Hardness-Preserving Reductions via Cuckoo Hashing

The focus of this work is hardness-preserving transformations of somewhat limited pseudorandom functions families (PRFs) into ones with more versatile characteristics. Consider the problem of domain extension of pseudorandom functions: given a PRF that takes as input elements of some domain $$\mathcal {U}$$U, we would like to come up with a PRF over a larger domain. Can we do it with little work and without significantly impacting the security of the system? One approach is to first hash the larger domain into the smaller one and then apply the original PRF. Such a reduction, however, is vulnerable to a “birthday attack”: after $$\sqrt{\left| \mathcal {U}\right| }$$U queries to the resulting PRF, a collision (i.e., two distinct inputs having the same hash value) is very likely to occur. As a consequence, the resulting PRF is insecure against an attacker making this number of queries. In this work, we show how to go beyond the aforementioned birthday attack barrier by replacing the above simple hashing approach with a variant of cuckoo hashing, a hashing paradigm that resolves collisions in a table by using two hash functions and two tables, cleverly assigning each element to one of the two tables. We use this approach to obtain: (i) a domain extension method that requires just two calls to the original PRF can withstand as many queries as the original domain size, and has a distinguishing probability that is exponentially small in the amount of non-cryptographic work; and (ii) a security-preserving reduction from non-adaptive to adaptive PRFs.

[1]  Jacques Patarin,et al.  Security of Random Feistel Schemes with 5 or More Rounds , 2004, CRYPTO.

[2]  Sanjam Garg,et al.  Balancing Output Length and Query Bound in Hardness Preserving Constructions of Pseudorandom Functions , 2014, INDOCRYPT.

[3]  Olivier Billet,et al.  Lightweight Privacy Preserving Authentication for RFID Using a Stream Cipher , 2010, FSE.

[4]  Amos Fiat,et al.  Tracing Traitors , 1994, CRYPTO.

[5]  Mihir Bellare,et al.  New Paradigms for Digital Signatures and Message Authentication Based on Non-Interative Zero Knowledge Proofs , 1989, CRYPTO.

[6]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[7]  Krzysztof Pietrzak Composition Implies Adaptive Security in Minicrypt , 2006, EUROCRYPT.

[8]  Moni Naor,et al.  On the Construction of Pseudorandom Permutations: Luby—Rackoff Revisited , 1996, Journal of Cryptology.

[9]  Martijn Stam,et al.  Understanding Adaptivity: Random Systems Revisited , 2012, ASIACRYPT.

[10]  Jacques Patarin,et al.  A Proof of Security in O(2n) for the Benes Scheme , 2008, AFRICACRYPT.

[11]  Phillip Rogaway,et al.  Sometimes-Recurse Shuffle - Almost-Random Permutations in Logarithmic Expected Time , 2014, EUROCRYPT.

[12]  Oded Goldreich,et al.  Towards a Theory of Software Protection , 1986, CRYPTO.

[13]  Hugo Krawczyk,et al.  Pseudorandom functions revisited: the cascade construction and its concrete security , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[14]  Ueli Maurer,et al.  Indistinguishability of Random Systems , 2002, EUROCRYPT.

[15]  Phillip Rogaway,et al.  How to Encipher Messages on a Small Domain , 2009, CRYPTO.

[16]  Michael Mitzenmacher,et al.  More Robust Hashing: Cuckoo Hashing with a Stash , 2008, ESA.

[17]  Itay Berman,et al.  From Non-adaptive to Adaptive Pseudorandom Functions , 2012, TCC.

[18]  Anna Pagh,et al.  Uniform Hashing in Constant Time and Optimal Space , 2008, SIAM J. Comput..

[19]  Ueli Maurer,et al.  Composition of Random Systems: When Two Weak Make One Strong , 2004, TCC.

[20]  Abhishek Jain,et al.  Hardness Preserving Constructions of Pseudorandom Functions , 2012, TCC.

[21]  Mridul Nandi A Unified Method for Improving PRF Bounds for a Class of Blockcipher based MACs , 2010, IACR Cryptol. ePrint Arch..

[22]  Martin Dietzfelbinger,et al.  Explicit and Efficient Hash Families Suffice for Cuckoo Hashing with a Stash , 2012, Algorithmica.

[23]  Sanjam Garg,et al.  Hardness Preserving Constructions of Pseudorandom Functions, Revisited , 2012, IACR Cryptol. ePrint Arch..

[24]  Moni Naor,et al.  Hardness Preserving Reductions via Cuckoo Hashing , 2013, TCC.

[25]  Rasmus Pagh,et al.  Cuckoo Hashing , 2001, Encyclopedia of Algorithms.

[26]  Paul G. Spirakis,et al.  Space Efficient Hash Tables with Worst Case Constant Access Time , 2003, STACS.

[27]  Phillip Rogaway,et al.  An Enciphering Scheme Based on a Card Shuffle , 2012, CRYPTO.

[28]  Johan Håstad,et al.  The square lattice shuffle , 2006, Random Struct. Algorithms.

[29]  Krzysztof Pietrzak Composition Does Not Imply Adaptive Security , 2005, CRYPTO.

[30]  Moni Naor,et al.  Derandomized Constructions of k-Wise (Almost) Independent Permutations , 2005, Algorithmica.

[31]  Silvio Micali,et al.  On the Cryptographic Applications of Random Functions , 1984, CRYPTO.

[32]  John P. Steinberger,et al.  Domain Extension for MACs Beyond the Birthday Barrier , 2011, EUROCRYPT.

[33]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[34]  Ueli Maurer,et al.  Domain Extension of Public Random Functions: Beyond the Birthday Barrier , 2007, CRYPTO.

[35]  Steven Myers,et al.  Black-Box Composition Does Not Imply Adaptive Security , 2004, EUROCRYPT.

[36]  Martin Dietzfelbinger,et al.  Almost random graphs with simple hash functions , 2003, STOC '03.

[37]  Moni Naor,et al.  Backyard Cuckoo Hashing: Constant Worst-Case Operations with a Succinct Representation , 2009, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[38]  Alan M. Frieze,et al.  An Analysis of Random-Walk Cuckoo Hashing , 2011, SIAM J. Comput..

[39]  Moni Naor,et al.  Constructing Pseudo-Random Permutations with a Prescribed Structure , 2001, SODA '01.

[40]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[41]  Thomas Ristenpart,et al.  The Mix-and-Cut Shuffle: Small-Domain Encryption Secure against N Queries , 2013, CRYPTO.

[42]  Jacques Patarin,et al.  Security of balanced and unbalanced Feistel Schemes with Linear Non Equalities , 2010, IACR Cryptol. ePrint Arch..

[43]  Proof of Lemma 3 , 2022 .

[44]  Ramarathnam Venkatesan,et al.  Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel , 1996, EUROCRYPT.

[45]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[46]  Manuel Blum,et al.  Checking the correctness of memories , 2005, Algorithmica.

[47]  Rafail Ostrovsky An Efficient Software Protection Scheme , 1989, CRYPTO.

[48]  Alan Siegel,et al.  On Universal Classes of Extremely Random Constant-Time Hash Functions , 1995, SIAM J. Comput..

[49]  Hugo Krawczyk,et al.  Stateless Evaluation of Pseudorandom Functions: Security beyond the Birthday Barrier , 1999, CRYPTO.

[50]  Moni Naor,et al.  Synthesizers and their application to the parallel construction of pseudo-random functions , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[51]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[52]  Mikkel Thorup,et al.  The power of simple tabulation hashing , 2010, STOC.

[53]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[54]  Martin Dietzfelbinger,et al.  Balanced allocation and dictionaries with tightly packed constant size bins , 2005, Theor. Comput. Sci..

[55]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.