Cryptology ePrint Archive: Report 2021/614

Unprovability of Leakage-Resilient Cryptography Beyond the Information-Theoretic Limit

Rafael Pass

Abstract: In recent years, leakage-resilient cryptography---the design of cryptographic protocols resilient to bounded leakage of honest players' secrets---has received significant attention. A major limitation of known provably-secure constructions (based on polynomial hardness assumptions) is that they require the secrets to have sufficient actual (i.e., information-theoretic), as opposed to computational, min-entropy even after the leakage.

In this work, we present barriers to provably-secure constructions beyond the ``information-theoretic barrier'': Assume the existence of collision-resistant hash functions. Then, no NP search problem with $(2^{n^{\epsilon}})$-bounded number of witnesses can be proven (even worst-case) hard in the presence of $O(n^{\epsilon})$ bits of computationally-efficient leakage of the witness, using a black-box reduction to any $O(1)$-round assumption. In particular, this implies that $O(n^{\epsilon})$-leakage resilient injective one-way functions, and more generally, one-way functions with at most $2^{n^{\epsilon}}$ pre-images, cannot be based on any ``standard'' complexity assumption using a black-box reduction.

Category / Keywords: foundations / meta-reductions; leakage-resilience

Original Publication (with minor differences): SCN'20

Date: received 11 May 2021

Contact author: rafael at cs cornell edu

Available format(s): PDF | BibTeX Citation

Version: 20210517:061603 (All versions of this report)

Short URL: ia.cr/2021/614


[ Cryptology ePrint archive ]