Computationally private randomizing polynomials and their applications (extended abstract)

Randomizing polynomials allow to represent a function f(x) by a low-degree randomized mapping fˆ(x, r) whose output distribution on an input x is a randomized encoding of f(x). It is known that any function f in ⊕L/poly (and in particular in NC¹) can be efficiently represented by degree-3 randomizing polynomials. Such a degree-3 representation gives rise to an NC₄⁰ representation, in which every bit of the output depends on only 4 bits of the input. In this paper, we study the relaxed notion of computationally private randomizing polynomials, where the output distribution of fˆ(x, r) should only be computationally indistinguishable from a randomized encoding of f(x). We construct degree-3 randomizing polynomials of this type for every polynomial-time computable function, assuming the existence of a cryptographic pseudorandom generator (PRG) in ⊕L/poly. (The latter assumption is implied by most standard intractability assumptions used in cryptography.) This result is obtained by combining a variant of Yao\´s garbled circuit technique with previous "information-theoretic" constructions of randomizing polynomials.