{"id":"https://openalex.org/W4414550192","doi":"https://doi.org/10.46586/tosc.v2025.i3.289-336","title":"SoK: On Shallow Weak PRFs","display_name":"SoK: On Shallow Weak PRFs","publication_year":2025,"publication_date":"2025-09-25","ids":{"openalex":"https://openalex.org/W4414550192","doi":"https://doi.org/10.46586/tosc.v2025.i3.289-336"},"language":"en","primary_location":{"id":"doi:10.46586/tosc.v2025.i3.289-336","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i3.289-336","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12472/12186","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12472/12186","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5089459456","display_name":"Christina Boura","orcid":"https://orcid.org/0000-0001-6796-8874"},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I204730241","display_name":"Universit\u00e9 Paris Cit\u00e9","ror":"https://ror.org/05f82e368","country_code":"FR","type":"education","lineage":["https://openalex.org/I204730241"]},{"id":"https://openalex.org/I4210091437","display_name":"Sorbonne Paris Cit\u00e9","ror":"https://ror.org/001z21q04","country_code":"FR","type":"other","lineage":["https://openalex.org/I4210091437"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Christina Boura","raw_affiliation_strings":["IRIF, CNRS, Universit\u00e9 Paris Cit\u00e9, Paris, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IRIF, CNRS, Universit\u00e9 Paris Cit\u00e9, Paris, France","institution_ids":["https://openalex.org/I204730241","https://openalex.org/I4210091437","https://openalex.org/I1294671590"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083044960","display_name":"Geoffroy Couteau","orcid":"https://orcid.org/0000-0002-6645-0106"},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I204730241","display_name":"Universit\u00e9 Paris Cit\u00e9","ror":"https://ror.org/05f82e368","country_code":"FR","type":"education","lineage":["https://openalex.org/I204730241"]},{"id":"https://openalex.org/I4210091437","display_name":"Sorbonne Paris Cit\u00e9","ror":"https://ror.org/001z21q04","country_code":"FR","type":"other","lineage":["https://openalex.org/I4210091437"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Geoffroy Couteau","raw_affiliation_strings":["IRIF, CNRS, Universit\u00e9 Paris Cit\u00e9, Paris, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IRIF, CNRS, Universit\u00e9 Paris Cit\u00e9, Paris, France","institution_ids":["https://openalex.org/I204730241","https://openalex.org/I4210091437","https://openalex.org/I1294671590"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077352004","display_name":"L\u00e9o Perrin","orcid":"https://orcid.org/0000-0002-4722-7005"},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en sciences et technologies du num\u00e9rique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"government","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"L\u00e9o Perrin","raw_affiliation_strings":["Inria, Paris, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Inria, Paris, France","institution_ids":["https://openalex.org/I1326498283"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5062744717","display_name":"Yann Rotella","orcid":null},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I195731000","display_name":"Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines","ror":"https://ror.org/03mkjjy25","country_code":"FR","type":"education","lineage":["https://openalex.org/I195731000","https://openalex.org/I277688954"]},{"id":"https://openalex.org/I277688954","display_name":"Universit\u00e9 Paris-Saclay","ror":"https://ror.org/03xjwb503","country_code":"FR","type":"education","lineage":["https://openalex.org/I277688954"]},{"id":"https://openalex.org/I4210155549","display_name":"Laboratoire de Math\u00e9matiques Blaise Pascal","ror":"https://ror.org/05sd5r855","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I198244214","https://openalex.org/I4210141950","https://openalex.org/I4210155549"]},{"id":"https://openalex.org/I4387152735","display_name":"Laboratoire de Math\u00e9matiques de Versailles","ror":"https://ror.org/04k5jw363","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I195731000","https://openalex.org/I277688954","https://openalex.org/I4387152735"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Yann Rotella","raw_affiliation_strings":["Universit\u00e9 Paris-Saclay, UVSQ, CNRS, Laboratoire de Math\u00e9matiques de Versailles, Versailles, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Universit\u00e9 Paris-Saclay, UVSQ, CNRS, Laboratoire de Math\u00e9matiques de Versailles, Versailles, France","institution_ids":["https://openalex.org/I4210155549","https://openalex.org/I277688954","https://openalex.org/I195731000","https://openalex.org/I1294671590","https://openalex.org/I4387152735"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.33269596,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2025","issue":"3","first_page":"289","last_page":"336"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10991","display_name":"Game Theory and Voting Systems","score":0.6628000140190125,"subfield":{"id":"https://openalex.org/subfields/2002","display_name":"Economics and Econometrics"},"field":{"id":"https://openalex.org/fields/20","display_name":"Economics, Econometrics and Finance"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10991","display_name":"Game Theory and Voting Systems","score":0.6628000140190125,"subfield":{"id":"https://openalex.org/subfields/2002","display_name":"Economics and Econometrics"},"field":{"id":"https://openalex.org/fields/20","display_name":"Economics, Econometrics and Finance"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.7179999947547913},{"id":"https://openalex.org/keywords/cryptographic-primitive","display_name":"Cryptographic primitive","score":0.6047999858856201},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5536999702453613},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.5385000109672546},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.4968000054359436},{"id":"https://openalex.org/keywords/computation","display_name":"Computation","score":0.47519999742507935},{"id":"https://openalex.org/keywords/simple","display_name":"Simple (philosophy)","score":0.45089998841285706},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.4228000044822693}],"concepts":[{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.7179999947547913},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.6180999875068665},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6155999898910522},{"id":"https://openalex.org/C15927051","wikidata":"https://www.wikidata.org/wiki/Q246593","display_name":"Cryptographic primitive","level":4,"score":0.6047999858856201},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5536999702453613},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.5385000109672546},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.4968000054359436},{"id":"https://openalex.org/C45374587","wikidata":"https://www.wikidata.org/wiki/Q12525525","display_name":"Computation","level":2,"score":0.47519999742507935},{"id":"https://openalex.org/C2780586882","wikidata":"https://www.wikidata.org/wiki/Q7520643","display_name":"Simple (philosophy)","level":2,"score":0.45089998841285706},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.4228000044822693},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.39879998564720154},{"id":"https://openalex.org/C147343967","wikidata":"https://www.wikidata.org/wiki/Q5159078","display_name":"Concrete security","level":3,"score":0.33559998869895935},{"id":"https://openalex.org/C54271186","wikidata":"https://www.wikidata.org/wiki/Q1148456","display_name":"Computable function","level":2,"score":0.3190999925136566},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.2913999855518341},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.27559998631477356},{"id":"https://openalex.org/C136119220","wikidata":"https://www.wikidata.org/wiki/Q1000660","display_name":"Algebra over a field","level":2,"score":0.2678999900817871},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2671000063419342},{"id":"https://openalex.org/C2778355321","wikidata":"https://www.wikidata.org/wiki/Q17079427","display_name":"Identity (music)","level":2,"score":0.25929999351501465},{"id":"https://openalex.org/C131672422","wikidata":"https://www.wikidata.org/wiki/Q852594","display_name":"Provable security","level":3,"score":0.2565999925136566},{"id":"https://openalex.org/C2777686260","wikidata":"https://www.wikidata.org/wiki/Q144037","display_name":"Calculus (dental)","level":2,"score":0.2565000057220459}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.46586/tosc.v2025.i3.289-336","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i3.289-336","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12472/12186","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},{"id":"pmh:oai:HAL:hal-05379116v1","is_oa":true,"landing_page_url":"https://hal.science/hal-05379116","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, 2025, 2025 (3), pp.289-336. &#x27E8;10.46586/tosc.v2025.i3.289-336&#x27E9;","raw_type":"Journal articles"},{"id":"pmh:oai:doaj.org/article:a1ca99b287cb4c55aacf2a6852c0f585","is_oa":true,"landing_page_url":"https://doaj.org/article/a1ca99b287cb4c55aacf2a6852c0f585","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, Vol 2025, Iss 3 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.46586/tosc.v2025.i3.289-336","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i3.289-336","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12472/12186","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1484044075","display_name":null,"funder_award_id":"22-PECY-0010","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G6612625481","display_name":null,"funder_award_id":"France 2030","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G7022847571","display_name":null,"funder_award_id":"ANR-22-PECY-0010","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"}],"funders":[{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4414550192.pdf","grobid_xml":"https://content.openalex.org/works/W4414550192.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"A":[0],"growing":[1,189],"number":[2],"of":[3,48,62,69,97,149,207],"advanced":[4],"cryptographic":[5,210],"protocols":[6,193],"and":[7,38,82,92,104,107,118,194],"constructions":[8,56],"rely":[9,213],"on":[10,199,214],"symmetric":[11,167],"primitives":[12,160,201],"known":[13,114],"as":[14,53,76,181],"weak":[15],"pseudo-random":[16],"functions":[17,20,50],"(wPRFs).":[18],"These":[19],"differ":[21],"significantly":[22],"from":[23,136],"traditional":[24],"PRFs:":[25],"they":[26],"operate":[27],"in":[28,85,191],"constrained":[29],"models":[30],"where":[31],"inputs":[32],"are":[33,39,51,184],"sampled":[34],"uniformly":[35],"at":[36],"random":[37],"not":[40],"chosen":[41],"by":[42,79,179],"the":[43,105,127,134,159,166,174,205,208],"adversary.":[44],"In":[45],"practice,":[46],"many":[47],"these":[49,200],"implemented":[52],"shallow,":[54],"non-iterated":[55],"with":[57,153],"simple":[58],"circuit":[59],"representations.This":[60],"Systematization":[61],"Knowledge":[63],"(SoK)":[64],"provides":[65],"a":[66,147],"unified":[67],"view":[68],"shallow":[70],"wPRFs":[71,77],"(swPRFs),":[72],"which":[73],"we":[74,145],"define":[75],"computable":[78],"low-depth":[80],"circuits":[81],"primarily":[83],"used":[84],"different":[86],"secure":[87],"computation":[88],"protocols.":[89],"We":[90,162],"identify":[91],"classify":[93],"four":[94],"main":[95],"families":[96],"swPRFs\u2014alternating":[98],"moduli":[99],"wPRFs,":[100],"Goldreich\u2019s":[101],"PRG":[102],"family,":[103],"VDLPN":[106],"EALPN":[108],"constructions\u2014presenting":[109],"formal":[110],"definitions,":[111],"algorithmic":[112],"descriptions,":[113],"variants,":[115],"cryptanalytic":[116,150,197],"results,":[117],"concrete":[119,140,182],"parameter":[120],"sets":[121],"for":[122,157],"each.In":[123],"addition":[124],"to":[125,132,139,164,171],"surveying":[126],"literature,":[128],"our":[129],"goal":[130],"is":[131],"shift":[133],"focus":[135],"asymptotic":[137],"analyses":[138,183],"cryptanalysis.":[141],"To":[142],"this":[143],"end,":[144],"provide":[146],"set":[148],"challenges":[151],"along":[152],"reference":[154],"SAGE":[155],"implementations":[156],"all":[158],"discussed.":[161],"aim":[163],"encourage":[165],"cryptography":[168],"community\u2014particularly":[169],"cryptanalysts\u2014":[170],"rigorously":[172],"evaluate":[173],"practical":[175],"security":[176,206],"levels":[177],"offered":[178],"swPRFs,":[180],"currently":[185],"lacking.":[186],"Given":[187],"their":[188],"use":[190],"high-level":[192],"constructions,":[195],"any":[196],"breakthrough":[198],"could":[202],"directly":[203],"affect":[204],"broader":[209],"systems":[211],"that":[212],"them.":[215]},"counts_by_year":[],"updated_date":"2026-06-17T08:01:34.144755","created_date":"2025-10-10T00:00:00"}