Non-black-box Techniques in Cryptography

The American Heritage dictionary defines the term “Black-Box” as “A device or theoretical construct with known or specified performance characteristics but unknown or unspecified constituents and means of operation.” In the context of Computer Science, to use a program as a black-box means to use only its input/output relation by executing the program on chosen inputs, without examining the actual code (i.e., representation as a sequence of symbols) of the program. Since learning properties of a program from its code is a notoriously hard problem, in most cases both in applied and theoretical computer science, only black-box techniques are used. In fact, there are specific cases in which it has been either proved (e.g., the Halting Problem) or is widely conjectured (e.g., the Satisfiability Problem) that there is no advantage for non-black-box techniques over black-box techniques. In this thesis, we consider several settings in cryptography, and ask whether there actually is an advantage in using non-black-box techniques over black-box techniques in these settings. Somewhat surprisingly, our answer is mainly positive. That is, we show that in several contexts in cryptography, there is a difference between the power of black-box and non-black-box techniques. Using non-black-box techniques we are able to solve some problems in cryptography that were previously unsolved. In fact, some of these problems were previously proven to be unsolvable using black-box techniques. The main results of this thesis are the following: Software Obfuscation Informally speaking, an obfuscator is a compiler that takes a program P as input and produces a new program P ′ that has the same functionality as P , and yet is “unintelligible” in some sense. Ideally, a software obfuscator should ensure that the only information leaked about P from the program P ′, is information that can be derived by using only black-box access to P . Obfuscators, if they exist, would have a wide variety of cryptographic and complexity-theoretic applications, ranging from software protection to homomorphic encryption to complexity-theoretic analogues of Rice’s theorem. In this thesis, we discuss how to formally define obfuscators, and whether or not such objects exist. Our main result in this context is that even very weak forms of obfuscators do not exist. Zero-Knowledge The simulation paradigm, introduced by Goldwasser, Micali and Rackoff, has had fundamental impact on cryptography. A simulator is an algorithm that tries to simulate the interaction of the adversary with an honest party, without knowing the private input of this honest party. Loosely speaking, the existence of such a simulator demonstrates that the adversary did not gain any knowledge about the honest party’s input.