Candidate weak pseudorandom functions in AC0 ○ MOD2

Pseudorandom functions (PRFs) play a fundamental role in symmetric-key cryptography. However, they are inherently complex and cannot be implemented in the class AC0 (MOD2). Weak pseudorandom functions (weak PRFs) do not suffer from this complexity limitation, yet they suffice for many cryptographic applications. We study the minimal complexity requirements for constructing weak PRFs. To this end We conjecture that the function family FA(x) = g(Ax), where A is a random square GF(2) matrix and g is a carefully chosen function of constant depth, is a weak PRF. In support of our conjecture, we show that functions in this family are inapproximable by GF(2) polynomials of low degree and do not correlate with any fixed Boolean function family of subexponential size. We study the class AC0 ○ MOD2 that captures the complexity of our construction. We conjecture that all functions in this class have a Fourier coefficient of magnitude exp(- poly log n) and prove this conjecture in the case when the MOD2 function is typical. We investigate the relation between the hardness of learning noisy parities and the existence of weak PRFs in AC0 ○ MOD2. We argue that such a complexity-driven approach can play a role in bridging the gap between the theory and practice of cryptography.

[1]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[2]  Roman Smolensky,et al.  Algebraic methods in the theory of lower bounds for Boolean circuit complexity , 1987, STOC.

[3]  Silvio Micali,et al.  How to Construct Random Functions (Extended Abstract) , 1984, FOCS.

[4]  Vadim Lyubashevsky,et al.  Man-in-the-Middle Secure Authentication Schemes from LPN and Weak PRFs , 2013, IACR Cryptol. ePrint Arch..

[5]  Oded Regev,et al.  The Learning with Errors Problem (Invited Survey) , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[6]  Jeffrey C. Jackson,et al.  An efficient membership-query algorithm for learning DNF with respect to the uniform distribution , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[7]  Yishay Mansour,et al.  Weakly learning DNF and characterizing statistical query learning using Fourier analysis , 1994, STOC '94.

[8]  Mark Braverman,et al.  Poly-logarithmic independence fools bounded-depth boolean circuits , 2011, Commun. ACM.

[9]  Abhishek Banerjee,et al.  Pseudorandom Functions and Lattices , 2012, EUROCRYPT.

[10]  Eric Miles,et al.  Substitution-Permutation Networks, Pseudorandom Functions, and Natural Proofs , 2012, J. ACM.

[11]  Rocco A. Servedio,et al.  On a special case of rigidity , 2012, Electron. Colloquium Comput. Complex..

[12]  S. Micali,et al.  How To Construct Randolli Functions , 1984, FOCS 1984.

[13]  Richard J. Lipton,et al.  Cryptographic Primitives Based on Hard Learning Problems , 1993, CRYPTO.

[14]  Johan Håstad,et al.  On the Correlation of Parity and Small-Depth Circuits , 2014, SIAM J. Comput..

[15]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[16]  Noam Nisan,et al.  Constant depth circuits, Fourier transform, and learnability , 1989, 30th Annual Symposium on Foundations of Computer Science.

[17]  Eike Kiltz,et al.  Message Authentication, Revisited , 2012, EUROCRYPT.

[18]  W. T. Gowers,et al.  A new proof of Szemerédi's theorem , 2001 .

[19]  Ivan Damgård,et al.  Expanding Pseudorandom Functions; or: From Known-Plaintext Security to Chosen-Plaintext Security , 2002, CRYPTO.

[20]  Ueli Maurer,et al.  A Fast and Key-Efficient Reduction of Chosen-Ciphertext to Known-Plaintext Security , 2007, EUROCRYPT.

[21]  Jacob T. Schwartz,et al.  Fast Probabilistic Algorithms for Verification of Polynomial Identities , 1980, J. ACM.

[22]  Vitaly Feldman,et al.  On Agnostic Learning of Parities, Monomials, and Halfspaces , 2009, SIAM J. Comput..

[23]  Nathan Linial,et al.  Collective coin flipping, robust voting schemes and minima of Banzhaf values , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[24]  J. Håstad Computational limitations of small-depth circuits , 1987 .

[25]  Oded Goldreich,et al.  Candidate One-Way Functions Based on Expander Graphs , 2011, Studies in Complexity and Cryptography.

[26]  Vitaly Feldman A Complete Characterization of Statistical Query Learning with Applications to Evolvability , 2009, FOCS.

[27]  NaorMoni,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004 .

[28]  Emanuele Viola,et al.  Norms, XOR Lemmas, and Lower Bounds for Polynomials and Protocols , 2008, Theory Comput..

[29]  Alexander A. Razborov,et al.  Natural Proofs , 2007 .

[30]  Richard Zippel,et al.  Probabilistic algorithms for sparse polynomials , 1979, EUROSAM.

[31]  Stephan Krenn,et al.  Learning with Rounding, Revisited: New Reduction, Properties and Applications , 2013, IACR Cryptol. ePrint Arch..

[32]  A. Razborov Lower bounds on the size of bounded depth circuits over a complete basis with logical addition , 1987 .

[33]  Luca Trevisan,et al.  Gowers uniformity, influence of variables, and PCPs , 2005, STOC '06.

[34]  Vitaly Feldman,et al.  On using extended statistical queries to avoid membership queries , 2002 .