Algebraic Attacks against Random Local Functions and Their Countermeasures

Applebaum, Benny; Lovett, Shachar

doi:10.1137/16m1085942

Cited by 23 publications

(31 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Algebraic attacks have been introduced in [Pat95] and were later extended and abstracted in [Cou01,CM03,Cou03]. More recently, [AL18] formalized the notion of algebraic attacks in the study of random local functions.…”

Section: Resistance Against Algebraic Attacksmentioning

confidence: 99%

Correlated Pseudorandom Functions from Variable-Density LPN

Boyle

Couteau

Gilboa

et al. 2020

2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS)

View full text Add to dashboard Cite

Correlated secret randomness is a useful resource for many cryptographic applications. We initiate the study of pseudorandom correlation functions (PCFs) that offer the ability to securely generate virtually unbounded sources of correlated randomness using only local computation. Concretely, a PCF is a keyed function F k such that for a suitable joint key distribution (k 0 , k 1 ), the outputs (f k0 (x), f k1 (x)) are indistinguishable from instances of a given target correlation. An essential security requirement is that indistinguishability hold not only for outsiders, who observe the pairs of outputs, but also for insiders who know one of the two keys.We present efficient constructions of PCFs for a broad class of useful correlations, including oblivious transfer and multiplication triple correlations, from a variable-density variant of the Learning Parity with Noise assumption (VDLPN). We also present several cryptographic applications that motivate our efficient PCF constructions.The VDLPN assumption is independently motivated by two additional applications. First, different flavors of this assumption give rise to weak pseudorandom function candidates in depth-2 AC 0 [⊕] that can be conjectured to have subexponential security, matching the best known learning algorithms for this class. This is contrasted with the quasipolynomial security of previous (higher-depth) AC 0 [⊕] candidates. We support our conjectures by proving resilience to several classes of attacks. Second, VDLPN implies simple constructions of pseudorandom generators and weak pseudorandom functions with security against XOR related-key attacks.

show abstract

Section: Resistance Against Algebraic Attacksmentioning

confidence: 99%

Correlated Pseudorandom Functions from Variable-Density LPN

Boyle

Couteau

Gilboa

et al. 2020

2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS)

View full text Add to dashboard Cite

show abstract

“…The existence of PRGs in NC 0 was first considered by Cryan and Miltersen in [CM01]. Remarkably, it was shown by Applebaum,Ishai,and Kushilevitz [AIK04,AIK08] that cryptographically secure pseudorandom generators (with linear stretch m = O(n)) exist in a complexity class as low as NC 0 4 (the class of constant depth, polysize circuits where each output bit depends on at most 4 input bits), under widely believed standard assumption for the case of PRG with sublinear stretch (such as factorization, or discrete logarithm), and under a specific intractability assumption related to the hardness of decoding "sparsely generated" linear codes, for the case of PRG with linear stretch. While this essentially settled the question of the existence of linear stretch PRGs in NC 0 , an intriguing open question remained: could PRGs in NC 0 have polynomial stretch, m = poly(n)?…”

Section: Random Local Functionsmentioning

confidence: 99%

“…In addition to the above (non-exhaustive) overview, we note that the existence of poly-stretch local pseudorandom generators also enjoys interesting complexity-theoretic implications. For example, they have been shown in [AIK08] to imply strong (tight) bounds on the average-case inapproximability of constraints satisfactions problems such as Max3SAT.…”

Section: Implications Of Polynomial-stretch Local Pseudorandom Generamentioning

confidence: 99%

On the Concrete Security of Goldreich’s Pseudorandom Generator

Couteau

Dupin

Méaux

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Local pseudorandom generators allow to expand a short random string into a long pseudorandom string, such that each output bit depends on a constant number d of input bits. Due to its extreme efficiency features, this intriguing primitive enjoys a wide variety of applications in cryptography and complexity. In the polynomial regime, where the seed is of size n and the output of size n s for s > 1, the only known solution, commonly known as Goldreich's PRG, proceeds by applying a simple d-ary predicate to public random sized subsets of the bits of the seed. While the security of Goldreich's PRG has been thoroughly investigated, with a variety of results deriving provable security guarantees against class of attacks in some parameter regimes and necessary criteria to be satisfied by the underlying predicate, little is known about its concrete security and efficiency. Motivated by its numerous theoretical applications and the hope of getting practical instantiations for some of them, we initiate a study of the concrete security of Goldreich's PRG, and evaluate its resistance to cryptanalytic attacks. Along the way, we develop a new guess-and-determine-style attack, and identify new criteria which refine existing criteria and capture the security guarantees of candidate local PRGs in a more fine-grained way.

show abstract

“…This is a remarkable development: until recently, we had IO candidates based on constant degree (most recently, degree 5) multilinear maps and constant locality (most recently, locality 5) PRGs. We did not have any candidates for the degree 5 multilinear maps that satisfied the required assumptions (namely, a version of the decisional Diffie-Hellman assumption); however, we did have candidates for locality 5 PRGs that are known to resist a large class of attacks [OW14,AL16]. The Lin-Tessaro result dramatically changed the landscape by shifting the burden of existence from degree 5 multilinear maps to pseudorandom generators with (so-called) blockwise locality 2 and polynomial stretch.…”

Section: Introductionmentioning

confidence: 99%

Limits on the Locality of Pseudorandom Generators and Applications to Indistinguishability Obfuscation

Lombardi

Vaikuntanathan

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Lin and Tessaro (ePrint 2017) recently proposed indistinguishability obfuscation (IO) and functional encryption (FE) candidates and proved their security based on two assumptions: a standard assumption on bilinear maps and a non-standard assumption on "Goldreich-like" pseudorandom generators. In a nutshell, their second assumption requires the existence of pseudorandom generators G : [q] n → {0, 1} m for some poly(n)-size alphabet q, each of whose output bits depend on at most two in put alphabet symbols, and which achieve sufficiently large stretch.We show polynomial-time attacks against such generators, invalidating the security of the IO and FE candidates. Our attack uses tools from the literature on two-source extractors (Chor and Goldreich, SICOMP 1988) and efficient refutation of random 2-XOR instances (Charikar and Wirth, FOCS 2004).

show abstract

Algebraic Attacks against Random Local Functions and Their Countermeasures

Cited by 23 publications

References 42 publications

Correlated Pseudorandom Functions from Variable-Density LPN

Correlated Pseudorandom Functions from Variable-Density LPN

On the Concrete Security of Goldreich’s Pseudorandom Generator

Limits on the Locality of Pseudorandom Generators and Applications to Indistinguishability Obfuscation

Contact Info

Product

Resources

About