On Hardness Amplification of One-Way Functions

We continue the study of the efficiency of black-box reductions in cryptography. We focus on the question of constructing strong one-way functions (respectively, permutations) from weak one-way functions (respectively, permutations). To make our impossibility results stronger, we focus on the weakest type of constructions: those that start from a weak one-way permutation and define a strong one-way function. We show that for every “fully black-box” construction of a (n)secure function based on a (1 − δ(n))-secure permutation, if q(n) is the number of oracle queries used in the construction and (n) is the input length of the new function, then we have q ≥ Ω( 1 δ · log 1 ) and ≥ n+Ω(log 1/ )−O(log q). This result is proved by showing that fully blackbox reductions of strong to weak one-way functions imply the existence of “hitters” and then by applying known lower bounds for hitters. We also show a sort of reverse connection, and we revisit the construction of Goldreich et al. (FOCS 1990) in terms of this reverse connection. Finally, we prove that any “weakly black-box” construction with parameters q(n) and (n) better than the above lower bounds implies the unconditional existence of strong one-way functions (and, therefore, the existence of a weakly black-box construction with q(n) = 0). This result, like the one for fully black-box reductions, is proved by reasoning about the function defined by such a construction when using the identity permutation as an oracle.