Puncturable Pseudorandom Functions

Puncturable Pseudorandom Functions: What are they and why are they useful?

Definition

A pseudorandom function (PRF) is a function that takes an input and produces an output that is indistinguishable from random by any efficient algorithm. A PRF can be seen as a deterministic way of generating random-looking values.

A puncturable pseudorandom function (PRF) is a type of PRF that allows one to generate keys that can evaluate the PRF at all points except for a specified set of points. The punctured keys do not reveal any information about the PRF values at the punctured points. Puncturable PRFs are useful for applications such as forward secrecy, revocation, and obfuscation.

Example

To give you an example, suppose you have a puncturable PRF F with a master key k that maps 32-bit strings to 128-bit strings. You can use k to evaluate F(k,x) for any x in {0,1}^32. Now suppose you want to revoke your ability to evaluate F at x = 01010101…01. You can do so by generating a punctured key k’ that is associated with x. Using k’, you can still evaluate F(k’,x) for any x in {0,1}^32 except for x = 01010101…01. Moreover, k’ does not leak any information about F(k,x) for x = 01010101…01.

可穿刺伪随机函数：它们是什么，为什么有用？

定义

伪随机函数（PRF）是一种函数，它接受一个输入并产生一个输出，这个输出对于任何有效的算法来说都无法与随机区分。伪随机函数可以看作是一种确定性地生成随机看起来的值的方法。

可穿刺伪随机函数（PRF）是一种伪随机函数，它允许生成可以在除了指定的一组点之外的所有点上评估伪随机函数的密钥。穿刺密钥不会泄露任何关于穿刺点处的伪随机函数值的信息。可穿刺伪随机函数对于诸如前向保密、撤销和混淆等应用很有用。

示例

给你一个例子，假设你有一个可穿刺伪随机函数 F，它有一个主密钥 k，它将 32 位字符串映射到 128 位字符串。你可以使用 k 来评估任何 x ∈ {0,1}^32 的 F(k,x)。现在假设你想撤销你在 x = 01010101…01 处评估 F 的能力。你可以通过生成一个与 x 相关联的穿刺密钥 k’ 来做到这一点。使用 k’，你仍然可以评估任何 x ∈ {0,1}^32 除了 x = 01010101…01 处的 F(k’,x)。而且，k’ 不会泄露任何关于 x = 01010101…01 处的 F(k,x) 的信息。