Hardness Preserving Constructions of Pseudorandom Functions

* Final gross prices may vary according to local VAT.

Get Access


We show a hardness-preserving construction of a PRF from any length doubling PRG which improves upon known constructions whenever we can put a non-trivial upper bound q on the number of queries to the PRF. Our construction requires only O(logq) invocations to the underlying PRG with each query. In comparison, the number of invocations by the best previous hardness-preserving construction (GGM using Levin’s trick) is logarithmic in the hardness of the PRG.

For example, starting from an exponentially secure PRG {0,1} n ↦{0,1}2n , we get a PRF which is exponentially secure if queried at most \(q=\exp(\sqrt n)\) times and where each invocation of the PRF requires \(\Theta(\sqrt n)\) queries to the underlying PRG. This is much less than the Θ(n) required by known constructions.