Skip to main content
SpringerLink
Log in

Computationally Private Randomizing Polynomials and Their Applications

  • Chapter
Cryptography in Constant Parallel Time

Part of the book series: Information Security and Cryptography ((ISC))

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This similarity is not coincidental as both concepts were raised in the context of secure multiparty computation. Indeed, an information theoretic variant of Yao’s garbled circuit technique was already used in [93] to construct low-degree randomized encoding for NC 1 functions.

  2. 2.

    Previous presentations of Yao’s garbled circuit relied on primitives that seem less likely to allow an NC 0 implementation. Specifically, [25, 115] require linear stretch PRG and [107] requires symmetric encryption that enjoys some additional properties.

  3. 3.

    This condition is redundant in the case of signatures and commitments, whose existence follows from the existence of a PRG. We will later describe a stronger result for such primitives.

  4. 4.

    By symmetric encryption we refer to (probabilistic) stateless encryption for multiple messages, where the parties do not maintain any state information other than the key. If parties are allowed to maintain synchronized states, symmetric encryption can be easily reduced in NC 0 to a PRG.

  5. 5.

    Applying the construction to circuits with a bounded fan-out, even linear length would suffice.

  6. 6.

    Security proofs for variants of this construction were given implicitly in [107, 128, 134] in the context of secure computation. However, they cannot be directly used in our context for different reasons. In particular, the analysis of [107] relies on a special form of symmetric encryption and does not achieve perfect correctness, while that of [128, 134] relies on a linear-stretch PRG.

  7. 7.

    In fact, each application of the encryption scheme will use some additional random bits. To simplify notation, we keep these random inputs implicit.

  8. 8.

    Specifically, the encryption is always invoked on messages whose length is bounded by \(\ell(n)\stackrel {\mathrm {def}}{{=}}O(|C_{n}|\cdot k)\), hence we can use (n)-one-time symmetric encryption.

  9. 9.

    In some cases, we will need to rely on perfect correctness, which we get “for free” in our main construction. See Table 4.2.

  10. 10.

    Similarly, assuming a linear-stretch PRG in NC 1, we can obtain, for every NC function, a (non-adaptive single-oracle) IHS in which the user is in NC 0 and the oracle is in NC.

  11. 11.

    Assuming that factoring is intractable (or, more generally, that there exists a OWF in SREN) it is provably impossible to obtain an NC 0 reduction from PRFs to sublinear stretch PRGs or OWFs. See Sect. 4.8.

  12. 12.

    For concreteness, we refer here only to the case of symmetric encryption, the case of other primitives which are NC 0-reducible to a PRF (such as identification schemes and MACs) is analogous.

  13. 13.

    Similar examples are the NC 1 transformation of one-to-one OWF to non-interactive commitment scheme (cf. [34]) and of distributionally OWF into standard OWF (cf. [90]).

  14. 14.

    Actually, for the composition theorem to go through, Definition 5.3 should be augmented by providing players and adversaries with auxiliary inputs. We ignore this technicality here, and note that the results in this section apply (with essentially the same proofs) to the augmented model as well.

  15. 15.

    To handle randomized functionalities we use the non-interactive secure reduction mentioned above. Now, we can (m−1)-securely reduce f to a single-output functionality by letting each party mask its output f i with a private randomness. That is, f′((x 1,r 1)…,(x m ,r m ))=((f 1(x 1)⊕r 1)∘⋯∘(f 1(x m )⊕r m )). As both reductions are non-interactive the resulting reduction is also non-interactive. Moreover, the circuit size of f′ is linear in the size of the circuit that computes the original function.

References

  1. Applebaum, B., Ishai, Y., Kushilevitz, E.: How to garble arithmetic circuits. In: Proc. of 52nd FOCS, pp. 120–129 (2011)

    Google Scholar 

  2. Beaver, D., Micali, S., Rogaway, P.: The round complexity of secure protocols (extended abstract). In: Proc. of 22nd STOC, pp. 503–513 (1990)

    Google Scholar 

  3. Bellare, M., Yung, M.: Certifying permutations: noninteractive zero-knowledge based on any trapdoor permutation. J. Cryptol. 9(3), 149–166 (1996). Preliminary version in Proc. of CRYPTO ’92

    Article  MATH  MathSciNet  Google Scholar 

  4. Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation. In: Proc. of 20th STOC, pp. 1–10 (1988)

    Google Scholar 

  5. Blum, M.: Coin flipping by telephone: a protocol for solving impossible problems. SIGACT News 15(1), 23–27 (1983)

    Article  Google Scholar 

  6. Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  7. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proc. of 42nd FOCS, pp. 136–145 (2001)

    Google Scholar 

  8. Chaum, D., Crépeau, C., Damgård, I.: Multiparty unconditionally secure protocols (extended abstract). In: Proc. of 20th STOC, pp. 11–19 (1988)

    Google Scholar 

  9. Cramer, R., Fehr, S., Ishai, Y., Kushilevitz, E.: Efficient multi-party computation over rings. In: Advances in Cryptology: Proc. of EUROCRYPT ’03, pp. 596–613 (2003)

    Chapter  Google Scholar 

  10. Damgård, I., Ishai, Y.: Scalable secure multiparty computation. In: Advances in Cryptology: Proc. of CRYPTO ’06, pp. 501–520 (2006)

    Google Scholar 

  11. Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Comput. 29(1), 1–28 (2000). Preliminary version in Proc. of 31st FOCS, 1990

    Article  MathSciNet  Google Scholar 

  12. Goldreich, O.: Foundations of Cryptography: Basic Tools. Cambridge University Press, Cambridge (2001)

    Book  Google Scholar 

  13. Goldreich, O.: Foundations of Cryptography: Basic Applications. Cambridge University Press, Cambridge (2004)

    Book  Google Scholar 

  14. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33, 792–807 (1986)

    Article  MathSciNet  Google Scholar 

  15. Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. J. Cryptol. 9(2), 167–189 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  16. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game (extended abstract). In: Proc. of 19th STOC, pp. 218–229 (1987)

    Google Scholar 

  17. Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984). Preliminary version in Proc. of STOC ’82

    Article  MATH  MathSciNet  Google Scholar 

  18. Haitner, I., Reingold, O., Vadhan, S.P.: Efficiency improvements in constructing pseudorandom generators from one-way functions. In: Proc. of 42nd STOC, pp. 437–446 (2010)

    Google Scholar 

  19. Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography. In: Proc. of 30th FOCS, pp. 230–235 (1989)

    Google Scholar 

  20. Ishai, Y., Kushilevitz, E.: Randomizing polynomials: a new representation with applications to round-efficient secure computation. In: Proc. of 41st FOCS, pp. 294–304 (2000)

    Google Scholar 

  21. Ishai, Y., Kushilevitz, E.: Perfect constant-round secure computation via perfect randomizing polynomials. In: Proc. of 29th ICALP, pp. 244–256 (2002)

    Google Scholar 

  22. Lindell, Y., Pinkas, B.: A proof of Yao’s protocol for secure two-party computation. Electron. Colloq. Comput. Complex. 11, 063 (2004)

    Google Scholar 

  23. Linial, N., Mansour, Y., Nisan, N.: Constant depth circuits, Fourier transform, and learnability. J. ACM 40(3), 607–620 (1993). Preliminary version in Proc. of 30th FOCS, 1989

    MATH  MathSciNet  Google Scholar 

  24. Naor, M.: Bit commitment using pseudorandomness. J. Cryptol. 4, 151–158 (1991)

    MATH  MathSciNet  Google Scholar 

  25. Naor, M., Pinkas, B., Sumner, R.: Privacy preserving auctions and mechanism design. In: Proc. of 1st ACM Conference on Electronic Commerce, pp. 129–139 (1999)

    Chapter  Google Scholar 

  26. Naor, M., Reingold, O.: Synthesizers and their application to the parallel construction of pseudo-random functions. J. Comput. Syst. Sci. Int. 58(2), 336–375 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  27. Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. J. ACM 51(2), 231–262 (2004). Preliminary version in Proc. of 38th FOCS, 1997

    MATH  MathSciNet  Google Scholar 

  28. Reingold, O., Trevisan, L., Vadhan, S.: Notions of reducibility between cryptographic primitives. In: Proc. of 1st TCC ’04. LNCS, vol. 2951, pp. 1–20 (2004)

    Google Scholar 

  29. Rogaway, P.: The round complexity of secure protocols. PhD thesis, MIT (1991)

    Google Scholar 

  30. Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28(4), 656–715 (1949)

    Article  MATH  MathSciNet  Google Scholar 

  31. Tate, S.R., Xu, K.: On garbled circuits and constant round secure function evaluation. CoPS Lab Technical Report 2003-02, University of North Texas (2003)

    Google Scholar 

  32. Viola, E.: On constructing parallel pseudorandom generators from one-way functions. In: Proc. of 20th Conference on Computational Complexity (CCC), pp. 183–197 (2005)

    Google Scholar 

  33. Yao, A.C.: How to generate and exchange secrets. In: Proc. of 27th FOCS, pp. 162–167 (1986)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical Engineering, Tel Aviv University, Tel Aviv, Israel

    Benny Applebaum

Authors
  1. Benny Applebaum
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Applebaum, B. (2014). Computationally Private Randomizing Polynomials and Their Applications. In: Cryptography in Constant Parallel Time. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17367-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17367-7_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17366-0

  • Online ISBN: 978-3-642-17367-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation