Hua-Lei Yin

2024-08-24

Abstract:One-way functions are fundamental to classical cryptography and their existence remains a longstanding problem in computational complexity theory. Recently, a provable quantum one-way function has been identified, which maintains its one-wayness even with unlimited computational resources. Here, we extend the mathematical definition of functions to construct a generalized one-way function by virtually measuring the qubit of provable quantum one-way function and randomly assigning the corresponding measurement outcomes with identical probability. Remarkably, using this generalized one-way function, we have developed an unconditionally secure key distribution protocol based solely on classical data processing, which can then utilized for secure encryption and signature. Our work highlights the importance of information in characterizing quantum systems and the physical significance of the density matrix. We demonstrate that probability theory and randomness are effective tools for countering adversaries with unlimited computational capabilities.

Quantum Physics,Computational Complexity,Cryptography and Security,Information Theory

Tomoyuki Morimae,Takashi Yamakawa

2024-05-08

Abstract:The existence of one-way functions is one of the most fundamental assumptions in classical cryptography. In the quantum world, on the other hand, there are evidences that some cryptographic primitives can exist even if one-way functions do not exist. We therefore have the following important open problem in quantum cryptography: What is the most fundamental element in quantum cryptography? In this direction, Brakerski, Canetti, and Qian recently defined a notion called EFI pairs, which are pairs of efficiently generatable states that are statistically distinguishable but computationally indistinguishable, and showed its equivalence with some cryptographic primitives including commitments, oblivious transfer, and general multi-party computations. However, their work focuses on decision-type primitives and does not cover search-type primitives like quantum money and digital signatures. In this paper, we study properties of one-way state generators (OWSGs), which are a quantum analogue of one-way functions. We first revisit the definition of OWSGs and generalize it by allowing mixed output states. Then we show the following results. (1) We define a weaker version of OWSGs, weak OWSGs, and show that they are equivalent to OWSGs. (2) Quantum digital signatures are equivalent to OWSGs. (3) Private-key quantum money schemes (with pure money states) imply OWSGs. (4) Quantum pseudo one-time pad schemes imply both OWSGs and EFI pairs. (5) We introduce an incomparable variant of OWSGs, which we call secretly-verifiable and statistically-invertible OWSGs, and show that they are equivalent to EFI pairs.

Quantum Physics,Cryptography and Security

Dima Grigoriev,Vladimir Shpilrain

DOI: https://doi.org/10.48550/arXiv.1301.5069

2013-01-22

Abstract:We show that some problems in information security can be solved without using one-way functions. The latter are usually regarded as a central concept of cryptography, but the very existence of one-way functions depends on difficult conjectures in complexity theory, most notably on the notorious "$P \ne NP$" conjecture. In this paper, we suggest protocols for secure computation of the sum, product, and some other functions, without using any one-way functions. A new input that we offer here is that, in contrast with other proposals, we conceal "intermediate results" of a computation. For example, when we compute the sum of $k$ numbers, only the final result is known to the parties; partial sums are not known to anybody. Other applications of our method include voting/rating over insecure channels and a rather elegant and efficient solution of Yao's "millionaires' problem". Then, while it is fairly obvious that a secure (bit) commitment between two parties is impossible without a one-way function, we show that it is possible if the number of parties is at least 3. We also show how our (bit) commitment scheme for 3 parties can be used to arrange an unconditionally secure (bit) commitment between just two parties if they use a "dummy" (e.g., a computer) as the third party. We explain how our concept of a "dummy" is different from a well-known concept of a "trusted third party". We also suggest a protocol, without using a one-way function, for "mental poker", i.e., a fair card dealing (and playing) over distance. We also propose a secret sharing scheme where an advantage over Shamir's and other known secret sharing schemes is that nobody, including the dealer, ends up knowing the shares owned by any particular player. It should be mentioned that computational cost of our protocols is negligible to the point that all of them can be executed without a computer.

Cryptography and Security,Information Theory

Dakshita Khurana,Kabir Tomer

2024-01-30

Abstract:One-way functions are central to classical cryptography. They are both necessary for the existence of non-trivial classical cryptosystems, and sufficient to realize meaningful primitives including commitments, pseudorandom generators and digital signatures. At the same time, a mounting body of evidence suggests that assumptions even weaker than one-way functions may suffice for many cryptographic tasks of interest in a quantum world, including bit commitments and secure multi-party computation. This work studies one-way state generators [Morimae-Yamakawa, CRYPTO 2022], a natural quantum relaxation of one-way functions. Given a secret key, a one-way state generator outputs a hard to invert quantum state. A fundamental question is whether this type of quantum one-wayness suffices to realize quantum cryptography. We obtain an affirmative answer to this question, by proving that one-way state generators with pure state outputs imply quantum bit commitments and secure multiparty computation. Along the way, we build an intermediate primitive with classical outputs, which we call a (quantum) one-way puzzle. Our main technical contribution is a proof that one-way puzzles imply quantum bit commitments.

Quantum Physics,Cryptography and Security

Leonid A. Levin

DOI: https://doi.org/10.48550/arXiv.cs/0012023

2003-08-18

Abstract:The existence of one-way functions is arguably the most important problem in computer theory. The article discusses and refines a number of concepts relevant to this problem. For instance, it gives the first combinatorial complete owf, i.e., a function which is one-way if any function is. There are surprisingly many subtleties in basic definitions. Some of these subtleties are discussed or hinted at in the literature and some are overlooked. Here, a unified approach is attempted.

Cryptography and Security,Computational Complexity

Noam Mazor,Jiapeng Zhang

DOI: https://doi.org/10.1007/s00145-024-09507-4

2024-06-01

Journal of Cryptology

Abstract:Two of the most useful cryptographic primitives that can be constructed from one-way functions are pseudorandom generators (PRGs) and universal one-way hash functions (UOWHFs). In order to implement them in practice, the efficiency of such constructions must be considered. The three major efficiency measures are: the seed length , the call complexity to the one-way function, and the adaptivity of these calls. Still, the optimal efficiency of these constructions is not yet fully understood: there exist gaps between the known upper bound and the known lower bound for black-box constructions. A special class of one-way functions called unknown-regular one-way functions is much better understood. Haitner, Harnik and Reingold (CRYPTO 2006) presented a PRG construction with semi-linear seed length and linear number of calls based on a method called randomized iterate . Ames, Gennaro and Venkitasubramaniam (ASIACRYPT 2012) then gave a construction of UOWHF with similar parameters and using similar ideas. On the other hand, Holenstein and Sinha (FOCS 2012) and Barhum and Holenstein (TCC 2013) showed an almost linear call-complexity lower bound for black-box constructions of PRGs and UOWHFs from one-way functions. Hence, Haitner et al. and Ames et al. reached tight constructions (in terms of seed length and the number of calls) of PRGs and UOWHFs from regular one-way functions. These constructions, however, are adaptive. In this work, we present non-adaptive constructions for both primitives which match the optimal call complexity given by Holenstein and Sinha and Barhum and Holenstein. Our constructions, besides being simple and non-adaptive, are robust also for almost-regular one-way functions.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Tomoyuki Morimae,Takashi Yamakawa

2024-05-22

Abstract:We demonstrate quantum advantage with several basic assumptions, specifically based on only the existence of OWFs. We introduce inefficient-verifier proofs of quantumness (IV-PoQ), and construct it from classical bit commitments. IV-PoQ is an interactive protocol between a verifier and a quantum prover consisting of two phases. In the first phase, the verifier is probabilistic polynomial-time, and it interacts with the prover. In the second phase, the verifier becomes inefficient, and makes its decision based on the transcript of the first phase. If the prover is honest, the inefficient verifier accepts with high probability, but any classical malicious prover only has a small probability of being accepted by the inefficient verifier. Our construction demonstrates the following results: (1)If one-way functions exist, then IV-PoQ exist. (2)If distributional collision-resistant hash functions exist (which exist if hard-on-average problems in $\mathbf{SZK}$ exist), then constant-round IV-PoQ exist. We also demonstrate quantum advantage based on worst-case-hard assumptions. We define auxiliary-input IV-PoQ (AI-IV-PoQ) that only require that for any malicious prover, there exist infinitely many auxiliary inputs under which the prover cannot cheat. We construct AI-IV-PoQ from an auxiliary-input version of commitments in a similar way, showing that (1)If auxiliary-input one-way functions exist (which exist if $\mathbf{CZK}\not\subseteq\mathbf{BPP}$), then AI-IV-PoQ exist. (2)If auxiliary-input collision-resistant hash functions exist (which is equivalent to $\mathbf{PWPP}\nsubseteq \mathbf{FBPP}$) or $\mathbf{SZK}\nsubseteq \mathbf{BPP}$, then constant-round AI-IV-PoQ exist.

Quantum Physics,Computational Complexity,Cryptography and Security

Giulio Malavolta,Tomoyuki Morimae,Michael Walter,Takashi Yamakawa

2024-04-21

Abstract:In classical cryptography, one-way functions are widely considered to be the minimal computational assumption. However, when taking quantum information into account, the situation is more nuanced. There are currently two major candidates for the minimal assumption: the search quantum generalization of one-way functions are one-way state generators (OWSG), whereas the decisional variant are EFI pairs. A well-known open problem in quantum cryptography is to understand how these two primitives are related. A recent breakthrough result of Khurana and Tomer (STOC'24) shows that OWSGs imply EFI pairs, for the restricted case of pure states.

Quantum Physics,Cryptography and Security

Chris Brzuska,Geoffroy Couteau

DOI: https://doi.org/10.1007/s00145-024-09518-1

2024-12-06

Journal of Cryptology

Abstract:Constructing one-way functions from average-case hardness is a long-standing open problem. A positive result would exclude Pessiland (Impagliazzo '95) and establish a highly desirable win–win situation: either (symmetric) cryptography exists unconditionally, or all problems can be solved efficiently on the average. Motivated by the lack of progress on this seemingly very hard question, we initiate the investigation of weaker yet meaningful candidate win–win results of the following type: either there are fine-grained one-way functions (FGOWF), or non-trivial speedups can be obtained for all problems on the average. FGOWFs only require a fixed polynomial gap (as opposed to superpolynomial) between the running time of the function and the running time of an inverter. We obtain three main results: Construction. We show that if there is an language having a very strong form of average-case hardness, which we call block finding hardness , then FGOWF exist. We provide heuristic support for this very strong average-case hardness notion by showing that it holds for a random language. Then, we study whether weaker (and more natural) forms of average-case hardness could already suffice to obtain FGOWF and obtain two negative results: Separation I. We provide a strong oracle separation for the implication ( exponentially average-case hard language FGOWF). Separation II. We provide a second strong negative result for an even weaker candidate win–win result. Namely, we rule out a relativizing proof for the implication ( exponentially average-case hard language whose hardness amplifies optimally through parallel repetitions FGOWF). This separation forms the core technical contribution of our work.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

John Bostanci,Boyang Chen,Barak Nehoran

2024-11-01

Abstract:We show that there exists a unitary quantum oracle relative to which quantum commitments exist but no (efficiently verifiable) one-way state generators exist. Both have been widely considered candidates for replacing one-way functions as the minimal assumption for cryptography: the weakest cryptographic assumption implied by all of computational cryptography. Recent work has shown that commitments can be constructed from one-way state generators, but the other direction has remained open. Our results rule out any black-box construction, and thus settle this crucial open problem, suggesting that quantum commitments (as well as its equivalency class of EFI pairs, quantum oblivious transfer, and secure quantum multiparty computation) appear to be strictly weakest among all known cryptographic primitives.

Quantum Physics,Cryptography and Security

Shafi Goldwasser,Silvio Micali,Andrew Chi-chih Yao

DOI: https://doi.org/10.1007/978-1-4757-0602-4_20

1982-01-01

Abstract:The design of cryptographic protocols using trapdoor and one-way functions has received considerable attention in the past few years [1–8]. More recently, attention has been paid to provide rigorous correctness proofs based on simple mathematical assumptions, for example, in coin flipping (Blum [1]), mental poker (Goldwasser and Micali [4]). It is perhaps reasonable to speculate at this time that all cryptographic protocols can eventually be designed to be provably secure under simple assumptions, such as factoring large numbers or inverting RSA functions are computationally intractable in the appropriate sense.

Alex B. Grilo,Or Sattath,Quoc-Huy Vu

2023-06-21

Abstract:It is an important question to find constructions of quantum cryptographic protocols which rely on weaker computational assumptions than classical protocols. Recently, it has been shown that oblivious transfer and multi-party computation can be constructed from one-way functions, whereas this is impossible in the classical setting in a black-box way. In this work, we study the question of building quantum public-key encryption schemes from one-way functions and even weaker assumptions. Firstly, we revisit the definition of IND-CPA security to this setting. Then, we propose three schemes for quantum public-key encryption from one-way functions, pseudorandom function-like states with proof of deletion and pseudorandom function-like states, respectively.

Cryptography and Security,Quantum Physics

Qichun Wang,Jie Peng,Haibin Kan,Xiangyang Xue

DOI: https://doi.org/10.1109/TIT.2010.2046195

IF: 2.5

2010-01-01

IEEE Transactions on Information Theory

Abstract:It is known that Boolean functions used in stream and block ciphers should have good cryptographic properties to resist algebraic attacks. Up until now, there have been several constructions of Boolean functions achieving optimum algebraic immunity. However, most of their nonlinearities are very low. Carlet and Feng studied a class of Boolean functions with optimum algebraic immunity and deduced the lower bound of its nonlinearity, which is good, but not very high. Moreover, the main practical problem with this construction is that it cannot be implemented efficiently. In this paper, we put forward a new method to construct cryptographically significant Boolean functions by using primitive polynomials, and construct three infinite classes of Boolean functions with good cryptographic properties: balancedness, optimum algebraic degree, optimum algebraic immunity, and a high nonlinearity.

Aparna Gupte,Jiahui Liu,Justin Raizes,Bhaskar Roberts,Vinod Vaikuntanathan

2024-11-04

Abstract:One-time programs (Goldwasser, Kalai and Rothblum, CRYPTO 2008) are functions that can be run on any single input of a user's choice, but not on a second input. Classically, they are unachievable without trusted hardware, but the destructive nature of quantum measurements seems to provide a quantum path to constructing them. Unfortunately, Broadbent, Gutoski and Stebila showed that even with quantum techniques, a strong notion of one-time programs, similar to ideal obfuscation, cannot be achieved for any non-trivial quantum function. On the positive side, Ben-David and Sattath (Quantum, 2023) showed how to construct a one-time program for a certain (probabilistic) digital signature scheme, under a weaker notion of one-time program security. There is a vast gap between achievable and provably impossible notions of one-time program security, and it is unclear what functionalities are one-time programmable under the achievable notions of security. In this work, we present new, meaningful, yet achievable definitions of one-time program security for probabilistic classical functions. We show how to construct one time programs satisfying these definitions for all functions in the classical oracle model and for constrained pseudorandom functions in the plain model. Finally, we examine the limits of these notions: we show a class of functions which cannot be one-time programmed in the plain model, as well as a class of functions which appears to be highly random given a single query, but whose one-time program form leaks the entire function even in the oracle model.

Cryptography and Security,Quantum Physics

Maria Isabel González Vasco,Mats Näslund

DOI: https://doi.org/10.1007/978-3-0348-8295-8_18

2001-01-01

Abstract:The security of public key protocols relies nowadays on the use of one-way functions. However, even assuming a certain function f(x) is hard enough to invert, we should always keep in mind the fact that some information may leak through. A function b(x) that does not leak in this way is said to be a hard core for f; given f(x), b(x) cannot even be computationally distinguished from a random string. In this survey, we review what is known in this area, both from a more theoretical point of view and also for ‘practical’ choices of f such as RSA.

Jie Peng,Haibin Kan

DOI: https://doi.org/10.1587/transfun.e95.a.1056

2012-01-01

Abstract:It is well known that Boolean functions used in stream and block ciphers should have high algebraic immunity to resist algebraic attacks. Up to now, there have been many constructions of Boolean functions achieving the maximum algebraic immunity. In this paper, we present several constructions of rotation symmetric Boolean functions with maximum algebraic immunity on an odd number of variables which are not symmetric, via a study of invertible cyclic matrices over the binary field. In particular, we generalize the existing results and introduce a new method to construct all the rotation symmetric Boolean functions that differ from the majority function on two orbits. Moreover, we prove that their nonlinearities are upper bounded by 2(n-1) - ((n-1)(left perpendicularn/2right perpendicular)) + 2(n - 6).

Vladimir V. Podolskii,Dmitrii Sluch

2024-06-01

Abstract:Boolean function $F(x,y)$ for $x,y \in \{0,1\}^n$ is an XOR function if $F(x,y)=f(x\oplus y)$ for some function $f$ on $n$ input bits, where $\oplus$ is a bit-wise XOR. XOR functions are relevant in communication complexity, partially for allowing Fourier analytic technique. For total XOR functions it is known that deterministic communication complexity of $F$ is closely related to parity decision tree complexity of $f$. Montanaro and Osbourne (2009) observed that one-sided communication complexity $D_{cc}^{\rightarrow}(F)$ of $F$ is exactly equal to nonadaptive parity decision tree complexity $NADT^{\oplus}(f)$ of $f$. Hatami et al. (2018) showed that unrestricted communication complexity of $F$ is polynomially related to parity decision tree complexity of $f$. We initiate the studies of a similar connection for partial functions. We show that in case of one-sided communication complexity whether these measures are equal, depends on the number of undefined inputs of $f$. On the one hand, if $D_{cc}^{\rightarrow}(F)=t$ and $f$ is undefined on at most $O(\frac{2^{n-t}}{\sqrt{n-t}})$, then $NADT^{\oplus}(f)=t$. On the other hand, for a wide range of values of $D_{cc}^{\rightarrow}(F)$ and $NADT^{\oplus}(f)$ (from constant to $n-2$) we provide partial functions for which $D_{cc}^{\rightarrow}(F) < NADT^{\oplus}(f)$. In particular, we provide a function with an exponential gap between the two measures. Our separation results translate to the case of two-sided communication complexity as well, in particular showing that the result of Hatami et al. (2018) cannot be generalized to partial functions. Previous results for total functions heavily rely on Boolean Fourier analysis and the technique does not translate to partial functions. For the proofs of our results we build a linear algebraic framework instead. Separation results are proved through the reduction to covering codes.

Computational Complexity

Zhao Wang,Xiao Zhang,Sitao Wang,Zhiming Zheng,Wenhua Wang

DOI: https://doi.org/10.1080/00207160.2014.999051

2015-01-01

Abstract:A class of[GRAPHICS]-variable Boolean functions with excellent cryptographic criteria is proposed in this paper, using bivariate polynomial representation (BPR). By comparing known Boolean functions created by the 'BPR-method', three conjectures on the relationship between cryptographic criteria and parameter settings are given as guidelines to the research. Then on the basis of certain combinatorial facts and computer experiments, we prove that our functions possess the optimal algebraic immunity k, and validate that, at least for[GRAPHICS], the functions preserve almost perfect immunity against fast algebraic attacks. In addition, we show the functions to be 1-resilient with the maximum algebraic degree of[GRAPHICS]and give a proof of the lower bound for nonlinearity by means of Gauss sum. Our functions demonstrate great performance in meeting the desired cryptographic criteria for use in the filter model of pseudorandom generators.

Xiangxue Li,Qifeng Zhou,Haifeng Qian,Yu,Shaohua Tang

DOI: https://doi.org/10.1016/j.jmaa.2013.02.009

IF: 1.417

2013-01-01

Journal of Mathematical Analysis and Applications

Abstract:In designing cryptographic Boolean functions, it is challenging to achieve at the same time the desirable features of algebraic immunity, balancedness, nonlinearity, and algebraic degree for necessary resistance against algebraic attack, correlation attack, Berlekamp–Massey attack, etc. This paper constructs balanced rotation symmetric Boolean functions on n variables where n=2p and p is an odd prime. We prove the construction has an optimal algebraic immunity and is of high nonlinearity. We check that, at least for those primes p which are not of the form of a power of two plus one, the algebraic degree of the construction achieves in fact the upper bound n−1.

Helger Lipmaa,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-13708-2_26

2010-01-01

Abstract:Assume that a client outsources his database to a remote storage-provider (the server), so that for privacy reasons, the client's database is encrypted by his secret key. During a PIR-writing protocol, the client updates one element of the encrypted database without revealing to the semi-honest server which element was updated and, of course, to which value. The best previous PIR-writing protocols had square-root communication complexity. In this paper, we propose two new PIR-writing protocols. The first one can be based on (say) the Damgard-Jurik additively homomorphic public-key cryptosystem, and it has (amortized) polylogarithmic communication for a limited number of updates. The second one is based on a fully-homomorphic public-key cryptosystem, a much stronger primitive, but it achieves optimal logarithmic communication.