Limits of provable security from standard assumptions

Rafael Pass

doi:10.1145/1993636.1993652

Limits of provable security from standard assumptions

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We show that the security of some well-known cryptographic protocols, primitives and assumptions (e.g., the Schnorr identification scheme, commitments secure under adaptive selective-decommitment, the 'one-more' discrete logarithm assumption) cannot be based on any standard assumption using a Turing (i.e., black-box) reduction. These results follow from a general result showing that Turing reductions cannot be used to prove security of constant-round sequentially witness-hiding special-sound protocols for unique witness relations, based on standard assumptions; we emphasize that this result holds even if the protocol makes non-black-box use of the underlying assumption.

Original language	English
Title of host publication	STOC'11 - Proceedings of the 43rd ACM Symposium on Theory of Computing
Publisher	Association for Computing Machinery
Pages	109-118
Number of pages	10
ISBN (Print)	9781450306911
DOIs	https://doi.org/10.1145/1993636.1993652
State	Published - 2011
Externally published	Yes
Event	43rd ACM Symposium on Theory of Computing, STOC 2011 - San Jose, United States Duration: 6 Jun 2011 → 8 Jun 2011

Publication series

Name	Proceedings of the Annual ACM Symposium on Theory of Computing

Conference

Conference	43rd ACM Symposium on Theory of Computing, STOC 2011
Country/Territory	United States
City	San Jose
Period	6/06/11 → 8/06/11

Keywords

black-box separations
cryptography
intractability assumptions

All Science Journal Classification (ASJC) codes

Software

Access to Document

10.1145/1993636.1993652

Cite this

@inproceedings{ef96798328b346e8826087855f0c1ff3,

title = "Limits of provable security from standard assumptions",

abstract = "We show that the security of some well-known cryptographic protocols, primitives and assumptions (e.g., the Schnorr identification scheme, commitments secure under adaptive selective-decommitment, the 'one-more' discrete logarithm assumption) cannot be based on any standard assumption using a Turing (i.e., black-box) reduction. These results follow from a general result showing that Turing reductions cannot be used to prove security of constant-round sequentially witness-hiding special-sound protocols for unique witness relations, based on standard assumptions; we emphasize that this result holds even if the protocol makes non-black-box use of the underlying assumption.",

keywords = "black-box separations, cryptography, intractability assumptions",

author = "Rafael Pass",

year = "2011",

doi = "10.1145/1993636.1993652",

language = "الإنجليزيّة",

isbn = "9781450306911",

series = "Proceedings of the Annual ACM Symposium on Theory of Computing",

publisher = "Association for Computing Machinery",

pages = "109--118",

booktitle = "STOC'11 - Proceedings of the 43rd ACM Symposium on Theory of Computing",

address = "الولايات المتّحدة",

note = "43rd ACM Symposium on Theory of Computing, STOC 2011 ; Conference date: 06-06-2011 Through 08-06-2011",

}

Pass, R 2011, Limits of provable security from standard assumptions. in STOC'11 - Proceedings of the 43rd ACM Symposium on Theory of Computing. Proceedings of the Annual ACM Symposium on Theory of Computing, Association for Computing Machinery, pp. 109-118, 43rd ACM Symposium on Theory of Computing, STOC 2011, San Jose, United States, 6/06/11. https://doi.org/10.1145/1993636.1993652

TY - GEN

T1 - Limits of provable security from standard assumptions

AU - Pass, Rafael

PY - 2011

Y1 - 2011

N2 - We show that the security of some well-known cryptographic protocols, primitives and assumptions (e.g., the Schnorr identification scheme, commitments secure under adaptive selective-decommitment, the 'one-more' discrete logarithm assumption) cannot be based on any standard assumption using a Turing (i.e., black-box) reduction. These results follow from a general result showing that Turing reductions cannot be used to prove security of constant-round sequentially witness-hiding special-sound protocols for unique witness relations, based on standard assumptions; we emphasize that this result holds even if the protocol makes non-black-box use of the underlying assumption.

AB - We show that the security of some well-known cryptographic protocols, primitives and assumptions (e.g., the Schnorr identification scheme, commitments secure under adaptive selective-decommitment, the 'one-more' discrete logarithm assumption) cannot be based on any standard assumption using a Turing (i.e., black-box) reduction. These results follow from a general result showing that Turing reductions cannot be used to prove security of constant-round sequentially witness-hiding special-sound protocols for unique witness relations, based on standard assumptions; we emphasize that this result holds even if the protocol makes non-black-box use of the underlying assumption.

KW - black-box separations

KW - cryptography

KW - intractability assumptions

UR - http://www.scopus.com/inward/record.url?scp=79959706334&partnerID=8YFLogxK

U2 - 10.1145/1993636.1993652

DO - 10.1145/1993636.1993652

M3 - منشور من مؤتمر

SN - 9781450306911

T3 - Proceedings of the Annual ACM Symposium on Theory of Computing

SP - 109

EP - 118

BT - STOC'11 - Proceedings of the 43rd ACM Symposium on Theory of Computing

PB - Association for Computing Machinery

T2 - 43rd ACM Symposium on Theory of Computing, STOC 2011

Y2 - 6 June 2011 through 8 June 2011

ER -

Limits of provable security from standard assumptions

Abstract

Publication series

Conference

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this