## CryptoDB

### Paper: Constraining and Watermarking PRFs from Milder Assumptions

Authors: Chris Peikert Sina Shiehian DOI: 10.1007/978-3-030-45374-9_15 Search ePrint Search Google Constrained pseudorandom functions (C-PRFs) let the possessor of a secret key delegate the ability to evaluate the function on certain authorized inputs, while keeping the remaining function values pseudorandom. A constraint-hiding constrained PRF (CHC-PRF) additionally conceals the predicate that determines which inputs are authorized. These primitives have a wealth of applications, including watermarking schemes, symmetric deniable encryption, and updatable garbled circuits. Recent works have constructed (CH)C-PRFs from rather aggressive parameterizations of Learning With Errors (LWE) with subexponential modulus-noise ratios, even for relatively simple “puncturing” or $ext {NC}^{1}$ circuit constraints. This corresponds to strong lattice assumptions and inefficient constructions, and stands in contrast to LWE-based unconstrained PRFs and fully homomorphic encryption schemes, which can be based on quasi-polynomial or even (nearly) polynomial modulus-noise ratios. In this work we considerably improve the LWE assumptions needed for building (constraint-hiding) constrained PRFs and watermarking schemes. In particular, for CHC-PRFs and related watermarking schemes we improve the modulus-noise ratio to $lambda ^{O((d+log lambda ) log lambda )}$ for depth- d circuit constraints, which is merely quasi-polynomial for $ext {NC}^{1}$ circuits and closely related watermarking schemes. For (constraint-revealing) C-PRFs for $ext {NC}^{1}$ we do even better, obtaining a nearly polynomial $lambda ^{omega (1)}$ ratio. These improvements are partly enabled by slightly modifying the definition of C-PRFs, in a way that is still compatible with many of their applications. Finally, as a contribution of independent interest we build CHC-PRFs for special constraint classes from generic , weaker assumptions: we obtain bit-fixing constraints based on the minimal assumption of one-way functions, and hyperplane-membership constraints based on key-homomorphic PRFs.
##### BibTeX
@article{pkc-2020-30295,
title={Constraining and Watermarking PRFs from Milder Assumptions},
booktitle={Public-Key Cryptography – PKC 2020},
series={Public-Key Cryptography – PKC 2020},
publisher={Springer},
volume={12110},
pages={431-461},
doi={10.1007/978-3-030-45374-9_15},
author={Chris Peikert and Sina Shiehian},
year=2020
}