Constrained (Verifiable) Pseudorandom Function from Functional Encryption

TL;DR: This paper presents a constrained pseudorandom function (CPRF) supporting constraints realizable by polynomial-size circuits, assuming the existence of (public key) functional encryption (FE) with standardPolynomial security against arbitrary collusions, and augments the CPRF construction with the verifiability feature under the same assumption.

Abstract: This paper presents a constrained pseudorandom function (CPRF) supporting constraints realizable by polynomial-size circuits, assuming the existence of (public key) functional encryption (FE) with standard polynomial security against arbitrary collusions. We further augment our CPRF construction with the verifiability feature under the same assumption. Earlier such constructions either work for very restricted settings or rely on highly powerful yet little-understood cryptographic objects such as multilinear maps or indistinguishability obfuscation (IO). Although, there are known transformations from FE to IO, the reductions suffer from an exponential security loss and hence cannot be directly employed to replace IO with FE in cryptographic constructions at the expense of only a polynomial loss. Thus, our results open up a new pathway towards realizing CPRF and its numerous extensions, which are interesting cryptographic primitives in their own right and, moreover, have already been shown instrumental in a staggering range of applications, both in classical as well as in cutting edge cryptography, based on progressively weaker and well-studied cryptographic building blocks. Besides, our work can also be interpreted as yet another stepping stone towards establishing FE as a substitute for IO in cryptographic applications, which is an active research direction of recent times. In order to achieve our results we build upon the prefix puncturing technique developed by Garg et al. [CRYPTO 2016, EUROCRYPT 2017].