Advertisement

Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems

  • Benny Applebaum
  • David Cash
  • Chris Peikert
  • Amit Sahai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5677)

Abstract

The well-studied task of learning a linear function with errors is a seemingly hard problem and the basis for several cryptographic schemes. Here we demonstrate additional applications that enjoy strong security properties and a high level of efficiency. Namely, we construct:
  1. 1

    Public-key and symmetric-key cryptosystems that provide security for key-dependent messages and enjoy circular security. Our schemes are highly efficient: in both cases the ciphertext is only a constant factor larger than the plaintext, and the cost of encryption and decryption is only n·polylog(n) bit operations per message symbol in the public-key case, and polylog(n) bit operations in the symmetric-case.

     
  2. 1

    Two efficient pseudorandom objects: a “weak randomized pseudorandom function” — a relaxation of standard PRF — that can be computed obliviously via a simple protocol, and a length-doubling pseudorandom generator that can be computed by a circuit of n ·polylog(n) size. The complexity of our pseudorandom generator almost matches the complexity of the fastest known construction (Applebaum et al., RANDOM 2006), which runs in linear time at the expense of relying on a nonstandard intractability assumption.

     

Our constructions and security proofs are simple and natural, and involve new techniques that may be of independent interest. In addition, by combining our constructions with prior ones, we get fast implementations of several other primitives and protocols.

Keywords

Encryption Key-dependent message security Learning problems Lattice-based cryptography 

References

  1. 1.
    Adão, P., Bana, G., Herzog, J., Scedrov, A.: Soundness of formal encryption in the presence of key-cycles. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 374–396. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Albrecht, M., Bard, G., Hart, W.: Efficient multiplication of dense matrices over gf(2). CoRR, abs/0811.1714 (2008)Google Scholar
  3. 3.
    Alekhnovich, M.: More on average case vs approximation complexity. In: Proc. 44th FOCS, pp. 298–307 (2003)Google Scholar
  4. 4.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography in NC0. SIAM J. Comput. 36(4), 845–888 (2006); Preliminary version in Proc. 45th FOCS (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: On pseudorandom generators with linear stretch in NC0. In: Díaz, J., Jansen, K., Rolim, J.D.P., Zwick, U. (eds.) APPROX 2006 and RANDOM 2006. LNCS, vol. 4110, pp. 260–271. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Applebaum, B., Ishai, Y., Kushilevitz, E.: Cryptography with constant input locality. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 92–110. Springer, Heidelberg (2007); full version in, http://www.cs.princeton.edu/~bappelba/pubs/input-locality-full.pdfCrossRefGoogle Scholar
  7. 7.
    Backes, M., Dürmuth, M., Unruh, D.: OAEP is secure under key-dependent messages. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 506–523. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Backes, M., Pfitzmann, B., Scedrov, A.: Key-dependent message security under active attacks - BRSIM/UC-soundness of symbolic encryption with key cycles. In: CSF, pp. 112–124 (2007)Google Scholar
  9. 9.
    Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Blum, A., Furst, M.L., Kearns, M.J., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278–291. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  11. 11.
    Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM 50(4), 506–519 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Bogdanov, A., Mertens, M.C.: A parallel hardware architecture for fast gaussian elimination over gf(2). In: FCCM 2006: Proceedings of the 14th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, Washington, DC, USA, pp. 237–248. IEEE Computer Society, Los Alamitos (2006)CrossRefGoogle Scholar
  13. 13.
    Boneh, D., Halevi, S., Hamburg, M., Ostrovsky, R.: Circular-secure encryption from decision Diffie-Hellman. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 108–125. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Camenisch, J., Chandran, N., Shoup, V.: A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks. Cryptology ePrint Archive, Report 2008/375 (2008)Google Scholar
  15. 15.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Coppersmith, D.: Rapid multiplication of rectangular matrices. SICOMP: SIAM Journal on Computing 11 (1982)Google Scholar
  17. 17.
    Damgård, I.B., Nielsen, J.B.: An efficient pseudo-random generator with applications to public-key encryption and constant-round multiparty computation (unpublished) (2002)Google Scholar
  18. 18.
    Dedic, N., Reyzin, L., Vadhan, S.P.: An improved pseudorandom generator based on hardness of factoring. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 88–101. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Dodis, Y., Kalai, Y.T., Lovett, S.: Cryptography with auxiliary inputs. In: Proc. 41st STOC (2009)Google Scholar
  20. 20.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. CACM: Communications of the ACM 28 (1985)Google Scholar
  21. 21.
    Feldman, V., Gopalan, P., Khot, S., Ponnuswami, A.K.: New results for learning noisy parities and halfspaces. In: FOCS, pp. 563–574 (2006)Google Scholar
  22. 22.
    Fischer, J.-B., Stern, J.: An efficient pseudo-random generator provably as secure as syndrome decoding. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 245–255. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  23. 23.
    Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    Gennaro, R.: An improved pseudo-random generator based on the discrete logarithm problem. J. Cryptology 18(2), 91–110 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197–206 (2008)Google Scholar
  26. 26.
    Gilbert, H., Robshaw, M.J.B., Seurin, Y.: How to encrypt with the LPN problem. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 679–690. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  27. 27.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. of the ACM 33, 792–807 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Haitner, I., Holenstein, T.: On the (im)possibility of key dependent encryption. In: TCC, pp. 202–219 (2009)Google Scholar
  29. 29.
    Halevi, S., Krawczyk, H.: Security under key-dependent inputs. In: CCS 2007, pp. 466–475 (2007)Google Scholar
  30. 30.
    Hazay, C., Lindell, Y.: Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 155–175. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  31. 31.
    Hofheinz, D., Unruh, D.: Towards key-dependent message security in the standard model. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 108–126. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  32. 32.
    Hopper, N.J., Blum, M.: Secure human identification protocols. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 52–66. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  33. 33.
    Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  34. 34.
    Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Cryptography with constant computational overhead. In: Proc. 40th STOC (2008)Google Scholar
  35. 35.
    Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 293–308. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  36. 36.
    Katz, J., Shin, J.S.: Parallel and concurrent security of the HB and HB\(^{\mbox{+}}\) protocols. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 73–87. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  37. 37.
    Klivans, A.R., Sherstov, A.A.: Cryptographic hardness for learning intersections of halfspaces. In: FOCS, pp. 553–562 (2006)Google Scholar
  38. 38.
    Krause, M., Lucks, S.: On the minimal hardware complexity of pseudorandom function generators (extended abstract). In: Ferreira, A., Reichel, H. (eds.) STACS 2001. LNCS, vol. 2010, pp. 419–430. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  39. 39.
    Micciancio, D.: Improving lattice based cryptosystems using the Hermite normal form. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 126–145. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  40. 40.
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007); Preliminary version in FOCS 2004 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  41. 41.
    Micciancio, D., Regev, O.: Lattice-based cryptography. In: Post Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  42. 42.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. J. ACM 51(2), 231–262 (2004); Preliminary version in Proc. 38th FOCS (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  43. 43.
    Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem. In: STOC (2009)Google Scholar
  44. 44.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  45. 45.
    Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: STOC, pp. 187–196 (2008)Google Scholar
  46. 46.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84–93 (2005)Google Scholar
  47. 47.
    Spielman, D.A.: Linear-time encodable and decodable error-correcting codes. In: Proc. 27th STOC, pp. 388–397 (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Benny Applebaum
    • 1
  • David Cash
    • 2
  • Chris Peikert
    • 3
  • Amit Sahai
    • 4
  1. 1.Princeton UniversityUSA
  2. 2.Georgia Institute of TechnologyUSA
  3. 3.SRI InternationalUSA
  4. 4.UCLAUSA

Personalised recommendations