Pass, Rafael2010-12-282010-12-282010-12-27https://hdl.handle.net/1813/21926We show that the security of some well-known cryptographic protocols, primitives and assumptions (e.g., the Schnorr identification scheme, commitments secure under adaptive selective-decommitment, the ``one-more'' discrete logarithm assumption) cannot be based on \emph{any standard assumption} using a Turing (i.e., black-box) reduction. These results follow from a general result showing that Turing reductions cannot be used to prove security of \emph{constant-round sequentially witness-hiding special-sound protocols} for \emph{unique witness} relations, based on standard assumptions; we emphasize that this result holds even if the protocol makes \emph{non-black-box} use of the underlying assumption.en-USarticle