International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On Derandomizing Yao’s Weak-to-Strong OWF Construction

Authors:
Chris Brzuska
Geoffroy Couteau
Pihla Karanko
Felix Rohrbach
Download:
DOI: 10.1007/978-3-030-90453-1_15
Search ePrint
Search Google
Presentation: Slides
Abstract: The celebrated result of Yao (Yao, FOCS'82) shows that concatenating n · p(n) copies of a weak one-way function f which can be inverted with probability 1 - 1/p(n) suffices to construct a strong one-way function g, showing that weak and strong one-way functions are black-box equivalent. This direct product theorem for hardness amplification of one-way functions has been very influential. However, the construction of Yao has severe efficiency limitations; in particular, it is not security-preserving (the input to g needs to be much larger than the input to f). Understanding whether this is inherent is an intriguing and long-standing open question. In this work, we explore necessary features of constructions which achieve short input length by proving the following: for any direct product construction of strong OWF g from a weak OWF f, which can be inverted with probability 1-1/p(n), the input size of g must grow as Omega(p(n)). By direct product construction, we refer to any construction with the following structure: the construction g executes some arbitrary pre-processing function (independent of f) on its input, obtaining a vector (y_1 ,··· ,y_l ), and outputs f(y_1),··· ,f(y_l). Note that Yao's construction is obtained by setting the pre-processing to be the identity. Our result generalizes to functions g with post-processing, as long as the post-processing function is not too lossy. Thus, in essence, any weak-to-strong hardness amplification must either (1) be very far from security-preserving, (2) use adaptivity, or (3) must be very far from a direct-product structure (in the sense of having a very lossy post-processing of the outputs of f). On a technical level, we use ideas from lower bounds for secret-sharing to prove the impossibility of derandomizing Yao in a black-box way. Our results are in line with Goldreich, Impagliazzo, Levin, Venkatesan, and Zuckerman (FOCS 1990) who derandomize Yao's construction for regular weak one-way functions by evaluating the OWF along a random walk on an expander graph---the construction is adaptive, since it alternates steps on the expander graph with evaluations of the weak one-way function.
Video from TCC 2021
BibTeX
@article{tcc-2021-31502,
  title={On Derandomizing Yao’s Weak-to-Strong OWF Construction},
  booktitle={Theory of Cryptography;19th International Conference},
  publisher={Springer},
  doi={10.1007/978-3-030-90453-1_15},
  author={Chris Brzuska and Geoffroy Couteau and Pihla Karanko and Felix Rohrbach},
  year=2021
}