Documentation

VCVio.CryptoFoundations.PRF

Pseudorandom Functions (PRFs) #

This file defines pseudorandom functions and their security game.

A PRF adversary gets oracle access to uniform sampling plus a function D → R and tries to distinguish the real function PRF.eval k (for a random key k) from a truly random function (modeled as a lazy random oracle with consistent responses).

Main Definitions #

structure PRFScheme (K D R : Type) :

A pseudorandom function with key space K, domain D, and range R. Key generation is probabilistic; evaluation is deterministic given a key.

Instances For

    Oracle interface for PRF distinguishers: unrestricted access to uniform sampling plus oracle access to the candidate function.

    Instances For
      @[reducible, inline]

      A PRF adversary gets oracle access to uniform sampling and a function D → R, and outputs a boolean guess (true = "real PRF", false = "random function").

      Instances For
        def PRFScheme.UniformKey {K D R : Type} [SampleableType K] (prf : PRFScheme K D R) :

        A PRF has uniform key generation when its keygen algorithm is exactly uniform sampling.

        Instances For
          def PRFScheme.prfRealQueryImpl {K D R : Type} (prf : PRFScheme K D R) (k : K) :

          Query implementation for the real PRF experiment. Uniform-sampling queries are handled by the ambient unifSpec; function queries are answered by prf.eval k.

          Instances For

            Query implementation for the ideal PRF experiment. Uniform-sampling queries are handled by the ambient unifSpec; function queries are answered by a lazy random oracle.

            Instances For
              def PRFScheme.prfRealExp {K D R : Type} (prf : PRFScheme K D R) (adversary : PRFAdversary D R) :

              Real PRF experiment: sample a key, let the adversary query prf.eval k.

              Instances For

                Ideal PRF experiment: let the adversary query a lazy random oracle (consistent random function). The oracle caches responses so that the same input always yields the same output.

                Instances For
                  noncomputable def PRFScheme.prfAdvantage {K D R : Type} [DecidableEq D] [SampleableType R] (prf : PRFScheme K D R) (adversary : PRFAdversary D R) :

                  PRF advantage: how well the adversary distinguishes the real PRF from a random function.

                  Instances For