Paper 2017/795

Private Constrained PRFs (and More) from LWE

Zvika Brakerski, Rotem Tsabary, Vinod Vaikuntanathan, and Hoeteck Wee


In a constrained PRF, the owner of the PRF key K can generate constrained keys K_f that allow anyone to evaluate the PRF on inputs x that satisfy the predicate f (namely, where f(x) is “true”) but reveal no information about the PRF evaluation on the other inputs. A private constrained PRF goes further by requiring that the constrained key Kf hides the predicate f. Boneh, Kim and Montgomery (EUROCRYPT 2017) presented a construction of private constrained PRF for point function constraints, and Canetti and Chen (EUROCRYPT 2017) presented a completely different construction for NC1 constraints. In this work, we show two constructions of LWE-based constraint-hiding constrained PRFs for general predicates described by polynomial-size circuits. The two constructions are based on two distinct techniques that we show have further applicability by constructing weak attribute-hiding predicate encryption schemes. In a nutshell, the first construction imports the technique of modulus switching from the FHE world into the domain of trapdoor extension and homomorphism. The second construction shows how to use the duality between FHE secret-key/randomness and ABE randomness/secret-key to construct a scheme with dual use of the same values for both FHE and ABE purposes.

Note: minor edits

Available format(s)
Publication info
A major revision of an IACR publication in TCC 2017
private constrained PRFlatticeslearning with errors
Contact author(s)
vinodv @ mit edu
2020-12-11: revised
2017-08-25: received
See all versions
Short URL
Creative Commons Attribution


      author = {Zvika Brakerski and Rotem Tsabary and Vinod Vaikuntanathan and Hoeteck Wee},
      title = {Private Constrained {PRFs} (and More) from {LWE}},
      howpublished = {Cryptology ePrint Archive, Paper 2017/795},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.