- Computational hardness assumption
-
In cryptography, a major goal is to create cryptographic primitives with provable security. In some cases cryptographic protocols are found to have information theoretic security, the one-time pad is a common example. In many cases, information theoretic security cannot be achieved, and in such cases cryptographers fall back to computational security. Roughly speaking this means that these systems are secure assuming that any adversaries are computationally limited, as all adversaries are in practice. Because hardness of a problem is difficult to prove, in practice certain problems are "assumed" to be difficult.
Common cryptographic hardness assumptions
There are many common cryptographic hardness assumptions. While the difficulty of solving any of the underlying problems is unproven, some assumptions on the computational hardness are stronger than others. Note that if assumption A is stronger than assumption B, that means solving the problem underlying assumption B is polytime reducible to solving the problem underlying assumption A – which means that if B is solvable in poly time, A definitely is, but the reverse doesn't follow. When devising cryptographic protocols, one hopes to be able to prove security using the weakest possible assumptions.
This is a list of some of the most common cryptographic hardness assumptions, and some cryptographic protocols that use them.
- Integer factorization
- Rabin cryptosystem
- Blum Blum Shub generator
- Okamoto–Uchiyama cryptosystem
- RSA problem (stronger than factorization)
- RSA cryptosystem
- Quadratic residuosity problem (stronger than factorization)
- Goldwasser–Micali cryptosystem
- Decisional composite residuosity assumption (stronger than factorization)
- Higher residuosity problem (stronger than factorization)
- Phi-hiding assumption (stronger than factorization)
- Cachin–Micali–Stadler PIR
- Discrete log problem (DLP)
- Computational Diffie–Hellman assumption (CDH; stronger than DLP)
- Decisional Diffie–Hellman assumption (DDH; stronger than CDH)
Non-cryptographic hardness assumptions
As well as their cryptographic applications, hardness assumptions are used in computational complexity theory to provide evidence for mathematical statements that are difficult to prove unconditionally. In these applications, one proves that the hardness assumption implies some desired complexity-theoretic statement, instead of proving that the statement is itself true. The best-known assumption of this type is the assumption that P ≠ NP,[1] but others include the exponential time hypothesis[2] and the unique games conjecture.[3]
References
- ^ Fortnow, Lance (2009), "The status of the P versus NP problem", Communications of the ACM 52 (9): 78–86, doi:10.1145/1562164.1562186, http://www.cs.uchicago.edu/~fortnow/papers/pnp-cacm.pdf.
- ^ Woeginger, Gerhard (2003), "Exact algorithms for NP-hard problems: A survey", Combinatorial Optimization — Eureka, You Shrink!, 2570, Springer-Verlag, pp. 185–207, doi:10.1007/3-540-36478-1_17.
- ^ Khot, Subhash (2010), "On the Unique Games Conjecture", Proc. 25th IEEE Conference on Computational Complexity, pp. 99–121, doi:10.1109/CCC.2010.19, http://cs.nyu.edu/~khot/papers/UGCSurvey.pdf.
Categories:- Theory of cryptography
- Computational number theory
- Integer factorization
Wikimedia Foundation. 2010.