TY - GEN
T1 - Hardness vs. (Very Little) structure in cryptography
T2 - 1st Conference on Information-Theoretic Cryptography, ITC 2020
AU - Segev, Gil
AU - Shahaf, Ido
N1 - Publisher Copyright: © Gil Segev and Ido Shahaf; licensed under Creative Commons License CC-BY
PY - 2020/6/1
Y1 - 2020/6/1
N2 - The hardness of highly-structured computational problems gives rise to a variety of public-key primitives. On one hand, the structure exhibited by such problems underlies the basic functionality of public-key primitives, but on the other hand it may endanger public-key cryptography in its entirety via potential algorithmic advances. This subtle interplay initiated a fundamental line of research on whether structure is inherently necessary for cryptography, starting with Rudich’s early work (PhD Thesis’88) and recently leading to that of Bitansky, Degwekar and Vaikuntanathan (CRYPTO’17). Identifying the structure of computational problems with their corresponding complexity classes, Bitansky et al. proved that a variety of public-key primitives (e.g., public-key encryption, oblivious transfer and even functional encryption) cannot be used in a black-box manner to construct either any hard language that has NP-verifiers both for the language itself and for its complement, or any hard language (and even promise problem) that has a statistical zero-knowledge proof system – corresponding to hardness in the structured classes NP ncoNP or SZK, respectively, from a black-box perspective. In this work we prove that the same variety of public-key primitives do not inherently require even very little structure in a black-box manner: We prove that they do not imply any hard language that has multi-prover interactive proof systems both for the language and for its complement – corresponding to hardness in the class MIP n coMIP from a black-box perspective. Conceptually, given that MIP = NEXP, our result rules out languages with very little structure. Already the cases of languages that have IP or AM proof systems both for the language itself and for its complement, which we rule out as immediate corollaries, lead to intriguing insights. For the case of IP, where our result can be circumvented using non-black-box techniques, we reveal a gap between black-box and non-black-box techniques. For the case of AM, where circumventing our result via non-black-box techniques would be a major development, we both strengthen and unify the proofs of Bitansky et al. for languages that have NP-verifiers both for the language itself and for its complement and for languages that have a statistical zero-knowledge proof system.
AB - The hardness of highly-structured computational problems gives rise to a variety of public-key primitives. On one hand, the structure exhibited by such problems underlies the basic functionality of public-key primitives, but on the other hand it may endanger public-key cryptography in its entirety via potential algorithmic advances. This subtle interplay initiated a fundamental line of research on whether structure is inherently necessary for cryptography, starting with Rudich’s early work (PhD Thesis’88) and recently leading to that of Bitansky, Degwekar and Vaikuntanathan (CRYPTO’17). Identifying the structure of computational problems with their corresponding complexity classes, Bitansky et al. proved that a variety of public-key primitives (e.g., public-key encryption, oblivious transfer and even functional encryption) cannot be used in a black-box manner to construct either any hard language that has NP-verifiers both for the language itself and for its complement, or any hard language (and even promise problem) that has a statistical zero-knowledge proof system – corresponding to hardness in the structured classes NP ncoNP or SZK, respectively, from a black-box perspective. In this work we prove that the same variety of public-key primitives do not inherently require even very little structure in a black-box manner: We prove that they do not imply any hard language that has multi-prover interactive proof systems both for the language and for its complement – corresponding to hardness in the class MIP n coMIP from a black-box perspective. Conceptually, given that MIP = NEXP, our result rules out languages with very little structure. Already the cases of languages that have IP or AM proof systems both for the language itself and for its complement, which we rule out as immediate corollaries, lead to intriguing insights. For the case of IP, where our result can be circumvented using non-black-box techniques, we reveal a gap between black-box and non-black-box techniques. For the case of AM, where circumventing our result via non-black-box techniques would be a major development, we both strengthen and unify the proofs of Bitansky et al. for languages that have NP-verifiers both for the language itself and for its complement and for languages that have a statistical zero-knowledge proof system.
KW - Black-box Constructions
KW - Hardness vs. Structure
KW - Interactive Proofs
UR - http://www.scopus.com/inward/record.url?scp=85092793864&partnerID=8YFLogxK
U2 - 10.4230/LIPIcs.ITC.2020.10
DO - 10.4230/LIPIcs.ITC.2020.10
M3 - منشور من مؤتمر
T3 - Leibniz International Proceedings in Informatics, LIPIcs
BT - 1st Conference on Information-Theoretic Cryptography, ITC 2020
A2 - Kalai, Yael Tauman
A2 - Smith, Adam D.
A2 - Wichs, Daniel
PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
Y2 - 17 June 2020 through 19 June 2020
ER -