Cryptology ePrint Archive: Report 2009/486

Efficient Pseudorandom Functions From the Decisional Linear Assumption and Weaker Variants

Allison Lewko and Brent Waters

Abstract: In this paper, we generalize Naor and Reingold's construction of pseudorandom functions under the DDH Assumption to yield a construction of pseudorandom functions under the decisional $k$-Linear Assumption, for each $k\geq 1$. The decisional Linear Assumption was first introduced by Boneh, Boyen, and Shacham as an alternative assumption for settings where the DDH problem is easy, such as bilinear groups. This assumption can be generalized to obtain the decisional $k$-Linear Assumptions. Shacham and Hofheinz and Kiltz showed that the decisional $(k+1)$-Linear problem is hard for generic groups even when the decisional $k$-Linear problem is easy. It is thus desirable to have constructions of cryptographic primitives based on the decisional $k$-Linear Assumption instead of DDH. Not surprisingly, one must pay a small price for added security: as $k$ increases, our constructed functions become slightly less efficient to compute and the key size increases (quadratically in $k$).

Category / Keywords:

Publication Info: this is a full version of a paper that will appear in CCS 2009

Date: received 1 Oct 2009, last revised 16 Oct 2009

Contact author: alewko at cs utexas edu

Available format(s): PDF | BibTeX Citation

Version: 20091016:175722 (All versions of this report)

Short URL: ia.cr/2009/486

Discussion forum: Show discussion | Start new discussion