Paper 2024/582

Improved Alternating-Moduli PRFs and Post-Quantum Signatures

Navid Alamati, VISA Research
Guru-Vamsi Policharla, University of California, Berkeley
Srinivasan Raghuraman, VISA Research and MIT
Peter Rindal, VISA Research
Abstract

We revisit the alternating-moduli paradigm for constructing symmetric-key primitives with a focus on constructing efficient protocols to evaluate them using secure multi-party computation (MPC). The alternating-moduli paradigm of Boneh, Ishai, Passelègue, Sahai, and Wu (TCC 2018) enables the construction of various symmetric-key primitives with the common characteristic that the inputs are multiplied by two linear maps over different moduli. The first contribution focuses on efficient two-party evaluation of alternating-moduli pseudorandom functions (PRFs), effectively building an oblivious PRF. We present a generalized alternating-moduli PRF construction along with methods to lower the communication and computation. We then provide several variants of our protocols with different computation and communication tradeoffs for evaluating the PRF. Most of our protocols are in the hybrid model while one is based on specialized garbling. Our most efficient protocol effectively is about $3\times$ faster and requires $1.3\times$ less communication. Our next contribution is the efficient evaluation of the one-way function (OWF) $f(x)=\mathbf{B}\cdot_3 (\mathbf{A} \cdot_2 x)$ proposed by Dinur, Goldfeder, Halevi, Ishai, Kelkar, Sharma, and Zaverucha (CRYPTO 21) where $\mathbf{A} \in \mathbb{F}^{m\times n}_2, \mathbf{B}\in\mathbb{F}^{t\times m}_3$, and $\cdot_p$ is multiplication mod $p$. This surprisingly simple OWF can be evaluated within MPC by secret sharing $[\![x]\!]$ over $\mathbb{F}_2$, locally computing $[\![v]\!]=\mathbf{A}\cdot_2 [\![x]\!]$, performing a modulus switching protocol to $\mathbb{F}_3$ shares, followed by locally computing the output shares $[\![y]\!]=\mathbf{B}\cdot_3 [\![v]\!]$. We design a bespoke MPC-in-the-Head (MPCitH) signature scheme that evaluates the aforementioned OWF, achieving state-of-the-art performance. The resulting signature has a size ranging from $4.0$ to $5.5$ KB, achieving between $2\text{-}3\times$ reduction compared to the prior work. To the best of our knowledge, this is only $\approx 5\%$ larger than the smallest signature based on symmetric-key primitives, including the latest NIST post-quantum cryptography competition submissions. We also show that our core techniques can be extended to build very small post-quantum ring signatures for rings of small to medium size, which are competitive with state-of-the-art lattice-based schemes. Our techniques are in fact more generally applicable to set membership in MPCitH.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A minor revision of an IACR publication in CRYPTO 2024
Keywords
MPC friendlyPRFPQCSignatureRing Signature
Contact author(s)
alamati @ gmail com
guruvamsi policharla @ gmail com
srini131293 @ gmail com
peterrindal @ gmail com
History
2024-08-18: last of 5 revisions
2024-04-16: received
See all versions
Short URL
https://ia.cr/2024/582
License
Creative Commons Attribution-NonCommercial
CC BY-NC

BibTeX 

@misc{cryptoeprint:2024/582,
      author = {Navid Alamati and Guru-Vamsi Policharla and Srinivasan Raghuraman and Peter Rindal},
      title = {Improved Alternating-Moduli {PRFs} and Post-Quantum Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/582},
      year = {2024},
      url = {https://eprint.iacr.org/2024/582}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.