On the Impossibility of Basing Public-Coin One-Way Permutations on Trapdoor Permutations
نویسنده
چکیده
One of the fundamental research themes in cryptography is to clarify what the minimal assumptions to realize various kinds of cryptographic primitives are, and up to now, a number of relationships among primitives have been investigated and established. Among others, it has been suggested (and sometimes explicitly claimed) that a family of one-way trapdoor permutations (TDP) is sufficient for constructing almost all the basic primitives/protocols in both “public-key” and “private-key” cryptography. In this paper, however, we show strong evidence that this is not the case for the constructions of a one-way permutation (OWP), one of the most fundamental primitives in private cryptography. Specifically, we show that there is no black-box construction of a OWP from a TDP, even if the TDP is ideally secure, where, roughly speaking, ideal security of a TDP corresponds to security satisfied by random permutations and thus captures major security notions of TDPs such as one-wayness, claw-freeness, security under correlated inputs, etc. Our negative result might at first sound unexpected because both OWP and (ideally secure) TDP are primitives that implement a “permutation” that is “one-way”. However, our result exploits the fact that a TDP is a “secret-coin” family of permutations whose permutations become available only after some sort of key generation is performed, while a OWP is a publicly computable function which does not have such key generation process.
منابع مشابه
On the Impossibilities of Basing One-Way Permutations on Central Cryptographic Primitives
We know that trapdoor permutations can be used to construct all kinds of basic cryptographic primitives, including trapdoor functions, public-key encryption, private information retrieval, oblivious transfer, key agreement, and those known to be equivalent to one-way functions such as digital signature, private-key encryption, bit commitment, pseudo-random generator and pseudo-random functions....
متن کاملOn the Security of Padding-Based Encryption Schemes - or - Why We Cannot Prove OAEP Secure in the Standard Model
We investigate the security of “padding-based” encryption schemes in the standard model . This class contains all public-key encryption schemes where the encryption algorithm first applies some invertible public transformation to the message (the “padding”), followed by a trapdoor permutation. In particular, this class contains OAEP and its variants. Our main result is a black-box impossibility...
متن کاملOne-Way Trapdoor Permutations Are Sufficient for Non-trivial Single-Server Private Information Retrieval
We show that general one-way trapdoor permutations are sufficient to privately retrieve an entry from a database of size n with total communication complexity strictly less than n. More specifically, we present a protocol in which the user sends O(K) bits and the server sends n− cn K bits (for any constant c), where K is the security parameter of the trapdoor permutations. Thus, for sufficientl...
متن کاملOn the Impossibility of Instantiating PSS in the Standard Model
In this paper we consider the problem of securely instantiating Probabilistic Signature Scheme (PSS) in the standard model. PSS, proposed by Bellare and Rogaway [3] is a widely deployed randomized signature scheme, provably secure (unforgeable under adaptively chosen message attacks) in Random Oracle Model. Our main result is a black-box impossibility result showing that one can not prove unfor...
متن کاملOne-way Trapdoor Permutations Are Suucient for Non-trivial Single-server Private Information Retrieval
We show that general one-way trapdoor permutations are suucient to privately retrieve an entry from a database of size n with total communication complexity strictly less than n. More speciically, we present a protocol in which the user sends O(K 2) bits and the server sends n ? cn K bits (for any constant c), where K is the security parameter of the trapdoor permutations. Thus, for suuciently ...
متن کامل