**A Bit-fixing PRF with O(1) Collusion-Resistance from LWE.** / Davidson, Alexander; Nishimaki, Ryo.

Research output: Contribution to journal › Article

Published

**A Bit-fixing PRF with O(1) Collusion-Resistance from LWE.** / Davidson, Alexander; Nishimaki, Ryo.

Research output: Contribution to journal › Article

Davidson, A & Nishimaki, R 2018, 'A Bit-fixing PRF with O(1) Collusion-Resistance from LWE', *IACR Cryptology ePrint Archive*, vol. 2018, no. 890, pp. 1-25. <https://eprint.iacr.org/2018/890>

Davidson, A., & Nishimaki, R. (2018). A Bit-fixing PRF with O(1) Collusion-Resistance from LWE. *IACR Cryptology ePrint Archive*, *2018*(890), 1-25. https://eprint.iacr.org/2018/890

Davidson A, Nishimaki R. A Bit-fixing PRF with O(1) Collusion-Resistance from LWE. IACR Cryptology ePrint Archive. 2018 Sep 21;2018(890):1-25.

@article{751331a6b7af4f4da12b75960cdec5ce,

title = "A Bit-fixing PRF with O(1) Collusion-Resistance from LWE",

abstract = "Constrained pseudorandom functions (CPRFs) allow learning modified PRF keys that can evaluate the PRF on a subset of the input space, or based on some sort of predicate. First introduced by Boneh and Waters [Asiacrypt 2013], they have been shown to be a useful cryptographic primitive with many applications. The full security definition of CPRFs requires the adversary to learn multiple constrained keys, a requirement for all of these applications. Unfortunately, existing constructions of CPRFs satisfying this security notion are only known from exceptionally strong cryptographic assumptions, such as indistinguishability obfuscation and the existence of multilinear maps, even for very weak predicates. CPRFs from more standard assumptions only satisfy security when one key is learnt.In this work, we give the first construction of a CPRF that can issue a constant number of constrained keys for bit-fixing predicates, from learning with errors (LWE). It also satisfies 1-key privacy (otherwise known as constraint-hiding). Finally, our construction achieves fully adaptive security with polynomial security loss; the only construction to achieve such security under a standard assumption.Our technique represents a noted departure existing for CPRF constructions. We hope that it may lead to future constructions that can expose a greater number of keys, or consider more expressive predicates (such as circuit-based constraints). ",

author = "Alexander Davidson and Ryo Nishimaki",

year = "2018",

month = sep,

day = "21",

language = "English",

volume = "2018",

pages = "1--25",

journal = "IACR Cryptology ePrint Archive",

number = "890",

}

TY - JOUR

T1 - A Bit-fixing PRF with O(1) Collusion-Resistance from LWE

AU - Davidson, Alexander

AU - Nishimaki, Ryo

PY - 2018/9/21

Y1 - 2018/9/21

N2 - Constrained pseudorandom functions (CPRFs) allow learning modified PRF keys that can evaluate the PRF on a subset of the input space, or based on some sort of predicate. First introduced by Boneh and Waters [Asiacrypt 2013], they have been shown to be a useful cryptographic primitive with many applications. The full security definition of CPRFs requires the adversary to learn multiple constrained keys, a requirement for all of these applications. Unfortunately, existing constructions of CPRFs satisfying this security notion are only known from exceptionally strong cryptographic assumptions, such as indistinguishability obfuscation and the existence of multilinear maps, even for very weak predicates. CPRFs from more standard assumptions only satisfy security when one key is learnt.In this work, we give the first construction of a CPRF that can issue a constant number of constrained keys for bit-fixing predicates, from learning with errors (LWE). It also satisfies 1-key privacy (otherwise known as constraint-hiding). Finally, our construction achieves fully adaptive security with polynomial security loss; the only construction to achieve such security under a standard assumption.Our technique represents a noted departure existing for CPRF constructions. We hope that it may lead to future constructions that can expose a greater number of keys, or consider more expressive predicates (such as circuit-based constraints).

AB - Constrained pseudorandom functions (CPRFs) allow learning modified PRF keys that can evaluate the PRF on a subset of the input space, or based on some sort of predicate. First introduced by Boneh and Waters [Asiacrypt 2013], they have been shown to be a useful cryptographic primitive with many applications. The full security definition of CPRFs requires the adversary to learn multiple constrained keys, a requirement for all of these applications. Unfortunately, existing constructions of CPRFs satisfying this security notion are only known from exceptionally strong cryptographic assumptions, such as indistinguishability obfuscation and the existence of multilinear maps, even for very weak predicates. CPRFs from more standard assumptions only satisfy security when one key is learnt.In this work, we give the first construction of a CPRF that can issue a constant number of constrained keys for bit-fixing predicates, from learning with errors (LWE). It also satisfies 1-key privacy (otherwise known as constraint-hiding). Finally, our construction achieves fully adaptive security with polynomial security loss; the only construction to achieve such security under a standard assumption.Our technique represents a noted departure existing for CPRF constructions. We hope that it may lead to future constructions that can expose a greater number of keys, or consider more expressive predicates (such as circuit-based constraints).

M3 - Article

VL - 2018

SP - 1

EP - 25

JO - IACR Cryptology ePrint Archive

JF - IACR Cryptology ePrint Archive

IS - 890

ER -