首页    期刊浏览 2024年11月27日 星期三
登录注册

文章基本信息

  • 标题:A New Sampling Protocol and Applications to Basing Cryptographic Primitives on the Hardness of NP
  • 本地全文:下载
  • 作者:Iftach Haitner ; Mohammad Mahmoody ; David Xiao
  • 期刊名称:Electronic Colloquium on Computational Complexity
  • 印刷版ISSN:1433-8092
  • 出版年度:2010
  • 卷号:2010
  • 出版社:Universität Trier, Lehrstuhl für Theoretische Computer-Forschung
  • 摘要:We investigate the question of what languages can be decided efficiently with the help of a recursive collision-finding oracle. Such an oracle can be used to break collision-resistant hash functions or, more generally, statistically hiding commitments. The oracle we consider, Samd where d is the recursion depth, is based on the identically-named oracle defined in the work of Haitner et al. (FOCS '07). Our main result is a constant-round public-coin protocol ``AMSam'' that allows an efficient verifier to emulate a Samd oracle for any constant depth d=O(1) with the help of a BPPNP prover. AMSam allows us to conclude that if L is decidable by a k-adaptive randomized oracle algorithm with access to a SamO(1) oracle, then LAM[k]coAM[k]. The above yields the following corollary: assume there exists an O(1)-adaptive reduction that bases constant-round statistically hiding commitment on NP -hardness, then NPcoAM and the polynomial hierarchy collapses. The same result holds for any primitive that can be broken by SamO(1) including collision-resistant hash functions and O(1)-round oblivious transfer where security holds statistically for one of the parties. We also obtain non-trivial (though weaker) consequences for k-adaptive reductions for any k=poly(n). Prior to our work, most results in this research direction either applied only to non-adaptive reductions (Bogdanov and Trevisan, SIAM J. of Comp. '06) or to primitives with special regularity properties (Brassard79 FOCS '79, Akavia et al, FOCS '06). The main technical tool we use to prove the above is a new constant-round public-coin protocol (SWS) that we believe may be interesting in its own right, and that guarantees the following. Given an efficient function f on n bits, let D be the output distribution D=f(Un), then SWS allows an efficient verifier Arthur to use an all-powerful prover Merlin's help to sample a random yD along with a good multiplicative approximation of the probability py=PryD[y=y]. The crucial feature of SWS is that it extends even to distributions of the form D=f(US), where US is the uniform distribution on an efficiently decidable subset S01n (such D are called efficiently samplable with \emph{post-selection}), as long as the verifier is also given a good approximation of the value S .
  • 关键词:black-box lower bounds, collision-resistant hash functions, constant-round statistically hid-, sampling protocols
国家哲学社会科学文献中心版权所有