On Search Complexity of Discrete Logarithm

International Symposium on Mathematical Foundations of Computer Science Pub Date : 2021-07-06 DOI:10.4230/LIPIcs.MFCS.2021.60

Pavel Hubácek, Jan Václavek

{"title":"On Search Complexity of Discrete Logarithm","authors":"Pavel Hubácek, Jan Václavek","doi":"10.4230/LIPIcs.MFCS.2021.60","DOIUrl":null,"url":null,"abstract":"In this work, we study the discrete logarithm problem in the context of TFNP – the complexity class of search problems with a syntactically guaranteed existence of a solution for all instances. Our main results establish that suitable variants of the discrete logarithm problem are complete for the complexity class PPP, respectively PWPP, i.e., the subclasses of TFNP capturing total search problems with a solution guaranteed by the pigeonhole principle, respectively the weak pigeonhole principle. Besides answering an open problem from the recent work of Sotiraki, Zampetakis, and Zirdelis (FOCS’18), our completeness results for PPP and PWPP have implications for the recent line of work proving conditional lower bounds for problems in TFNP under cryptographic assumptions. In particular, they highlight that any attempt at basing average-case hardness in subclasses of TFNP (other than PWPP and PPP) on the average-case hardness of the discrete logarithm problem must exploit its structural properties beyond what is necessary for constructions of collision-resistant hash functions. Additionally, our reductions provide new structural insights into the class PWPP by establishing two new PWPP-complete problems. First, the problem Dove, a relaxation of the PPP-complete problem Pigeon. Dove is the first PWPP-complete problem not defined in terms of an explicitly shrinking function. Second, the problem Claw, a total search problem capturing the computational complexity of breaking claw-free permutations. In the context of TFNP, the PWPP-completeness of Claw matches the known intrinsic relationship between collision-resistant hash functions and claw-free permutations established in the cryptographic literature. A preliminary version of this work appeared in the 46th International Symposium on Mathematical Foundations of Computer Science, MFCS 2021 [HV21]. Research was supported by the Grant Agency of the Czech Republic under the grant agreement no. 19-27871X and by the Charles University projects PRIMUS/17/SCI/9 and UNCE/SCI/004.","PeriodicalId":369104,"journal":{"name":"International Symposium on Mathematical Foundations of Computer Science","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Symposium on Mathematical Foundations of Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPIcs.MFCS.2021.60","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

In this work, we study the discrete logarithm problem in the context of TFNP – the complexity class of search problems with a syntactically guaranteed existence of a solution for all instances. Our main results establish that suitable variants of the discrete logarithm problem are complete for the complexity class PPP, respectively PWPP, i.e., the subclasses of TFNP capturing total search problems with a solution guaranteed by the pigeonhole principle, respectively the weak pigeonhole principle. Besides answering an open problem from the recent work of Sotiraki, Zampetakis, and Zirdelis (FOCS’18), our completeness results for PPP and PWPP have implications for the recent line of work proving conditional lower bounds for problems in TFNP under cryptographic assumptions. In particular, they highlight that any attempt at basing average-case hardness in subclasses of TFNP (other than PWPP and PPP) on the average-case hardness of the discrete logarithm problem must exploit its structural properties beyond what is necessary for constructions of collision-resistant hash functions. Additionally, our reductions provide new structural insights into the class PWPP by establishing two new PWPP-complete problems. First, the problem Dove, a relaxation of the PPP-complete problem Pigeon. Dove is the first PWPP-complete problem not defined in terms of an explicitly shrinking function. Second, the problem Claw, a total search problem capturing the computational complexity of breaking claw-free permutations. In the context of TFNP, the PWPP-completeness of Claw matches the known intrinsic relationship between collision-resistant hash functions and claw-free permutations established in the cryptographic literature. A preliminary version of this work appeared in the 46th International Symposium on Mathematical Foundations of Computer Science, MFCS 2021 [HV21]. Research was supported by the Grant Agency of the Czech Republic under the grant agreement no. 19-27871X and by the Charles University projects PRIMUS/17/SCI/9 and UNCE/SCI/004.

查看原文本刊更多论文

关于离散对数的搜索复杂度

在这项工作中，我们研究了在TFNP背景下的离散对数问题-具有语法保证所有实例解存在性的搜索问题的复杂性类。我们的主要结果建立了离散对数问题的合适变体对于复杂度类PPP是完备的，分别为PWPP，即TFNP的子类捕获总搜索问题，其解由鸽子洞原理保证，分别为弱鸽子洞原理。除了回答Sotiraki, Zampetakis和Zirdelis (FOCS ' 18)最近工作中的一个开放问题外，我们关于PPP和PWPP的完备性结果对最近在加密假设下证明TFNP问题的条件下界的工作也有影响。他们特别强调，在离散对数问题的平均情况硬度基础上建立TFNP子类(PWPP和PPP除外)的平均情况硬度的任何尝试都必须利用其结构特性，而不仅仅是构造抗碰撞哈希函数所必需的。此外，我们的约简通过建立两个新的PWPP完备问题，为PWPP类提供了新的结构见解。首先是鸽子问题，一个放松的ppp -完全鸽子问题。Dove是第一个不以显式收缩函数定义的pwpp完全问题。其次，爪问题，一个捕获打破无爪排列的计算复杂度的总搜索问题。在TFNP环境下，Claw的pwpp -完备性与密码学文献中建立的抗碰撞哈希函数和无爪排列之间已知的内在关系相匹配。这项工作的初步版本出现在第46届计算机科学数学基础国际研讨会MFCS 2021 [HV21]上。研究由捷克共和国资助机构根据第。Charles University项目PRIMUS/17/SCI/9和UNCE/SCI/004。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Symposium on Mathematical Foundations of Computer Science

自引率

0.00%

发文量