当前位置:
X-MOL 学术
›
SIAM J. Comput.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Structure Versus Hardness Through the Obfuscation Lens
SIAM Journal on Computing ( IF 1.2 ) Pub Date : 2021-01-13 , DOI: 10.1137/17m1136559 Nir Bitansky , Akshay Degwekar , Vinod Vaikuntanathan
SIAM Journal on Computing ( IF 1.2 ) Pub Date : 2021-01-13 , DOI: 10.1137/17m1136559 Nir Bitansky , Akshay Degwekar , Vinod Vaikuntanathan
SIAM Journal on Computing, Volume 50, Issue 1, Page 98-144, January 2021.
Much of modern cryptography, starting from public-key encryption and going beyond, is based on the hardness of structured (mostly algebraic) problems like factoring, discrete log, or finding short lattice vectors. While structure is perhaps what enables advanced applications, it also puts the hardness of these problems in question. In particular, this structure often puts them in low (and so-called structured) complexity classes such as $\mathsf{NP}\cap \mathsf{coNP}$ or statistical zero-knowledge ($\mathsf{SZK}$). Is this structure really necessary? For some cryptographic primitives, such as one-way permutations and homomorphic encryption, we know that the answer is yes---they imply hard problems in $\mathsf{NP}\cap \mathsf{coNP}$ and $\mathsf{SZK}$, respectively. In contrast, one-way functions do not imply such hard problems, at least not by black-box reductions. Yet, for many basic primitives such as public-key encryption, oblivious transfer, and functional encryption, we do not have any answer. We show that the above primitives, and many others, do not imply hard problems in $\mathsf{NP}\cap\mathsf{coNP}$ or $\mathsf{SZK}$ via black-box reductions. In fact, we first show that even the very powerful notion of indistinguishability obfuscation (IO) does not imply such hard problems, and then deduce the same for a large class of primitives that can be constructed from IO.
中文翻译:
通过混淆镜头的结构与硬度
SIAM Journal on Computing,第 50 卷,第 1 期,第 98-144 页,2021 年 1 月。
许多现代密码学,从公钥加密开始并超越,都是基于结构化(主要是代数)问题的难度,如因式分解、离散对数或寻找短格向量。虽然结构可能是实现高级应用的原因,但它也使这些问题的难度成为问题。特别是,这种结构通常将它们置于低(和所谓的结构化)复杂性类别中,例如 $\mathsf{NP}\cap \mathsf{coNP}$ 或统计零知识 ($\mathsf{SZK}$)。这种结构真的有必要吗?对于一些密码原语,例如单向排列和同态加密,我们知道答案是肯定的——它们意味着 $\mathsf{NP}\cap \mathsf{coNP}$ 和 $\mathsf{SZK }$,分别。相比之下,单向函数并不意味着这样的难题,至少不是通过黑盒减少。然而,对于公钥加密、不经意传输和功能加密等许多基本原语,我们没有任何答案。我们表明,上述原语和许多其他原语并不意味着 $\mathsf{NP}\cap\mathsf{coNP}$ 或 $\mathsf{SZK}$ 中的困难问题,通过黑盒归约。事实上,我们首先表明,即使是不可区分性混淆 (IO) 的非常强大的概念也并不意味着如此困难的问题,然后对可以从 IO 构造的一大类原语进行推论。不通过黑盒归约暗示 $\mathsf{NP}\cap\mathsf{coNP}$ 或 $\mathsf{SZK}$ 中的难题。事实上,我们首先表明,即使是不可区分性混淆 (IO) 的非常强大的概念也并不意味着如此困难的问题,然后对可以从 IO 构造的一大类原语进行推论。不通过黑盒归约暗示 $\mathsf{NP}\cap\mathsf{coNP}$ 或 $\mathsf{SZK}$ 中的难题。事实上,我们首先表明,即使是不可区分性混淆 (IO) 的非常强大的概念也并不意味着如此困难的问题,然后对可以从 IO 构造的一大类原语进行推论。
更新日期:2021-01-13
Much of modern cryptography, starting from public-key encryption and going beyond, is based on the hardness of structured (mostly algebraic) problems like factoring, discrete log, or finding short lattice vectors. While structure is perhaps what enables advanced applications, it also puts the hardness of these problems in question. In particular, this structure often puts them in low (and so-called structured) complexity classes such as $\mathsf{NP}\cap \mathsf{coNP}$ or statistical zero-knowledge ($\mathsf{SZK}$). Is this structure really necessary? For some cryptographic primitives, such as one-way permutations and homomorphic encryption, we know that the answer is yes---they imply hard problems in $\mathsf{NP}\cap \mathsf{coNP}$ and $\mathsf{SZK}$, respectively. In contrast, one-way functions do not imply such hard problems, at least not by black-box reductions. Yet, for many basic primitives such as public-key encryption, oblivious transfer, and functional encryption, we do not have any answer. We show that the above primitives, and many others, do not imply hard problems in $\mathsf{NP}\cap\mathsf{coNP}$ or $\mathsf{SZK}$ via black-box reductions. In fact, we first show that even the very powerful notion of indistinguishability obfuscation (IO) does not imply such hard problems, and then deduce the same for a large class of primitives that can be constructed from IO.
中文翻译:
通过混淆镜头的结构与硬度
SIAM Journal on Computing,第 50 卷,第 1 期,第 98-144 页,2021 年 1 月。
许多现代密码学,从公钥加密开始并超越,都是基于结构化(主要是代数)问题的难度,如因式分解、离散对数或寻找短格向量。虽然结构可能是实现高级应用的原因,但它也使这些问题的难度成为问题。特别是,这种结构通常将它们置于低(和所谓的结构化)复杂性类别中,例如 $\mathsf{NP}\cap \mathsf{coNP}$ 或统计零知识 ($\mathsf{SZK}$)。这种结构真的有必要吗?对于一些密码原语,例如单向排列和同态加密,我们知道答案是肯定的——它们意味着 $\mathsf{NP}\cap \mathsf{coNP}$ 和 $\mathsf{SZK }$,分别。相比之下,单向函数并不意味着这样的难题,至少不是通过黑盒减少。然而,对于公钥加密、不经意传输和功能加密等许多基本原语,我们没有任何答案。我们表明,上述原语和许多其他原语并不意味着 $\mathsf{NP}\cap\mathsf{coNP}$ 或 $\mathsf{SZK}$ 中的困难问题,通过黑盒归约。事实上,我们首先表明,即使是不可区分性混淆 (IO) 的非常强大的概念也并不意味着如此困难的问题,然后对可以从 IO 构造的一大类原语进行推论。不通过黑盒归约暗示 $\mathsf{NP}\cap\mathsf{coNP}$ 或 $\mathsf{SZK}$ 中的难题。事实上,我们首先表明,即使是不可区分性混淆 (IO) 的非常强大的概念也并不意味着如此困难的问题,然后对可以从 IO 构造的一大类原语进行推论。不通过黑盒归约暗示 $\mathsf{NP}\cap\mathsf{coNP}$ 或 $\mathsf{SZK}$ 中的难题。事实上,我们首先表明,即使是不可区分性混淆 (IO) 的非常强大的概念也并不意味着如此困难的问题,然后对可以从 IO 构造的一大类原语进行推论。
京公网安备 11010802027423号