Chris Brzuska, Geoffroy Couteau, Christoph Egger, Pihla Karanko, Pierre Meyer
{"title":"Instantiating the Hash-then-evaluate paradigm: Strengthening PRFs, PCFs, and OPRFs.","authors":"Chris Brzuska, Geoffroy Couteau, Christoph Egger, Pihla Karanko, Pierre Meyer","doi":"10.1007/s12095-025-00825-3","DOIUrl":null,"url":null,"abstract":"<p><p>We instantiate the hash-then-evaluate paradigm for pseudorandom functions (PRFs), <math><mrow><mi>PRF</mi> <mo>(</mo> <mi>k</mi> <mo>,</mo> <mi>x</mi> <mo>)</mo> <mo>:</mo> <mo>=</mo> <mi>wPRF</mi> <mo>(</mo> <mi>k</mi> <mo>,</mo> <mi>RO</mi> <mo>(</mo> <mi>x</mi> <mo>)</mo> <mo>)</mo></mrow> </math> , which builds a PRF <math><mi>PRF</mi></math> from a weak PRF <math><mi>wPRF</mi></math> via a <i>public</i> pre-processing random oracle <math><mi>RO</mi></math> . In applications to secure multiparty computation (MPC), only the low-complexity <math><mi>wPRF</mi></math> performs secret-depending operations. Our construction replaces <math><mi>RO</mi></math> by <math><mrow><mi>f</mi> <mo>(</mo> <msub><mi>k</mi> <mi>H</mi></msub> <mo>,</mo> <mi>elf</mi> <mrow><mo>(</mo> <mi>x</mi> <mo>)</mo></mrow> <mo>)</mo></mrow> </math> , where <i>f</i> is a non-adaptive PRF and the key <math><msub><mi>k</mi> <mi>H</mi></msub> </math> is <i>public</i> and thus known to the distinguishing adversary. We show that, perhaps surprisingly, several existing weak PRF candidates are plausibly also secure when their inputs are generated by <math><mrow><mi>f</mi> <mo>(</mo> <msub><mi>k</mi> <mi>H</mi></msub> <mo>,</mo> <mi>elf</mi> <mrow><mo>(</mo> <mo>.</mo> <mo>)</mo></mrow> <mo>)</mo></mrow> </math> . Firstly, analogous cryptanalysis applies (because pseudorandomness of <i>f</i> implies good statistical properties) and/or secondly an attack against the weak PRF with such pseudorandom inputs generated by <i>f</i> would imply surprising results such as key agreement from the hardness of the high-noise version of the Learning Parity with Noise (LPN) when implementing both <math><mi>wPRF</mi></math> and <i>f</i> from this assumption. Our simple transformation of replacing <math><mrow><mi>RO</mi> <mo>(</mo> <mo>·</mo> <mo>)</mo></mrow> </math> public pre-processing by <math><mrow><mi>f</mi> <mo>(</mo> <msub><mi>k</mi> <mi>H</mi></msub> <mo>,</mo> <mi>elf</mi> <mrow><mo>(</mo> <mi>x</mi> <mo>)</mo></mrow> <mo>)</mo></mrow> </math> public pre-processing applies to the entire family of PRF-style functions. Specifically, we obtain results for oblivious PRFs, which are a core building block for password-based authenticated key exchange (PAKE) and private set intersection (PSI) protocols, and we also obtain results for pseudorandom correlation functions (PCF), which are a key tool for silent oblivious transfer (OT) extension.</p>","PeriodicalId":48936,"journal":{"name":"Cryptography and Communications-Discrete-Structures Boolean Functions and Sequences","volume":"17 5","pages":"1325-1366"},"PeriodicalIF":1.1000,"publicationDate":"2025-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC12474740/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cryptography and Communications-Discrete-Structures Boolean Functions and Sequences","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s12095-025-00825-3","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/8/13 0:00:00","PubModel":"Epub","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0
Abstract
We instantiate the hash-then-evaluate paradigm for pseudorandom functions (PRFs), , which builds a PRF from a weak PRF via a public pre-processing random oracle . In applications to secure multiparty computation (MPC), only the low-complexity performs secret-depending operations. Our construction replaces by , where f is a non-adaptive PRF and the key is public and thus known to the distinguishing adversary. We show that, perhaps surprisingly, several existing weak PRF candidates are plausibly also secure when their inputs are generated by . Firstly, analogous cryptanalysis applies (because pseudorandomness of f implies good statistical properties) and/or secondly an attack against the weak PRF with such pseudorandom inputs generated by f would imply surprising results such as key agreement from the hardness of the high-noise version of the Learning Parity with Noise (LPN) when implementing both and f from this assumption. Our simple transformation of replacing public pre-processing by public pre-processing applies to the entire family of PRF-style functions. Specifically, we obtain results for oblivious PRFs, which are a core building block for password-based authenticated key exchange (PAKE) and private set intersection (PSI) protocols, and we also obtain results for pseudorandom correlation functions (PCF), which are a key tool for silent oblivious transfer (OT) extension.
期刊介绍:
The scope of the journal focuses on discrete structures used in stream and block ciphers in symmetric cryptography; code division multiple access in communications; and random number generation for statistics, cryptography and numerical methods. In particular, papers covering Boolean functions and sequences, without excluding any other discrete structure used in cryptography and communications, such as finite fields and other algebraic structures, are strongly encouraged.