Correlated pseudorandomness and the complexity of private computations

Abstract

The race to find the weakest possible assumptions on which to base cryptographic primitives such as oblivious transfer was abruptly halted by Impagliazzo's and Rudich's surprising result: basing oblivious transfer or other related problems on a black-box one-way permutation (as opposed to a one-way trapdoor permutation) is tantamount to showing P≠NP. In contrast, we show how to generate OT - in the sense of random number generation - using any one-way function in a black-box manner. That is, an initial "seed" of k OT's suffices to generate O(kc) OT's. In turn, we show that such generation is impossible in an information-theoretic setting, thus placing OT on an equal footing with random number generation, and resolving an artificial asymmetry in the analysis of randomness and partiallycorrelated randomness. We also initiate a complexity theory of privatelycomputable probabilistic functions1 and show that there is a provably rich hierarchy among them. Previous work has considered deterministic functions of possibly-random inputs, and focused on whether reductions exist, the class of primitives that are complete, and the amount of information leaked vs. message complexity. We show that any complete boolean function gives rise to a nontrivial complexity hierarchy of privately-computable functions, measured according to invocations of a complete primitive - and that this hierarchy collapses when restricted to "computational" security.