On hardness amplification of one-way functions

Abstract

We continue the study of the efficiency of black-box reductions in cryptography. We focus on the question of constructing strong one-way functions (respectively, permutations) from weak one-way functions (respectively, permutations). To make our impossibility results stronger, we focus on the weakest type of constructions: those that start from a weak one-way permutation and define a strong one-way function. We show that for every "fully black-box" construction of a ε(n)-secure function based on a (1 - δ(n))-secure permutation, if q(n) is the number of oracle queries used in the construction and l(n) is the input length of the new function, then we have q ≥ Ω(1/δ · log 1/ε) and l ≥ n+Ω(log 1/ε)-O(log q). This result is proved by showing that fully blackbox reductions of strong to weak one-way functions imply the existence of "hitters" and then by applying known lower bounds for hitters. We also show a sort of reverse connection, and we revisit the construction of Goldreich et al. (FOCS 1990) in terms of this reverse connection. Finally, we prove that any "weakly black-box" construction with parameters q(n) and t(n) better than the above lower bounds implies the unconditional existence of strong one-way functions (and, therefore, the existence of a weakly black-box construction with q(n) = 0). This result, like the one for fully black-box reductions, is proved by reasoning about the function defined by such a construction when using the identity permutation as an oracle. © Springer-Verlag Berlin Heidelberg 2005.