TY - GEN

T1 - Candidate weak pseudorandom functions in AC0 · MOD2

AU - Akavia, Adi

AU - Bogdanov, Andrej

AU - Guo, Siyao

AU - Kamath, Akshay

AU - Rosen, Alon

PY - 2014

Y1 - 2014

N2 - Pseudorandom functions (PRFs) play a fundamental role in symmetric-key cryptography. However, they are inherently complex and cannot be implemented in the class AC0(MOD2). Weak pseudorandom functions (weak PRFs) do not suffer from this complexity limitation, yet they suffice for many cryptographic applications. We study the minimal complexity requirements for constructing weak PRFs. To this end • We conjecture that the function family FA (x) = g (Ax), where A is a random square GF(2) matrix and g is a carefully chosen function of constant depth, is a weak PRF. In support of our conjecture, we show that functions in this family are inapproximable by GF(2) polynomials of low degree and do not correlate with any fixed Boolean function family of subexponential size. • We study the class AC0 · MOD2 that captures the complexity of our construction. We conjecture that all functions in this class have a Fourier coefficient of magnitude exp(-poly log n) and prove this conjecture in the case when the MOD2 function is typical. • We investigate the relation between the hardness of learning noisy parities and the existence of weak PRFs in AC0 · MOD2. We argue that such a complexity-driven approach can play a role in bridging the gap between the theory and practice of cryptography.

AB - Pseudorandom functions (PRFs) play a fundamental role in symmetric-key cryptography. However, they are inherently complex and cannot be implemented in the class AC0(MOD2). Weak pseudorandom functions (weak PRFs) do not suffer from this complexity limitation, yet they suffice for many cryptographic applications. We study the minimal complexity requirements for constructing weak PRFs. To this end • We conjecture that the function family FA (x) = g (Ax), where A is a random square GF(2) matrix and g is a carefully chosen function of constant depth, is a weak PRF. In support of our conjecture, we show that functions in this family are inapproximable by GF(2) polynomials of low degree and do not correlate with any fixed Boolean function family of subexponential size. • We study the class AC0 · MOD2 that captures the complexity of our construction. We conjecture that all functions in this class have a Fourier coefficient of magnitude exp(-poly log n) and prove this conjecture in the case when the MOD2 function is typical. • We investigate the relation between the hardness of learning noisy parities and the existence of weak PRFs in AC0 · MOD2. We argue that such a complexity-driven approach can play a role in bridging the gap between the theory and practice of cryptography.

KW - Learning Parity with Noise

KW - Parallel Cryptography

KW - Weak Pseudorandom Functions

UR - http://www.scopus.com/inward/record.url?scp=84893233799&partnerID=8YFLogxK

U2 - 10.1145/2554797.2554821

DO - 10.1145/2554797.2554821

M3 - Conference contribution

AN - SCOPUS:84893233799

SN - 9781450322430

T3 - ITCS 2014 - Proceedings of the 2014 Conference on Innovations in Theoretical Computer Science

SP - 251

EP - 259

BT - ITCS 2014 - Proceedings of the 2014 Conference on Innovations in Theoretical Computer Science

PB - Association for Computing Machinery

T2 - 2014 5th Conference on Innovations in Theoretical Computer Science, ITCS 2014

Y2 - 12 January 2014 through 14 January 2014

ER -