Cryptanalysis of the Legendre PRF and generalizations

Beullens, Ward; Beyne, Tim; Udovenko, Aleksei; Vitto, Giuseppe

doi:10.13154/tosc.v2020.i1.313-330

Reference : Cryptanalysis of the Legendre PRF and generalizations


	Document type :	Scientific journals : Article
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/41514

Title :	Cryptanalysis of the Legendre PRF and generalizations
Language :	English
Author, co-author :	Beullens, Ward [> >]
	Beyne, Tim [> >]
	Udovenko, Aleksei [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
	Vitto, Giuseppe [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
Publication date :	2020
Journal title :	IACR Transactions on Symmetric Cryptology
Volume :	2020
Issue/season :	1
Peer reviewed :	Yes
Keywords :	[en] Cryptanalysis ; Legendre PRF ; MPC-friendly ; primitives ; Collision attack
Abstract :	[en] The Legendre PRF relies on the conjectured pseudorandomness properties of the Legendre symbol with a hidden shift. Originally proposed as a PRG by Damgård at CRYPTO 1988, it was recently suggested as an efficient PRF for multiparty computation purposes by Grassi et al. at CCS 2016. Moreover, the Legendre PRF is being considered for usage in the Ethereum 2.0 blockchain. This paper improves previous attacks on the Legendre PRF and its higher-degree variant due to Khovratovich by reducing the time complexity from O(plogp/M) to O(plog^2p/M2) Legendre symbol evaluations when M≤p√4 queries are available. The practical relevance of our improved attack is demonstrated by breaking two concrete instances of the PRF proposed by the Ethereum foundation. Furthermore, we generalize our attack in a nontrivial way to the higher-degree variant of the Legendre PRF and we point out a large class of weak keys for this construction. Lastly, we provide the first security analysis of two additional generalizations of the Legendre PRF originally proposed by Damgård in the PRG setting, namely the Jacobi PRF and the power residue PRF.
Research centres :	University of Luxembourg: High Performance Computing - ULHPC
Funders :	Fonds National de la Recherche - FnR
Target :	Researchers ; Professionals ; Students
Permalink :	http://hdl.handle.net/10993/41514
DOI :	10.13154/tosc.v2020.i1.313-330
FnR project :	FnR ; FNR11684537 > Alex Biryukov > FinCrypt > Security, Scalability, and Privacy in Blockchain Applications and Smart Contracts > 01/08/2018 > 31/07/2021 > 2017

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	legendrePRF.pdf		Publisher postprint	505.25 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices