“…On the other hand, recently, several black-box separation results have shown the limitations of a (one-way) TDP as a base primitive for constructing and/or proving the security of several "highly functional" cryptographic primitives or basic primitives with special functional/security properties. Those include the impossibility of constructing identity-based encryption [8], a wide class of predicate encryption [27], lossy trapdoor functions [42], trapdoor functions secure under correlated inputs [44], encryption schemes secure under key-dependent inputs [21], adaptively secure oblivious transfer protocols [30], non-interactive or perfectly binding commitment schemes secure under selective-opening attacks [2], verifiable random functions [12], a natural class of threemove blind signature schemes [13], succinct non-interactive argument systems [14], constant-round sequentially witness-hiding special-sound protocols for unique witness relations [39], and many of the cryptographic primitives that admit the so-called simulatable attacks [46]. We note that in fact, the results of [21,2,13,14,39,46] rule out the possibility of constructions (and/or, security proofs) of the target primitives based not only on one-way TDP but also on much broader class of primitives or assumptions, such as all falsifiable assumptions [36].…”