1 - 1约束伪随机函数

2007 IEEE International Test Conference Pub Date : 2020-01-01 DOI:10.4230/LIPIcs.ITC.2020.13

Naty Peter, Rotem Tsabary, H. Wee

{"title":"1 - 1约束伪随机函数","authors":"Naty Peter, Rotem Tsabary, H. Wee","doi":"10.4230/LIPIcs.ITC.2020.13","DOIUrl":null,"url":null,"abstract":"We define and study a new cryptographic primitive, named One-One Constrained Pseudorandom Functions. In this model there are two parties, Alice and Bob, that hold a common random string K, where Alice in addition holds a predicate f : [N ] → {0, 1} and Bob in addition holds an input x ∈ [N ]. We then let Alice generate a key Kf based on f and K, and let Bob evaluate a value Kx based on x and K. We consider a third party that sees the values (x, f, Kf ) and the goal is to allow her to reconstruct Kx whenever f(x) = 1, while keeping Kx pseudorandom whenever f(x) = 0. This primitive can be viewed as a relaxation of constrained PRFs, such that there is only a single key query and a single evaluation query. We focus on the information-theoretic setting, where the one-one cPRF has perfect correctness and perfect security. Our main results are as follows. 1. A Lower Bound. We show that in the information-theoretic setting, any one-one cPRF for punctured predicates is of exponential complexity (and thus the lower bound meets the upper bound that is given by a trivial construction). This stands in contrast with the well known GGM-based punctured PRF from OWF, which is in particular a one-one cPRF. This also implies a similar lower bound for all NC1. 2. New Constructions. On the positive side, we present efficient information-theoretic constructions of one-one cPRFs for a few other predicate families, such as equality predicates, inner-product predicates, and subset predicates. We also show a generic AND composition lemma that preserves complexity. 3. An Amplification to standard cPRF. We show that all of our one-one cPRF constructions can be amplified to a standard (single-key) cPRF via any key-homomorphic PRF that supports linear computations. More generally, we suggest a new framework that we call the double-key model which allows to construct constrained PRFs via key-homomorphic PRFs. 4. Relation to CDS. We show that one-one constrained PRFs imply conditional disclosure of secrets (CDS) protocols. We believe that this simple model can be used to better understand constrained PRFs and related cryptographic primitives, and that further applications of one-one constrained PRFs and our doublekey model will be found in the future, in addition to those we show in this paper. 2012 ACM Subject Classification Security and privacy → Information-theoretic techniques; Theory of computation → Cryptographic primitives","PeriodicalId":6403,"journal":{"name":"2007 IEEE International Test Conference","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2020-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"One-One Constrained Pseudorandom Functions\",\"authors\":\"Naty Peter, Rotem Tsabary, H. Wee\",\"doi\":\"10.4230/LIPIcs.ITC.2020.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We define and study a new cryptographic primitive, named One-One Constrained Pseudorandom Functions. In this model there are two parties, Alice and Bob, that hold a common random string K, where Alice in addition holds a predicate f : [N ] → {0, 1} and Bob in addition holds an input x ∈ [N ]. We then let Alice generate a key Kf based on f and K, and let Bob evaluate a value Kx based on x and K. We consider a third party that sees the values (x, f, Kf ) and the goal is to allow her to reconstruct Kx whenever f(x) = 1, while keeping Kx pseudorandom whenever f(x) = 0. This primitive can be viewed as a relaxation of constrained PRFs, such that there is only a single key query and a single evaluation query. We focus on the information-theoretic setting, where the one-one cPRF has perfect correctness and perfect security. Our main results are as follows. 1. A Lower Bound. We show that in the information-theoretic setting, any one-one cPRF for punctured predicates is of exponential complexity (and thus the lower bound meets the upper bound that is given by a trivial construction). This stands in contrast with the well known GGM-based punctured PRF from OWF, which is in particular a one-one cPRF. This also implies a similar lower bound for all NC1. 2. New Constructions. On the positive side, we present efficient information-theoretic constructions of one-one cPRFs for a few other predicate families, such as equality predicates, inner-product predicates, and subset predicates. We also show a generic AND composition lemma that preserves complexity. 3. An Amplification to standard cPRF. We show that all of our one-one cPRF constructions can be amplified to a standard (single-key) cPRF via any key-homomorphic PRF that supports linear computations. More generally, we suggest a new framework that we call the double-key model which allows to construct constrained PRFs via key-homomorphic PRFs. 4. Relation to CDS. We show that one-one constrained PRFs imply conditional disclosure of secrets (CDS) protocols. We believe that this simple model can be used to better understand constrained PRFs and related cryptographic primitives, and that further applications of one-one constrained PRFs and our doublekey model will be found in the future, in addition to those we show in this paper. 2012 ACM Subject Classification Security and privacy → Information-theoretic techniques; Theory of computation → Cryptographic primitives\",\"PeriodicalId\":6403,\"journal\":{\"name\":\"2007 IEEE International Test Conference\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 IEEE International Test Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4230/LIPIcs.ITC.2020.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE International Test Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4230/LIPIcs.ITC.2020.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

我们定义并研究了一种新的密码原语——一一约束伪随机函数。在这个模型中，有两方Alice和Bob，他们持有一个公共随机字符串K，其中Alice另外持有一个谓词f: [N]→{0,1}，Bob另外持有一个输入x∈[N]。然后，我们让Alice基于f和K生成一个密钥Kf，让Bob基于x和K计算一个值Kx。我们考虑一个第三方，它看到这些值(x, f, Kf)，目标是允许她在f(x) = 1时重构Kx，同时在f(x) = 0时保持Kx的伪随机。这个原语可以看作是约束prf的放松，这样就只有一个键查询和一个求值查询。在信息论的背景下，一对一cPRF具有完美的正确性和安全性。我们的主要结果如下。1. 下界。我们证明了在信息论的设置中，对于刺穿谓词的任何一对一cPRF都具有指数复杂度(因此下界满足由平凡构造给出的上界)。这与OWF中众所周知的基于ggm的穿刺PRF形成鲜明对比，后者是一种一对一的cPRF。这也意味着所有NC1都有一个类似的下界。2. 新建筑。在积极的方面，我们提出了一些其他谓词族，如等式谓词、内积谓词和子集谓词的有效的一对一cprf的信息论构造。我们还展示了一个保留复杂性的通用与组合引理。3.扩增到标准cPRF。我们证明，通过任何支持线性计算的键同态PRF，我们所有的一对一cPRF结构都可以被放大为标准(单键)cPRF。更一般地说，我们提出了一个新的框架，我们称之为双键模型，它允许通过键同态prf构造约束prf。4. 与CDS相关。我们证明了一对一约束的prf隐含有条件的秘密披露(CDS)协议。我们相信这个简单的模型可以用来更好地理解约束prf和相关的密码原语，并且除了我们在本文中展示的那些之外，一对一约束prf和我们的双密钥模型的进一步应用将在未来被发现。2012 ACM主题分类安全与隐私→信息理论技术;计算理论→密码学原语

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

One-One Constrained Pseudorandom Functions

We define and study a new cryptographic primitive, named One-One Constrained Pseudorandom Functions. In this model there are two parties, Alice and Bob, that hold a common random string K, where Alice in addition holds a predicate f : [N ] → {0, 1} and Bob in addition holds an input x ∈ [N ]. We then let Alice generate a key Kf based on f and K, and let Bob evaluate a value Kx based on x and K. We consider a third party that sees the values (x, f, Kf ) and the goal is to allow her to reconstruct Kx whenever f(x) = 1, while keeping Kx pseudorandom whenever f(x) = 0. This primitive can be viewed as a relaxation of constrained PRFs, such that there is only a single key query and a single evaluation query. We focus on the information-theoretic setting, where the one-one cPRF has perfect correctness and perfect security. Our main results are as follows. 1. A Lower Bound. We show that in the information-theoretic setting, any one-one cPRF for punctured predicates is of exponential complexity (and thus the lower bound meets the upper bound that is given by a trivial construction). This stands in contrast with the well known GGM-based punctured PRF from OWF, which is in particular a one-one cPRF. This also implies a similar lower bound for all NC1. 2. New Constructions. On the positive side, we present efficient information-theoretic constructions of one-one cPRFs for a few other predicate families, such as equality predicates, inner-product predicates, and subset predicates. We also show a generic AND composition lemma that preserves complexity. 3. An Amplification to standard cPRF. We show that all of our one-one cPRF constructions can be amplified to a standard (single-key) cPRF via any key-homomorphic PRF that supports linear computations. More generally, we suggest a new framework that we call the double-key model which allows to construct constrained PRFs via key-homomorphic PRFs. 4. Relation to CDS. We show that one-one constrained PRFs imply conditional disclosure of secrets (CDS) protocols. We believe that this simple model can be used to better understand constrained PRFs and related cryptographic primitives, and that further applications of one-one constrained PRFs and our doublekey model will be found in the future, in addition to those we show in this paper. 2012 ACM Subject Classification Security and privacy → Information-theoretic techniques; Theory of computation → Cryptographic primitives

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2007 IEEE International Test Conference

自引率

0.00%

发文量