Pseudorandom Functions: Three Decades Later

In 1984, Goldreich, Goldwasser and Micali formalized the concept of pseudorandom functions and proposed a construction based on any length-doubling pseudorandom generator. Since then, pseudorandom functions have turned out to be an extremely influential abstraction, with applications ranging from message authentication to barriers in proving computational complexity lower bounds. In this tutorial we survey various incarnations of pseudorandom functions, giving self-contained proofs of key results from the literature. Our main focus is on feasibility results and constructions, as well as on limitations of (and induced by) pseudorandom functions. Along the way we point out some open questions that we believe to be within reach of current techniques. I have set up on a Manchester computer a small programme using only 1000 units of storage, whereby the machine supplied with one sixteen figure number replies with another within two seconds. I would defy anyone to learn from these replies sufficient about the programme to be able to predict any replies to untried values. A. TURING (from [GGM84]) ∗This survey appeared in the book Tutorials on the Foundations of Cryptography, published in honor of Oded Goldreichs 60th birthday. †Dept. of Computer Science and Engineering and Institute of Theoretical Computer Science and Communications, Chinese University of Hong Kong. [email protected] ‡Efi Arazi School of Computer Science, IDC Herzliya. [email protected]