public class HashThenPrfToZn extends java.lang.Object implements StandaloneRepresentable
We use a PRF that outputs bitstrings and map these to Zp as follows: We divide the output interval of size 2^n (with elements in [0,2^n-1]) into a 'good' and a 'bad' interval, where the good interval is [0,x*p[ with x*p<2^n chosen to be maximal and the bad interval [x*p,2^n-1]. Since x is maximal, the bad interval has size at most p-1.
To get a ZnElement, we hash, use the PRF and get some output value o. If o is in the good interval, we output o mod p as our ZnElement. This is random for random bit strings, since the good interval's size is a multiple of p. If o is in the bad interval, we reject and throw an exception. We don't want this to happen, hence we increase the good interval by using a longer PRF, this can be influenced by the so called 'oversubscription'. Since the bad interval's size is bound by p, increasing the total interval reduces the probability of landing in the bad interval. More precisely, the reject rate is bound by (1/2)^oversubscription.
| Constructor and Description |
|---|
HashThenPrfToZn(int aesKeyLength,
Zn zn,
HashFunction hashFunction,
int oversubscription)
Instantiate HashThenPrfToZn
|
HashThenPrfToZn(Representation repr) |
| Modifier and Type | Method and Description |
|---|---|
boolean |
equals(java.lang.Object o) |
PrfKey |
generateKey()
Generates a PRF key that can be used to hash-then-prf to Zn
|
HashFunction |
getHashFunction() |
LongAesPseudoRandomFunction |
getLongAesPseudoRandomFunction() |
Representation |
getRepresentation()
The representation of this object.
|
int |
hashCode() |
Zn.ZnElement |
hashThenPrfToZn(PrfKey prfKey,
UniqueByteRepresentable hashInput) |
Zn.ZnElement |
hashThenPrfToZn(PrfKey prfKey,
UniqueByteRepresentable hashInput,
java.lang.String prefix) |
RingElementVector |
hashThenPrfToZnVector(PrfKey prfKey,
UniqueByteRepresentable hashInput,
int vectorSize) |
RingElementVector |
hashThenPrfToZnVector(PrfKey prfKey,
UniqueByteRepresentable hashInput,
int vectorSize,
java.lang.String prefix)
Generate pseudorandom ZnVectors of variable size using unique prefixes for the vectorSize and index.
|
public HashThenPrfToZn(int aesKeyLength,
Zn zn,
HashFunction hashFunction,
int oversubscription)
aesKeyLength - bit length of AESzn - target ringhashFunction - hash function to use, output size should be larger than AES input sizeoversubscription - parameter that binds the probability of failing by (1/2)^oversubscription. Probability can be lower due to roundingpublic HashThenPrfToZn(Representation repr)
public PrfKey generateKey()
public RingElementVector hashThenPrfToZnVector(PrfKey prfKey, UniqueByteRepresentable hashInput, int vectorSize, java.lang.String prefix)
prfKey - the PRF keyhashInput - input to hashvectorSize - target vector sizeprefix - prefix to allow using the same vectorSize and preImage several timespublic RingElementVector hashThenPrfToZnVector(PrfKey prfKey, UniqueByteRepresentable hashInput, int vectorSize)
public Zn.ZnElement hashThenPrfToZn(PrfKey prfKey, UniqueByteRepresentable hashInput)
public Zn.ZnElement hashThenPrfToZn(PrfKey prfKey, UniqueByteRepresentable hashInput, java.lang.String prefix)
public LongAesPseudoRandomFunction getLongAesPseudoRandomFunction()
public HashFunction getHashFunction()
public Representation getRepresentation()
RepresentableReprUtilgetRepresentation in interface RepresentableRepresentationpublic boolean equals(java.lang.Object o)
equals in class java.lang.Objectpublic int hashCode()
hashCode in class java.lang.Object