**Efficient Pseudorandom Functions From the Decisional Linear Assumption and Weaker Variants**

*Allison Lewko and Brent Waters*

**Abstract: **In this paper, we generalize Naor and Reingold's construction of pseudorandom functions under the DDH Assumption to yield a construction of pseudorandom functions under the decisional $k$-Linear Assumption, for each $k\geq 1$. The decisional Linear Assumption was first introduced by Boneh, Boyen, and Shacham as an alternative assumption for settings where the DDH problem is easy, such as bilinear groups. This assumption can be generalized to obtain the decisional $k$-Linear Assumptions. Shacham and Hofheinz and Kiltz showed that the decisional $(k+1)$-Linear problem is hard for generic groups even when the decisional $k$-Linear problem is easy. It is thus desirable to have constructions of cryptographic primitives based on the decisional $k$-Linear Assumption instead of DDH. Not surprisingly, one must pay a small price for added security: as $k$ increases, our constructed functions become slightly less efficient to compute and the key size increases (quadratically in $k$).

**Category / Keywords: **

**Publication Info: **this is a full version of a paper that will appear in CCS 2009

**Date: **received 1 Oct 2009, last revised 16 Oct 2009

**Contact author: **alewko at cs utexas edu

**Available format(s): **PDF | BibTeX Citation

**Version: **20091016:175722 (All versions of this report)

**Short URL: **ia.cr/2009/486

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]