On hardness amplification of one-way functions

Abstract

Abstract. We continue the study of the efficiency of black-box reductions in cryptography. We focus on the question of constructing strong one-way functions (respectively, permutations) from weak one-way functions (respectively, permutations). To make our impossibility results stronger, we focus on the weakest type of constructions: those that start from a weak one-way permutation and define a strong one-way function. We show that for every “fully black-box ” construction of a ɛ(n)secure function based on a (1 − δ(n))-secure permutation, if q(n) isthe number of oracle queries used in the construction and ℓ(n) is the input length of the new function, then we have q ≥ Ω ( 1 1 · log) and ℓ ≥ δ ɛ n+Ω(log 1/ɛ)−O(log q). This result is proved by showing that fully blackbox reductions of strong to weak one-way functions imply the existence of “hitters ” and then by applying known lower bounds for hitters. We also show a sort of reverse connection, and we revisit the construction of Goldreich et al. (FOCS 1990) in terms of this reverse connection. Finally, we prove that any “weakly black-box ” construction with parameters q(n) and ℓ(n) better than the above lower bounds implies the unconditional existence of strong one-way functions (and, therefore, the existence of a weakly black-box construction with q(n) = 0). This result, like the one for fully black-box reductions, is proved by reasoning about the function defined by such a construction when using the identity permutation as an oracle.