Paper 2014/840

Constrained PRFs for Unbounded Inputs

Hamza Abusalah, Georg Fuchsbauer, and Krzysztof Pietrzak


A constrained pseudorandom function $F: K \times X \to Y$ for a family $T$ of subsets of $X$ is a function where for any key $k \in K$ and set $S \in T$ one can efficiently compute a constrained key $k_S$ which allows to evaluate $F(k,.)$ on all inputs $x\in S$, while even given this key, the outputs on all inputs $x \notin S$ look random. At Asiacrypt'13 Boneh and Waters gave a construction which supports the most general set family so far. Its keys $k_C$ are defined for sets decided by boolean circuits $C$ and enable evaluation of the PRF on any $x \in X$ where $C(x)=1$. In their construction the PRF input length and the size of the circuits $C$ for which constrained keys can be computed must be fixed beforehand during key generation. We construct a constrained PRF that has an unbounded input length and whose constrained keys can be defined for any set recognized by a Turing machine. The only a priori bound we make is on the description size of the machines. We prove our construction secure assuming public-coin differing-input obfuscation. As applications of our constrained PRF we build a broadcast encryption scheme where the number of potential receivers need not be fixed at setup (in particular, the length of the keys is independent of the number of parties) and the first identity-based non-interactive key exchange protocol with no bound on the number of parties that can agree on a shared key.

Note: We revised the main construction so it only requires *public-coin* differing-input obfuscation.

Available format(s)
Publication info
Published elsewhere. MAJOR revision.CT-RSA 2016
Constrained PRFsbroadcast encryptionidentity-based non-interactive key exchange
Contact author(s)
gfuchsbauer @ ist ac at
2015-11-18: last of 4 revisions
2014-10-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Hamza Abusalah and Georg Fuchsbauer and Krzysztof Pietrzak},
      title = {Constrained PRFs for Unbounded Inputs},
      howpublished = {Cryptology ePrint Archive, Paper 2014/840},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.