- The paper introduces a perfectly secure (1, 2nr)-ITDPF using a novel share conversion mechanism based on derivative-based PIR to achieve shorter keys.
- Methodological innovations include multiplicity interpolation and application of the multivariate chain rule to embed derivatives, enhancing evaluation efficiency.
- The design outperforms prior schemes by reducing key sizes for prime-order output groups, benefiting bandwidth-sensitive PIR and secure MPC applications.
Overview and Motivation
The paper "Information-Theoretic Distributed Point Functions with Shorter Keys" (2604.24385) addresses the construction of t-private, n-server Information-Theoretic Distributed Point Functions (ITDPFs) with emphasis on reducing the cryptographic key sizes required by each server, while maintaining perfect security. The context is secure multiparty computation and Private Information Retrieval (PIR), where efficiency and strong privacy guarantees are paramount. The work builds upon the LKZ framework for ITDPF construction, leveraging derivative-based PIR schemes, particularly the recent advancement by Ghasemi, Kopparty, and Sudan (STOC 2025), to optimize communication complexity and enable shorter keys for perfectly secure DPFs over prime-order output groups.
Technical Contributions
ITDPF Construction via Share Conversion
The paper's central technical result is a perfectly secure (1,2nr)-ITDPF for output group Zp, applicable for arbitrary primes p. The construction achieves key sizes O(2c2(r)⋅νr+1(N)⋅logp), where:
- nr is parameterized by the properties of matching families and decoding polynomials in PIR constructions,
- νr+1(N) is subpolynomial in N (as established by Grolmusz’s set systems and PIR theory).
This result leverages a novel share conversion mechanism grounded in the matching vector derivative-based PIR scheme of Ghasemi et al. The conversion enables the mapping of secret shares for point function indices to additive shares suitable for DPF evaluation, while respecting the strong information-theoretic security requirements delineated in the LKZ framework. Notably, the share conversion uses the interpolation property with multiplicity and embeds derivatives using multivariate chain rule techniques, facilitating the recovery of function values with minimal communication.
Improvements over Prior ITDPFs
The construction outperforms prior perfectly secure ITDPFs for the same output group Zp in terms of key size. Compared to the best-known (1,2nr)-ITDPFs from Li et al. [LKZ25], the proposed scheme achieves keys that are asymptotically shorter in N. It also matches or improves the efficiency of the Zp0-ITDPF from Boyle et al. [BGIK22]. The advancements are attributable to the exploitation of the GKS derivative-based PIR, which yields superior trade-offs between the number of servers and communication complexity relative to earlier Zp1-matching family-based PIR schemes.
Security and Correctness Analysis
The construction delivers perfect information-theoretic security: any single server (the threshold Zp2 case) or any subset of up to Zp3 servers learns nothing about the underlying point function. This is achieved via uniform randomization of secret shares and their independence from target function parameters. Correctness follows directly from the bilinear evaluation mechanisms, the chain rule application for Hasse derivatives, and the embedding of linear interpolation coefficients within the share conversion, ensuring that the Zp4 evaluations correctly reconstruct the value Zp5.
Key Numerical Results and Claims
- Key Size: Zp6, where Zp7 is the domain size and Zp8 is a function of Zp9 and the p0th smallest prime.
- Number of Servers: p1, with p2 depending on parameter p3 and the structure of matching families.
- Security: Perfect (statistically p4-secure) for up to one colluding server; generalization for larger p5 is possible via generic transformations at an exponential server cost [BIW10].
- Applicability: Construction supports any prime-order output group, with extensions to direct products of prime-order groups.
Implications and Future Directions
Practical Implications
The reduction in key sizes and the support for prime-order output groups make these ITDPFs viable for bandwidth-sensitive applications in PIR, secure data aggregation, and MPC protocols. The improved communication efficiency and modularity in output group support enable scalable deployments, especially in distributed settings where computational assumptions are undesirable or infeasible.
Theoretical Implications
The paper clarifies and strengthens the relationship between PIR constructions and ITDPFs, showing that advancements in the former (especially via matching vector families and derivative interpolation) directly enable optimal DPF designs in terms of communication complexity and security. The explicit use of the interpolation property with multiplicity and the chain rule for derivatives may inspire new approaches in secret sharing, coding theory, and related cryptographic primitives.
Research Outlook
Two main extensions are outlined:
- General Output Groups: Extension beyond p6 to arbitrary Abelian groups remains open, though partial solutions for direct products of prime-order groups are described.
- Privacy Parameter p7: While generic transformations are available for increasing privacy at the cost of server count [BIW10], efficient constructions for larger p8 without exponential blowup are a crucial research direction.
The construction's reliance on advanced PIR schemes suggests that future asymptotic improvements or new combinatorial designs in PIR may further reduce key sizes, enhance output group flexibility, or bolster privacy thresholds.
Conclusion
This work introduces a perfectly secure p9-ITDPF with asymptotically optimal key size for prime-order output groups, leveraging derivative-based PIR constructions to enable efficient share conversion and evaluation. The scheme advances the state of the art in information-theoretic DPFs, both theoretically and practically, by minimizing communication costs and maximizing security guarantees. Its methodological innovations establish a foundation for further research on group generality, privacy amplification, and cryptographic efficiency in distributed function evaluation.