Prashant Nalini Vasudevan

Conditional Disclosure of Secrets: Amplification, Closure, Amortization, Lower-Bounds, and Separations.

In the conditional disclosure of secrets problem (Gertner et al. J. Comput. Syst. Sci. 2000) Alice and Bob, who hold inputs x and y respectively, wish to release a common secret s to Carol (who knows both x and y) if and only if the input (x, y) satisfies some predefined predicate f. Alice and Bob are allowed to send a single message to Carol which may depend on their inputs and some joint randomness and the goal is to minimize the communication complexity while providing information-theoretic security.

Multi-Collision Resistant Hash Functions and Their Applications

Collision resistant hash functions are functions that shrink their input, but for which it is computationally infeasible to find a collision, namely two strings that hash to the same value (although collisions are abundant).

Secret Sharing and Statistical Zero Knowledge

We show a general connection between various types of statistical zero-knowledge (SZK) proof systems and (unconditionally secure) secret sharing schemes. Viewed through the SZK lens, we obtain several new results on secret-sharing: Characterizations: We obtain an almost-characterization of access structures for which there are secret-sharing schemes with an efficient sharing algorithm (but not necessarily efficient reconstruction). In particular, we show that for every language \(L \in {{\mathbf {SZK}}_{\mathbf {L}}}\) (the class of languages that have statistical zero knowledge proofs with log-space verifiers and simulators), a (monotonized) access structure associated with L has such a secret-sharing scheme. Conversely, we show that such secret-sharing schemes can only exist for languages in \({\mathbf {SZK}}\). Constructions: We show new constructions of secret-sharing schemes with both efficient sharing and efficient reconstruction for access structures associated with languages that are in \({\mathbf {P}}\), but are not known to be in \({\mathbf {NC}}\), namely Bounded-Degree Graph Isomorphism and constant-dimensional lattice problems. In particular, this gives us the first combinatorial access structure that is conjectured to be outside \({\mathbf {NC}}\) but has an efficient secret-sharing scheme. Previous such constructions (Beimel and Ishai; CCC 2001) were algebraic and number-theoretic in nature. Limitations: We also show that universally-efficient secret-sharing schemes, where the complexity of computing the shares is a polynomial independent of the complexity of deciding the access structure, cannot exist for all (monotone languages in) \(\mathbf {P}\), unless there is a polynomial q such that \({\mathbf {P}} \subseteq {\mathbf {DSPACE}}(q(n))\).

On the Power of Statistical Zero Knowledge

We examine the power of statistical zero knowledge proofs (captured by the complexity class SZK) and their variants. First, we give the strongest known relativized evidence that SZK contains hard problems, by exhibiting an oracle relative to which SZK (indeed, even NISZK) is not contained in the class UPP, containing those problems solvable by randomized algorithms with unbounded error. This answers an open question of Watrous from 2002. Second, we lift this oracle separation to the setting of communication complexity, thereby answering a question of Göös et al. (ICALP 2016). Third, we give relativized evidence that perfect zero knowledge proofs (captured by the class PZK) are weaker than general zero knowledge proofs. Specifically, we exhibit oracles which separate SZK from PZK, NISZK from NIPZK and PZK from coPZK. The first of these results answers a question raised in 1991 by Aiello and Håstad (Information and Computation), and the second answers a question of Lovett and Zhang (2016). We also describe additional applications of these results outside of structural complexity.The technical core of our results is a stronger hardness amplification theorem for approximate degree, which roughly says that composing the gapped-majority function with any function of high approximate degree yields a function with high threshold degree.

Fine-Grained Cryptography

Fine-grained cryptographic primitives are ones that are secure against adversaries with an a-priori bounded polynomial amount of resources time, space or parallel-time, where the honest algorithms use less resources than the adversaries they are designed to fool. Such primitives were previously studied in the context of time-bounded adversaries Merkle, CACM 1978, space-bounded adversaries Cachin and Maurer, CRYPTO 1997 and parallel-time-bounded adversaries Hastad, IPL 1987. Our goal is come up with fine-grained primitives in the setting of parallel-time-bounded adversaries and to show unconditional security of these constructions when possible, or base security on widely believed separation of worst-case complexity classes. We show:1.

From Laconic Zero-Knowledge to Public-Key Cryptography

{\textsf {NC}^{1}}

Proofs of Useful Work.

-cryptography: Under the assumption that [InlineEquation not available: see fulltext.], we construct one-way functions, pseudo-random generators with sub-linear stretch, collision-resistant hash functions and most importantly, public-key encryption schemes, all computable in