Pigram

Pigram refers to a rare, and somewhat controversial, type of cryptographic primitive. It is a conjectured family of functions where the output bits are deterministically and predictably derived from the input bits via a simple, publicly known algorithm, but the function's security relies on the assumption that reversing this process, i.e., deriving the input from the output, is computationally infeasible. The term is often used theoretically, and no practical, provably secure Pigram construction is known.

The core concept behind a Pigram lies in its asymmetry. The forward computation should be extremely efficient and easily implementable, while the backward computation is assumed to be exponentially difficult. This contrasts sharply with more common cryptographic constructions like hash functions or block ciphers, where both the forward and reverse computations are designed to be computationally expensive without secret keys.

The theoretical appeal of Pigrams stems from the possibility of achieving lightweight cryptography. If a secure Pigram could be designed, it would allow for cryptographic operations on resource-constrained devices with minimal computational overhead. However, the difficulty in designing such a function, coupled with the lack of rigorous security proofs for existing candidate constructions, has kept Pigrams largely within the realm of theoretical cryptography.

The security of a Pigram typically rests on unproven assumptions about the complexity of particular mathematical problems or the intractability of certain computational tasks. These assumptions must be stronger than those used for more established cryptographic primitives because the algorithm itself is public and straightforward. Potential attacks against Pigrams often involve clever mathematical techniques or algorithmic optimizations aimed at inverting the function more efficiently than expected.

Despite the challenges, the potential benefits of a secure Pigram continue to motivate research in this area, particularly in the context of the Internet of Things (IoT) and other applications where lightweight cryptography is paramount. However, the term "Pigram" is often used loosely and sometimes even pejoratively, due to the historical lack of concretely secure implementations.