One-One Constrained Pseudorandom Functions

Naty Peter, Rotem Tsabary, H. Wee
{"title":"One-One Constrained Pseudorandom Functions","authors":"Naty Peter, Rotem Tsabary, H. Wee","doi":"10.4230/LIPIcs.ITC.2020.13","DOIUrl":null,"url":null,"abstract":"We define and study a new cryptographic primitive, named One-One Constrained Pseudorandom Functions. In this model there are two parties, Alice and Bob, that hold a common random string K, where Alice in addition holds a predicate f : [N ] → {0, 1} and Bob in addition holds an input x ∈ [N ]. We then let Alice generate a key Kf based on f and K, and let Bob evaluate a value Kx based on x and K. We consider a third party that sees the values (x, f, Kf ) and the goal is to allow her to reconstruct Kx whenever f(x) = 1, while keeping Kx pseudorandom whenever f(x) = 0. This primitive can be viewed as a relaxation of constrained PRFs, such that there is only a single key query and a single evaluation query. We focus on the information-theoretic setting, where the one-one cPRF has perfect correctness and perfect security. Our main results are as follows. 1. A Lower Bound. We show that in the information-theoretic setting, any one-one cPRF for punctured predicates is of exponential complexity (and thus the lower bound meets the upper bound that is given by a trivial construction). This stands in contrast with the well known GGM-based punctured PRF from OWF, which is in particular a one-one cPRF. This also implies a similar lower bound for all NC1. 2. New Constructions. On the positive side, we present efficient information-theoretic constructions of one-one cPRFs for a few other predicate families, such as equality predicates, inner-product predicates, and subset predicates. We also show a generic AND composition lemma that preserves complexity. 3. An Amplification to standard cPRF. We show that all of our one-one cPRF constructions can be amplified to a standard (single-key) cPRF via any key-homomorphic PRF that supports linear computations. More generally, we suggest a new framework that we call the double-key model which allows to construct constrained PRFs via key-homomorphic PRFs. 4. Relation to CDS. We show that one-one constrained PRFs imply conditional disclosure of secrets (CDS) protocols. We believe that this simple model can be used to better understand constrained PRFs and related cryptographic primitives, and that further applications of one-one constrained PRFs and our doublekey model will be found in the future, in addition to those we show in this paper. 2012 ACM Subject Classification Security and privacy → Information-theoretic techniques; Theory of computation → Cryptographic primitives","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":"95 1","pages":"13:1-13:22"},"PeriodicalIF":0.0000,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE International Test Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPIcs.ITC.2020.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

We define and study a new cryptographic primitive, named One-One Constrained Pseudorandom Functions. In this model there are two parties, Alice and Bob, that hold a common random string K, where Alice in addition holds a predicate f : [N ] → {0, 1} and Bob in addition holds an input x ∈ [N ]. We then let Alice generate a key Kf based on f and K, and let Bob evaluate a value Kx based on x and K. We consider a third party that sees the values (x, f, Kf ) and the goal is to allow her to reconstruct Kx whenever f(x) = 1, while keeping Kx pseudorandom whenever f(x) = 0. This primitive can be viewed as a relaxation of constrained PRFs, such that there is only a single key query and a single evaluation query. We focus on the information-theoretic setting, where the one-one cPRF has perfect correctness and perfect security. Our main results are as follows. 1. A Lower Bound. We show that in the information-theoretic setting, any one-one cPRF for punctured predicates is of exponential complexity (and thus the lower bound meets the upper bound that is given by a trivial construction). This stands in contrast with the well known GGM-based punctured PRF from OWF, which is in particular a one-one cPRF. This also implies a similar lower bound for all NC1. 2. New Constructions. On the positive side, we present efficient information-theoretic constructions of one-one cPRFs for a few other predicate families, such as equality predicates, inner-product predicates, and subset predicates. We also show a generic AND composition lemma that preserves complexity. 3. An Amplification to standard cPRF. We show that all of our one-one cPRF constructions can be amplified to a standard (single-key) cPRF via any key-homomorphic PRF that supports linear computations. More generally, we suggest a new framework that we call the double-key model which allows to construct constrained PRFs via key-homomorphic PRFs. 4. Relation to CDS. We show that one-one constrained PRFs imply conditional disclosure of secrets (CDS) protocols. We believe that this simple model can be used to better understand constrained PRFs and related cryptographic primitives, and that further applications of one-one constrained PRFs and our doublekey model will be found in the future, in addition to those we show in this paper. 2012 ACM Subject Classification Security and privacy → Information-theoretic techniques; Theory of computation → Cryptographic primitives
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
1 - 1约束伪随机函数
我们定义并研究了一种新的密码原语——一一约束伪随机函数。在这个模型中,有两方Alice和Bob,他们持有一个公共随机字符串K,其中Alice另外持有一个谓词f: [N]→{0,1},Bob另外持有一个输入x∈[N]。然后,我们让Alice基于f和K生成一个密钥Kf,让Bob基于x和K计算一个值Kx。我们考虑一个第三方,它看到这些值(x, f, Kf),目标是允许她在f(x) = 1时重构Kx,同时在f(x) = 0时保持Kx的伪随机。这个原语可以看作是约束prf的放松,这样就只有一个键查询和一个求值查询。在信息论的背景下,一对一cPRF具有完美的正确性和安全性。我们的主要结果如下。1. 下界。我们证明了在信息论的设置中,对于刺穿谓词的任何一对一cPRF都具有指数复杂度(因此下界满足由平凡构造给出的上界)。这与OWF中众所周知的基于ggm的穿刺PRF形成鲜明对比,后者是一种一对一的cPRF。这也意味着所有NC1都有一个类似的下界。2. 新建筑。在积极的方面,我们提出了一些其他谓词族,如等式谓词、内积谓词和子集谓词的有效的一对一cprf的信息论构造。我们还展示了一个保留复杂性的通用与组合引理。3.扩增到标准cPRF。我们证明,通过任何支持线性计算的键同态PRF,我们所有的一对一cPRF结构都可以被放大为标准(单键)cPRF。更一般地说,我们提出了一个新的框架,我们称之为双键模型,它允许通过键同态prf构造约束prf。4. 与CDS相关。我们证明了一对一约束的prf隐含有条件的秘密披露(CDS)协议。我们相信这个简单的模型可以用来更好地理解约束prf和相关的密码原语,并且除了我们在本文中展示的那些之外,一对一约束prf和我们的双密钥模型的进一步应用将在未来被发现。2012 ACM主题分类安全与隐私→信息理论技术;计算理论→密码学原语
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Csirmaz's Duality Conjecture and Threshold Secret Sharing Online Mergers and Applications to Registration-Based Encryption and Accumulators Exponential Correlated Randomness Is Necessary in Communication-Optimal Perfectly Secure Two-Party Computation The Cost of Statistical Security in Proofs for Repeated Squaring Tight Estimate of the Local Leakage Resilience of the Additive Secret-Sharing Scheme & Its Consequences
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1