## Abstract

Unlike the standard notion of pseudorandom functions (PRF), a *non-adaptive* PRF is only required to be indistinguishable from a random function in the eyes of a *non-adaptive* distinguisher (i.e., one that prepares its oracle calls in advance). A recent line of research has studied the possibility of a *direct* construction of adaptive PRFs from non-adaptive ones, where direct means that the constructed adaptive PRF uses only few (ideally, constant number of) calls to the underlying non-adaptive PRF. Unfortunately, this study has only yielded negative results (e.g., Myers in Advances in Cryptology – EUROCRYPT 2004, pp. 189–206, 2004; Pietrzak in Advances in Cryptology – CRYPTO 2005, pp. 55–65, 2005).

We give an affirmative answer to the above question, presenting a direct construction of adaptive PRFs from non-adaptive ones. The suggested construction is extremely simple, a composition of the non-adaptive PRF with an appropriate pairwise independent hash function.

## Keywords

Function Family Message Authentication Code Pseudorandom Generator Pseudorandom Function Oracle Access## Notes

### Acknowledgements

We are very grateful to Omer Reingold for very useful discussions, and for challenging the second author with this research question a long while ago. We also thank the anonymous referees for their useful comments.

## References

- [1]M. Bellare, A note on negligible functions.
*J. Cryptol.*, 271–284 (2002). doi: 10.1007/s00145-002-0116-x - [2]I. Berman, I. Haitner, From non-adaptive to adaptive pseudorandom functions, in
*Theory of Cryptography, 9th Theory of Cryptography Conference, TCC 2012*(2012), pp. 357–368 Google Scholar - [3]I. Berman, I. Haitner, I. Komargodski, M. Naor, Hardness preserving reductions via cuckoo hashing, in
*Theory of Cryptography, 10th Theory of Cryptography Conference, TCC 2013*(2013), pp. 40–59 Google Scholar - [4]L.J. Carter, M.N. Wegman, Universal classes of hash functions.
*J. Comput. Syst. Sci.*, 143–154 (1979). doi: 10.1145/800105.803400 - [5]C. Cho, C.-K. Lee, R. Ostrovsky, Equivalence of uniform key agreement and composition insecurity, in
*Advances in Cryptology – CRYPTO 2010*(2010), pp. 447–464 CrossRefGoogle Scholar - [6]I. Damgård, J.B. Nielsen, Expanding pseudorandom functions; or: from known-plaintext security to chosen-plaintext security, in
*Advances in Cryptology – CRYPTO 2002*(2002), pp. 449–464 CrossRefGoogle Scholar - [7]Y. Dodis, E. Kiltz, K. Pietrzak, D. Wichs, Message authentication, revisited, in
*Advances in Cryptology – EUROCRYPT 2012*(2012), pp. 355–374 CrossRefGoogle Scholar - [8]O. Goldreich,
*Foundations of Cryptography: Basic Tools*(Cambridge University Press, Cambridge, 2001) CrossRefGoogle Scholar - [9]O. Goldreich,
*Foundations of Cryptography – VOLUME 2: Basic Applications*(Cambridge University Press, Cambridge, 2004) CrossRefGoogle Scholar - [10]O. Goldreich, S. Goldwasser, S. Micali, On the cryptographic applications of random functions, in
*Advances in Cryptology – CRYPTO ’84*(1984), pp. 276–288 Google Scholar - [11]O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions.
*J. ACM*, 792–807 (1986). doi: 10.1445/6490.6503 - [12]J. Håstad, R. Impagliazzo, L.A. Levin, M. Luby, A pseudorandom generator from any one-way function.
*SIAM J. Comput.*, 1364–1396 (1999). doi: 10.1137/s0097539793244708 - [13]M. Luby,
*Pseudorandomness and Cryptographic Applications*. Princeton Computer Science Notes. (Princeton University Press, Princeton, 1996). ISBN 978-0-691-02546-9 zbMATHGoogle Scholar - [14]V. Lyubashevsky, D. Masny, Man-in-the-middle secure authentication schemes from LPN and weak PRFS.
*IACR Cryptol. ePrint Arch.***2013**, 92 (2013) Google Scholar - [15]U.M. Maurer, K. Pietrzak, Composition of random systems: when two weak make one strong, in
*Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004*(2004), pp. 410–427 Google Scholar - [16]U.M. Maurer, J. Sjödin, A fast and key-efficient reduction of chosen-ciphertext to known-plaintext security, in
*Advances in Cryptology – EUROCRYPT 2007*(2007), pp. 498–516 CrossRefGoogle Scholar - [17]U.M. Maurer, S. Tessaro, Basing PRFS on constant-query weak PRFS: minimizing assumptions for efficient symmetric cryptography, in
*Advances in Cryptology – ASIACRYPT 2008*(2008), pp. 161–178 CrossRefGoogle Scholar - [18]S. Myers, Black-box composition does not imply adaptive security, in
*Advances in Cryptology – EUROCRYPT 2004*(2004), pp. 189–206 CrossRefGoogle Scholar - [19]M. Naor, O. Reingold, Synthesizers and their application to the parallel construction of pseudo-random functions.
*J. Comput. Syst. Sci.*, 336–375 (1999). doi: 10.1006/jcss.1998.1618 - [20]K. Pietrzak, Composition does not imply adaptive security, in
*Advances in Cryptology – CRYPTO 2005*(2005), pp. 55–65 CrossRefGoogle Scholar - [21]K. Pietrzak, Composition implies adaptive security in minicrypt, in
*Advances in Cryptology – EUROCRYPT 2006*(2006), pp. 328–338 CrossRefGoogle Scholar