Until what I have gotten is: A PRG is generator is a part of PRF that produces pseudo-random values for the function. PRF is semantically secure and has no worries of being invertible. Fine, then where is PRP used? What is PRP, where it comes to, how it benefits.
Asked
Active
Viewed 4.0k times
4 Answers
36
A Pseudo Random Function is a function that is indistinguishable from a function selected at random from the set of all functions with the same domain and value set. A Pseudo Random Permutation is, similarly, a bijective function that is indistinguishable from a bijective function selected at random from the set of all bijective functions over the same domain. For instance, a cryptographically secure block cipher parametrized by a secret key is a PRP.
The term PRG is, on the other hand, most commonly used for stateful functions that are used for generating successive pseudo random strings, e.g. to be used as a key, iv, salt, nonce etc.
thyu
- 111
- 4
Henrick Hellström
- 10,556
- 1
- 32
- 59
19
The answer is given by Henrick is good, but I try to give a explanation with more details in security area.
When you think about PRF (Pseudo Random Function), you will think that there are three elements with PRF, which are $K, X$, and $Y$. $K$ is the keyspace, $X$ the message or input space and $Y$ the output space. PRF is a function, when you give this function elements from $K$ and $X$, it will output an element from $Y$:
$$ F : K \times X \to Y $$
When you think about PRP (Pseudo Random Permutation), it also has three elements with PRP, which are $K, X, X$. As you see the input and output space are $X$:
$$ E : K \times X \to X $$
Also, a PRP is required to be bijective, and to have an efficient inversion function $\operatorname{PRP}^{-1}$. This makes sense when recalling that PRPs are sometimes called a blockcipher: The inversion function is (needed to build) the decryption function of a blockcipher.
PRFs and PRPs are both deterministic: Calling a PRF or a PRP again a same input as before will produce the same output, respectively.
The inversion function is an important difference between PRF and PRP.
Source: Slides by Dan Boneh, which also contain the common security definitions for PRFs and PRPs, and talk about the PRP/PRF Switching Lemma.
7
In case there's still some confusion, I'll try giving a stab at it. Anyone correct me if I'm wrong!
I believe a Pseudo Random Function tries to simulate a random function. Since a random function is just some function that has random outputs associated with inputs.
However, to make a "truly" random function is quite hard/nearly impossible. There's usually patterns/order even if you were asked to randomly pick numbers from 1-100 (for example).
Say you were able to somehow able to make a "real" random function, you'd need to store every input/output pair in memory. That's not really efficient in practice (eg. if you had to store 2^128 entries). So a PRF (Pseudo Random Function) can be expressed together like AES + the Key.
A Pseudo Random Generator is a pseudo random function with an internal state. Each time you run it, it'll run the state through a PRF, gives an output, and then updates the state using another PRF. It's pseudo random because if you re-initialize it with the same internal state, you'd end up getting the same output sequence you got previously.Unlike a PRP, a PRF does not require a one-to-one mapping between the input space and output space.
A Pseudo Random Permutation is a PRF that happens to have the property that every element in the input domain has a single associated member in the output co-domain and vice versa. This is also called a bijection (one-to-one mapping). This is why PRPs have an inverse, but PRFs don't necessarily have an inverse.
Timal Peramune
- 211
- 3
- 5
-2
To me a PRP is a type of a PRF. Meaning that a PRP is where X=Y and is efficiently invertible. (NOt entirely accurate but it formed the basis of my understanding.
The Gentleman
- 11
- 1