TY - GEN
T1 - Unprovability of leakage-resilient cryptography beyond the information-theoretic limit
AU - Pass, Rafael
N1 - Publisher Copyright: © Springer Nature Switzerland AG 2020.
PY - 2020
Y1 - 2020
N2 - In recent years, leakage-resilient cryptography—the design of cryptographic protocols resilient to bounded leakage of honest players’ secrets—has received significant attention. A major limitation of known provably-secure constructions (based on polynomial hardness assumptions) is that they require the secrets to have sufficient actual (i.e., information-theoretic), as opposed to comptutational, min-entropy even after the leakage. In this work, we present barriers to provably-secure constructions beyond the “information-theoretic barrier”: Assume the existence of collision-resistant hash functions. Then, no $$\mathcal{NP}$$ search problem with $$(2^{n^{\epsilon }})$$-bounded number of witnesses can be proven (even worst-case) hard in the presence of $$O(n^{\epsilon })$$ bits of computationally-efficient leakage of the witness, using a black-box reduction to any O(1)-round assumption. In particular, this implies that $$O(n^{\epsilon })$$-leakage resilient injective one-way functions, and more generally, one-way functions with at most $$2^{n^{\epsilon }}$$ pre-images, cannot be based on any “standard” complexity assumption using a black-box reduction.
AB - In recent years, leakage-resilient cryptography—the design of cryptographic protocols resilient to bounded leakage of honest players’ secrets—has received significant attention. A major limitation of known provably-secure constructions (based on polynomial hardness assumptions) is that they require the secrets to have sufficient actual (i.e., information-theoretic), as opposed to comptutational, min-entropy even after the leakage. In this work, we present barriers to provably-secure constructions beyond the “information-theoretic barrier”: Assume the existence of collision-resistant hash functions. Then, no $$\mathcal{NP}$$ search problem with $$(2^{n^{\epsilon }})$$-bounded number of witnesses can be proven (even worst-case) hard in the presence of $$O(n^{\epsilon })$$ bits of computationally-efficient leakage of the witness, using a black-box reduction to any O(1)-round assumption. In particular, this implies that $$O(n^{\epsilon })$$-leakage resilient injective one-way functions, and more generally, one-way functions with at most $$2^{n^{\epsilon }}$$ pre-images, cannot be based on any “standard” complexity assumption using a black-box reduction.
UR - http://www.scopus.com/inward/record.url?scp=85091143415&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-57990-6_31
DO - 10.1007/978-3-030-57990-6_31
M3 - منشور من مؤتمر
SN - 9783030579890
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 621
EP - 642
BT - Security and Cryptography for Networks - 12th International Conference, SCN 2020, Proceedings
A2 - Galdi, Clemente
A2 - Kolesnikov, Vladimir
PB - Springer Science and Business Media Deutschland GmbH
T2 - 12th International Conference on Security and Cryptography for Networks, SCN 2020
Y2 - 14 September 2020 through 16 September 2020
ER -