On hardness amplification of one-way functions

  • Authors:

  • Henry Lin;Luca Trevisan;Hoeteck Wee

  • Affiliations:

  • Computer Science Division, UC Berkeley;Computer Science Division, UC Berkeley;Computer Science Division, UC Berkeley

  • Venue:
  • TCC'05 Proceedings of the Second international conference on Theory of Cryptography
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

We continue the study of the efficiency of black-box reductions in cryptography. We focus on the question of constructing strong one-way functions (respectively, permutations) from weak one-way functions (respectively, permutations). To make our impossibility results stronger, we focus on the weakest type of constructions: those that start from a weak one-way permutation and define a strong one-way function. We show that for every “fully black-box” construction of a ε(n)-secure function based on a (1–δ(n))-secure permutation, if q(n) is the number of oracle queries used in the construction and ℓ(n) is the input length of the new function, then we have $q \geq {\it \Omega}(\frac {1}{\delta}\cdot {\rm log}\frac {1}{\epsilon})$ and ℓ ≥ n + ${\it \Omega}$(log 1/ε) – O(log q). This result is proved by showing that fully black-box reductions of strong to weak one-way functions imply the existence of “hitters” and then by applying known lower bounds for hitters. We also show a sort of reverse connection, and we revisit the construction of Goldreich et al. (FOCS 1990) in terms of this reverse connection. Finally, we prove that any “weakly black-box” construction with parameters q(n) and ℓ(n) better than the above lower bounds implies the unconditional existence of strong one-way functions (and, therefore, the existence of a weakly black-box construction with q(n)=0). This result, like the one for fully black-box reductions, is proved by reasoning about the function defined by such a construction when using the identity permutation as an oracle.