Paper 2024/1659

Instance Compression, Revisited

Gal Arnon, Weizmann Institute of Science
Shany Ben-David, Bar-Ilan University
Eylon Yogev, Bar-Ilan University
Abstract

Collision-resistant hashing (CRH) is a cornerstone of cryptographic protocols. However, despite decades of research, no construction of a CRH based solely on one-way functions has been found. Moreover, there are black-box limitations that separate these two primitives. Harnik and Naor [HN10] overcame this black-box barrier by introducing the notion of instance compression. Instance compression reduces large NP instances to a size that depends on their witness size while preserving the "correctness" of the instance relative to the language. Shortly thereafter, Fortnow and Santhanam showed that efficient instance compression algorithms are unlikely to exist (as the polynomial hierarchy would collapse). Bronfman and Rothblum defined a computational analog of instance compression, which they called computational instance compression (CIC), and gave a construction of CIC under standard assumptions. Unfortunately, this notion is not strong enough to replace instance compression in Harnik and Naor's CRH construction. In this work, we revisit the notion of computation instance compression and ask what the "correct" notion for CIC is, in the sense that it is sufficiently strong to achieve useful cryptographic primitives while remaining consistent with common assumptions. First, we give a natural strengthening of the CIC definition that serves as a direct substitute for the instance compression scheme in the Harnik--Naor construction. However, we show that even this notion is unlikely to exist. We then identify a notion of CIC that gives new hope for constructing CRH from one-way functions via instance compression. We observe that this notion is achievable under standard assumptions and, by revisiting the Harnik--Naor proof, demonstrate that it is sufficiently strong to achieve CRH. In fact, we show that our CIC notion is existentially equivalent to CRH. Beyond Minicrypt, Harnik and Naor showed that a strengthening of instance compression can be used to construct OT and public-key encryption. We rule out the computational analog of this stronger notion by showing that it contradicts the existence of incompressible public-key encryption, which was recently constructed under standard assumptions.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
instance compressioncollision-resistant hashone-way functionsinteractive proofs
Contact author(s)
galarnon42 @ gmail com
shany ben-david @ biu ac il
eylon yogev @ biu ac il
History
2024-10-18: approved
2024-10-14: received
See all versions
Short URL
https://ia.cr/2024/1659
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1659,
      author = {Gal Arnon and Shany Ben-David and Eylon Yogev},
      title = {Instance Compression, Revisited},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1659},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1659}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.