How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
The Use of Interaction in Public Cryptosystems (Extended Abstract)
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
On the Impossibilities of Basing One-Way Permutations on Central Cryptographic Primitives
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Dual Version of Reimer's Inequality and a Proof of Rudich's Conjecture
COCO '00 Proceedings of the 15th Annual IEEE Conference on Computational Complexity
Limits on the Efficiency of One-Way Permutation-Based Hash Functions
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Lower bounds on the efficiency of generic cryptographic constructions
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Bounds on the Efficiency of Generic Cryptographic Constructions
SIAM Journal on Computing
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
Computational Differential Privacy
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Merkle Puzzles Are Optimal -- An O(n2)-Query Attack on Any Key Exchange from a Random Oracle
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Security proofs for signature schemes
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
One-way permutations, interactive hashing and statistically hiding commitments
TCC'07 Proceedings of the 4th conference on Theory of cryptography
The Limits of Two-Party Differential Privacy
FOCS '10 Proceedings of the 2010 IEEE 51st Annual Symposium on Foundations of Computer Science
On the black-box complexity of optimally-fair coin tossing
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Limits of random oracles in secure computation
Proceedings of the 5th conference on Innovations in theoretical computer science
Hi-index | 0.00 |
In the random oracle model, parties are given oracle access to a random function (i.e., a uniformly chosen function from the set of all functions), and are assumed to have unbounded computational power (though they can only make a bounded number of oracle queries). This model provides powerful properties that allow proving the security of many protocols, even such that cannot be proved secure in the standard model (under any hardness assumptions). The random oracle model is also used for showing that a given cryptographic primitive cannot be used in a black-box way to construct another primitive; in their seminal work, ImpagliazzoRu89 [STOC '89] showed that no key-agreement protocol exists in the random oracle model, yielding that key-agreement cannot be black-box reduced to one-way functions. Their work has a long line of followup works (Simon [EC '98], Gertner et al. [STOC '00] and Gennaro et al. [SICOMP '05], to name a few), showing that given oracle access to a certain type of function family (e.g., the family that 'implements' public-key encryption) is not sufficient for building a given cryptographic primitive (e.g., oblivious transfer). Yet, the following question remained open: What is the exact power of the random oracle model? We make progress towards answering this question, showing that essentially, any no private input, semi-honest two-party functionality that can be securely implemented in the random oracle model, can be securely implemented information theoretically (where parties are assumed to be all powerful, and no oracle is given). We further generalize the above result to function families that provide some natural combinatorial property. Our result immediately yields that essentially the only no-input functionalities that can be securely realized in the random oracle model (in the sense of secure function evaluation), are the trivial ones (ones that can be securely realized information theoretically). In addition, we use the recent information theoretic impossibility result of McGregor et al. [FOCS '10], to show the existence of functionalities (e.g., inner product) that cannot be computed both accurately and in a differentially private manner in the random oracle model; yielding that protocols for computing these functionalities cannot be black-box reduced to one-way functions.