Skip to main content
Cryptography

Questions tagged [pseudo-random-function]

Ask Question

A pseudo-random function (PRF) is a family of deterministic functions indexed by a parameter, such that a randomly selected instance is computationally indistinguishable from a uniformly random function with the same input and output spaces.

456 questions
Newest Active Bountied Unanswered
4 votes
1 answer
115 views

Lindell and Katz define a PRG $G:\{0,1\}^n \to \{0,1\}^m$ along the lines of the following definition $$ \forall \mathcal{D} \in \textrm{PPT } \exists \epsilon(n) \in \textrm{Negl}(n) \textrm{ such ...
Stan's user avatar
  • 109
0 votes
0 answers
41 views

I am designing a non-currency protocol that enforces one anonymous action per legitimate purchase (in my case: one review per purchase). I would like to sanity-check the following construction built ...
Luis Ramirez's user avatar
  • 1
0 votes
0 answers
87 views

I would like to ask for a technical review of a key-derivation construction that we developed while designing a multi-chain wallet and an E2EE identity layer. This construction is part of a broader ...
Jason's user avatar
  • 1
0 votes
0 answers
64 views

Could you please clarify whether a Beaver Triple is essentially a form of Functional Secret Sharing (FSS)? I feel that a Beaver Triple might be the key for the share of the multiplication function. If ...
DSTBP's user avatar
  • 331
0 votes
1 answer
55 views

In DPF, correction words eliminate the differences in node values caused by different seeds and force the node values of both parties to be consistent. My question is: under what circumstances will ...
DSTBP's user avatar
  • 331
1 vote
1 answer
178 views

In the Hull-Dobell theorem for Linear Congruential Generators (LCGs), the third condition states that if 4 divides m (i.e., $ 4 \mid m $), then 4 must divide $ a-1 $ (i.e., $ 4 \mid (a-1) $). Why is ...
DSTBP's user avatar
  • 331
3 votes
1 answer
285 views

Let $f:\mathcal{X}\to\mathcal{Y}$ be an efficiently computable pseudorandom function. Knowing $f$, is there any known method to build a function $f_{x,y}:\mathcal{X}\to\mathcal{Y}$, for any $x,y$, ...
cryptozoaire's user avatar
  • 83
2 votes
1 answer
123 views

I have recently been reading "Constrained Pseudorandom Functions" by Boneh and Waters, and "Constrained Verifiable Random Functions" by Fuchsbauer. One of the claimed results is ...
Franklin Harding's user avatar
  • 81
2 votes
0 answers
84 views

I encountered the following question: Prove that given a weak PRF $F:\{0,1\}^*\times\{0,1\}^*\mapsto\{0,1\}^*$ that doubles the length of each input (that is, if ...
someone235's user avatar
  • 121
1 vote
2 answers
556 views

I know that when the domain of the set is very small, we can enumerate the elements in the set, and in that case, a simple hash-based method is not secure. However, when the domain is very large, such ...
Rui T.'s user avatar
  • 119
2 votes
1 answer
219 views

I'd like to double check my understanding of the collision resistance of a single unkeyed/public permutation call. I'll use two algorithms as examples, namely Ascon-PRFshort and HChaCha20. Ascon-...
samuel-lucas6's user avatar
  • 2,290
0 votes
0 answers
115 views

What is the effective PRF security level of HMAC 256? I would assume that it provides 256 bit PRF security but I can't find any sources.
EnthusiasmForPRFs's user avatar
  • 1
0 votes
0 answers
95 views

HMAC appears to be a variant of NMAC where the two independent keys required by NMAC are derived through the hash function of the HMAC ( since H(k || m) --> H[iv=H(k)] (m) ) Why is it so important ...
seralora's user avatar
  • 1
1 vote
1 answer
203 views

Using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 in tls 1.2 handshake. Reference to TLS 1.2 standard documentation regarding the key generation. And the question 50815 (Clarification needed in TLS 1.2 key ...
Naushad CK's user avatar
  • 21
1 vote
1 answer
51 views

Let $D$ be a distribution such that there exists $c$ in the range of $D$ and for all $z\sim D$, $|z| < c$ with overwhelming probability. Let $\mathsf{Samp}(1^\lambda; r)$ be an efficient sampler ...
vxek's user avatar
  • 551

15 30 50 per page
1
2 3 4 5
31