**Constrained PRFs for Unbounded Inputs with Short Keys**

*Hamza Abusalah and Georg Fuchsbauer*

**Abstract: **A constrained pseudorandom function (CPRF) $F \colon {\cal K} \times {\cal X} \to {\cal Y}$ for a family ${\cal T}$ of subsets of $\cal X$ is a function where for any key $k \in {\cal K}$ and set $S \in {\cal T}$ one can efficiently compute a short constrained key $k_S$, which allows to evaluate $F(k,\cdot)$ on all inputs $x \in S$, while the outputs on all inputs $x \notin S$ look random even given $k_S$.

Abusalah et al. recently constructed the first constrained PRF for inputs of arbitrary length whose sets $S$ are decided by Turing machines. They use their CPRF to build broadcast encryption and the first ID-based non-interactive key exchange for an unbounded number of users. Their constrained keys are obfuscated circuits and are therefore large.

In this work we drastically reduce the key size and define a constrained key for a Turing machine $M$ as a short signature on $M$. For this, we introduce a new signature primitive with constrained signing keys that let one only sign certain messages, while forging a signature on others is hard even when knowing the coins for key generation.

**Category / Keywords: **secret-key cryptography / Constrained PRFs, unbounded inputs

**Date: **received 12 Mar 2016

**Contact author: **fuchsbau at di ens fr

**Available format(s): **PDF | BibTeX Citation

**Version: **20160314:075002 (All versions of this report)

**Short URL: **ia.cr/2016/279

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]