Computationally private randomizing polynomials and their applications

Binyamin Applebaum*, Yuval Ishai, Eyal Kushilevitz

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


Randomizing polynomials allow to represent a function f(x) by a low-degree randomized mapping f̂(x,r) whose output distribution on an input x is a randomized encoding of f(x). It is known that any function f in ⊕L/poly (and in particular in NC 1) can be efficiently represented by degree-3 randomizing polynomials. Such a degree-3 representation gives rise to an NC 4 0 representation, in which every bit of the output depends on only 4 bits of the input. In this paper, we study the relaxed notion of computationally private randomizing polynomials, where the output distribution of f̂(x, r) should only be computationally indistinguishable from a randomized encoding of f(x). We construct degree-3 randomizing polynomials of this type for every polynomial-time computable function, assuming the existence of a cryptographic pseudorandom generator (PRO) in ⊕L/poly. (The latter assumption is implied by most standard intractability assumptions used in cryptography.) This result is obtained by combining a variant of Yao's garbled circuit technique with previous "information-theoretic" constructions of randomizing polynomials. We then present the following applications: Relaxed assumptions for cryptography in NC 0. Assuming a PRG in ⊕L/poly, the existence of an arbitrary public-key encryption, commitment, or signature scheme implies the existence of such a scheme in NC 4 0. Previously, one needed to assume the existence of such schemes in ⊕L/po/y or similar classes. New parallel reductions between cryptographic primitives. We show that even some relatively complex cryptographic primitives, including (state-less) symmetric encryption and digital signatures, are NC 0-reducible to a PRG. No parallel reductions of this type were previously known, even in NC. Our reductions make a non-black-box use of the underlying PRG. Application to secure multi-party computation. Assuming a PRG in ⊕L/poly, the task of computing an arbitrary (polynomial-time computable) function with computational security efficiently reduces to that of securely computing degree-3 polynomials. This gives rise to new, conceptually simpler, constant-round protocols for general functions.

Original languageEnglish
Title of host publication20th Annual IEEE Conference on Computational Complexity
Place of PublicationSan Jose, California
Number of pages15
StatePublished - 11 Jun 2005
Externally publishedYes
Event20th Annual IEEE Conference on Computational Complexity - San Jose, CA, United States
Duration: 11 Jun 200515 Jun 2005

Publication series

NameProceedings of the Annual IEEE Conference on Computational Complexity
PublisherIEEE Computer Society
ISSN (Print)1093-0159


Conference20th Annual IEEE Conference on Computational Complexity
Country/TerritoryUnited States
CitySan Jose, CA


Dive into the research topics of 'Computationally private randomizing polynomials and their applications'. Together they form a unique fingerprint.

Cite this