On the impossibilities of basing one-way permutations on central cryptographic primitives

Abstract

We know that trapdoor permutations can be used to constructall kinds of basic cryptographic primitives, including trapdoorfunctions, public-key encryption, private information retrieval, oblivioustransfer, key agreement, and those known to be equivalent to one-wayfunctions suchas digital signature, private-key encryption, bit commitment,pseudo-random generator and pseudo-random functions. On theother hand, trapdoor functions are not as powerful as trapdoor permutations,so the structural property of permutations seem to be somethingspecial that deserves a more careful study. In this paper, we investigatethe relationships between one-way permutations and all these basiccryptographic primitives. Following previous work, we focus on an importanttype of reductions called black-box reductions. We prove thatno suchreductions exist from one-way permutations to either trapdoorfunctions or private information retrieval. Together with previous results,all the relationships with one-way permutations have now beenestablished, and we know that no such reductions exist from one-waypermutations to any of these primitives except trapdoor permutations.This may have the following meaning, with respect to black-box reductions.We know that one-way permutations imply none of the primitivesin “public cryptography”, where additional properties are required ontop of “one-wayness” [12], so permutations cannot be traded for any ofthese additional properties. On the other hand, we now know that none ofthese additional properties can be traded for permutations either. Thus,permutation seems to be something orthogonal to those additional propertieson top of one-wayness. Like previous non-reducibility results [12,23, 17, 7, 9, 8, 6], our proofs follow the oracle separation paradigm ofImpagliazzo and Rudich[12].