A New Approach for LPN-Based Pseudorandom Functions: Low-Depth and Key-Homomorphic

Youlong Ding; Aayush Jain; Ilan Komargodski

doi:10.1145/3717823.3718210

A New Approach for LPN-Based Pseudorandom Functions: Low-Depth and Key-Homomorphic

Youlong Ding
, Aayush Jain
, Ilan Komargodski^*

^*Corresponding author for this work

The Rachel and Selim Benin School of Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We give new constructions of pseudorandom functions (PRFs) computable in NC¹ from (variants of the) Learning Parity with Noise (LPN) assumption. Prior to our work, the only NC¹-computable PRF from LPN-style assumptions was due to Boyle et al. (FOCS 2020) who constructed a weak PRF from a new heuristic variant of LPN called variable-density LPN. We give the following results: (1) A weak PRF computable in NC¹ from standard LPN, (2) A (strong) encoded-input PRF (EI-PRF) computable in NC¹ from sparse LPN (An EI-PRF is a PRF whose input domain is restricted to an efficiently sampleable and recognizable set. The input encoding can be computed in NC^1+ϵ for any constant ϵ > 0, implying a strong PRF computable in NC^1+ϵ), and (3) A (strong) PRF computable in NC¹ from a (new, heuristic) seeded LPN assumption. In our assumption, each column of the public LPN matrix is generated by an n-wise independent distribution. Supporting evidence for the security of the assumption is given by showing resilience to linear tests. As a bonus, all of our PRF constructions are key-homomorphic, an algebraic property that is useful in many symmetric-cryptography applications. No previously-known LPN-based PRFs have this property, even if we completely ignore depth-efficiency. In fact, our constructions support key homomorphism for linear functions (and not only additive), a property that no previously-known PRF satisfies, including ones from LWE. Additionally, all of our PRF constructions nicely fit into the substitution-permutation network (SPN) design framework used in modern block ciphers (e.g. AES). No prior PRF construction that has a reduction to a standard cryptographic assumptions (let alone LPN) has an SPN-like structure. Technically, all of our constructions of PFRs leverage a new recursive derandomization technique for LPN instances, which allows us to generate LPN error terms deterministically. This technique is inspired by a related idea from the LWE literature (Kim, EUROCRYPT 2020) for which devising an LPN analogue has been an outstanding open problem.

Original language	English
Title of host publication	STOC 2025 - Proceedings of the 57th Annual ACM Symposium on Theory of Computing
Editors	Michal Koucky, Nikhil Bansal
Publisher	Association for Computing Machinery
Pages	1898-1909
Number of pages	12
ISBN (Electronic)	9798400715105
DOIs	https://doi.org/10.1145/3717823.3718210
State	Published - 15 Jun 2025
Event	57th Annual ACM Symposium on Theory of Computing, STOC 2025 - Prague, Czech Republic Duration: 23 Jun 2025 → 27 Jun 2025

Publication series

Name	Proceedings of the Annual ACM Symposium on Theory of Computing
ISSN (Print)	0737-8017

Conference

Conference	57th Annual ACM Symposium on Theory of Computing, STOC 2025
Country/Territory	Czech Republic
City	Prague
Period	23/06/25 → 27/06/25

Bibliographical note

Publisher Copyright:
© 2025 Owner/Author.

Keywords

Learning Parity with Noise
Pseudorandom Functions

Access to Document

10.1145/3717823.3718210

Cite this

Ding, Y., Jain, A., & Komargodski, I. (2025). A New Approach for LPN-Based Pseudorandom Functions: Low-Depth and Key-Homomorphic. In M. Koucky, & N. Bansal (Eds.), STOC 2025 - Proceedings of the 57th Annual ACM Symposium on Theory of Computing (pp. 1898-1909). (Proceedings of the Annual ACM Symposium on Theory of Computing). Association for Computing Machinery. https://doi.org/10.1145/3717823.3718210

Ding, Youlong ; Jain, Aayush ; Komargodski, Ilan. / A New Approach for LPN-Based Pseudorandom Functions : Low-Depth and Key-Homomorphic. STOC 2025 - Proceedings of the 57th Annual ACM Symposium on Theory of Computing. editor / Michal Koucky ; Nikhil Bansal. Association for Computing Machinery, 2025. pp. 1898-1909 (Proceedings of the Annual ACM Symposium on Theory of Computing).

@inproceedings{f659c68b6a284e59b476b836a0dceb45,

title = "A New Approach for LPN-Based Pseudorandom Functions: Low-Depth and Key-Homomorphic",

abstract = "We give new constructions of pseudorandom functions (PRFs) computable in NC1 from (variants of the) Learning Parity with Noise (LPN) assumption. Prior to our work, the only NC1-computable PRF from LPN-style assumptions was due to Boyle et al. (FOCS 2020) who constructed a weak PRF from a new heuristic variant of LPN called variable-density LPN. We give the following results: (1) A weak PRF computable in NC1 from standard LPN, (2) A (strong) encoded-input PRF (EI-PRF) computable in NC1 from sparse LPN (An EI-PRF is a PRF whose input domain is restricted to an efficiently sampleable and recognizable set. The input encoding can be computed in NC1+ϵ for any constant ϵ > 0, implying a strong PRF computable in NC1+ϵ), and (3) A (strong) PRF computable in NC1 from a (new, heuristic) seeded LPN assumption. In our assumption, each column of the public LPN matrix is generated by an n-wise independent distribution. Supporting evidence for the security of the assumption is given by showing resilience to linear tests. As a bonus, all of our PRF constructions are key-homomorphic, an algebraic property that is useful in many symmetric-cryptography applications. No previously-known LPN-based PRFs have this property, even if we completely ignore depth-efficiency. In fact, our constructions support key homomorphism for linear functions (and not only additive), a property that no previously-known PRF satisfies, including ones from LWE. Additionally, all of our PRF constructions nicely fit into the substitution-permutation network (SPN) design framework used in modern block ciphers (e.g. AES). No prior PRF construction that has a reduction to a standard cryptographic assumptions (let alone LPN) has an SPN-like structure. Technically, all of our constructions of PFRs leverage a new recursive derandomization technique for LPN instances, which allows us to generate LPN error terms deterministically. This technique is inspired by a related idea from the LWE literature (Kim, EUROCRYPT 2020) for which devising an LPN analogue has been an outstanding open problem.",

keywords = "Learning Parity with Noise, Pseudorandom Functions",

author = "Youlong Ding and Aayush Jain and Ilan Komargodski",

note = "Publisher Copyright: {\textcopyright} 2025 Owner/Author.; 57th Annual ACM Symposium on Theory of Computing, STOC 2025 ; Conference date: 23-06-2025 Through 27-06-2025",

year = "2025",

month = jun,

day = "15",

doi = "10.1145/3717823.3718210",

language = "אנגלית",

series = "Proceedings of the Annual ACM Symposium on Theory of Computing",

publisher = "Association for Computing Machinery",

pages = "1898--1909",

editor = "Michal Koucky and Nikhil Bansal",

booktitle = "STOC 2025 - Proceedings of the 57th Annual ACM Symposium on Theory of Computing",

}

Ding, Y, Jain, A & Komargodski, I 2025, A New Approach for LPN-Based Pseudorandom Functions: Low-Depth and Key-Homomorphic. in M Koucky & N Bansal (eds), STOC 2025 - Proceedings of the 57th Annual ACM Symposium on Theory of Computing. Proceedings of the Annual ACM Symposium on Theory of Computing, Association for Computing Machinery, pp. 1898-1909, 57th Annual ACM Symposium on Theory of Computing, STOC 2025, Prague, Czech Republic, 23/06/25. https://doi.org/10.1145/3717823.3718210

A New Approach for LPN-Based Pseudorandom Functions: Low-Depth and Key-Homomorphic. / Ding, Youlong; Jain, Aayush; Komargodski, Ilan.
STOC 2025 - Proceedings of the 57th Annual ACM Symposium on Theory of Computing. ed. / Michal Koucky; Nikhil Bansal. Association for Computing Machinery, 2025. p. 1898-1909 (Proceedings of the Annual ACM Symposium on Theory of Computing).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A New Approach for LPN-Based Pseudorandom Functions

T2 - 57th Annual ACM Symposium on Theory of Computing, STOC 2025

AU - Ding, Youlong

AU - Jain, Aayush

AU - Komargodski, Ilan

PY - 2025/6/15

Y1 - 2025/6/15

N2 - We give new constructions of pseudorandom functions (PRFs) computable in NC1 from (variants of the) Learning Parity with Noise (LPN) assumption. Prior to our work, the only NC1-computable PRF from LPN-style assumptions was due to Boyle et al. (FOCS 2020) who constructed a weak PRF from a new heuristic variant of LPN called variable-density LPN. We give the following results: (1) A weak PRF computable in NC1 from standard LPN, (2) A (strong) encoded-input PRF (EI-PRF) computable in NC1 from sparse LPN (An EI-PRF is a PRF whose input domain is restricted to an efficiently sampleable and recognizable set. The input encoding can be computed in NC1+ϵ for any constant ϵ > 0, implying a strong PRF computable in NC1+ϵ), and (3) A (strong) PRF computable in NC1 from a (new, heuristic) seeded LPN assumption. In our assumption, each column of the public LPN matrix is generated by an n-wise independent distribution. Supporting evidence for the security of the assumption is given by showing resilience to linear tests. As a bonus, all of our PRF constructions are key-homomorphic, an algebraic property that is useful in many symmetric-cryptography applications. No previously-known LPN-based PRFs have this property, even if we completely ignore depth-efficiency. In fact, our constructions support key homomorphism for linear functions (and not only additive), a property that no previously-known PRF satisfies, including ones from LWE. Additionally, all of our PRF constructions nicely fit into the substitution-permutation network (SPN) design framework used in modern block ciphers (e.g. AES). No prior PRF construction that has a reduction to a standard cryptographic assumptions (let alone LPN) has an SPN-like structure. Technically, all of our constructions of PFRs leverage a new recursive derandomization technique for LPN instances, which allows us to generate LPN error terms deterministically. This technique is inspired by a related idea from the LWE literature (Kim, EUROCRYPT 2020) for which devising an LPN analogue has been an outstanding open problem.

AB - We give new constructions of pseudorandom functions (PRFs) computable in NC1 from (variants of the) Learning Parity with Noise (LPN) assumption. Prior to our work, the only NC1-computable PRF from LPN-style assumptions was due to Boyle et al. (FOCS 2020) who constructed a weak PRF from a new heuristic variant of LPN called variable-density LPN. We give the following results: (1) A weak PRF computable in NC1 from standard LPN, (2) A (strong) encoded-input PRF (EI-PRF) computable in NC1 from sparse LPN (An EI-PRF is a PRF whose input domain is restricted to an efficiently sampleable and recognizable set. The input encoding can be computed in NC1+ϵ for any constant ϵ > 0, implying a strong PRF computable in NC1+ϵ), and (3) A (strong) PRF computable in NC1 from a (new, heuristic) seeded LPN assumption. In our assumption, each column of the public LPN matrix is generated by an n-wise independent distribution. Supporting evidence for the security of the assumption is given by showing resilience to linear tests. As a bonus, all of our PRF constructions are key-homomorphic, an algebraic property that is useful in many symmetric-cryptography applications. No previously-known LPN-based PRFs have this property, even if we completely ignore depth-efficiency. In fact, our constructions support key homomorphism for linear functions (and not only additive), a property that no previously-known PRF satisfies, including ones from LWE. Additionally, all of our PRF constructions nicely fit into the substitution-permutation network (SPN) design framework used in modern block ciphers (e.g. AES). No prior PRF construction that has a reduction to a standard cryptographic assumptions (let alone LPN) has an SPN-like structure. Technically, all of our constructions of PFRs leverage a new recursive derandomization technique for LPN instances, which allows us to generate LPN error terms deterministically. This technique is inspired by a related idea from the LWE literature (Kim, EUROCRYPT 2020) for which devising an LPN analogue has been an outstanding open problem.

KW - Learning Parity with Noise

KW - Pseudorandom Functions

UR - https://www.scopus.com/pages/publications/105009756447

U2 - 10.1145/3717823.3718210

DO - 10.1145/3717823.3718210

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:105009756447

T3 - Proceedings of the Annual ACM Symposium on Theory of Computing

SP - 1898

EP - 1909

BT - STOC 2025 - Proceedings of the 57th Annual ACM Symposium on Theory of Computing

A2 - Koucky, Michal

A2 - Bansal, Nikhil

PB - Association for Computing Machinery

Y2 - 23 June 2025 through 27 June 2025

ER -

Ding Y, Jain A, Komargodski I. A New Approach for LPN-Based Pseudorandom Functions: Low-Depth and Key-Homomorphic. In Koucky M, Bansal N, editors, STOC 2025 - Proceedings of the 57th Annual ACM Symposium on Theory of Computing. Association for Computing Machinery. 2025. p. 1898-1909. (Proceedings of the Annual ACM Symposium on Theory of Computing). doi: 10.1145/3717823.3718210

A New Approach for LPN-Based Pseudorandom Functions: Low-Depth and Key-Homomorphic

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this