Bi-homomorphic Lattice-Based PRFs and Unidirectional Updatable Encryption

Abstract

We define a pseudorandom function (PRF) (Formula Presented) to be bi-homomorphic when it is fully Key homomorphic and partially Input Homomorphic (KIH), i.e., given (Formula Presented) and (Formula Presented), there is an efficient algorithm to compute (Formula Presented), where (Formula Presented) and (Formula Presented) are (binary) group operations. The homomorphism on the input is restricted to a fixed subset of the input bits, i.e., (Formula Presented) operates on some pre-decided m-out-of-n bits, where (Formula Presented), and the remaining (Formula Presented) bits are identical in both inputs. In addition, the output length, (Formula Presented), of the operator (Formula Presented)is not fixed and is defined as (Formula Presented), hence leading to Homomorphically induced Variable input Length (HVL) as (Formula Presented). We present a learning with errors (LWE) based construction for a HVL-KIH-PRF family. Our construction is inspired by the key homomorphic PRF construction due to Banerjee and Peikert (Crypto 2014). We use our novel PRF family to construct an updatable encryption scheme, named QPC-UE-UU, which is quantum-safe, post-compromise secure and supports unidirectional ciphertext updates, i.e., the tokens can be used to perform ciphertext updates, but they cannot be used to undo completed updates. Our PRF family also leads to the first left/right key homomorphic constrained-PRF family with HVL.