Efficient range-trapdoor functions and applications: Rate-1 OT and more

Sanjam Garg, Mohammad Hajiabadi, Rafail Ostrovsky

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    2 Scopus citations


    Substantial work on trapdoor functions (TDFs) has led to many powerful notions and applications. However, despite tremendous work and progress, all known constructions have prohibitively large public keys. In this work, we introduce new techniques for realizing so-called range-trapdoor hash functions with short public keys. This notion, introduced by Döttling et al. [Crypto 2019], allows for encoding a range of indices into a public key in a way that the public key leaks no information about the range, yet an associated trapdoor enables recovery of the corresponding input part. We give constructions of range-trapdoor hash functions, where for a given range I the public key consists of O(n) group elements, improving upon O(n|I|) achieved by Döttling et al. Moreover, by designing our evaluation algorithm in a special way involving Toeplitz matrix multiplication and by showing how to perform fast-Fourier transforms in the exponent, we arrive at O(nlog n) group operations for evaluation, improving upon O(n2), required of previous constructions. Our constructions rely on power-DDH assumptions in pairing-free groups. As applications of our results we obtain 1.The first construction of (rate-1) lossy TDFs with public keys consisting of a linear number of group elements (without pairings).2.Rate-1 string OT with receiver communication complexity of O(n) group elements, where n is the sender’s message size, improving upon O(n2) [Crypto 2019].3.Two-round private-information retrieval protocols for one-bit records, where for a server of N bits, the client’s message consists of O(λ) polylog(N) group elements, improving upon O(λ2) polylog(N).4.Semi-compact homomorphic encryption for branching programs: A construction of homomorphic encryption for branching programs, with ciphertexts consisting of O(λnd2) group elements, improving upon O(λ2nd3). Here λ denotes the security parameter, n the input size and d the depth of the program.

    Original languageEnglish (US)
    Title of host publicationTheory of Cryptography - 18th International Conference, TCC 2020, Proceedings
    EditorsRafael Pass, Krzysztof Pietrzak
    PublisherSpringer Science and Business Media Deutschland GmbH
    Number of pages29
    ISBN (Print)9783030643744
    StatePublished - 2020
    Event18th International Conference on Theory of Cryptography, TCCC 2020 - Durham, United States
    Duration: Nov 16 2020Nov 19 2020

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume12550 LNCS
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    Conference18th International Conference on Theory of Cryptography, TCCC 2020
    Country/TerritoryUnited States

    All Science Journal Classification (ASJC) codes

    • Theoretical Computer Science
    • Computer Science(all)


    Dive into the research topics of 'Efficient range-trapdoor functions and applications: Rate-1 OT and more'. Together they form a unique fingerprint.

    Cite this