TY - GEN
T1 - The curious case of non-interactive commitments - On the power of black-box vs. non-black-box use of primitives
AU - Mahmoody, Mohammad
AU - Pass, Rafael
PY - 2012
Y1 - 2012
N2 - It is well-known that one-way permutations (and even one-to-one one-way functions) imply the existence of non-interactive commitments. Furthermore the construction is black-box (i.e., the underlying one-way function is used as an oracle to implement the commitment scheme, and an adversary attacking the commitment scheme is used as an oracle in the proof of security). We rule out the possibility of black-box constructions of non-interactive commitments from general (possibly not one-to-one) one-way functions. As far as we know, this is the first result showing a natural cryptographic task that can be achieved in a black-box way from one-way permutations but not from one-way functions. We next extend our black-box separation to constructions of non-interactive commitments from a stronger notion of one-way functions, which we refer to as hitting one-way functions. Perhaps surprisingly, Barak, Ong, and Vadhan (Siam JoC '07) showed that there does exist a non-black-box construction of non-interactive commitments from hitting one-way functions. As far as we know, this is the first result to establish a "separation" between the power of black-box and non-black-box use of a primitive to implement a natural cryptographic task. We finally show that unless the complexity class has program checkers, the above separations extend also to non-interactive instance-based commitments, and 3-message public-coin honest-verifier zero-knowledge protocols with O(logn)-bit verifier messages. The well-known classical zero-knowledge proof for fall into this category.
AB - It is well-known that one-way permutations (and even one-to-one one-way functions) imply the existence of non-interactive commitments. Furthermore the construction is black-box (i.e., the underlying one-way function is used as an oracle to implement the commitment scheme, and an adversary attacking the commitment scheme is used as an oracle in the proof of security). We rule out the possibility of black-box constructions of non-interactive commitments from general (possibly not one-to-one) one-way functions. As far as we know, this is the first result showing a natural cryptographic task that can be achieved in a black-box way from one-way permutations but not from one-way functions. We next extend our black-box separation to constructions of non-interactive commitments from a stronger notion of one-way functions, which we refer to as hitting one-way functions. Perhaps surprisingly, Barak, Ong, and Vadhan (Siam JoC '07) showed that there does exist a non-black-box construction of non-interactive commitments from hitting one-way functions. As far as we know, this is the first result to establish a "separation" between the power of black-box and non-black-box use of a primitive to implement a natural cryptographic task. We finally show that unless the complexity class has program checkers, the above separations extend also to non-interactive instance-based commitments, and 3-message public-coin honest-verifier zero-knowledge protocols with O(logn)-bit verifier messages. The well-known classical zero-knowledge proof for fall into this category.
KW - Black-Box Separations
KW - Hitting Set Generators
KW - Non-Black-Box Constructions
KW - Non-Interactive Commitments
KW - One-Way Functions
KW - Program Checkers
KW - Zero-Knowledge Proofs
UR - http://www.scopus.com/inward/record.url?scp=84865452421&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-32009-5_41
DO - 10.1007/978-3-642-32009-5_41
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84865452421
SN - 9783642320088
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 701
EP - 718
BT - Advances in Cryptology, CRYPTO 2012 - 32nd Annual Cryptology Conference, Proceedings
T2 - 32nd Annual International Cryptology Conference, CRYPTO 2012
Y2 - 19 August 2012 through 23 August 2012
ER -