English

Bi-Homomorphic Lattice-Based PRFs and Unidirectional Updatable Encryption

Cryptography and Security 2020-08-24 v4

Abstract

We define a pseudorandom function (PRF) F:K×XYF: \mathcal{K} \times \mathcal{X} \rightarrow \mathcal{Y} to be bi-homomorphic when it is fully Key homomorphic and partially Input Homomorphic (KIH), i.e., given F(k1,x1)F(k_1, x_1) and F(k2,x2)F(k_2, x_2), there is an efficient algorithm to compute F(k1k2,x1x2)F(k_1 \oplus k_2, x_1 \ominus x_2), where \oplus and \ominus are (binary) group operations. The homomorphism on the input is restricted to a fixed subset of the input bits, i.e., \ominus operates on some pre-decided mm-out-of-nn bits, where x1=x2=n|x_1| = |x_2| = n, and the remaining nmn-m bits are identical in both inputs. In addition, the output length, \ell, of the operator \ominus is not fixed and is defined as n2nn \leq \ell \leq 2n, hence leading to Homomorphically induced Variable input Length (HVL) as nx1x22nn \leq |x_1 \ominus x_2| \leq 2n. We present a learning with errors (LWE) based construction for a HVL-KIH-PRF family. Our construction is inspired by the key homomorphic PRF construction due to Banerjee and Peikert (Crypto 2014). An updatable encryption scheme allows rotations of the encryption key, i.e., moving existing ciphertexts from old to new key. These updates are carried out via \emph{update tokens}, which can be used by an untrusted party since the update procedure does not involve decryption of the ciphertext. We use our novel PRF family to construct an updatable encryption scheme, named QPC-UE-UU, which is quantum-safe, post-compromise secure and supports unidirectional ciphertext updates, i.e., the update tokens can be used to perform ciphertext updates but they cannot be used to undo already completed updates. Our PRF family also leads to the first left/right key homomorphic constrained-PRF family with HVL.

Keywords

Cite

@article{arxiv.1908.09032,
  title  = {Bi-Homomorphic Lattice-Based PRFs and Unidirectional Updatable Encryption},
  author = {Vipin Singh Sehrawat and Yvo Desmedt},
  journal= {arXiv preprint arXiv:1908.09032},
  year   = {2020}
}

Comments

This is the full version of the paper that appears in Cryptology and Network Security 2019, LNCS, Springer, Volume 11829, pp. 3-23

R2 v1 2026-06-23T10:55:36.711Z