{"id":"https://openalex.org/W3176402242","doi":"https://doi.org/10.1109/csf54842.2022.9919640","title":"Legendre PRF (Multiple) Key Attacks and the Power of Preprocessing","display_name":"Legendre PRF (Multiple) Key Attacks and the Power of Preprocessing","publication_year":2022,"publication_date":"2022-08-01","ids":{"openalex":"https://openalex.org/W3176402242","doi":"https://doi.org/10.1109/csf54842.2022.9919640","mag":"3176402242"},"language":"en","primary_location":{"id":"doi:10.1109/csf54842.2022.9919640","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csf54842.2022.9919640","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 35th Computer Security Foundations Symposium (CSF)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5058899413","display_name":"Alexander May","orcid":"https://orcid.org/0000-0001-5965-5675"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Alexander May","raw_affiliation_strings":["Ruhr University Bochum,Germany","Ruhr University Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr University Bochum,Germany","institution_ids":["https://openalex.org/I904495901"]},{"raw_affiliation_string":"Ruhr University Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070587654","display_name":"Floyd Zweydinger","orcid":"https://orcid.org/0009-0006-7610-9143"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Floyd Zweydinger","raw_affiliation_strings":["Ruhr University Bochum,Germany","Ruhr University Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr University Bochum,Germany","institution_ids":["https://openalex.org/I904495901"]},{"raw_affiliation_string":"Ruhr University Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5058899413"],"corresponding_institution_ids":["https://openalex.org/I904495901"],"apc_list":null,"apc_paid":null,"fwci":0.78319528,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.69170248,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"428","last_page":"438"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13182","display_name":"Quantum-Dot Cellular Automata","score":0.9789000153541565,"subfield":{"id":"https://openalex.org/subfields/1703","display_name":"Computational Theory and Mathematics"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.48118144273757935},{"id":"https://openalex.org/keywords/multiplicative-function","display_name":"Multiplicative function","score":0.4579244554042816},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4575895071029663},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.450776070356369},{"id":"https://openalex.org/keywords/discrete-mathematics","display_name":"Discrete mathematics","score":0.3530922532081604},{"id":"https://openalex.org/keywords/combinatorics","display_name":"Combinatorics","score":0.33672478795051575},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.2926176190376282},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1293729543685913},{"id":"https://openalex.org/keywords/mathematical-analysis","display_name":"Mathematical analysis","score":0.07929491996765137}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.48118144273757935},{"id":"https://openalex.org/C42747912","wikidata":"https://www.wikidata.org/wiki/Q1048447","display_name":"Multiplicative function","level":2,"score":0.4579244554042816},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4575895071029663},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.450776070356369},{"id":"https://openalex.org/C118615104","wikidata":"https://www.wikidata.org/wiki/Q121416","display_name":"Discrete mathematics","level":1,"score":0.3530922532081604},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.33672478795051575},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.2926176190376282},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1293729543685913},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.07929491996765137}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csf54842.2022.9919640","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csf54842.2022.9919640","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 35th Computer Security Foundations Symposium (CSF)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2198199181","display_name":null,"funder_award_id":"390781972","funder_id":"https://openalex.org/F4320308022","funder_display_name":"California Department of Fish and Game"}],"funders":[{"id":"https://openalex.org/F4320308022","display_name":"California Department of Fish and Game","ror":"https://ror.org/02v6w2r95"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W310254705","https://openalex.org/W1559738570","https://openalex.org/W1985217658","https://openalex.org/W1996143071","https://openalex.org/W2008272678","https://openalex.org/W2069535412","https://openalex.org/W2128141215","https://openalex.org/W2164466308","https://openalex.org/W2208284559","https://openalex.org/W2537089202","https://openalex.org/W2752581772","https://openalex.org/W2794798416","https://openalex.org/W2795012573","https://openalex.org/W2919452334","https://openalex.org/W2970484179","https://openalex.org/W3003772367","https://openalex.org/W3013053553","https://openalex.org/W3013927205","https://openalex.org/W3037871682","https://openalex.org/W3206748483","https://openalex.org/W4253300695","https://openalex.org/W6760338845","https://openalex.org/W6767819389","https://openalex.org/W6802552777"],"related_works":["https://openalex.org/W2051487156","https://openalex.org/W2073681303","https://openalex.org/W4318195686","https://openalex.org/W2975999359","https://openalex.org/W4287173569","https://openalex.org/W2796561647","https://openalex.org/W2317200988","https://openalex.org/W4313513739","https://openalex.org/W3119693376","https://openalex.org/W3182422617"],"abstract_inverted_index":{"Due":[0],"to":[1,78,135,254,268],"its":[2,29],"amazing":[3],"speed":[4],"and":[5,21,127,222,312],"multiplicative":[6],"properties":[7],"the":[8,23,51,123,141,188,204,211,215,262,266,270,284,290,330,370],"Legendre":[9,37,52,128,158,205],"PRF":[10,38,68,206],"recently":[11],"finds":[12,349],"widespread":[13],"applications":[14],"e.g.":[15,236],"in":[16,22,57,94,165,187,237,258,276,329,355,369],"Ethereum":[17,189,371],"2.0,":[18],"multiparty":[19],"computation":[20],"quantum-secure":[24],"signature":[25],"proposal":[26],"LegRoast.":[27],"However,":[28],"security":[30,69],"is":[31,70,103],"not":[32,223],"yet":[33],"extensively":[34],"studied.":[35],"The":[36],"computes":[39],"for":[40,316,333],"a":[41,104,117,149,225,243,335,381],"key":[42,226,272],"<tex":[43,48,54,61,79,87,91,96,155,160,167,175,217,227,240,247,255,273,279,318,326,339,351,359],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[44,49,55,62,80,88,92,97,156,161,168,176,218,228,241,248,256,274,280,319,327,340,352,360],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$k$</tex>":[45,89,229,275],"on":[46,154,214,224],"input":[47],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$x$</tex>":[50],"symbol":[53,129],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$L_{k}(x)=(\\frac{x+k}{p})$</tex>":[56],"some":[58],"finite":[59],"field":[60],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$\\mathbb{F}_{p}$</tex>":[63],".":[64,82,230,250,282,342,362],"As":[65],"standard":[66],"notion,":[67],"analysed":[71],"by":[72],"giving":[73],"an":[74,197,232,259,344],"attacker":[75,233,263],"oracle":[76],"access":[77,253],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$L_{k}(\\cdot)$</tex>":[81,93,257],"Khovratovich's":[83],"collision-based":[84],"algorithm":[85],"recovers":[86],"using":[90],"time":[95,166,239,277,325,357],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$\\sqrt{p}$</tex>":[98],"with":[99,172,301],"constant":[100],"memory.":[101],"It":[102],"major":[105],"open":[106],"problem":[107,126],"whether":[108],"this":[109],"birthday-bound":[110],"complexity":[111,287],"can":[112,297],"be":[113,184,299,367],"beaten.":[114],"We":[115,305],"show":[116,202],"somewhat":[118],"surprising":[119],"wide-ranging":[120],"analogy":[121,132],"between":[122,310],"discrete":[124,142],"logarithm":[125,143],"computations.":[130],"This":[131,180],"allows":[133],"us":[134],"adapt":[136],"various":[137,308],"algorithmic":[138],"ideas":[139],"from":[140],"setting.":[144],"More":[145],"precisely,":[146],"we":[147,201],"present":[148],"small":[150],"memory":[151],"multiple-key":[152,181,303],"attack":[153,182,296],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$m$</tex>":[157,320,353],"keys":[159,194,321,354,375],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$k_{1},":[162],"\\ldots,":[163],"k_{m}$</tex>":[164],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$\\sqrt{mp}$</tex>":[169],",":[170],"i.e.":[171],"amortized":[173],"cost":[174],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$\\sqrt{p/m}$</tex>":[177],"per":[178],"key.":[179],"might":[183,365],"of":[185,245,337],"interest":[186],"context,":[190,373],"since":[191],"recovering":[192],"many":[193],"simultaneously":[195],"maximizes":[196],"attacker's":[198,285],"profit.":[199],"Moreover,":[200],"that":[203,380],"admits":[207],"precomputation":[208,212,238,295,311,331,384],"attacks,":[209],"where":[210,374],"depends":[213],"public":[216],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$p$</tex>":[219],"only":[220,278,358],"-":[221],"Namely,":[231],"may":[234,323],"compute":[235],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$p^{\\frac{2}{3}}$</tex>":[242],"hint":[244,267,336],"size":[246,338],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$p^{\\frac{1}{3}}$</tex>":[249,281,361],"On":[251],"receiving":[252],"online":[260,286,313,345],"phase,":[261,346],"then":[264,348],"uses":[265],"recover":[269],"desired":[271],"Thus,":[283],"again":[288,366],"beats":[289],"birthday-bound.":[291],"In":[292,343],"addition,":[293],"our":[294,302],"also":[298],"combined":[300],"attack.":[304],"explicitly":[306],"give":[307],"tradeoffs":[309],"phase.":[314],"E.g.":[315],"attacking":[317],"one":[322,347],"spend":[324],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$mp^{\\frac{2}{3}}$</tex>":[328],"phase":[332],"constructing":[334],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">$m^{2}p^{\\frac{1}{3}}$</tex>":[341],"all":[350],"total":[356],"Precomputation":[363],"attacks":[364],"interesting":[368],"2.0":[372],"are":[376],"frequently":[377],"changed":[378],"such":[379],"heavy":[382],"key-independent":[383],"pays":[385],"off.":[386]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}