Abstract
We develop new constructions of lattice-based PRFs using keyed pseudorandom synthesizers. We generalize all of the known ‘basic’ parallel lattice-based PRFs–those of [BPR12], [BLMR13], and [BP14]–to build highly parallel lattice-based PRFs with smaller modulus (and thus better reductions from worst-case lattice problems) while still maintaining computational efficiency asymptotically equal to the fastest known lattice-based PRFs at only the cost of larger key sizes.
In particular, we build several parallel (in \(NC^{2}\)) lattice-based PRFs with modulus independent of the number of PRF input bits based on both standard LWE and ring LWE. Our modulus for these PRFs is just \(O \left( m^{ f \left( m \right) } \right) \) for lattice dimension m and any function \(f \left( m \right) \in \omega \left( 1 \right) \). The only known parallel construction of a lattice-based PRF with such a small modulus is a construction from Banerjee’s thesis [Ban15], and some of our parallel PRFs with equivalently small modulus have smaller key sizes and are very slightly faster (when using FFT multiplication). These PRFs also asymptotically match the computational efficiency of the most efficient PRFs built from any LWE- or ring LWE-based assumptions known today, respectively, and concretely require less computation per output than any known parallel lattice-based PRFs (again when using FFT multiplication).
We additionally use our techniques to build other efficient PRFs with very low circuit complexity (but higher modulus) which improve known results on highly parallel lattice PRFs. For instance, for input length \(\lambda \), we show that there exists a ring LWE-based PRF in \(NC^{1}\) with modulus proportional to \(m^{\lambda ^{c}}\) for any \(c \in \left( 0, 1 \right) \). Constructions from lattices with this circuit depth were only previously known from larger moduli.
The full version of this paper is available on the IACR cryptology eprint archive.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We give a precise definition in Sect. 2.
- 2.
Please see Sect. 2 for a comprehensive definition of and discussion on the LWE problem.
- 3.
For a full treatment of lattice and LWE complexity, we strongly recommend [MG12].
- 4.
To our knowledge this result has not been formally published in conference proceedings.
- 5.
- 6.
\(\left\lceil \cdot \right\rfloor _p : \mathbb {Z}_q \rightarrow \mathbb {Z}_p\) as \(\left\lceil x \right\rfloor _p = i\), where \(i \cdot \lfloor q/p \rfloor \) is the largest multiple of \(\lfloor q/p \rfloor \) that does not exceed x.
- 7.
We use this as shorthand for \(O \left( m^{ f \left( m \right) } \right) \) for any function \(f \left( m \right) \in \omega \left( 1 \right) \). This is technically incorrect, but a nice convenience and is common in LWR literature.
- 8.
There are other choices available for the key distribution here–perhaps even more efficient ones.
- 9.
Available on the IACR cryptology eprint archive.
References
Alperin-Sheriff, J., Apon, D.: Dimension-preserving reductions from LWE to LWR. IACR Cryptology ePrint Archive, 2016:589 (2016)
Alwen, J., Krenn, S., Pietrzak, K., Wichs, D.: Learning with rounding, revisited. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 57–74. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_4
Banerjee, A.: New constructions of cryptographic pseudorandom functions. Ph.D. thesis (2015). https://smartech.gatech.edu/bitstream/handle/1853/53916/BANERJEE-DISSERTATION-2015.pdf?sequence=1&isAllowed=y
Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: the cascade construction and its concrete security. In 37th Annual Symposium on Foundations of Computer Science, Burlington, Vermont, pp. 514–523. IEEE Computer Society Press (1996)
Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_24
Banerjee, A., Fuchsbauer, G., Peikert, C., Pietrzak, K., Stevens, S.: Key-homomorphic constrained pseudorandom functions. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 31–60. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_2
Bogdanov, A., Guo, S., Masny, D., Richelson, S., Rosen, A.: On the hardness of learning with rounding over small modulus. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 209–224. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49096-9_9
Boneh, D., Kim, S., Montgomery, H.: Private puncturable PRFs from standard lattice assumptions. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 415–445. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_15
Bai, S., Langlois, A., Lepoint, T., Stehlé, D., Steinfeld, R.: Improved security proofs in lattice-based cryptography: using the Rényi divergence rather than the statistical distance. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 3–24. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_1
Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_23
Boneh, D., Montgomery, H.W., Raghunathan, A.: Algebraic pseudorandom functions with improved efficiency from the augmented cascade. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM CCS 10: 17th Conference on Computer and Communications Security, pp. 131–140. ACM Press, New York (2010)
Banerjee, A., Peikert, C.: New and improved key-homomorphic pseudorandom functions. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 353–370. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_20
Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_42
Bogdanov, A., Rosen, A.: Pseudorandom functions: three decades later. Tutorials on the Foundations of Cryptography. ISC, pp. 79–158. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57048-8_3
Brakerski, Z., Tsabary, R., Vaikuntanathan, V., Wee, H.: Private constrained PRFs (and more) from LWE. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 264–302. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_10
Brakerski, Z., Vaikuntanathan, V.: Constrained key-homomorphic PRFs from standard lattice assumptions - Or: how to secretly embed a circuit in your PRF. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 1–30. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_1
Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 280–300. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_15
Canetti, R., Chen, Y.: Constraint-hiding constrained PRFs for NC\(^1\) from LWE. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 446–476. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_16
Deshpande, A., Koppula, V., Waters, B.: Constrained pseudorandom functions for unconstrained inputs. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 124–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_5
Döttling, N., Schröder, D.: Efficient pseudorandom functions via on-the-fly adaptation. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 329–350. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_16
Fateman, R.J.: When is FFT multiplication of arbitrary-precision polynomials practical? University of California, Berkeley (2006)
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions (extended abstract). In: 25th Annual Symposium on Foundations of Computer Science, Singer Island, Florida, 24–26 October 1984, pp. 464–479. IEEE Computer Society Press (1984)
Jager, T., Kurek, R., Pan, J.: Simple and more efficient PRFs with tight security from LWE and matrix-DDH. Cryptology ePrint Archive, Report 2018/826 (2018). https://eprint.iacr.org/2018/826
Knuth, D.E., Saitou, H., Nagao, T., Matui, S., Matui, T., Yamauchi, H.: of Book: The Art of Computer Programming.-Volume 2, Seminumerical Algorithms (Japanese Edition), vol. 2. ASCII (2004)
Kim, S., Wu, D.J.: Watermarking cryptographic functionalities from standard lattice assumptions. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 503–536. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_17
Lewi, K., Montgomery, H., Raghunathan, A.: Improved constructions of PRFs secure against related-key attacks. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 44–61. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_4
Micciancio, D., Goldwasser, S.: Complexity of Lattice Problems: A Cryptographic Perspective, vol. 671. Springer, New York (2012). https://doi.org/10.1007/978-1-4615-0897-7
Montgomery, H.: A nonstandard variant of learning with rounding with polynomial modulus and unbounded samples. Cryptology ePrint Archive, Report 2018/100 (2018). https://eprint.iacr.org/2018/100
Naor, M., Reingold, O.: Synthesizers and their application to the parallel construction of pseudo-random functions. In: 36th Annual Symposium on Foundations of Computer Science, Milwaukee, Wisconsin, 23–25 October 1995, pp. 170–181. IEEE Computer Society Press (1995)
Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. In: 38th Annual Symposium on Foundations of Computer Science, Miami Beach, Florida, 19–22 October 1997, pp. 458–467. IEEE Computer Society Press (1997)
Peikert, C., Shiehian, S.: Privately constraining and programming PRFs, the LWE way. Cryptology ePrint Archive, Report 2017/1094 (2017). https://eprint.iacr.org/2017/1094
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th Annual ACM Symposium on Theory of Computing, pp. 84–93. ACM Press, New York (2005)
Reingold, O.: Pseudorandom synthesizers, functions, and permutations
Rudich, S., Wigderson, A.: Computational Complexity Theory, vol. 10. American Mathematical Soc., Providence (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Montgomery, H. (2018). More Efficient Lattice PRFs from Keyed Pseudorandom Synthesizers. In: Chakraborty, D., Iwata, T. (eds) Progress in Cryptology – INDOCRYPT 2018. INDOCRYPT 2018. Lecture Notes in Computer Science(), vol 11356. Springer, Cham. https://doi.org/10.1007/978-3-030-05378-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-05378-9_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05377-2
Online ISBN: 978-3-030-05378-9
eBook Packages: Computer ScienceComputer Science (R0)