Advertisement

Journal of Cryptology

, Volume 28, Issue 2, pp 297–311 | Cite as

From Non-adaptive to Adaptive Pseudorandom Functions

Article

Abstract

Unlike the standard notion of pseudorandom functions (PRF), a non-adaptive PRF is only required to be indistinguishable from a random function in the eyes of a non-adaptive distinguisher (i.e., one that prepares its oracle calls in advance). A recent line of research has studied the possibility of a direct construction of adaptive PRFs from non-adaptive ones, where direct means that the constructed adaptive PRF uses only few (ideally, constant number of) calls to the underlying non-adaptive PRF. Unfortunately, this study has only yielded negative results (e.g., Myers in Advances in Cryptology – EUROCRYPT 2004, pp. 189–206, 2004; Pietrzak in Advances in Cryptology – CRYPTO 2005, pp. 55–65, 2005).

We give an affirmative answer to the above question, presenting a direct construction of adaptive PRFs from non-adaptive ones. The suggested construction is extremely simple, a composition of the non-adaptive PRF with an appropriate pairwise independent hash function.

Keywords

Function Family Message Authentication Code Pseudorandom Generator Pseudorandom Function Oracle Access 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

We are very grateful to Omer Reingold for very useful discussions, and for challenging the second author with this research question a long while ago. We also thank the anonymous referees for their useful comments.

References

  1. [1]
    M. Bellare, A note on negligible functions. J. Cryptol., 271–284 (2002). doi: 10.1007/s00145-002-0116-x
  2. [2]
    I. Berman, I. Haitner, From non-adaptive to adaptive pseudorandom functions, in Theory of Cryptography, 9th Theory of Cryptography Conference, TCC 2012 (2012), pp. 357–368 Google Scholar
  3. [3]
    I. Berman, I. Haitner, I. Komargodski, M. Naor, Hardness preserving reductions via cuckoo hashing, in Theory of Cryptography, 10th Theory of Cryptography Conference, TCC 2013 (2013), pp. 40–59 Google Scholar
  4. [4]
    L.J. Carter, M.N. Wegman, Universal classes of hash functions. J. Comput. Syst. Sci., 143–154 (1979). doi: 10.1145/800105.803400
  5. [5]
    C. Cho, C.-K. Lee, R. Ostrovsky, Equivalence of uniform key agreement and composition insecurity, in Advances in Cryptology – CRYPTO 2010 (2010), pp. 447–464 CrossRefGoogle Scholar
  6. [6]
    I. Damgård, J.B. Nielsen, Expanding pseudorandom functions; or: from known-plaintext security to chosen-plaintext security, in Advances in Cryptology – CRYPTO 2002 (2002), pp. 449–464 CrossRefGoogle Scholar
  7. [7]
    Y. Dodis, E. Kiltz, K. Pietrzak, D. Wichs, Message authentication, revisited, in Advances in Cryptology – EUROCRYPT 2012 (2012), pp. 355–374 CrossRefGoogle Scholar
  8. [8]
    O. Goldreich, Foundations of Cryptography: Basic Tools (Cambridge University Press, Cambridge, 2001) CrossRefGoogle Scholar
  9. [9]
    O. Goldreich, Foundations of Cryptography – VOLUME 2: Basic Applications (Cambridge University Press, Cambridge, 2004) CrossRefGoogle Scholar
  10. [10]
    O. Goldreich, S. Goldwasser, S. Micali, On the cryptographic applications of random functions, in Advances in Cryptology – CRYPTO ’84 (1984), pp. 276–288 Google Scholar
  11. [11]
    O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. J. ACM, 792–807 (1986). doi: 10.1445/6490.6503
  12. [12]
    J. Håstad, R. Impagliazzo, L.A. Levin, M. Luby, A pseudorandom generator from any one-way function. SIAM J. Comput., 1364–1396 (1999). doi: 10.1137/s0097539793244708
  13. [13]
    M. Luby, Pseudorandomness and Cryptographic Applications. Princeton Computer Science Notes. (Princeton University Press, Princeton, 1996). ISBN 978-0-691-02546-9 MATHGoogle Scholar
  14. [14]
    V. Lyubashevsky, D. Masny, Man-in-the-middle secure authentication schemes from LPN and weak PRFS. IACR Cryptol. ePrint Arch. 2013, 92 (2013) Google Scholar
  15. [15]
    U.M. Maurer, K. Pietrzak, Composition of random systems: when two weak make one strong, in Theory of Cryptography, First Theory of Cryptography Conference, TCC 2004 (2004), pp. 410–427 Google Scholar
  16. [16]
    U.M. Maurer, J. Sjödin, A fast and key-efficient reduction of chosen-ciphertext to known-plaintext security, in Advances in Cryptology – EUROCRYPT 2007 (2007), pp. 498–516 CrossRefGoogle Scholar
  17. [17]
    U.M. Maurer, S. Tessaro, Basing PRFS on constant-query weak PRFS: minimizing assumptions for efficient symmetric cryptography, in Advances in Cryptology – ASIACRYPT 2008 (2008), pp. 161–178 CrossRefGoogle Scholar
  18. [18]
    S. Myers, Black-box composition does not imply adaptive security, in Advances in Cryptology – EUROCRYPT 2004 (2004), pp. 189–206 CrossRefGoogle Scholar
  19. [19]
    M. Naor, O. Reingold, Synthesizers and their application to the parallel construction of pseudo-random functions. J. Comput. Syst. Sci., 336–375 (1999). doi: 10.1006/jcss.1998.1618
  20. [20]
    K. Pietrzak, Composition does not imply adaptive security, in Advances in Cryptology – CRYPTO 2005 (2005), pp. 55–65 CrossRefGoogle Scholar
  21. [21]
    K. Pietrzak, Composition implies adaptive security in minicrypt, in Advances in Cryptology – EUROCRYPT 2006 (2006), pp. 328–338 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  1. 1.School of Computer ScienceTel Aviv UniversityTel AvivIsrael

Personalised recommendations