TY - GEN
T1 - Computationally private randomizing polynomials and their applications
AU - Applebaum, Binyamin
AU - Ishai, Yuval
AU - Kushilevitz, Eyal
PY - 2005/6/11
Y1 - 2005/6/11
N2 - Randomizing polynomials allow to represent a function f(x) by a low-degree randomized mapping f̂(x,r) whose output distribution on an input x is a randomized encoding of f(x). It is known that any function f in ⊕L/poly (and in particular in NC 1) can be efficiently represented by degree-3 randomizing polynomials. Such a degree-3 representation gives rise to an NC 4 0 representation, in which every bit of the output depends on only 4 bits of the input. In this paper, we study the relaxed notion of computationally private randomizing polynomials, where the output distribution of f̂(x, r) should only be computationally indistinguishable from a randomized encoding of f(x). We construct degree-3 randomizing polynomials of this type for every polynomial-time computable function, assuming the existence of a cryptographic pseudorandom generator (PRO) in ⊕L/poly. (The latter assumption is implied by most standard intractability assumptions used in cryptography.) This result is obtained by combining a variant of Yao's garbled circuit technique with previous "information-theoretic" constructions of randomizing polynomials. We then present the following applications: Relaxed assumptions for cryptography in NC 0. Assuming a PRG in ⊕L/poly, the existence of an arbitrary public-key encryption, commitment, or signature scheme implies the existence of such a scheme in NC 4 0. Previously, one needed to assume the existence of such schemes in ⊕L/po/y or similar classes. New parallel reductions between cryptographic primitives. We show that even some relatively complex cryptographic primitives, including (state-less) symmetric encryption and digital signatures, are NC 0-reducible to a PRG. No parallel reductions of this type were previously known, even in NC. Our reductions make a non-black-box use of the underlying PRG. Application to secure multi-party computation. Assuming a PRG in ⊕L/poly, the task of computing an arbitrary (polynomial-time computable) function with computational security efficiently reduces to that of securely computing degree-3 polynomials. This gives rise to new, conceptually simpler, constant-round protocols for general functions.
AB - Randomizing polynomials allow to represent a function f(x) by a low-degree randomized mapping f̂(x,r) whose output distribution on an input x is a randomized encoding of f(x). It is known that any function f in ⊕L/poly (and in particular in NC 1) can be efficiently represented by degree-3 randomizing polynomials. Such a degree-3 representation gives rise to an NC 4 0 representation, in which every bit of the output depends on only 4 bits of the input. In this paper, we study the relaxed notion of computationally private randomizing polynomials, where the output distribution of f̂(x, r) should only be computationally indistinguishable from a randomized encoding of f(x). We construct degree-3 randomizing polynomials of this type for every polynomial-time computable function, assuming the existence of a cryptographic pseudorandom generator (PRO) in ⊕L/poly. (The latter assumption is implied by most standard intractability assumptions used in cryptography.) This result is obtained by combining a variant of Yao's garbled circuit technique with previous "information-theoretic" constructions of randomizing polynomials. We then present the following applications: Relaxed assumptions for cryptography in NC 0. Assuming a PRG in ⊕L/poly, the existence of an arbitrary public-key encryption, commitment, or signature scheme implies the existence of such a scheme in NC 4 0. Previously, one needed to assume the existence of such schemes in ⊕L/po/y or similar classes. New parallel reductions between cryptographic primitives. We show that even some relatively complex cryptographic primitives, including (state-less) symmetric encryption and digital signatures, are NC 0-reducible to a PRG. No parallel reductions of this type were previously known, even in NC. Our reductions make a non-black-box use of the underlying PRG. Application to secure multi-party computation. Assuming a PRG in ⊕L/poly, the task of computing an arbitrary (polynomial-time computable) function with computational security efficiently reduces to that of securely computing degree-3 polynomials. This gives rise to new, conceptually simpler, constant-round protocols for general functions.
UR - http://www.scopus.com/inward/record.url?scp=27644557351&partnerID=8YFLogxK
U2 - 10.1109/CCC.2005.9
DO - 10.1109/CCC.2005.9
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:27644557351
SN - 0-7695-2364-1
T3 - Proceedings of the Annual IEEE Conference on Computational Complexity
SP - 260
EP - 274
BT - 20th Annual IEEE Conference on Computational Complexity
CY - San Jose, California
T2 - 20th Annual IEEE Conference on Computational Complexity
Y2 - 11 June 2005 through 15 June 2005
ER -