## Cryptology ePrint Archive: Report 2019/862

Key recovery attacks on the Legendre PRFs within the birthday bound

Dmitry Khovratovich

Abstract: We show that Legendre PRF, recently suggested as an MPC-friendly primitive in a prime field $Z_p$, admits key recovery attacks of complexity $O(\sqrt{p})$ rather than previously assumed $O(p)$. We also demonstrate new attacks on high-degree versions of this PRF, improving on the previous results by Russell and Shparlinski.

Category / Keywords: secret-key cryptography / PRF, Legendre, tradeoff