Skip to main content
  • 1882 Accesses

A pseudorandom function is a deterministic function of a key and an input that is indistinguishable from a truly random function of the input. More precisely, let s be a security parameter, let K be a key of length s bits, and let f (K,x) be a function on keys K and inputs x. Then f is a pseuodorandom function if:

  • f can be computed in polynomial time in s; and

  • if K is random, then f cannot be distinguished from a random function in polynomial time.

In this context, “distinguishability” refers to the ability of an algorithm to tell whether a function is not truly random. Let g be a truly random function of x with the same output length as f. Suppose a polynomial-time algorithm A is given access to a “oracle” which, on input x, either consistently returns f (K, x), or consistently returns g(x). After some (polynomial) number of accesses to the oracle, the algorithm outputs a guess, b, as to whether the oracle is f or g. Let ɛ be A's advantage, i.e., the difference in probabilities


This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions


  1. Goldreich, O., S. Goldwasser, and S. Micali (1986). “How to construct random functions.” Journal of the ACM, 33 (4), 210–217.

    Article  MathSciNet  Google Scholar 

Download references


Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 International Federation for Information Processing

About this entry

Cite this entry

Kaliski, B. (2005). Pseudorandom Function. In: van Tilborg, H.C.A. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA .

Download citation

Publish with us

Policies and ethics