A Bit-fixing PRF with O(1) Collusion-Resistance from LWE. / Davidson, Alexander; Nishimaki, Ryo.
In: IACR Cryptology ePrint Archive, Vol. 2018, No. 890, 21.09.2018, p. 1-25.Research output: Contribution to journal › Article
A Bit-fixing PRF with O(1) Collusion-Resistance from LWE. / Davidson, Alexander; Nishimaki, Ryo.
In: IACR Cryptology ePrint Archive, Vol. 2018, No. 890, 21.09.2018, p. 1-25.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - A Bit-fixing PRF with O(1) Collusion-Resistance from LWE
AU - Davidson, Alexander
AU - Nishimaki, Ryo
PY - 2018/9/21
Y1 - 2018/9/21
N2 - Constrained pseudorandom functions (CPRFs) allow learning modified PRF keys that can evaluate the PRF on a subset of the input space, or based on some sort of predicate. First introduced by Boneh and Waters [Asiacrypt 2013], they have been shown to be a useful cryptographic primitive with many applications. The full security definition of CPRFs requires the adversary to learn multiple constrained keys, a requirement for all of these applications. Unfortunately, existing constructions of CPRFs satisfying this security notion are only known from exceptionally strong cryptographic assumptions, such as indistinguishability obfuscation and the existence of multilinear maps, even for very weak predicates. CPRFs from more standard assumptions only satisfy security when one key is learnt.In this work, we give the first construction of a CPRF that can issue a constant number of constrained keys for bit-fixing predicates, from learning with errors (LWE). It also satisfies 1-key privacy (otherwise known as constraint-hiding). Finally, our construction achieves fully adaptive security with polynomial security loss; the only construction to achieve such security under a standard assumption.Our technique represents a noted departure existing for CPRF constructions. We hope that it may lead to future constructions that can expose a greater number of keys, or consider more expressive predicates (such as circuit-based constraints).
AB - Constrained pseudorandom functions (CPRFs) allow learning modified PRF keys that can evaluate the PRF on a subset of the input space, or based on some sort of predicate. First introduced by Boneh and Waters [Asiacrypt 2013], they have been shown to be a useful cryptographic primitive with many applications. The full security definition of CPRFs requires the adversary to learn multiple constrained keys, a requirement for all of these applications. Unfortunately, existing constructions of CPRFs satisfying this security notion are only known from exceptionally strong cryptographic assumptions, such as indistinguishability obfuscation and the existence of multilinear maps, even for very weak predicates. CPRFs from more standard assumptions only satisfy security when one key is learnt.In this work, we give the first construction of a CPRF that can issue a constant number of constrained keys for bit-fixing predicates, from learning with errors (LWE). It also satisfies 1-key privacy (otherwise known as constraint-hiding). Finally, our construction achieves fully adaptive security with polynomial security loss; the only construction to achieve such security under a standard assumption.Our technique represents a noted departure existing for CPRF constructions. We hope that it may lead to future constructions that can expose a greater number of keys, or consider more expressive predicates (such as circuit-based constraints).
M3 - Article
VL - 2018
SP - 1
EP - 25
JO - IACR Cryptology ePrint Archive
JF - IACR Cryptology ePrint Archive
IS - 890
ER -