Ph.D Student | Applebaum Benny |
---|---|

Subject | Cryptography in Constant Parallel Time |

Department | Department of Computer Science |

Supervisors | Professor Yuval Ishai |

Professor Eyal Kushilevitz | |

Full Thesis text |

We study the parallel time-complexity of basic cryptographic primitives. Specifically, we consider the possibility of computing instances of these primitives by NC0 circuits, in which each output bit depends on a constant number of input bits. Despite previous efforts in this direction, there has been no convincing theoretical evidence supporting this possibility, which was posed as an open question in several previous works. We essentially settle this question by providing strong evidence for the possibility of cryptography in NC0. In particular, we derive the following results:

1.
Existence of cryptographic primitives in NC0. We show that
many cryptographic primitives can be realized in NC0 under standard
intractability assumptions used in cryptography, such as ones related to
factoring, discrete logarithm, or lattice problems. This includes one-way
functions, pseudorandom generators, symmetric and public key encryption
schemes, digital signatures, message authentication schemes (MACs), commitment
schemes, collision resistant hash functions and zero-knowledge proofs.
Moreover, we provide a *compiler* that transforms an implementation of a
cryptographic primitive in a relatively "high'" complexity class into
an NC0 implementation. This compiler is also used to derive new (unconditional)
NC0 *reductions* between different cryptographic primitives. In some
cases, no parallel reductions of this type were previously known, even in NC.
Interestingly, we get *non-black-box* reductions.

2.
Cryptography with constant input locality. We study the
possibility of carrying out cryptographic tasks by functions in which each
input bit affects a constant number of *output* bits, i.e., functions with
constant *input* locality. (Our previous results have only addressed the
case of a constant *output* locality, which does not imply a constant *input*
locality.) We (almost) characterize what cryptographic tasks can be performed
with constant input locality. On the negative side, we show that primitives
which require some form of non-malleability (such as digital signatures,
message authentication, or non-malleable encryption) *cannot* be realized
with constant input locality. On the positive side, assuming the intractability
of certain problems from the domain of error correcting codes (namely, hardness
of decoding a random linear code or the security of the McEliece cryptosystem),
we obtain new constructions of one-way functions, pseudorandom generators,
commitments, and semantically-secure public-key encryption schemes whose input
locality is constant. Moreover, these constructions also enjoy constant *output
locality*. Therefore, they give rise to cryptographic hardware that has
constant-depth, constant fan-in and constant *fan-out*. As a byproduct, we
obtain a pseudorandom generator whose output and input locality are both
optimal (namely, 3).