20th Annual IEEE Conference on Computational Complexity (CCC'05)
Download PDF

Abstract

Randomizing polynomials allow to represent a function f(x) by a low-degree randomized mapping f(x, r) whose output distribution on an input x is a randomized encoding of f(x). It is known that any function f in ⊕L/poly (and in particular in NC¹) can be efficiently represented by degree-3 randomizing polynomials. Such a degree-3 representation gives rise to an NC_4^0 representation, in which every bit of the output depends on only 4 bits of the input. In this paper, we study the relaxed notion of computationally private randomizing polynomials, where the output distribution of f(x, r) should only be computationally indistinguishable from a randomized encoding of f(x). We construct degree-3 randomizing polynomials of this type for every polynomial-time computable function, assuming the existence of a cryptographic pseudorandom generator (PRG) in ⊕L/poly. (The latter assumption is implied by most standard intractability assumptions used in cryptography.) This result is obtained by combining a variant of Yao's garbled circuit technique with previous "information-theoretic" constructions of randomizing polynomials. We then present the following applications: Relaxed assumptions for cryptography in NC⁰. Assuming a PRG in ⊕L/poly, the existence of an arbitrary public-key encryption, commitment, or signature scheme implies the existence of such a scheme in NC_4^0. Previously, one needed to assume the existence of such schemes in ⊕L/poly or similar classes. New parallel reductions between cryptographic primitives. We show that even some relatively complex cryptographic primitives, including (stateless) symmetric encryption and digital signatures, are NC⁰-reducible to a PRG. No parallel reductions of this type were previously known, even in NC. Our reductions make a non-black-box use of the underlying PRG. Application to secure multi-party computation. Assuming a PRG in ⊕L/poly, the task of computing an arbitrary (polynomial-time computable) function with computational security efficiently reduces to that of securely computing degree-3 polynomials. This gives rise to new, conceptually simpler, constant-round protocols for general functions.
Like what you’re reading?
Already a member?Sign In
Member Price
$11
Non-Member Price
$21
Add to CartSign In
Get this article FREE with a new membership!

Related Articles