TY - GEN
T1 - Fast cryptographic primitives and circular-secure encryption based on hard learning problems
AU - Applebaum, Benny
AU - Cash, David
AU - Peikert, Chris
AU - Sahai, Amit
PY - 2009
Y1 - 2009
N2 - The well-studied task of learning a linear function with errors is a seemingly hard problem and the basis for several cryptographic schemes. Here we demonstrate additional applications that enjoy strong security properties and a high level of efficiency. Namely, we construct: 1 Public-key and symmetric-key cryptosystems that provide security for key-dependent messages and enjoy circular security. Our schemes are highly efficient: in both cases the ciphertext is only a constant factor larger than the plaintext, and the cost of encryption and decryption is only n·polylog(n) bit operations per message symbol in the public-key case, and polylog(n) bit operations in the symmetric-case. 1 Two efficient pseudorandom objects: a "weak randomized pseudorandom function" - a relaxation of standard PRF - that can be computed obliviously via a simple protocol, and a length-doubling pseudorandom generator that can be computed by a circuit of n·polylog(n) size. The complexity of our pseudorandom generator almost matches the complexity of the fastest known construction (Applebaum et al., RANDOM 2006), which runs in linear time at the expense of relying on a nonstandard intractability assumption. Our constructions and security proofs are simple and natural, and involve new techniques that may be of independent interest. In addition, by combining our constructions with prior ones, we get fast implementations of several other primitives and protocols.
AB - The well-studied task of learning a linear function with errors is a seemingly hard problem and the basis for several cryptographic schemes. Here we demonstrate additional applications that enjoy strong security properties and a high level of efficiency. Namely, we construct: 1 Public-key and symmetric-key cryptosystems that provide security for key-dependent messages and enjoy circular security. Our schemes are highly efficient: in both cases the ciphertext is only a constant factor larger than the plaintext, and the cost of encryption and decryption is only n·polylog(n) bit operations per message symbol in the public-key case, and polylog(n) bit operations in the symmetric-case. 1 Two efficient pseudorandom objects: a "weak randomized pseudorandom function" - a relaxation of standard PRF - that can be computed obliviously via a simple protocol, and a length-doubling pseudorandom generator that can be computed by a circuit of n·polylog(n) size. The complexity of our pseudorandom generator almost matches the complexity of the fastest known construction (Applebaum et al., RANDOM 2006), which runs in linear time at the expense of relying on a nonstandard intractability assumption. Our constructions and security proofs are simple and natural, and involve new techniques that may be of independent interest. In addition, by combining our constructions with prior ones, we get fast implementations of several other primitives and protocols.
KW - Encryption
KW - Key-dependent message security
KW - Lattice-based cryptography
KW - Learning problems
UR - http://www.scopus.com/inward/record.url?scp=70350342511&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-03356-8_35
DO - 10.1007/978-3-642-03356-8_35
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:70350342511
SN - 3642033555
SN - 9783642033551
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 595
EP - 618
BT - Advances in Cryptology - CRYPTO 2009 - 29th Annual International Cryptology Conference, Proceedings
T2 - 29th Annual International Cryptology Conference, CRYPTO 2009
Y2 - 16 August 2009 through 20 August 2009
ER -