Paper 2018/927

Adaptively Secure Distributed PRFs from LWE

Benoît Libert, Damien Stehlé, and Radu Titiu


In distributed pseudorandom functions (DPRFs), a PRF secret key $SK$ is secret shared among $N$ servers so that each server can locally compute a partial evaluation of the PRF on some input $X$. A combiner that collects $t$ partial evaluations can then reconstruct the evaluation $F(SK,X)$ of the PRF under the initial secret key. So far, all non-interactive constructions in the standard model are based on lattice assumptions. One caveat is that they are only known to be secure in the static corruption setting, where the adversary chooses the servers to corrupt at the very beginning of the game, before any evaluation query. In this work, we construct the first fully non-interactive adaptively secure DPRF in the standard model. Our construction is proved secure under the LWE assumption against adversaries that may adaptively decide which servers they want to corrupt. We also extend our construction in order to achieve robustness against malicious adversaries.

Note: Fixed one reference in the biblio

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in TCC 2018
LWEpseudorandom functionsdistributed PRFsthreshold cryptographyadaptive security
Contact author(s)
benoit libert @ ens-lyon fr
2019-05-17: last of 2 revisions
2018-10-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Benoît Libert and Damien Stehlé and Radu Titiu},
      title = {Adaptively Secure Distributed PRFs from LWE},
      howpublished = {Cryptology ePrint Archive, Paper 2018/927},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.