Advances in Cryptology – CRYPTO 2013

Volume 8042 of the series Lecture Notes in Computer Science pp 410-428

Key Homomorphic PRFs and Their Applications

  • Dan BonehAffiliated withComputer Science Department, Stanford University
  • , Kevin LewiAffiliated withComputer Science Department, Stanford University
  • , Hart MontgomeryAffiliated withComputer Science Department, Stanford University
  • , Ananth RaghunathanAffiliated withComputer Science Department, Stanford University

* Final gross prices may vary according to local VAT.

Get Access


A pseudorandom function \(F: {\mathcal K} \times{\mathcal X} \to{\mathcal Y}\) is said to be key homomorphic if given F(k1,x) and F(k2,x) there is an efficient algorithm to compute F(k1 ⊕ k2, x), where ⊕ denotes a group operation on k1 and k2 such as xor. Key homomorphic PRFs are natural objects to study and have a number of interesting applications: they can simplify the process of rotating encryption keys for encrypted data stored in the cloud, they give one round distributed PRFs, and they can be the basis of a symmetric-key proxy re-encryption scheme. Until now all known constructions for key homomorphic PRFs were only proven secure in the random oracle model. We construct the first provably secure key homomorphic PRFs in the standard model. Our main construction is based on the learning with errors (LWE) problem. We also give a construction based on the decision linear assumption in groups with an ℓ-linear map. We leave as an open problem the question of constructing standard model key homomorphic PRFs from more general assumptions.


Pseudorandom functions Key homomorphism Learning with errors