Pseudo-random generation from one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
The ismorphism conjecture fails relative to a random oracle
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
A Basic Theory of Public and Private Cryptosystems
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
One-way functions are essential for complexity based cryptography
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
On the Impossibilities of Basing One-Way Permutations on Central Cryptographic Primitives
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Lower bounds on the efficiency of encryption and digital signature schemes
Proceedings of the thirty-fifth annual ACM symposium on Theory of computing
Limits on the Efficiency of One-Way Permutation-Based Hash Functions
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Key agreement from weak bit agreement
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Bounds on the efficiency of black-box commitment schemes
Theoretical Computer Science
Relationships among the computational powers of breaking discrete log cryptosystems
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
One-way permutations, interactive hashing and statistically hiding commitments
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Towards a separation of semantic and CCA security for public key encryption
TCC'07 Proceedings of the 4th conference on Theory of cryptography
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Computational complexity since 1980
FSTTCS '05 Proceedings of the 25th international conference on Foundations of Software Technology and Theoretical Computer Science
On hardness amplification of one-way functions
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
The relationship between password-authenticated key exchange and other cryptographic primitives
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Composition implies adaptive security in minicrypt
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Black-box reductions and separations in cryptography
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Limits on the usefulness of random oracles
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
| Hi-index | 0.00 |
For every k, we construct an oracle relative to which secret agreement can be done in k passes, but not in k-1. In particular, for k=3, we get an oracle relative to which secret agreement is possible, but relative to which trapdoor functions do not exist. Thus, unlike the case of private cryptosystems, there is no black box reduction from a k-pass system to a k-1 pass system. Our construction is natural- suggesting that real-world protocols could trade higher interaction costs for an assumption strictly weaker than the existence of trapdoor functions. Finding a complexity theoretic assumption necessary and sufficient for public cryptosystems to exist is one of the important open questions of cryptography. Our results make clear the possibility that this question is impossible to answer because it contains a false hidden assumption: the existence of a 2-pass public cryptosystem follows from the existence of a k-pass system. The question should really be a family of questions: given k find an assumption equivalent to the existence of a k-pass public cryptosystem.