Efficient Quantum-Safe Distributed PRF and Applications: Playing DiSE in a Quantum World

Abstract

We propose the first distributed version of a simple, efficient, and provably quantum-safe pseudorandom function (PRF). The distributed PRF (DPRF) supports arbitrary threshold access structures based on the hardness of the well-studied Learning with Rounding (LWR) problem. Our construction (abbreviated as PQDPRF) practically outperforms not only existing constructions of DPRF based on lattice-based assumptions, but also outperforms (in terms of evaluation time) existing constructions of: (i) classically secure DPRFs based on discrete-log hard groups, and (ii) quantum-safe DPRFs based on any generic quantum-safe PRF (e.g. AES). The efficiency of PQDPRFstems from the extreme simplicity of its construction, consisting of a simple inner product computation over ${Z}_q$, followed by a rounding to a smaller modulus $p < q$ . The key technical novelty of our proposal lies in our proof technique, where we prove the correctness and post-quantum security of PQDPRF (against semi-honest corruptions of any less than threshold number of parties) for a polynomial q/p (equivalently, “modulus to modulus”)-ratio. Our proposed DPRF construction immediately enables efficient yet quantum-safe instantiations of several practical applications, including key distribution centers, distributed coin tossing, long-term encryption of information, etc. We showcase a particular application of PQDPRF in realizing an efficient yet quantum-safe version of distributed symmetric-key encryption ( DiSE– originally proposed by Agrawal et al. in CCS 2018), which we call PQ - DiSE. For semi-honest adversarial corruptions across a wide variety of corruption thresholds, PQ – DiSE substantially outperforms existing instantiations of DiSE based on discrete-log hard groups and generic PRFs (e.g. AES). We illustrate the practical efficiency of our PQDPRF via prototype implementation of PQ – DiSE.