International Association for Cryptologic Research (IACR)
Abstract
An n-server information-theoretic \textit{Distributed Point Function} (DPF) allows a client to secret-share a point function fα,β(x) with domain [N] and output group G among n servers such that each server learns no information about the function from its share (called a key) but can compute an additive share of fα,β(x) for any x. DPFs with small key sizes and general output groups are preferred. In this paper, we propose a new transformation from share conversions to information-theoretic DPFs. By applying it to share conversions from Efremenko\u27s PIR and Dvir-Gopi PIR, we obtain both an 8-server DPF with key size O(210logNloglogN+logp) and output group Zp and a 4-server DPF with key size O(τ⋅26logNloglogN) and output group Z2τ. The former allows us to partially answer an open question by Boyle, Gilboa, Ishai, and Kolobov (ITC 2022) and the latter allows us to build the first DPFs that may take any finite Abelian groups as output groups. We also discuss how to further reduce the key sizes by using different PIR, how to reduce the number of servers by resorting to statistical security or using nice integers, and how to obtain DPFs with t-security. We show the applications of the new DPFs by constructing new efficient PIR protocols with result verification