CORE
πΊπ¦Β
Β make metadata, not war
Services
Services overview
Explore all CORE services
Access to raw data
API
Dataset
FastSync
Content discovery
Recommender
Discovery
OAI identifiers
OAI Resolver
Managing content
Dashboard
Bespoke contracts
Consultancy services
Support us
Support us
Membership
Sponsorship
Community governance
Advisory Board
Board of supporters
Research network
About
About us
Our mission
Team
Blog
FAQs
Contact us
Communication Lower Bounds of Key-Agreement Protocols via Density Increment Arguments
Authors
Guangxu Yang
Jiapeng Zhang
Mi-Ying (Miryam) Huang
Xinyu Mao
Publication date
10 September 2023
Publisher
International Association for Cryptologic Research (IACR)
Abstract
Constructing key-agreement protocols in the random oracle model (ROM) is a viable method to assess the feasibility of developing public-key cryptography within Minicrypt. Unfortunately, as shown by Impagliazzo and Rudich (STOC 1989) and Barak and Mahmoody (Crypto 2009), such protocols can only guarantee limited security: any
β
\ell
β
-query protocol can be attacked by an
O
(
β
2
)
O(\ell^2)
O
(
β
2
)
-query adversary. This quadratic gap matches the key-agreement protocol proposed by Merkle (CACM 78), known as Merkle\u27s Puzzles. Besides query complexity, the communication complexity of key-agreement protocols in the ROM is also an interesting question in the realm of find-grained cryptography, even though only limited security is achievable. Haitner et al. (ITCS 2019) first observed that in Merkle\u27s Puzzles, to obtain secrecy against an eavesdropper with
O
(
β
2
)
O(\ell^2)
O
(
β
2
)
queries, the honest parties must exchange
Ξ©
(
β
)
\Omega(\ell)
Ξ©
(
β
)
bits. Therefore, they conjectured that high communication complexity is unavoidable, i.e., any
β
\ell
β
-query protocols with
c
c
c
bits of communication could be attacked by an
O
(
c
β
β
)
O(c\cdot \ell)
O
(
c
β
β
)
-query adversary. This, if true, will suggest that Merkle\u27s Puzzle is also optimal regarding communication complexity. Building upon techniques from communication complexity, Haitner et al. (ITCS 2019) confirmed this conjecture for two types of key agreement protocols with certain natural properties. This work affirms the above conjecture for all non-adaptive protocols with perfect completeness. Our proof uses a novel idea called density increment argument. This method could be of independent interest as it differs from previous communication lower bounds techniques (and bypasses some technical barriers)
Similar works
Full text
Open in the Core reader
Download PDF
Available Versions
Cryptology ePrint Archive
See this paper in CORE
Go to the repository landing page
Download from data provider
oai:eprint.iacr.org:2023/1349
Last time updated on 25/10/2023