Cryptographic Complexity Classes and Computational Intractability Assumptions

Which computational complexity assumptions are inherent to cryptography? We present a broad framework to pose and investigate this question. We first aim to understand the “cryptographic complexity” of various tasks, independent of any computational assumptions. In our framework the cryptographic tasks are modeled as multi-party computation functionalities. We consider a universally composable secure protocol for one task given access to another task as the most natural complexity reduction between the two tasks. Some of these cryptographic complexity reductions are unconditional, others are unconditionally non-existent, but the vast majority appear to depend on computational assumptions; it is this relationship with computational assumptions that we study. In our detailed investigation of large classes of 2-party functionalities, we find that every reduction we are able to classify turns out to be unconditionally true or false, or else equivalent to the existence of one-way functions (OWF) or of semi-honest (equivalently, standalone-secure) oblivious transfer protocols (sh-OT). This leads us to conjecture that there are only a small finite number of distinct (i.e., black-box separable) computational assumptions that are inherent among the infinite number of different cryptographic reductions in our framework. On moving to 3-party functionalities, there does exist a natural computational assumption, distinct from the OWF and sh-OT assumptions (namely, the existence of a key agreement protocol) that manifests itself as a cryptographic complexity reduction (in our setting, in a private communication task, the eavesdropper is considered a third party). We point out that the cryptographic complexity of functionalities with three or more parties is little understood in general, and may lead us to new distinct computational assumptions. If indeed only a few computational complexity assumptions manifest in this framework, we propose that they are of an extraordinarily fundamental nature, since the framework contains a large variety of cryptographic tasks, and was formulated without any regard to any of the prevalent computational complexity assumptions.