Limits of extractability assumptions with distributional auxiliary input

Elette Boyle*, Rafael Pass

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

21 Scopus citations


Extractability, or “knowledge,” assumptions have recently gained popularity in the cryptographic community, leading to the study of primitives such as extractable one-way functions, extractable hash functions, succinct non-interactive arguments of knowledge (SNARKs), and (public-coin) differing-inputs obfuscation ((PC-)diO), and spurring the development of a wide spectrum of new applications relying on these primitives. For most of these applications, it is required that the extractability assumption holds even in the presence of attackers receiving some auxiliary information that is sampled from some fixed efficiently computable distribution Z. We show that, assuming the existence of public-coin collision-resistant hash functions, there exists an efficient distributions Z such that either – PC-diO for Turing machines does not exist, or – extractable one-way functions w.r.t. auxiliary input Z do not exist. A corollary of this result shows that additionally assuming existence of fully homomorphic encryption with decryption in NC1, there exists an efficient distribution Z such that either – SNARKs for NP w.r.t. auxiliary input Z do not exist, or – PC-diO for NC1 circuits does not exist. To achieve our results, we develop a “succinct punctured program” technique, mirroring the powerful punctured program technique of Sahai and Waters (STOC’14), and present several other applications of this new technique. In particular, we construct succinct perfect zero knowledge SNARGs and give a universal instantiation of random oracles in fulldomain hash applications, based on PC-diO. As a final contribution, we demonstrate that even in the absence of auxiliary input, care must be taken when making use of extractability assumptions.We show that (standard) diO w.r.t. any distribution D over programs and bounded-length auxiliary input is directly implied by any obfuscator that satisfies the weaker indistinguishability obfuscation (iO) security notion and diO for a slightly modified distribution D′ of programs (of slightly greater size) and no auxiliary input. As a consequence, we directly obtain negative results for (standard) diO in the absence of auxiliary input.

Original languageEnglish
Title of host publicationAdvances in Cryptology – ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
EditorsTetsu Iwata, Jung Hee Cheon
PublisherSpringer Verlag
Number of pages26
ISBN (Print)9783662487990
StatePublished - 2015
Externally publishedYes
Event21st International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2015 - Auckland, New Zealand
Duration: 29 Nov 20153 Dec 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference21st International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2015
Country/TerritoryNew Zealand


FundersFunder number
Alfred P. Sloan Fellowship
National Science Foundation-1523467
Air Force Office of Scientific ResearchFA9550-10-1-0093
Defense Advanced Research Projects Agency
Simons Foundation
MicrosoftCCF-1214844, CCF-0746990, CNS-1217821
Air Force Research LaboratoryFA8750-11-2-0211
Cornell University
FP7 People: Marie-Curie ActionsFP/2007-2013, 307952
Government of South Australia
Israel Science Foundation1709/14
Seventh Framework Programme259426 ERC-CaC, FP10/ 2010-2016


    Dive into the research topics of 'Limits of extractability assumptions with distributional auxiliary input'. Together they form a unique fingerprint.

    Cite this