A Study of Separations in Cryptography: New Results and New Models

For more than 20 years, black-box impossibility results have been used to argue the infeasibility of constructing certain cryptographic primitives (e.g., key agreement) from others (e.g., one-way functions). In this dissertation we further extend the frontier of this field by demonstrating several new impossibility results as well as a new framework for studying a more general class of constructions. Our first two results demonstrate impossibility of black-box constructions of two commonly used cryptographic primitives. In our first result we study the feasibility of black-box constructions of predicate encryption schemes from standard assumptions and demonstrate strong limitations on the types of schemes that can be constructed. In our second result we study black-box constructions of constant-round zero-knowledge proofs from one-way permutations and show that, under commonly believed complexity assumptions, no such constructions exist. A widely recognized limitation of black-box impossibility results, however, is that they say nothing about the usefulness of (known) non-black-box techniques. This state of affairs is unsatisfying as we would at least like to rule out constructions using the set of techniques we have at our disposal. With this motivation in mind, in the final result of this dissertation we propose a new framework for black-box constructions with a non-black-box flavor, specifically, those that rely on zero-knowledge proofs relative to some oracle. Our framework is powerful enough to capture a large class of known constructions, however we show that the original black-box separation of key agreement from one-way functions still holds even in this non-black-box setting that allows for zero-knowledge proofs

Some Applications of Coding Theory in Computational Complexity

Error-correcting codes and related combinatorial constructs play an important role in several recent (and old) results in computational complexity theory. In this paper we survey results on locally-testable and locally-decodable error-correcting codes, and their applications to complexity theory and to cryptography. Locally decodable codes are error-correcting codes with sub-linear time error-correcting algorithms. They are related to private information retrieval (a type of cryptographic protocol), and they are used in average-case complexity and to construct ``hard-core predicates'' for one-way permutations. Locally testable codes are error-correcting codes with sub-linear time error-detection algorithms, and they are the combinatorial core of probabilistically checkable proofs

Statistical Zero Knowledge and quantum one-way functions

One-way functions are a very important notion in the field of classical cryptography. Most examples of such functions, including factoring, discrete log or the RSA function, can be, however, inverted with the help of a quantum computer. In this paper, we study one-way functions that are hard to invert even by a quantum adversary and describe a set of problems which are good such candidates. These problems include Graph Non-Isomorphism, approximate Closest Lattice Vector and Group Non-Membership. More generally, we show that any hard instance of Circuit Quantum Sampling gives rise to a quantum one-way function. By the work of Aharonov and Ta-Shma, this implies that any language in Statistical Zero Knowledge which is hard-on-average for quantum computers, leads to a quantum one-way function. Moreover, extending the result of Impagliazzo and Luby to the quantum setting, we prove that quantum distributionally one-way functions are equivalent to quantum one-way functions. Last, we explore the connections between quantum one-way functions and the complexity class QMA and show that, similarly to the classical case, if any of the above candidate problems is QMA-complete then the existence of quantum one-way functions leads to the separation of QMA and AvgBQP.Comment: 20 pages; Computational Complexity, Cryptography and Quantum Physics; Published version, main results unchanged, presentation improve

Physical Zero-Knowledge Proofs for Akari, Takuzu, Kakuro and KenKen

Akari, Takuzu, Kakuro and KenKen are logic games similar to Sudoku. In Akari, a labyrinth on a grid has to be lit by placing lanterns, respecting various constraints. In Takuzu a grid has to be filled with 0's and 1's, while respecting certain constraints. In Kakuro a grid has to be filled with numbers such that the sums per row and column match given values; similarly in KenKen a grid has to be filled with numbers such that in given areas the product, sum, difference or quotient equals a given value. We give physical algorithms to realize zero-knowledge proofs for these games which allow a player to show that he knows a solution without revealing it. These interactive proofs can be realized with simple office material as they only rely on cards and envelopes. Moreover, we formalize our algorithms and prove their security.Comment: FUN with algorithms 2016, Jun 2016, La Maddalena, Ital

Design of advanced primitives for secure multiparty computation : special shuffles and integer comparison

In modern cryptography, the problem of secure multiparty computation is about the cooperation between mutually distrusting parties computing a given function. Each party holds some private information that should remain secret as much as possible throughout the computation. A large body of research initiated in the early 1980's has shown that any computable function can be evaluated using secure multiparty computation. Though these feasibility results are general, their applicability in practical situations is rather unsatisfactory. This thesis concerns the study of two particular cryptographic primitives with focus on efficiency. The first primitive studied is a generalization of verifiable shuffles of homomorphic encryptions, where the shuffler is only allowed to apply a permutation from a restricted set of permutations. In this thesis, we consider shuffles using permutations from a k-fragile set, meaning that any k input-output correspondences uniquely identify a permutation within the set. We provide verifiable shuffles restricted to the set of all rotations (1-fragile), affine transformations (2-fragile), and Möbius transformations (3-fragile). Applications of these special shuffles include fragile mixing, electronic elections, secure function evaluation using scrambled circuits, and secure integer comparison. Two approaches for verifiable rotations are presented. On the one hand, we use properties of the Discrete Fourier Transform (DFT) to express in a compact way that a rotation is applied in a shuffle. The solution is efficient, but imposes some mild restrictions on the parameters to allow DFT to work. On the other hand, we present a general solution that does not impose any parameter constraint and works on any homomorphic cryptosystem. These protocols for rotations are used to build efficient shuffling protocols for affine and Möbius transformations. The second primitive is secure integer comparison. In a general scenario, parties are given homomorphic encryptions of the bits of two integers and, after running a protocol, an encryption of a bit is produced, telling the result of the greater-than comparison of the two integers. This is a useful building block for higher-level protocols such as electronic voting, biometrics authentication or electronic auctions. A study of the relationship of other problems to integer comparison is given as well. We present two types of solutions for integer comparison. Firstly, we consider an arithmetic circuit yielding secure protocols within the framework for multiparty computation based on threshold homomorphic cryptosystems. Our circuit achieves a good balance between round and computational complexities, when compared to the similar solutions in the literature. The second type of solutions uses a intricate approach where different building blocks are used. A full analysis is made for the two-party case where efficiency of the resulting protocols compares favorably to other solutions and approaches

On Transformations of Interactive Proofs that Preserve the Prover's Complexity

Goldwasser and Sipser [GS89] proved that every interactive proof system can be transformed into a public-coin one (a.k.a., an Arthur-Merlin game). Their transformation has the drawback that the computational complexity of the prover's strategy is not preserved. We show that this is inherent, by proving that the same must be true of any transformation which only uses the original prover and verifier strategies as "black boxes". Our negative result holds even if the original proof system is restricted to be honest-verifier perfect zero knowledge and the transformation can also use the simulator as a black box. We also examine a similar deficiency in a transformation of Fürer et al. [FGM+89] from interactive proofs to ones with perfect completeness. We argue that the increase in prover complexity incurred by their transformation is necessary, given that their construction is a black-box transformation which works regardless of the verifier's computational complexity.Engineering and Applied Science

Distributed PCP Theorems for Hardness of Approximation in P

We present a new distributed model of probabilistically checkable proofs (PCP). A satisfying assignment $x \in \{0,1\}^n$ to a CNF formula $\varphi$ is shared between two parties, where Alice knows $x_1, \dots, x_{n/2}$, Bob knows $x_{n/2+1},\dots,x_n$, and both parties know $\varphi$. The goal is to have Alice and Bob jointly write a PCP that $x$ satisfies $\varphi$, while exchanging little or no information. Unfortunately, this model as-is does not allow for nontrivial query complexity. Instead, we focus on a non-deterministic variant, where the players are helped by Merlin, a third party who knows all of $x$. Using our framework, we obtain, for the first time, PCP-like reductions from the Strong Exponential Time Hypothesis (SETH) to approximation problems in P. In particular, under SETH we show that there are no truly-subquadratic approximation algorithms for Bichromatic Maximum Inner Product over {0,1}-vectors, Bichromatic LCS Closest Pair over permutations, Approximate Regular Expression Matching, and Diameter in Product Metric. All our inapproximability factors are nearly-tight. In particular, for the first two problems we obtain nearly-polynomial factors of $2^{(\log n)^{1-o(1)}}$; only $(1+o(1))$-factor lower bounds (under SETH) were known before

New-Age Cryptography

We introduce new and general complexity theoretic hardness assumptions. These assumptions abstract out concrete properties of a random oracle and are significantly stronger than traditional cryptographic hardness assumptions; however, assuming their validity we can resolve a number of longstandingopen problems in cryptography