On Basing Auxiliary-Input Cryptography on NP-Hardness via Nonadaptive Black-Box Reductions

Author Mikito Nanashima

Thumbnail PDF


  • Filesize: 474 kB
  • 15 pages

Document Identifiers

Author Details

Mikito Nanashima
  • Tokyo Institute of Technology, Japan


The author thanks Toshiya Itoh and the anonymous reviewers for many helpful comments.

Cite AsGet BibTex

Mikito Nanashima. On Basing Auxiliary-Input Cryptography on NP-Hardness via Nonadaptive Black-Box Reductions. In 12th Innovations in Theoretical Computer Science Conference (ITCS 2021). Leibniz International Proceedings in Informatics (LIPIcs), Volume 185, pp. 29:1-29:15, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2021)


Constructing one-way functions based on NP-hardness is a central challenge in theoretical computer science. Unfortunately, Akavia et al. [Akavia et al., 2006] presented strong evidence that a nonadaptive black-box (BB) reduction is insufficient to solve this challenge. However, should we give up such a central proof technique even for an intermediate step? In this paper, we turn our eyes from standard cryptographic primitives to weaker cryptographic primitives allowed to take auxiliary-input and continue to explore the capability of nonadaptive BB reductions to base auxiliary-input primitives on NP-hardness. Specifically, we prove the followings: - if we base an auxiliary-input pseudorandom generator (AIPRG) on NP-hardness via a nonadaptive BB reduction, then the polynomial hierarchy collapses; - if we base an auxiliary-input one-way function (AIOWF) or auxiliary-input hitting set generator (AIHSG) on NP-hardness via a nonadaptive BB reduction, then an (i.o.-)one-way function also exists based on NP-hardness (via an adaptive BB reduction). These theorems extend our knowledge on nonadaptive BB reductions out of the current worst-to-average framework. The first result provides new evidence that nonadaptive BB reductions are insufficient to base AIPRG on NP-hardness. The second result also yields a weaker but still surprising consequence of nonadaptive BB reductions, i.e., a one-way function based on NP-hardness. In fact, the second result is interpreted in the following two opposite ways. Pessimistically, it shows that basing AIOWF or AIHSG on NP-hardness via nonadaptive BB reductions is harder than constructing a one-way function based on NP-hardness, which can be regarded as a negative result. Note that AIHSG is a weak primitive implied even by the hardness of learning; thus, this pessimistic view provides conceptually stronger limitations than the currently known limitations on nonadaptive BB reductions. Optimistically, it offers a new hope: breakthrough construction of auxiliary-input primitives might also provide construction standard cryptographic primitives. This optimistic view enhances the significance of further investigation on constructing auxiliary-input or other intermediate cryptographic primitives instead of standard cryptographic primitives.

Subject Classification

ACM Subject Classification
  • Theory of computation → Computational complexity and cryptography
  • Auxiliary-input cryptographic primitives
  • nonadaptive black-box reductions


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. W. Aiello and J. Håstad. Perfect zero-knowledge languages can be recognized in two rounds. In 28th Annual Symposium on Foundations of Computer Science, pages 439-448, 1987. Google Scholar
  2. A. Akavia, O. Goldreich, S. Goldwasser, and D. Moshkovitz. On Basing One-Way Functions on NP-Hardness. In Proceedings of the 38th Annual ACM Symposium on Theory of Computing, STOC ’06, pages 701-710, New York, NY, USA, 2006. ACM. Google Scholar
  3. E. Allender and S. Hirahara. New Insights on the (Non-)Hardness of Circuit Minimization and Related Problems. TOCT, 11(4):27:1-27:27, 2019. Google Scholar
  4. A. Andreev, A. Clementi, and J. Rolim. A New General Derandomization Method. J. ACM, 45(1):179-213, January 1998. Google Scholar
  5. B. Applebaum, B. Barak, and D. Xiao. On Basing Lower-Bounds for Learning on Worst-Case Assumptions. In Proceedings of the 49th Annual IEEE Symposium on Foundations of Computer Science, FOCS'08, pages 211-220, 2008. Google Scholar
  6. T. Baker, J. Gill, and R. Solovay. Relativizations of the 𝒫 = ?NP Question. SIAM Journal on Computing, 4(4):431-442, 1975. Google Scholar
  7. S. Ben-David, B. Chor, O. Goldreich, and M. Luby. On the theory of average case complexity. Journal of Computer and System Sciences, 44(2):193-219, 1992. URL: https://doi.org/10.1016/0022-0000(92)90019-F.
  8. A. Bogdanov and C. Brzuska. On Basing Size-Verifiable One-Way Functions on NP-Hardness. In Theory of Cryptography - 12th Theory of Cryptography Conference, TCC 2015, Warsaw, Poland, March 23-25, 2015, Proceedings, Part I, pages 1-6, 2015. Google Scholar
  9. A. Bogdanov and C. Lee. Limits of Provable Security for Homomorphic Encryption. In Advances in Cryptology - CRYPTO 2013 - 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part I, pages 111-128, 2013. Google Scholar
  10. A. Bogdanov and L. Trevisan. On Worst-Case to Average-Case Reductions for NP Problems. SIAM J. Comput., 36(4):1119–-1159, December 2006. Google Scholar
  11. J. Feigenbaum and L. Fortnow. On the random-self-reducibility of complete sets. In Proceedings of the 6th Annual Structure in Complexity Theory Conference, pages 124-132, 1991. Google Scholar
  12. D. Gutfreund and S. Vadhan. Limitations of Hardness vs. Randomness under Uniform Reductions. In Approximation, Randomization and Combinatorial Optimization. Algorithms and Techniques. APPROX 2008, RANDOM 2008, volume 5171 of LNCS, pages 469-482, 2008. Google Scholar
  13. I. Haitner, M. Mahmoody, and D. Xiao. A New Sampling Protocol and Applications to Basing Cryptographic Primitives on the Hardness of NP. In IEEE 25th Annual Conference on Computational Complexity, pages 76-87, 2010. Google Scholar
  14. I. Haitner, O. Reingold, and S. Vadhan. Efficiency Improvements in Constructing Pseudorandom Generators from One-Way Functions. SIAM Journal on Computing, 42(3):1405-1430, 2013. Google Scholar
  15. J. Håstad, R. Impagliazzo, L. A. Levin, and M. Luby. A Pseudorandom Generator from Any One-way Function. SIAM J. Comput., 28(4):1364-1396, March 1999. Google Scholar
  16. S. Hirahara. Non-Black-Box Worst-Case to Average-Case Reductions within NP. In 59th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2018, Paris, France, October 7-9, 2018, pages 247-258, 2018. Google Scholar
  17. S. Hirahara and O. Watanabe. On Nonadaptive Reductions to the Set of Random Strings and Its Dense Subsets. In Complexity and Approximation - In Memory of Ker-I Ko, pages 67-79, 2020. Google Scholar
  18. T. Holenstein. Key Agreement from Weak Bit Agreement. In Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, STOC ’05, pages 664–-673, New York, NY, USA, 2005. ACM. Google Scholar
  19. T. Holenstein. Pseudorandom Generators from One-Way Functions: A Simple Construction for Any Hardness. In Theory of Cryptography, pages 443-461, Berlin, Heidelberg, 2006. Springer Berlin Heidelberg. Google Scholar
  20. R. Impagliazzo. A personal view of average-case complexity. In Proceedings of IEEE Tenth Annual Conference on Structure in Complexity Theory, pages 134-147, 1995. Google Scholar
  21. R. Impagliazzo. Relativized Separations of Worst-Case and Average-Case Complexities for NP. In 2011 IEEE 26th Annual Conference on Computational Complexity, pages 104-114, 2011. Google Scholar
  22. R. Impagliazzo and L. Levin. No better ways to generate hard NP instances than picking uniformly at random. In Proceedings of the 31st Annual Symposium on Foundations of Computer Science, FOCS'90, pages 812-821, 1990. Google Scholar
  23. R. Impagliazzo and M. Luby. One-way Functions Are Essential for Complexity Based Cryptography. In Proceedings of the 30th Annual Symposium on Foundations of Computer Science, pages 230-235, 1989. Google Scholar
  24. R. Impagliazzo and S. Rudich. Limits on the Provable Consequences of One-Way Permutations. In Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, STOC ’89, pages 44-61, New York, NY, USA, 1989. ACM. Google Scholar
  25. R. Impagliazzo and A. Wigderson. Randomness vs Time: Derandomization under a Uniform Assumption. Journal of Computer and System Sciences, 63(4):672-688, 2001. Google Scholar
  26. M. Jerrum, L. Valiant, and V. Vazirani. Random generation of combinatorial structures from a uniform distribution. Theoretical Computer Science, 43:169-188, 1986. Google Scholar
  27. T. Liu and V. Vaikuntanathan. On Basing Private Information Retrieval on NP-Hardness. In Theory of Cryptography - 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10-13, 2016, Proceedings, Part I, pages 372-386, 2016. Google Scholar
  28. M. Nanashima. Extending Learnability to Auxiliary-Input Cryptographic Primitives and Meta-PAC Learning. In Proceedings of the 33rd Conference on Learning Theory, COLT'20, volume 125, pages 2998-3029. PMLR, 09-12 July 2020. Google Scholar
  29. M. Nanashima. On Basing Auxiliary-Input Cryptography on NP-hardness via Nonadaptive Black-Box Reductions. Electron. Colloquium Comput. Complex., 27:95, 2020. URL: https://eccc.weizmann.ac.il/report/2020/095.
  30. R. Ostrovsky and A. Wigderson. One-way functions are essential for non-trivial zero-knowledge. In Proceedings of the 2nd Israel Symposium on Theory and Computing Systems, ISTCS'93, pages 3-17, June 1993. Google Scholar
  31. O. Reingold, L. Trevisan, and S. Vadhan. Notions of Reducibility between Cryptographic Primitives. In Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004, Cambridge, MA, USA, February 19-21, 2004, Proceedings, pages 1-20, 2004. Google Scholar
  32. J. Rompel. One-way Functions Are Necessary and Sufficient for Secure Signatures. In Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, pages 387-394, 1990. Google Scholar
  33. R. Santhanam. Pseudorandomness and the Minimum Circuit Size Problem. In 11th Innovations in Theoretical Computer Science Conference, ITCS 2020, volume 151 of LIPIcs, pages 68:1-68:26, 2020. Google Scholar
  34. D. Xiao. New Perspectives on the Complexity of Computational Learning, and Other Problems in Theoretical Computer Science. PhD thesis, Princeton University, 2009. Google Scholar
  35. D. Xiao. On basing ZK ≠ BPP on the hardness of PAC learning. In Proceedings of the 24th Conference on Computational Complexity, CCC'09, pages 304-315, 2009. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail