An Efficient Pseudo-Random Generator with Applications to Public-Key Encryption and Constant-Round Multiparty Computation

We present a pseudo-random bit generator expanding a uniformly random bit-string r of length k/2, where k is the security parameter, into a pseudo-random bit-string of length 2k − log(k) using one modular exponentiation. In contrast to all previous high expansion-rate pseudo-random bit generators, no hashing is necessary. The security of the generator is proved relative to Paillier’s composite degree residuosity assumption. As a first application of our pseudo-random bit generator we exploit its efficiency to optimise Paillier’s crypto-system by a factor of (at least) 2 in both running time and usage of random bits. We then exploit the algebraic properties of the generator to construct an efficient protocol for secure constantround multiparty function evaluation in the cryptographic setting. This construction gives an improvement in communication complexity over previous protocols in the order of nk, where n is the number of participants and k is the security parameter, resulting in a communication complexity of O(nk|C|) bits, where C is a Boolean circuit computing the function in question. keywords: constant-round cryptographic protocols, multi-party computation, pseudo-random generator, public-key en-

[1]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[2]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[3]  Oded Goldreich,et al.  On the Security of Modular Exponentiation with Application to the Construction of Pseudorandom Generators , 2003, Journal of Cryptology.

[4]  J. Davenport Editor , 1960 .

[5]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[6]  R. Cramer,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000 .

[7]  Rosario Gennaro,et al.  An Improved Pseudo-random Generator Based on Discrete Log , 2000, CRYPTO.

[8]  Ivan Damgård,et al.  Practical Threshold RSA Signatures without a Trusted Dealer , 2000, EUROCRYPT.

[9]  Silvio Micali,et al.  The Round Complexity of Secure Protocols (Extended Abstract) , 1990, STOC 1990.

[10]  Manuel Blum,et al.  An Efficient Probabilistic Public-Key Encryption Scheme Which Hides All Partial Information , 1985, CRYPTO.

[11]  Ivan Damgård,et al.  Multiparty Computation from Threshold Homomorphic Encryption , 2000, EUROCRYPT.

[12]  D. S. Johnson,et al.  Proceedings of the twenty-first annual ACM symposium on Theory of computing , 1989, STOC 1989.

[13]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[14]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[15]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[16]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[17]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[18]  Avi Wigderson,et al.  Tiny Families of Functions with Random Properties: A Quality-Size Trade-off for Hashing , 1997, Electron. Colloquium Comput. Complex..

[19]  Leonid A. Levin,et al.  Pseudo-random generation from one-way functions , 1989, STOC '89.

[20]  Adi Shamir,et al.  The Discrete Logarithm Modulo a Composite Hides O(n) Bits , 1993, J. Comput. Syst. Sci..