Results 1 
4 of
4
Finding Collisions on a OneWay Street: Can Secure Hash Functions be Based on General Assumptions
, 1998
"... We prove the existence of an oracle relative to which there exist seveial wellknown cryptographic primitives, including oneway permutations, but excluding (for a suitably strong definition) collisionintractible hash functions. Thus any proof that such functions can be derived from these weaker ..."
Abstract

Cited by 72 (0 self)
 Add to MetaCart
We prove the existence of an oracle relative to which there exist seveial wellknown cryptographic primitives, including oneway permutations, but excluding (for a suitably strong definition) collisionintractible hash functions. Thus any proof that such functions can be derived from these weaker primitives is necessarily nonrelativizing; in particular, no provable construction of a collisionintractable hash function can exist based solely on a “black box ” oneway permutation. This result can be viewed as a partial justification for the common practice of treating the collisionintractable hash function as a cryptographic primitive, rather than attempting to derive it from a weaker primitive (such as a oneway permutation). Key words: Hash functions, oracle, cryptography, complexity theory 1
Lower bounds on the Efficiency of Generic Cryptographic Constructions
 41st IEEE Symposium on Foundations of Computer Science (FOCS), IEEE
, 2000
"... A central focus of modern cryptography is the construction of efficient, “highlevel” cryptographic tools (e.g., encryption schemes) from weaker, “lowlevel ” cryptographic primitives (e.g., oneway functions). Of interest are both the existence of such constructions, and their efficiency. Here, we ..."
Abstract

Cited by 61 (6 self)
 Add to MetaCart
A central focus of modern cryptography is the construction of efficient, “highlevel” cryptographic tools (e.g., encryption schemes) from weaker, “lowlevel ” cryptographic primitives (e.g., oneway functions). Of interest are both the existence of such constructions, and their efficiency. Here, we show essentiallytight lower bounds on the best possible efficiency of any blackbox construction of some fundamental cryptographic tools from the most basic and widelyused cryptographic primitives. Our results hold in an extension of the model introduced by Impagliazzo and Rudich, and improve and extend earlier results of Kim, Simon, and Tetali. We focus on constructions of pseudorandom generators, universal oneway hash functions, and digital signatures based on oneway permutations, as well as constructions of public and privatekey encryption schemes based on trapdoor permutations. In each case, we show that any blackbox construction beating our efficiency bound would yield the unconditional existence of a oneway function and thus, in particular, prove P = NP. 1
Limits on the Efficiency of OneWay PermutationBased Hash Functions
 In Proceedings of the 40th Annual IEEE Symposium on Foundations of Computer Science
, 1999
"... Naor and Yung ([NY89]) show that a onebit compressing universal oneway hash function (UOWHF) can be constructed based on a oneway permutation. This construction can be iterated to build a UOWHF which compresses by "n bits, at the cost of "n invocations of the oneway permutation. We show that thi ..."
Abstract

Cited by 28 (0 self)
 Add to MetaCart
Naor and Yung ([NY89]) show that a onebit compressing universal oneway hash function (UOWHF) can be constructed based on a oneway permutation. This construction can be iterated to build a UOWHF which compresses by "n bits, at the cost of "n invocations of the oneway permutation. We show that this construction is not far from optimal, in the following sense: there exists an oracle relative to which there exists a oneway permutation with inversion probability 2 \Gammap(n) (for any p(n) 2 !(log n)), but any construction of an "nbitcompressing UOWHF requires \Omega\Gamma p n=p(n)) invocations of the oneway permutation, on average. (For example, there exists in this relativized world a oneway permutation with inversion probability n \Gamma!(1) , but no UOWHF that invokes it fewer than \Omega\Gamma p n= log n) times.) Thus any proof that a more efficient UOWHF can be derived from a oneway permutation is necessarily nonrelativizing; in particular, no provable construction...
On constructing 11 oneway functions
 Electronic Colloquium on Computational Complexity (ECCC
, 1995
"... Abstract. We show how to construct lengthpreserving 11 oneway functions based on popular intractability assumptions (e.g., RSA, DLP). Such 11 functions should not be confused with (infinite) families of (finite) oneway permutations. What we want and obtain is a single (infinite) 11 oneway fun ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
Abstract. We show how to construct lengthpreserving 11 oneway functions based on popular intractability assumptions (e.g., RSA, DLP). Such 11 functions should not be confused with (infinite) families of (finite) oneway permutations. What we want and obtain is a single (infinite) 11 oneway function.