Abstract
Distributed pseudorandom functions (DPRFs) formally defined by Naor et al. (EUROCRYPT’99) provide the properties of regular PRFs as well as the ability to distribute the evaluation of the PRF function; rendering them useful against single point of failures in multiple settings (e.g., key distribution centres). To avoid the corruption of the partial PRF values computed by distributed servers, Naor et al. proposed the notion of robust distributed PRFs, which not only allows the evaluation of the PRF value by a set of distributed servers, but also allows to verify if the partial evaluation values are computed correctly.
In this paper, we investigate different approaches to build non-interactive robust distributed PRFs for a general class of access structures, going beyond the existing threshold and monotone span programs (MSP). More precisely, our contributions are two fold: (i) we first adapt the notion of single round robust distributed PRFs for threshold access structures to one for any mNP access structure (monotone functions in NP), and (ii) we provide a provably secure general construction of robust distributed PRFs by employing puncturable PRFs, a non-interactive witness indistinguishable proof (NIWI) and indistinguishable obfuscation. We compare our robust DPRF with existing DPRFs in terms of security guarantees, underlying assumptions and required primitives.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Except of the case where a non-interactive proof is computed in the random oracle model.
References
Barak, B., Ong, S.J., Vadhan, S.: Derandomization in cryptography. SIAM J. Comput. 37(2), 380–400 (2007)
Bitansky, N., Paneth, O.: ZAPs and non-interactive witness indistinguishability from indistinguishability obfuscation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 401–427. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46497-7_16
Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_3
Boneh, D., et al.: Threshold cryptosystems from threshold fully homomorphic encryption. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 565–596. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_19
Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_23
Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 280–300. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_15
Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 337–367. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_12
Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing: improvements and extensions. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1292–1303. ACM (2016)
Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 501–519. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_29
De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge with preprocessing. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 269–282. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_21
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Proceedings of FOCS 2013, pp. 40–49. IEEE Computer Society, Washington (2013)
Gennaro, R., Goldfeder, S., Narayanan, A.: Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 156–174. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_9
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust and efficient sharing of RSA functions. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 157–172. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_13
Gorbunov, S., Vaikuntanathan, V., Wichs, D.: Leveled fully homomorphic signatures from standard lattices. In: Proceedings of STOC 2015, pp. 469–477. ACM, New York (2015)
Goyal, R., Hohenberger, S., Koppula, V., Waters, B.: A generic approach to constructing and proving verifiable random functions. Technical report, IACR Cryptology ePrint Archive (2017)
Grigni, M., Sipser, M.: Monotone complexity (1990)
Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. J. ACM (JACM) 59(3), 11 (2012)
Jain, A., Rasmussen, P.M., Sahai, A.: Threshold fully homomorphic encryption. IACR Cryptology ePrint Archive, 2017:257 (2017). https://eprint.iacr.org/2017/257
Kiayias, A., Papadopoulos, S., Triandopoulos, N., Zacharias, T.: Delegatable pseudorandom functions and applications. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 669–684. ACM, New York (2013)
Komargodski, I., Naor, M., Yogev, E.: Secret-sharing for NP. J. Cryptol. 30(2), 444–469 (2017)
Komargodski, I., Zhandry, M.: Cutting-edge cryptography through the lens of secret sharing. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9563, pp. 449–479. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49099-0_17
Liang, B., Mitrokotsa, A.: Distributed pseudorandom functions for general access structures in NP. In: Qing, S., Mitchell, C., Chen, L., Liu, D. (eds.) ICICS 2017. LNCS, vol. 10631, pp. 81–87. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89500-0_7
Libert, B., Stehlé, D., Titiu, R.: Adaptively secure distributed PRFs from LWE. IACR Cryptology ePrint Archive, 2018:927 (2018). https://eprint.iacr.org/2018/927
McEliece, R.J., Sarwate, D.V.: On sharing secrets and reed-solomon codes. Commun. ACM 24(9), 583–584 (1981)
Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: Proceedings of FOCS 1999, pp. 120–130 (1999)
Naor, M., Pinkas, B., Reingold, O.: Distributed pseudo-random functions and KDCs. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 327–346. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_23
Nielsen, J.B.: A threshold pseudorandom function construction and its applications. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 401–416. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_26
Nisan, N., Wigderson, A.: Hardness vs randomness. J. Comput. Syst. Sci. 49(2), 149–167 (1994)
Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Proceedings of STOC 2014, pp. 475–484. ACM (2014)
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22
Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_15
Stinson, D.R., Strobl, R.: Provably secure distributed schnorr signatures and a (t, n) threshold scheme for implicit certificates. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 417–434. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-47719-5_33
Acknowledgements
This work was partially supported by the Swedish Research Council (Vetenskapsrådet) through the grant PRECIS (621-2014-4845).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
1.1 A.1 Preliminaries
Definition 5
(Indistinguishability obfuscation [11]). A probabilistic polynomial time (PPT) algorithm \(i\mathcal {O}\) is said to be an indistinguishability obfuscator for a circuit class \(\{\mathcal {C}_{\lambda }\}\), if the following conditions are satisfied:
-
For all security parameters \(\lambda \in \mathbb {N}\), for all \(C\in C_{\lambda }\), for all inputs x, we have that
$$\begin{aligned} \mathrm {Pr}[C'(x)=C(x): C'\leftarrow i\mathcal {O}(\lambda , C)]=1. \end{aligned}$$ -
For any (not necessarily uniform) PPT adversaries \((\textsf {Samp}, D)\), there exists a negligible function \(negl(\cdot )\) such that the following holds: if \(\mathrm {Pr}[\forall x, C_0(x)=C_1(x):(C_0,C_1,\sigma )\leftarrow \textsf {Samp}(1^{\lambda })]>1-negl(\lambda )\), then we have:
$$\begin{aligned} \begin{aligned} \big |&\mathrm {Pr}[D(\sigma ,i\mathcal {O}(\lambda ,C_{0}))=1:(C_0,C_1,\sigma )\leftarrow \textsf {Samp}(1^{\lambda })] \\&-\mathrm {Pr}[D(\sigma ,i\mathcal {O}(\lambda ,C_{1}))=1:(C_0,C_1,\sigma )\leftarrow \textsf {Samp}(1^{\lambda })]\big |\le negl(\lambda ). \end{aligned} \end{aligned}$$
Definition 6
(Puncturable PRFs [29]). A puncturable family of PRFs F mapping is given by a triple of Turing Machines \((\textsf {Setup}_{F}\), \(\textsf {Puncture}_{F}\), and \(\textsf {Eval}_{F})\), and a pair of computable functions \(\tau _{1}(\cdot )\) and \(\tau _{2}(\cdot )\), satisfying the following conditions:
-
(Functionality preserved under puncturing) For every PPT adversary \(\mathcal {A}\) such that \(\mathcal {A}(1^{\lambda })\) outputs a set \(S\subseteq \{0, 1\}^{\tau _{1}(\lambda )}\), then for all \(x\in \{0, 1\}^{\tau _{1}(\lambda )}\) where \(x\notin S\), we have that:
$$\begin{aligned} \mathrm {Pr}[\textsf {Eval}_{F}(K, x)=\textsf {Eval}_{F}(K_{S}, x):&K\leftarrow \textsf {Setup}_{F}(1^{\lambda }),\\&K_{S}= \textsf {Puncture}_{F}(K, S)]= 1. \end{aligned}$$ -
(Pseudorandom at punctured points) For every PPT adversary \((\mathcal {A}_{1},\mathcal {A}_{2})\) such that \(\mathcal {A}_{1}(1^{\lambda })\) outputs a set \(S\subseteq \{0, 1\}^{\tau _{1}(\lambda )}\) and state \(\sigma \), consider an experiment where \(K\leftarrow \textsf {Setup}_{F}(1^{\lambda })\) and \(K_{S}=\textsf {Puncture}_{F}(K, S)\). Then, we have:
$$\begin{aligned} \big |\mathrm {Pr}[\mathcal {A}_{2}(\sigma ,K_{S}, S, \textsf {Eval}_{F}(K, S))&= 1] \\&-\mathrm {Pr}[\mathcal {A}_{2}(\sigma ,K_{S}, S, U_{\tau _{2}(\lambda )\cdot |S|})= 1]\big |= negl(\lambda ), \end{aligned}$$
where \(\textsf {Eval}_{F}(K, S)\) denotes the concatenation of \(\textsf {Eval}_{F}(K, x_1),\ldots ,\textsf {Eval}_{F}(K, x_k)\) where \(S= \{x_1,\ldots , x_k\}\) is the enumeration of the elements of S in lexicographic order, \(negl(\cdot )\) is a negligible function, and \(U_{\tau _{2}(\lambda )\cdot |S|}\) denotes the uniform distribution over \(\tau _{2}(\lambda )\cdot |S|\) bits.
Theorem 2
[29] If one-way functions exist, then for all efficiently computable functions \(\tau _{1}(\lambda )\) and \(\tau _{2}(\lambda )\), there exists a family of puncturable PRFs that maps \(\tau _{1}(\lambda )\) bits to \(\tau _{2}(\lambda )\) bits.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Liang, B., Mitrokotsa, A. (2019). Robust Distributed Pseudorandom Functions for mNP Access Structures. In: Lin, Z., Papamanthou, C., Polychronakis, M. (eds) Information Security. ISC 2019. Lecture Notes in Computer Science(), vol 11723. Springer, Cham. https://doi.org/10.1007/978-3-030-30215-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-30215-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30214-6
Online ISBN: 978-3-030-30215-3
eBook Packages: Computer ScienceComputer Science (R0)