main protocol can be viewed as an instance of this paradigm. Finally, we observe that a quantum adversary can completely break the security of our protocol (as well as Merkle's heuristic protocol) by using the quadratic speedup of Grover's quantum search algorithm. This raises a speculation that there might be a closer relation between (classical) public-key cryptography and quantum computing than is commonly believed.