当前位置:
X-MOL 学术
›
J. Cryptol.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Can PPAD Hardness be Based on Standard Cryptographic Assumptions?
Journal of Cryptology ( IF 2.3 ) Pub Date : 2021-01-01 , DOI: 10.1007/s00145-020-09369-6 Alon Rosen , Gil Segev , Ido Shahaf
Journal of Cryptology ( IF 2.3 ) Pub Date : 2021-01-01 , DOI: 10.1007/s00145-020-09369-6 Alon Rosen , Gil Segev , Ido Shahaf
We consider the question of whether PPAD hardness can be based on standard cryptographic assumptions, such as the existence of one-way functions or public-key encryption. This question is particularly well-motivated in light of new devastating attacks on obfuscation candidates and their underlying building blocks, which are currently the only known source for PPAD hardness. Central in the study of obfuscation-based PPAD hardness is the sink-of-verifiable-line (SVL) problem, an intermediate step in constructing instances of the PPAD-complete problem source-or-sink . Within the framework of black-box reductions, we prove the following results: (i) average-case PPAD hardness (and even SVL hardness) does not imply any form of cryptographic hardness (not even one-way functions). Moreover, even when assuming the existence of one-way functions, average-case PPAD hardness (and, again, even SVL hardness) does not imply any public-key primitive. Thus, strong cryptographic assumptions (such as obfuscation-related ones) are not essential for average-case PPAD hardness. (ii) Average-case SVL hardness cannot be based either on standard cryptographic assumptions or on average-case PPAD hardness. In particular, average-case SVL hardness is not essential for average-case PPAD hardness. (iii) Any attempt for basing the average-case hardness of the PPAD-complete problem source-or-sink on standard cryptographic assumptions must result in instances with a nearly exponential number of solutions. This stands in striking contrast to the obfuscation-based approach, which results in instances having a unique solution. Taken together, our results imply that it may still be possible to base PPAD hardness on standard cryptographic assumptions, but any such black-box attempt must significantly deviate from the obfuscation-based approach: It cannot go through the SVL problem, and it must result in source-or-sink instances with a nearly exponential number of solutions.
中文翻译:
PPAD 硬度能否基于标准密码学假设?
我们考虑了 PPAD 硬度是否可以基于标准密码学假设的问题,例如单向函数或公钥加密的存在。鉴于对混淆候选及其底层构建块的新的破坏性攻击,这个问题的动机特别好,这是目前已知的 PPAD 硬度的唯一来源。基于混淆的 PPAD 硬度研究的核心是可验证线汇 (SVL) 问题,这是构建 PPAD 完全问题源或汇实例的中间步骤。在黑盒减少的框架内,我们证明了以下结果:(i)平均情况 PPAD 硬度(甚至 SVL 硬度)并不意味着任何形式的密码硬度(甚至不是单向函数)。此外,即使假设存在单向函数,平均情况 PPAD 硬度(甚至 SVL 硬度)并不意味着任何公钥原语。因此,强加密假设(例如与混淆相关的假设)对于平均情况 PPAD 硬度并不是必不可少的。(ii) 平均情况 SVL 硬度不能基于标准密码假设或平均情况 PPAD 硬度。特别是,平均情况 SVL 硬度对于平均情况 PPAD 硬度不是必需的。(iii) 任何将 PPAD 完全问题源或汇的平均情况硬度建立在标准密码学假设上的尝试都必须导致具有近乎指数数量的解决方案的实例。这与基于混淆的方法形成鲜明对比,后者导致实例具有独特的解决方案。综合起来,
更新日期:2021-01-01
中文翻译:
PPAD 硬度能否基于标准密码学假设?
我们考虑了 PPAD 硬度是否可以基于标准密码学假设的问题,例如单向函数或公钥加密的存在。鉴于对混淆候选及其底层构建块的新的破坏性攻击,这个问题的动机特别好,这是目前已知的 PPAD 硬度的唯一来源。基于混淆的 PPAD 硬度研究的核心是可验证线汇 (SVL) 问题,这是构建 PPAD 完全问题源或汇实例的中间步骤。在黑盒减少的框架内,我们证明了以下结果:(i)平均情况 PPAD 硬度(甚至 SVL 硬度)并不意味着任何形式的密码硬度(甚至不是单向函数)。此外,即使假设存在单向函数,平均情况 PPAD 硬度(甚至 SVL 硬度)并不意味着任何公钥原语。因此,强加密假设(例如与混淆相关的假设)对于平均情况 PPAD 硬度并不是必不可少的。(ii) 平均情况 SVL 硬度不能基于标准密码假设或平均情况 PPAD 硬度。特别是,平均情况 SVL 硬度对于平均情况 PPAD 硬度不是必需的。(iii) 任何将 PPAD 完全问题源或汇的平均情况硬度建立在标准密码学假设上的尝试都必须导致具有近乎指数数量的解决方案的实例。这与基于混淆的方法形成鲜明对比,后者导致实例具有独特的解决方案。综合起来,
京公网安备 11010802027423号