SPRING: Fast Pseudorandom Functions from Rounded Ring Products

Abstract: Abstract. Recently, Banerjee, Peikert and Rosen (EUROCRYPT 2012) proposed new theoretical pseudorandom function candidates based on "rounded products" in certain polynomial rings, which have rigorously provable security based on worst-case lattice problems. The functions also enjoy algebraic properties that make them highly parallelizable and attractive for modern applications, such as evaluation under homomorphic encryption schemes. However, the parameters required by BPR's security proofs are too large for… Show more

“…Consequently, AES-256-GCM is also included in the comparison, which is 128-bit secure in the post-quantum setting. The three proposed schemes LAE1, LAE2, and LAE3 are implemented based on the SPRING implementation provided by its designers [27]. The implementation of the SPRING function in LAE3 and in the authentication part of LAE1 cannot make use of the optimizations introduced in [27,Section 3] regarding the Gray-code input.…”

“…The SPRING pseudorandom function, presented by SPR K : f0; 1g n ! f0; 1g`in this paper, is the SPRING-CRT function in the work of Banerjee et al [27]. This function is de ned as follows:…”

“…Moreover, the length of extra key K 3 is n bits, which is much smaller than the size of SPRING keys K 1 and K 2 (see Section 5 for the e ciency results). Similar to [27], to achieve a better performance, the SPRING input in the encryption part is designed to be a Gray-code counter, consisting of a xed part N and the Gray-code encoding of the block number.…”

“…The authors would like to thank Banerjee et al [27] for providing the source code of their SPRING implementation. They also thank Mohammad Razeghi for his assistance in the implementation of the proposed schemes.…”

“…PRFs are widely used in the design of symmetric cryptosystems. Subsequently, Banerjee et al [27] proposed an e cient instantiation of this PRF called SPRING. They used SPRING in the counter (CTR) mode of operation to build a lattice-based symmetric encryption.…”

Practical Provably-Secure Authenticated Encryption Schemes Using Lattice-based Pseudorandom Function SPRING

“…Consequently, AES-256-GCM is also included in the comparison, which is 128-bit secure in the post-quantum setting. The three proposed schemes LAE1, LAE2, and LAE3 are implemented based on the SPRING implementation provided by its designers [27]. The implementation of the SPRING function in LAE3 and in the authentication part of LAE1 cannot make use of the optimizations introduced in [27,Section 3] regarding the Gray-code input.…”

“…The SPRING pseudorandom function, presented by SPR K : f0; 1g n ! f0; 1g`in this paper, is the SPRING-CRT function in the work of Banerjee et al [27]. This function is de ned as follows:…”

“…Moreover, the length of extra key K 3 is n bits, which is much smaller than the size of SPRING keys K 1 and K 2 (see Section 5 for the e ciency results). Similar to [27], to achieve a better performance, the SPRING input in the encryption part is designed to be a Gray-code counter, consisting of a xed part N and the Gray-code encoding of the block number.…”

“…The authors would like to thank Banerjee et al [27] for providing the source code of their SPRING implementation. They also thank Mohammad Razeghi for his assistance in the implementation of the proposed schemes.…”

“…PRFs are widely used in the design of symmetric cryptosystems. Subsequently, Banerjee et al [27] proposed an e cient instantiation of this PRF called SPRING. They used SPRING in the counter (CTR) mode of operation to build a lattice-based symmetric encryption.…”

Practical Provably-Secure Authenticated Encryption Schemes Using Lattice-based Pseudorandom Function SPRING

Towards Practical GGM-Based PRF from (Module-)Learning-with-Rounding

Pseudorandom Functions: Three Decades Later