# Privately Constrained Testable Pseudorandom Functions

Loading...

## Date

2018-09-20

## Authors

Pawlega, Filip

## Journal Title

## Journal ISSN

## Volume Title

## Publisher

University of Waterloo

## Abstract

Privately Constrained Pseudorandom Functions allow a PRF key to be delegated to some
evaluator in a constrained manner, such that the key’s functionality is restricted with
respect to some secret predicate. Variants of Privately Constrained Pseudorandom Func-
tions have been applied to rich applications such as Broadcast Encryption, and Secret-key
Functional Encryption. Recently, this primitive has also been instantiated from standard
assumptions. We extend its functionality to a new tool we call Privately Constrained
Testable Pseudorandom functions.
For any predicate C, the holder of a secret key sk can produce a delegatable key constrained
on C denoted as sk[C]. Evaluations on inputs x produced using the constrained key differ
from unconstrained evaluations with respect to the result of C(x). Given an output y
evaluated using sk[C], the holder of the unconstrained key sk can verify whether the input
x used to produce y satisfied the predicate C. That is, given y, they learn whether C(x) = 1
without needing to evaluate the predicate themselves, and without requiring the original
input x.
We define two inequivalent security models for this new primitive, a stronger indistinguishability-
based definition, and a weaker simulation-based definition. Under the indistinguishability-
based definition, we show the new primitive implies Designated-Verifier Non-Interactive
Zero-Knowledge Arguments for NP in a black-box manner. Under the simulation-based
definition, we construct a provably secure instantiation of the primitive from lattice as-
sumptions. We leave the study of the gap between definitions, and discovering techniques
to reconcile it as future work.

## Description

## Keywords

cryptography