4

There is no known proof that one way functions exist. But what is the heuristic evidence that they exist?

I sometimes read that the existence of cryptography is heuristic evidence that they exist. E.g. the ciphertext from a block cipher like AES is easily computable if you know the plaintext and key, but the key is not easily computable if you know the plaintext and ciphertext.

This is seen as evidence that AES might be a one way function, but to me it simply suggests that we don't know how to invert AES. In other words, it seems like this is an algorithm-search problem that is very hard (finding the key inversion algorithm), not that that algorithm doesn't exist.

Is my reasoning correct? Whether it is or not, what is the heuristic evidence that one way functions exist?

xskxzr
  • 7,613
  • 5
  • 24
  • 47
user56834
  • 4,244
  • 5
  • 21
  • 35

1 Answers1

3

AES is widely believed to be secure: many smart people have tried to break it and haven't been able. This is not a proof, and it is arguable exactly how strong this evidence is, but it does count as heuristic evidence of some sort. The fact that we haven't been able to find an algorithm to break AES does seem to count as some sort of heuristic evidence that no such algorithm exists -- again, not ironclad, not a proof, arguable how strong the evidence is, some might even call it weak evidence, but still evidence of some sort.

Moreover, it is easy to prove that if AES is secure, then the function $F$ defined by

$$F(k) = \text{AES}_K(0)$$

is one-way, where $0$ represents the block of 128 zero bits. To be precise, if AES is a secure PRP, then $F$ is a secure one-way function -- this latter statement can be mathematically proven in a 100% rigorous way. Here by "security" I refer to concrete security rather than asymptotic security. If you're interested in asymptotic security, you'll need something more.

Thus, this is heuristic evidence that one-way functions exist: in particular, we have heuristic evidence that the $F$ defined above is one-way. You can form your own judgement about how persuasive or how strong this evidence is; that probably comes down to a personal judgement.

D.W.
  • 167,959
  • 22
  • 232
  • 500