Simultaneous Secrecy and Reliability Amplification for a General Channel Model

We present a general notion of channel for cryptographic purposes, which can model either a (classical) physical channel or the consequences of a cryptographic protocol, or any hybrid. We consider {\em simultaneous secrecy and reliability amplification} for such channels. We show that simultaneous secrecy and reliability amplification is not possible for the most general model of channel, but, at least for some values of the parameters, it is possible for a restricted class of channels that still includes both standard information-theoretic channels and keyless cryptographic protocols. Even in the restricted model, we require that for the original channel, the failure chance for the attacker must be a factor $c$ more than that for the intended receiver. We show that for any $c > 4$, there is a one-way protocol (where the sender sends information to the receiver only) which achieves simultaneous secrecy and reliability. From results of Holenstein and Renner (\emph{CRYPTO\u2705}), there are no such one-way protocols for $c 1.5$, there are two-way protocols that achieve simultaneous secrecy and reliability. We propose using similar models to address other questions in the theory of cryptography, such as using noisy channels for secret agreement, trade-offs between reliability and secrecy, and the equivalence of various notions of oblivious channels and secure computation

Efficient Pseudorandom Functions via On-the-Fly Adaptation

Pseudorandom functions (PRFs) are one of the most fundamental building blocks in cryptography with numerous applications such as message authentication codes and private key encryption. In this work, we propose a new paradigm to construct PRFs with the overall goal to build efficient PRFs from standard assumptions with an almost tight proof of security. We start from a PRF for any small domain (i.e.~poly-sized domain) and we turn it into a bounded pseudorandom functions (bPRF). Recall that a function $F$ is an $\ell$-bounded pseudorandom function, if the outputs of $F$ are pseudorandom for the first $\ell$ distinct queries to $F$. In the second step, we apply a novel technique which we call \emph{on-the-fly adaptation} that turns any bPRF into a fully-fledged (large domain) PRF. Both steps of our paradigm have a tight security reduction, meaning that any successful attacker can be turned into an efficient algorithm for the underlying hard computational problem without any significant increase in the running time or loss of success probability. Instantiating our paradigm with specific number theoretic assumptions, we construct a PRF based on $k$-LIN (and thus DDH) that is faster than all known constructions, which reduces almost tightly to the underlying problem, and which has shorter keys. Instantiating our paradigm with general assumptions, we construct a PRF with very flat circuits whose security almost tightly reduces to the security of some small domain PRF. As an exemplifying instance, we use the PRF of Banerjee, Peikert, and Rosen (EUROCRYPT\u2712) based on LWE, as the underlying small domain PRF and we obtain a construction that is secure (for large domains) under a weaker assumption, with a tighter proof of security, and the resulting circuit is shallower than instantiating the BPR scheme with a large domain directly