How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
An efficient probabilistic public key encryption scheme which hides all partial information
Proceedings of CRYPTO 84 on Advances in cryptology
A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Universal one-way hash functions and their cryptographic applications
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
One-way functions are necessary and sufficient for secure signatures
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
The Use of Interaction in Public Cryptosystems (Extended Abstract)
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Collision-Resistant Hashing: Towards Making UOWHFs Practical
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Dual Version of Reimer's Inequality and a Proof of Rudich's Conjecture
COCO '00 Proceedings of the 15th Annual IEEE Conference on Computational Complexity
Limits on the Efficiency of One-Way Permutation-Based Hash Functions
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Lower bounds on the efficiency of generic cryptographic constructions
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
The relationship between public key encryption and oblivious transfer
FOCS '00 Proceedings of the 41st Annual Symposium on Foundations of Computer Science
On the Impossibility of Basing Trapdoor Functions on Trapdoor Predicates
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
One-way functions are essential for complexity based cryptography
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
A composition theorem for universal one-way hash functions
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficiency Bounds for Adversary Constructions in Black-Box Reductions
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Oracle Separation in the Non-uniform Model
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Towards a separation of semantic and CCA security for public key encryption
TCC'07 Proceedings of the 4th conference on Theory of cryptography
A linear lower bound on the communication complexity of single-server private information retrieval
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Optimal structure-preserving signatures in asymmetric bilinear groups
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
On hardness amplification of one-way functions
TCC'05 Proceedings of the Second international conference on Theory of Cryptography
On the generic insecurity of the full domain hash
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On the power of nonuniformity in proofs of security
Proceedings of the 4th conference on Innovations in Theoretical Computer Science
| Hi-index | 0.00 |
A central focus of modern cryptography is to investigate the weakest possible assumptions under which various cryptographic algorithms exist. Typically, a proof that a "weak" primitive (e.g., a one-way function) implies the existence of a "strong" algorithm (e.g., a private-key encryption scheme) proceeds by giving an explicit construction of the latter from the former. In addition to showing the existence of such a construction, an equally important research direction is to explore the efficiency of such constructions.Among the most fundamental cryptographic algorithms are digital signature schemes and schemes for public- or private-key encryption. Here, we show the first lower bounds on the efficiency of any encryption or signature construction based on black-box access to one-way or trapdoor one-way permutations. If S is the assumed security of the permutation π (i.e., no adversary of size S can invert π on a fraction larger than 1/S of its inputs), our results show that:Any public-key encryption scheme for m-bit messages must query π at least Ω(m log S) times.Any private-key encryption scheme for m-bit messages (with k-bit keys) must query π at least Ω(m-k/log S) times.Any signature verification algorithm for m-bit messages must query π at least Ω(m log S) times.Our bounds match known upper bounds for the case of encryption.We prove our results in an extension of the Impagliazzo-Rudich model. That is, we show that any black-box construction beating our lower bounds would imply the unconditional existence of a one-way function.