Notions of Reducibility between Cryptographic Primitives

Starting with the seminal paper of Impagliazzo and Rudich [18], there has been a large body of work showing that various cryptographic primitives cannot be reduced to each other via “black-box” reductions. The common interpretation of these results is that there are inherent limitations in using a primitive as a black box, and that these impossibility results can be overcome only by explicitly using the code of the primitive in the construction. In this paper we revisit these negative results, we give a more careful taxonomy of the ways in which “black-box reductions” can be formalized, we strengthen some previous results (in particular we give unconditional proofs of results that were previously proved only assuming P = NP ), and we offer a new interpretation of them: that, in many cases, there is no limitation in using a primitive as a black box, but there is a limitation in treating adversaries as such. In particular, these negative results may be overcome by using the code of the adversary in the analysis. ⋆ Research was supported in part by US-Israel Binational Science Foundation Grant 2002246. ⋆⋆ Part of this research was performed while visiting the Institute for Advanced Study, Princeton, NJ. ⋆ ⋆ ⋆ Supported by NSF grant CCR-9984703, a Sloan Research Fellowship and an Okawa Foundation Grant. † Supported by NSF Grant CCR-0205423 and a Sloan Research Fellowship.