Cryptanalysis of the Legendre PRF and Generalizations

Authors

  • Ward Beullens imec - Computer Security and Industrial Cryptography (COSIC) research group, Department of Electrical Engineering (ESAT), KU Leuven, Leuven, Belgium
  • Tim Beyne imec - Computer Security and Industrial Cryptography (COSIC) research group, Department of Electrical Engineering (ESAT), KU Leuven, Leuven, Belgium
  • Aleksei Udovenko Interdisciplinary Centre for Security, Reliability (SnT), University of Luxembourg, Esch-sur-Alzette, Luxembourg
  • Giuseppe Vitto Interdisciplinary Centre for Security, Reliability (SnT), University of Luxembourg, Esch-sur-Alzette, Luxembourg

DOI:

https://doi.org/10.13154/tosc.v2020.i1.313-330

Keywords:

Cryptanalysis, Legendre PRF, MPC-friendly primitives, Collision attack

Abstract

The Legendre PRF relies on the conjectured pseudorandomness properties of the Legendre symbol with a hidden shift. Originally proposed as a PRG by Damgård at CRYPTO 1988, it was recently suggested as an efficient PRF for multiparty computation purposes by Grassi et al. at CCS 2016. Moreover, the Legendre PRF is being considered for usage in the Ethereum 2.0 blockchain.
This paper improves previous attacks on the Legendre PRF and its higher-degree variant due to Khovratovich by reducing the time complexity from O(< (p log p/M) to O(p log2p/M2) Legendre symbol evaluations when M4p log2p queries are available. The practical relevance of our improved attack is demonstrated by breaking three concrete instances of the PRF proposed by the Ethereum foundation. Furthermore, we generalize our attack in a nontrivial way to the higher-degree variant of the Legendre PRF and we point out a large class of weak keys for this construction. Lastly, we provide the first security analysis of two additional generalizations of the Legendre PRF originally proposed by Damgård in the PRG setting, namely the Jacobi PRF and the power residue PRF.

Downloads

Published

2020-05-07

How to Cite

Beullens, W., Beyne, T., Udovenko, A., & Vitto, G. (2020). Cryptanalysis of the Legendre PRF and Generalizations. IACR Transactions on Symmetric Cryptology, 2020(1), 313–330. https://doi.org/10.13154/tosc.v2020.i1.313-330

Issue

Section

Articles