Tradeoffs in Cryptography

Abstract

The primary objective of provable security is to characterize, as precisely as possible, the resources an attacker needs to compromise the security of a cryptographic system. While the time complexity of an attacker has traditionally been the key factor considered, actual attackers choose to invest in various other resources such as memory, preprocessing, parallelism etc. Moreover, an attacker may also exploit tradeoffs between these various resources in order to compromise security. This thesis develops new theory that characterizes the tradeoffs between various resources required to compromise the security of a cryptographic system. It makes progress in the two following directions:1. Memory-tightness: Firstly, this thesis develops a toolbox of new techniques for giving memory-tight reductions. Earlier works on memory-tightness gave some generic elementary techniques to make reductions memory-tight, but they were somewhat limited in their applicability. The work here addresses this issue and invents more involved techniques to make certain types of reductions memory-tight. Secondly, this thesis gives new results on the impossibility of making certain reductions memory-tight. While prior impossibility results in other settings were known, this thesis proves a memory-tightness impossibility for a scheme with algebraic structure for the first time. 2. Time-space tradeoffs: This thesis continues the recent line of work on time-space tradeoffs in cryptography. Firstly, it proves new results that characterize time-space tradeoffs for mechanisms underlying the most popular cryptographic hash functions. Secondly, it gives a new hashing mechanism that provides optimal security against these time-space tradeoff attacks. Finally, it addresses the question of how much time is needed to produce the advice for preprocessing attacks.