Paper 2024/1050

On Sequential Functions and Fine-Grained Cryptography

Jiaxin Guan, New York University
Hart Montgomery, Linux Foundation
Abstract

A sequential function is, informally speaking, a function $f$ for which a massively parallel adversary cannot compute "substantially" faster than an honest user with limited parallel computation power. Sequential functions form the backbone of many primitives that are extensively used in blockchains such as verifiable delay functions (VDFs) and time-lock puzzles. Despite this widespread practical use, there has been little work studying the complexity or theory of sequential functions. Our main result is a black-box oracle separation between sequential functions and one-way functions: in particular, we show the existence of an oracle $\mathcal{O}$ that implies a sequential function but not a one-way function. This seems surprising since sequential functions are typically constructed from very strong assumptions that imply one-way functions and also since time-lock puzzles are known to imply one-way functions (Bitansky et al., ITCS '16). We continue our exploration of the theory of sequential functions. We show that, informally speaking, the decisional, worst-case variant of a certain class of sequential function called a continuous iterative sequential function (CISF) is PSPACE-complete. A CISF is, in a nutshell, a sequential function $f$ that can be written in the form $f \left(k, x \right) = g^{k} \left(x \right)$ for some function $g$ where $k$ is an input determining the number of "rounds" the function is evaluated. We then show that more general forms of sequential functions are not contained in PSPACE relative to a random oracle. Given these results, we then ask if it is possible to build any interesting cryptographic primitives from sequential functions that are not one-way. It turns out that even if we assume just the existence of a CISF that is not one-way, we can build certain "fine-grained" cryptographic primitives where security is defined similarly to traditional primitives with the exception that it is only guaranteed for some (generally polynomial) amount of time. In particular, we show how to build "fine-grained" symmetric key encryption and "fine-grained" MACs from a CISF. We also show how to build fine-grained public-key encryption from a VDF with a few extra natural properties and indistinguishability obfucsation (iO) for null circuits. We do not assume one-way functions. Finally, we define a primitive that we call a commutative sequential function - essentially a sequential function that can be computed in sequence to get the same output in two different ways - and show that it implies fine-grained key exchange.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A major revision of an IACR publication in CRYPTO 2024
Keywords
Sequential FunctionVerifiable Delay FunctionIdealized ModelLower BoundBlockchainBlack-Box Separation
Contact author(s)
jiaxin @ guan io
hart montgomery @ gmail com
History
2024-06-30: approved
2024-06-28: received
See all versions
Short URL
https://ia.cr/2024/1050
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1050,
      author = {Jiaxin Guan and Hart Montgomery},
      title = {On Sequential Functions and Fine-Grained Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1050},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/1050}},
      url = {https://eprint.iacr.org/2024/1050}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.