Advertisement

Algorithmica

, Volume 81, Issue 9, pp 3245–3390 | Cite as

Constrained Pseudorandom Functions for Turing Machines Revisited: How to Achieve Verifiability and Key Delegation

  • Pratish DattaEmail author
  • Ratna Dutta
  • Sourav Mukhopadhyay
Article
  • 34 Downloads

Abstract

Constrained pseudorandom functions (CPRF) are an enriched variant of traditional pseudorandom functions (PRF)—a fundamental tool of modern cryptography. A CPRF enables a master PRF key holder to issue constrained keys corresponding to specific constraint predicates over the input domain. A constrained key can be used to evaluate the PRF on inputs accepted by the associated constraint predicate, while the PRF outputs on the rest of the inputs still remain computationally indistinguishable from uniformly random values. A constrained verifiable pseudorandom function (CVPRF) enhances a CPRF by adding a non-interactive public verification mechanism for checking the correctness of PRF evaluations. On the other hand, a delegatable constrained pseudorandom function (DCPRF) augments a CPRF with the ability to empower constrained key holders to delegate further constrained keys that allow PRF evaluations on inputs accepted by more restricted constraint predicates compared to ones embedded in their own constrained keys. Until recently, all the proposed constructions of CPRFs and their extensions (i) either could handle constraint predicates representable as circuits or (ii) were based on risky knowledge-type assumptions. In EUROCRYPT 2016, Deshpande et al. presented a CPRF supporting constraint predicates realizable by Turing machines (TM) based on indistinguishability obfuscation and injective pseudorandom generators. Their construction was claimed to be selectively secure. The first contribution of this paper is demonstrating that their claim is not valid. In fact, their CPRF construction can actually be proven secure not in the selective model, rather in a significantly weaker one where the adversary is completely static. We then modify their construction with innovative techniques so as to make the resulting CPRF selectively secure. Towards our goal, we suitably redesign the security proof as well. Most significantly, our modification does not involve any additional heavy duty cryptographic tool. Next, employing only standard public key encryption, we extend our improved CPRF construction to present the first ever CVPRF and DCPRF constructions that can handle constraints expressible as TMs.

Keywords

Constrained pseudorandom functions Verifiable constrained pseudorandom function Key delegation Turing machines Indistinguishability obfuscation 

Mathematics Subject Classification

94A60 

Notes

Supplementary material

References

  1. 1.
    Abusalah, H., Fuchsbauer, G.: Constrained PRFs for unbounded inputs with short keys. In: Applied Cryptography and Network Security—ACNS 2016, pp. 445–463. Springer (2016)Google Scholar
  2. 2.
    Abusalah, H., Fuchsbauer, G., Pietrzak, K.: Constrained PRFs for unbounded inputs. In: Topics in Cryptology—CT-RSA 2016, pp. 413–428. Springer (2016)Google Scholar
  3. 3.
    Ananth, P., Chen, Y.C., Chung, K.M., Lin, H., Lin, W.K.: Delegating RAM computations with adaptive soundness and privacy. In: Theory of Cryptography Conference—TCC 2016-B, pp. 3–30. Springer (2016)Google Scholar
  4. 4.
    Ananth, P., Jain, A.: Indistinguishability obfuscation from compact functional encryption. In: Advances in Cryptology—CRYPTO 2015, pp. 308–326. Springer (2015)Google Scholar
  5. 5.
    Ananth, P., Jain, A., Sahai, A.: Indistinguishability obfuscation from functional encryption for simple functions. Cryptology ePrint Archive, Report 2015/730 (2015)Google Scholar
  6. 6.
    Ananth, P., Sahai, A.: Functional encryption for turing machines. In: Theory of Cryptography Conference—TCC 2016, pp. 125–153. Springer (2016)Google Scholar
  7. 7.
    Ananth, P., Sahai, A.: Projective arithmetic functional encryption and indistinguishability obfuscation from degree-5 multilinear maps. In: Advances in Cryptology—EUROCRYPT 2017, pp. 152–181. Springer (2017)Google Scholar
  8. 8.
    Apon, D., Döttling, N., Garg, S., Mukherjee, P.: Cryptanalysis of indistinguishability obfuscations of circuits over GGH13. In: International Colloquium on Automata, Languages, and Programming—ICALP 2017, vol. 80, pp. 38:1–38:16. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2017)Google Scholar
  9. 9.
    Applebaum, B.: Bootstrapping obfuscators via fast pseudorandom functions. In: Advances in Cryptology—ASIACRYPT 2014, pp. 162–172. Springer (2014)Google Scholar
  10. 10.
    Banerjee, A., Fuchsbauer, G., Peikert, C., Pietrzak, K., Stevens, S.: Key-homomorphic constrained pseudorandom functions. In: Theory of Cryptography Conference—TCC 2015, pp. 31–60. Springer (2015)Google Scholar
  11. 11.
    Bitansky, N., Canetti, R., Chiesa, A., Tromer, E.: From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again. In: Innovations in Theoretical Computer Science—ITCS 2012, pp. 326–349. ACM (2012)Google Scholar
  12. 12.
    Bitansky, N., Garg, S., Lin, H., Pass, R., Telang, S.: Succinct randomized encodings and their applications. In: Symposium on Theory of Computing—STOC 2015, pp. 439–448. ACM (2015)Google Scholar
  13. 13.
    Bitansky, N., Vaikuntanathan, V.: Indistinguishability obfuscation from functional encryption. In: Foundations of Computer Science—FOCS 2015, pp. 171–190. IEEE (2015)Google Scholar
  14. 14.
    Boneh, D., Ishai, Y., Sahai, A., Wu, D.J.: Lattice-based snargs and their application to more efficient obfuscation. In: Advances in Cryptology—EUROCRYPT 2017, pp. 247–277. Springer (2017)Google Scholar
  15. 15.
    Boneh, D., Lewi, K., Wu, D.J.: Constraining pseudorandom functions privately. In: Public-Key Cryptography—PKC 2017, pp. 494–524. Springer (2017)Google Scholar
  16. 16.
    Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Advances in Cryptology—ASIACRYPT 2013, pp. 280–300. Springer (2013)Google Scholar
  17. 17.
    Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Advances in Cryptology—CRYPTO 2014, pp. 480–499. Springer (2014)Google Scholar
  18. 18.
    Bost, R., Minaud, B., Ohrimenko, O.: Forward and backward private searchable encryption from constrained cryptographic primitives. In: Computer and Communications Security—CCS 2017, pp. 1465–1482. ACM (2017)Google Scholar
  19. 19.
    Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: Public-Key Cryptography—PKC 2014, pp. 501–519. Springer (2014)Google Scholar
  20. 20.
    Brakerski, Z., Tsabary, R., Vaikuntanathan, V., Wee, H.: Private constrained PRFs (and more) from LWE. In: Theory of Cryptography Conference—TCC 2017, pp. 264–302. Springer (2017)Google Scholar
  21. 21.
    Brakerski, Z., Vaikuntanathan, V.: Constrained key-homomorphic PRFs from standard lattice assumptions. In: Theory of Cryptography Conference—TCC 2015, pp. 1–30. Springer (2015)Google Scholar
  22. 22.
    Canetti, R., Chen, Y., Holmgren, J., Raykova, M.: Adaptive succinct garbled RAM or: How to delegate your database. In: Theory of Cryptography Conference—TCC 2016, pp. 61–90. Springer (2016)Google Scholar
  23. 23.
    Canetti, R., Holmgren, J.: Fully succinct garbled ram. In: Innovations in Theoretical Computer Science—ITCS 2016, pp. 169–178. ACM (2016)Google Scholar
  24. 24.
    Canetti, R., Lin, H., Tessaro, S., Vaikuntanathan, V.: Obfuscation of probabilistic circuits and applications. In: Theory of Cryptography Conference—TCC 2015, pp. 468–497. Springer (2015)Google Scholar
  25. 25.
    Chandran, N., Raghuraman, S., Vinayagamurthy, D.: Constrained pseudorandom functions: verifiable and delegatable. Cryptology ePrint Archive, Report 2014/522 (2014)Google Scholar
  26. 26.
    Cheon, J.H., Fouque, P.A., Lee, C., Minaud, B., Ryu, H.: Cryptanalysis of the new CLT multilinear map over the integers. In: Advances in Cryptology—EUROCRYPT 2016, pp. 509–536. Springer (2016)Google Scholar
  27. 27.
    Cheon, J.H., Han, K., Lee, C., Ryu, H., Stehlé, D.: Cryptanalysis of the multilinear map over the integers. In: Advances in Cryptology—EUROCRYPT 2015, pp. 3–12. Springer (2015)Google Scholar
  28. 28.
    Cheon, J.H., Jeong, J., Lee, C.: An algorithm for ntru problems and cryptanalysis of the ggh multilinear map without a low-level encoding of zero. LMS J. Comput. Math. 19(A), 255–266 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Coron, J.S., Lee, M.S., Lepoint, T., Tibouchi, M.: Zeroizing attacks on indistinguishability obfuscation over clt13. In: Public-Key Cryptography—PKC 2017, pp. 41–58. Springer (2017)Google Scholar
  30. 30.
    Datta, P., Dutta, R., Mukhopadhyay, S.: Constrained pseudorandom functions for unconstrained inputs revisited: achieving verifiability and key delegation. In: Public-Key Cryptography—PKC 2017, pp. 463–493. Springer (2017)Google Scholar
  31. 31.
    Deshpande, A., Koppula, V., Waters, B.: Constrained pseudorandom functions for unconstrained inputs. In: Advances in Cryptology—EUROCRYPT 2016, pp. 124–153. Springer (2016)Google Scholar
  32. 32.
    Deshpande, A., Koppula, V., Waters, B.: Constrained pseudorandom functions for unconstrained inputs. Cryptology ePrint Archive, Report 2016/301 (2016)Google Scholar
  33. 33.
    Fuchsbauer, G.: Constrained verifiable random functions. In: Security and Cryptography for Networks—SCN 2014, pp. 95–114. Springer (2014)Google Scholar
  34. 34.
    Fuchsbauer, G., Konstantinov, M., Pietrzak, K., Rao, V.: Adaptive security of constrained PRFs. In: Advances in Cryptology—ASIACRYPT 2014, pp. 82–101. Springer (2014)Google Scholar
  35. 35.
    Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Foundations of Computer Science—FOCS 2013, pp. 40–49. IEEE (2013)Google Scholar
  36. 36.
    Garg, S., Miles, E., Mukherjee, P., Sahai, A., Srinivasan, A., Zhandry, M.: Secure obfuscation in a weak multilinear map model. In: Theory of Cryptography Conference—TCC 2016, pp. 241–268. Springer (2016)Google Scholar
  37. 37.
    Gentry, C., Lewko, A.B., Sahai, A., Waters, B.: Indistinguishability obfuscation from the multilinear subgroup elimination assumption. In: Foundations of Computer Science—FOCS 2015, pp. 151–170. IEEE (2015)Google Scholar
  38. 38.
    Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Symposium on Theory of Computing—STOC 2011, pp. 99–108. ACM (2011)Google Scholar
  39. 39.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM (JACM) 33(4), 792–807 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  40. 40.
    Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Theory of Cryptography Conference—TCC 2010, pp. 308–326. Springer (2010)Google Scholar
  41. 41.
    Goyal, V., Jain, A., Koppula, V., Sahai, A.: Functional encryption for randomized functionalities. In: Theory of Cryptography Conference—TCC 2015, pp. 325–351. Springer (2015)Google Scholar
  42. 42.
    Hofheinz, D., Kamath, A., Koppula, V., Waters, B.: Adaptively secure constrained pseudorandom functions. Cryptology ePrint Archive, Report 2014/720 (2014)Google Scholar
  43. 43.
    Hohenberger, S., Koppula, V., Waters, B.: Adaptively secure puncturable pseudorandom functions in the standard model. In: Advances in Cryptology—ASIACRYPT 2015, pp. 79–102. Springer (2015)Google Scholar
  44. 44.
    Hohenberger, S., Sahai, A., Waters, B.: Replacing a random oracle: Full domain hash from indistinguishability obfuscation. In: Advances in Cryptology—EUROCRYPT 2014, pp. 201–220. Springer (2014)Google Scholar
  45. 45.
    Hu, Y., Jia, H.: Cryptanalysis of GGH map. In: Advances in Cryptology—EUROCRYPT 2016, pp. 537–565. Springer (2016)Google Scholar
  46. 46.
    Hubacek, P., Wichs, D.: On the communication complexity of secure function evaluation with long output. In: Innovations in Theoretical Computer Science—ITCS 2015, pp. 163–172. ACM (2015)Google Scholar
  47. 47.
    Ishai, Y., Pandey, O., Sahai, A.: Public-coin differing-inputs obfuscation and its applications. In: Theory of Cryptography Conference—TCC 2015, pp. 668–697. Springer (2015)Google Scholar
  48. 48.
    Kiayias, A., Papadopoulos, S., Triandopoulos, N., Zacharias, T.: Delegatable pseudorandom functions and applications. In: Computer and Communications Security—CCS 2013, pp. 669–684. ACM (2013)Google Scholar
  49. 49.
    Koppula, V., Lewko, A.B., Waters, B.: Indistinguishability obfuscation for turing machines with unbounded memory. In: Symposium on Theory of Computing—STOC 2015, pp. 419–428. ACM (2015)Google Scholar
  50. 50.
    Lin, H.: Indistinguishability obfuscation from constant-degree graded encoding schemes. In: Advances in Cryptology—EUROCRYPT 2016, pp. 28–57. Springer (2016)Google Scholar
  51. 51.
    Lin, H., Tessaro, S.: Indistinguishability obfuscation from trilinear maps and block-wise local PRGs. In: Advances in Cryptology—CRYPTO 2017, pp. 630–660. Springer (2017)Google Scholar
  52. 52.
    Lin, H., Vaikuntanathan, V.: Indistinguishability obfuscation from DDH-like assumptions on constant-degree graded encodings. In: Foundations of Computer Science—FOCS 2016, pp. 11–20. IEEE (2016)Google Scholar
  53. 53.
    Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Topics in Cryptology—CT-RSA 2011, pp. 376–392. Springer (2011)Google Scholar
  54. 54.
    Micali, S., Rabin, M., Vadhan, S.: Verifiable random functions. In: Foundations of Computer Science—FOCS 1999, pp. 120–130. IEEE (1999)Google Scholar
  55. 55.
    Miles, E., Sahai, A., Zhandry, M.: Annihilation attacks for multilinear maps: cryptanalysis of indistinguishability obfuscation over GGH13. In: Advances in Cryptology—CRYPTO 2016, pp. 629–658. Springer (2016)Google Scholar
  56. 56.
    Okamoto, T., Pietrzak, K., Waters, B., Wichs, D.: New realizations of somewhere statistically binding hashing and positional accumulators. In: Advances in Cryptology—ASIACRYPT 2015, pp. 121–145. Springer (2015)Google Scholar
  57. 57.
    Okamoto, T., Takashima, K.: Efficient attribute-based signatures for non-monotone predicates in the standard model. IEEE Trans. Cloud Comput. 2(4), 409–421 (2014)CrossRefzbMATHGoogle Scholar
  58. 58.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Symposium on Theory of Computing—STOC 2014, pp. 475–484. ACM (2014)Google Scholar
  59. 59.
    Sakai, Y., Attrapadung, N., Hanaoka, G.: Attribute-based signatures for circuits from bilinear map. In: Public-Key Cryptography—PKC 2016, pp. 283–300. Springer (2016)Google Scholar
  60. 60.
    Tang, F., Li, H., Liang, B.: Attribute-based signatures for circuits from multilinear maps. In: Information Security—IS 2014, pp. 54–71. Springer (2014)Google Scholar
  61. 61.
    Waters, B.: A punctured programming approach to adaptively secure functional encryption. In: Advances in Cryptology—CRYPTO 2015, pp. 678–697. Springer (2015)Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  • Pratish Datta
    • 1
    Email author
  • Ratna Dutta
    • 2
  • Sourav Mukhopadhyay
    • 2
  1. 1.NTT Secure Platform LaboratoriesTokyoJapan
  2. 2.Department of MathematicsIIT KharagpurKharagpurIndia

Personalised recommendations