One-one constrained pseudorandom functions

Naty Peter, Rotem Tsabary, Hoeteck Wee

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We define and study a new cryptographic primitive, named One-One Constrained Pseudorandom Functions. In this model there are two parties, Alice and Bob, that hold a common random string K, where Alice in addition holds a predicate f : [N] ? {0, 1} and Bob in addition holds an input x ? [N]. We then let Alice generate a key Kf based on f and K, and let Bob evaluate a value Kx based on x and K. We consider a third party that sees the values (x, f, Kf) and the goal is to allow her to reconstruct Kx whenever f(x) = 1, while keeping Kx pseudorandom whenever f(x) = 0. This primitive can be viewed as a relaxation of constrained PRFs, such that there is only a single key query and a single evaluation query. We focus on the information-theoretic setting, where the one-one cPRF has perfect correctness and perfect security. Our main results are as follows. 1. A Lower Bound. We show that in the information-theoretic setting, any one-one cPRF for punctured predicates is of exponential complexity (and thus the lower bound meets the upper bound that is given by a trivial construction). This stands in contrast with the well known GGM-based punctured PRF from OWF, which is in particular a one-one cPRF. This also implies a similar lower bound for all NC1. 2. New Constructions. On the positive side, we present efficient information-theoretic constructions of one-one cPRFs for a few other predicate families, such as equality predicates, inner-product predicates, and subset predicates. We also show a generic AND composition lemma that preserves complexity. 3. An Amplification to standard cPRF. We show that all of our one-one cPRF constructions can be amplified to a standard (single-key) cPRF via any key-homomorphic PRF that supports linear computations. More generally, we suggest a new framework that we call the double-key model which allows to construct constrained PRFs via key-homomorphic PRFs. 4. Relation to CDS. We show that one-one constrained PRFs imply conditional disclosure of secrets (CDS) protocols. We believe that this simple model can be used to better understand constrained PRFs and related cryptographic primitives, and that further applications of one-one constrained PRFs and our double-key model will be found in the future, in addition to those we show in this paper.

Original languageEnglish
Title of host publication1st Conference on Information-Theoretic Cryptography, ITC 2020
EditorsYael Tauman Kalai, Adam D. Smith, Daniel Wichs
PublisherSchloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
ISBN (Electronic)9783959771511
StatePublished - 1 Jun 2020
Event1st Conference on Information-Theoretic Cryptography, ITC 2020 - Virtual, Boston, United States
Duration: 17 Jun 202019 Jun 2020

Publication series

NameLeibniz International Proceedings in Informatics, LIPIcs
ISSN (Print)1868-8969


Conference1st Conference on Information-Theoretic Cryptography, ITC 2020
Country/TerritoryUnited States
CityVirtual, Boston


  • Conditional disclosure of secrets
  • Constrained pseudorandom functions
  • Function secret-sharing

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'One-one constrained pseudorandom functions'. Together they form a unique fingerprint.

Cite this