But I’m still doubtful about the argument. Obviously, results based on NPC or NP hardness are legitimate, but they do stand to higher standards. For instance, you should show that NP hardness doesn’t almost directly imply your result.

Another thing is that NP hardness is an established assumption, while UGC, and probably much less so Indistinguishability Obfuscator (IO) is apparently not established to the same extent NP hardness. Hence, it does seem reasonable that concentrating on the implications of such assumptions should be held to higher standards than unconditional results.

]]>The story goes that once upon a time a student wrote his thesis on Hölder-continuous maps with α>1, since he had only seen the case α≤1 addressed in his books. The student proved many wonderful theorems about these maps and was very excited for his defense.

At his thesis defense, one of the examiners (is that the right word?) asked him to provide a nontrivial example of such a map. The student was flustered. As it turns out, all such maps are constant – no wonder the theorems were so nice.

]]>Going in the other direction, What we know today is to obtain some form of MMAPs from a notion of obfuscation that’s slightly stronger than IO, called Strong IO. (In fact We know that SIO exists if and only if that form of MMAPs exists. see Bitansky-C-Kalai-Paneth, Crypto 14). It may also well be possible to obtain such an equivalence for plain IO and some variant of MMAPs. Still, this does not rule out the possibility that IO can be naturally constructed in other ways (say, directly from LWE or from a completely different algebraic construct) without going via MMAPs. This also doesnt rule out the possibility that other forms of MMAPs maybe possible even if IO is proven impossible or unplausible.

Hope this clarifies.

]]>It allows demonstrating relative hardness *regardless* of our inability to actually prove hardness of problems.

A similar thing happens here – IO (and also MMAPs, although to a much lesser extent) is a concise and natural notion that allows us to separate out the study of the hardness/security of constructions from the security of schemes that use it as a building block. So the study of IO

is relevant regardless of our inability to prove its security.

Of course, NPC is just one obvious example. The UGC is another – the fact that we dont know how to prove/disprove it doesnt prevent us from studying its consequences (in fact, it only enhances our interest.) can think of others…

]]>I don’t think this parodic example proves anything. On the contrary, it is in fact a correct statement. NP-completeness results are indeed not extremely interesting nowadays. Unconditional lower bounds, even for restricted models, for instance, would have a better chance to get accepted.

]]>