Abstract
Constructing key-agreement protocols in the random oracle model (ROM) is a viable method to assess the feasibility of developing public-key cryptography within Minicrypt. Unfortunately, as shown by Impagliazzo and Rudich (STOC 1989) and Barak and Mahmoody (Crypto 2009), such protocols can only guarantee limited security: any \(\ell \)-query protocol can be attacked by an \(O(\ell ^2)\)-query adversary. This quadratic gap matches the key-agreement protocol proposed by Merkle (CACM 78), known as Merkle’s Puzzles.
Besides query complexity, the communication complexity of key-agreement protocols in the ROM is also an interesting question in the realm of find-grained cryptography, even though only limited security is achievable. Haitner et al. (ITCS 2019) first observed that in Merkle’s Puzzles, to obtain secrecy against an eavesdropper with \(O(\ell ^2)\) queries, the honest parties must exchange \(\varOmega (\ell )\) bits. Therefore, they conjectured that high communication complexity is unavoidable, any \(\ell \)-query protocols with c bits of communication could be attacked by an \(O(c\cdot \ell )\)-query adversary. This, if true, will suggest that Merkle’s Puzzle is also optimal regarding communication complexity. Building upon techniques from communication complexity, Haitner et al. (ITCS 2019) confirmed this conjecture for two types of key agreement protocols with certain natural properties.
This work affirms the above conjecture for all non-adaptive protocols with perfect completeness. Our proof uses a novel idea called density increment argument. This method could be of independent interest as it differs from previous communication lower bounds techniques (and bypasses some technical barriers).
Supported by NSF CAREER award 2141536.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We drop low order terms such as \(\log N\) and \(\log M\) here.
- 2.
- 3.
More precisely, ‘almost all’ means if we sample an entry (x, y) according to the probability that it appears in real execution (conditioned on \(\tau , f_E\)), we have \(\mathcal {M}(x, y) = b\) with high probability.
References
Young, A., Yung, M.: Kleptography from standard assumptions and applications. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 271–290. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_18
Afshar, A., Couteau, G., Mahmoody, M., Sadeghi, E.: Fine-grained non-interactive key-exchange: constructions and lower bounds. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14004, pp. 55–85. Springer, Heidelberg (2023). https://doi.org/10.1007/978-3-031-30545-0_3
Applebaum, B., Holenstein, T., Mishra, M., Shayevitz, O.: The communication complexity of private simultaneous messages, revisited. J. Cryptol. 33(3), 917–953 (2020)
Barak, B., Braverman, M., Chen, X., Rao, A.: How to compress interactive communication. In: Proceedings of the Forty-Second ACM Symposium on Theory of Computing, pp. 67–76 (2010)
Brakerski, Z., Katz, J., Segev, G., Yerukhimovich, A.: Limits on the power of zero-knowledge proofs in cryptographic constructions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 559–578. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_34
Barak, B., Mahmoody-Ghidary, M.: Merkle puzzles are optimal–an \(O(n^2)\)-query attack on any key exchange from a random oracle. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 374–390. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_22
Cohen, S.P., Naor, M.: Low communication complexity protocols, collision resistant hash functions and secret key-agreement protocols. Cryptology ePrint Archive (2022)
Couteau, G.: A note on the communication complexity of multiparty computation in the correlated randomness model. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 473–503. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_17
Chakrabarti, A., Shi, Y., Wirth, A., Yao, A.: Informational complexity and the direct sum problem for simultaneous message complexity. In: Proceedings 42nd IEEE Symposium on Foundations of Computer Science, pp. 270–278. IEEE (2001)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)
Dinur, I., Hasson, B.: Distributed Merkle’s puzzles. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13043, pp. 310–332. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90453-1_11
Dachman-Soled, D., Lindell, Y., Mahmoody, M., Malkin, T.: On the black-box complexity of optimally-fair coin tossing. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 450–467. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_27
Göös, M., Pitassi, T., Watson, T.: Deterministic communication vs. partition number. In: 2015 IEEE 56th Annual Symposium on Foundations of Computer Science, pp. 1077–1088. IEEE (2015)
Göös, M., Pitassi, T., Watson, T.: Query-to-communication lifting for bpp. In: 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS), pp. 132–143. IEEE (2017)
Haitner, I., Hoch, J.J., Reingold, O., Segev, G.: Finding collisions in interactive protocols-tight lower bounds on the round and communication complexities of statistically hiding commitments. SIAM J. Comput. 44(1), 193–242 (2015)
Haitner, I., Mazor, N., Oshman, R., Reingold, O., Yehudayoff, A.: On the communication complexity of key-agreement protocols. In: 10th Innovations in Theoretical Computer Science, vol. 124 of LIPIcs. Leibniz Int. Proc. Inform., Art. No. 40, p. 16. Schloss Dagstuhl. Leibniz-Zent. Inform., Wadern (2019)
Haitner, I., Omri, E., Zarosim, H.: Limits on the usefulness of random oracles. J. Cryptol. 29(2), 283–335 (2016)
Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, pp. 44–61 (1989)
Katz, J., Schröder, D., Yerukhimovich, A.: Impossibility of blind signatures from one-way permutations. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 615–629. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19571-6_37
Mazor, N.: Key-agreement with perfect completeness from random oracles. Cryptology ePrint Archive (2023)
Merkle, R.C.: Secure communications over insecure channels. Commun. ACM 21(4), 294–299 (1978)
Mahmoody, M., Moran, T., Vadhan, S.: Time-lock puzzles in the random oracle model. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 39–50. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_3
Mahmoody, M., Pass, R.: The curious case of non-interactive commitments – on the power of black-box vs. non-black-box use of primitives. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 701–718. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_41
Raz, R., McKenzie, P.: Separation of the monotone NC hierarchy. In: Proceedings 38th Annual Symposium on Foundations of Computer Science, pp. 234–243. IEEE (1997)
Yang, G., Zhang, J.: Simulation methods in communication complexity, revisited. In: Electron. Colloquium Comput. Complex., TR22-019 (2022)
Yang, G., Zhang, J.: Lifting theorems meet information complexity: known and new lower bounds of set-disjointness (2023)
Acknowledgements
We thank Noam Mazor for presenting us with this intriguing question and for giving the ingenious construction of a key-agreement protocol with perfect completeness. We are grateful to the anonymous reviewers for their insightful comments and suggestions, which have significantly enhanced the presentation of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Huang, MY., Mao, X., Yang, G., Zhang, J. (2023). Communication Lower Bounds of Key-Agreement Protocols via Density Increment Arguments. In: Rothblum, G., Wee, H. (eds) Theory of Cryptography. TCC 2023. Lecture Notes in Computer Science, vol 14371. Springer, Cham. https://doi.org/10.1007/978-3-031-48621-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-48621-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-48620-3
Online ISBN: 978-3-031-48621-0
eBook Packages: Computer ScienceComputer Science (R0)
