SPRING: Fast Pseudorandom Functions from Rounded Ring Products
Recently, Banerjee, Peikert and Rosen (EUROCRYPT 2012) proposed new theoretical pseudorandom function candidates based on “rounded products” in certain polynomial rings, which have rigorously provable security based on worst-case lattice problems. The functions also enjoy algebraic properties that make them highly parallelizable and attractive for modern applications, such as evaluation under homomorphic encryption schemes. However, the parameters required by BPR’s security proofs are too large for practical use, and many other practical aspects of the design were left unexplored in that work.
In this work we give two concrete and practically efficient instantiations of the BPR design, which we call SPRING, for “subset-product with rounding over a ring.” One instantiation uses a generator matrix of a binary BCH error-correcting code to “determinstically extract” nearly random bits from a (biased) rounded subset-product. The second instantiation eliminates bias by working over suitable moduli and decomposing the computation into “Chinese remainder” components.
We analyze the concrete security of these instantiations, and provide initial software implementations whose throughputs are within small factors (as small as 4.5) of those of AES.
KeywordsPseudorandom functions Noisy learning problems Learning with rounding Lattices
- [ACPR13]Alberini, G., Crockett, E., Peikert, C., Rosen, A.: Fast homomorphic evaluation of symmetric-key primitives (2013) (Manuscript)Google Scholar
- [AR13]Alberini, G., Rosen, A.: Efficient rounding procedures of biased samples (2013) (Manuscript)Google Scholar
- [eBA]eBACS: ECRYPT Benchmarking of Cryptographic Systems. http://bench.cr.yp.to. Accessed 11 Nov 2013
- [LBF08]Leurent, G., Bouillaguet, C., Fouque. P.-A.: SIMD Is a Message Digest. Submission to NIST (2008). http://www.di.ens.fr/~leurent/files/SIMD.pdf
- [MV10]Miccianciom, D., Voulgaris, P.: Faster exponential time algorithms for the shortest vector problem. In: SODA, pp. 1468–1480 (2010)Google Scholar
- [NIS77]NIST. FIPS 46–3. Data Encryption Standard. Federal Information Processing Standards, National Bureau of Standards, US Department of Commerce (1977)Google Scholar
- [Pei09]Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem. In: STOC, pp. 333–342 (2009)Google Scholar
- [vdPS13]van de Pol, J., Smart, N.P.: Estimating key sizes for high dimensional lattice based systems. Cryptology ePrint Archive, Report 2013/630 (2013). http://eprint.iacr.org/