Stay organized with collections
Save and categorize content based on your preferences.
The Pseudo-Random Function (PRF) primitive lets you produce stable, arbitrary
length, pseudo-random outputs for a given input.
Since Tink operates on keysets, this primitive exposes a
corresponding set of PRFs instead of a single PRF. The PRFs are indexed by a 32
bit key ID. This can be used to rotate the key used to redact a piece of
information, without losing the previous association.
PRF has the following properties:
Deterministic:
Computing a PRF for a given input will always produce the same output.
Randomness:
The output of a PRF is indistinguishable from random bytes.
Choose a key type
We recommend using HMAC_SHA256_PRF for most uses, but there are other
options as well.
In general, the following holds true:
HMAC_SHA512_PRF may or may not be faster depending on your input size and
the specifics of the hardware you use.
HMAC_SHA512_PRF is the most conservative mode that can be used for
practically unlimited number of messages.
AES_CMAC_PRF is fastest on systems that support the AES-NI hardware
acceleration.
Minimal security guarantees
Without knowledge of the key, the PRF is indistinguishable from a random
function
At least 128-bit security, also in multi-user scenarios (when an attacker is
not targeting a specific key, but any key from a set of up to 232
keys)
At least 16 bytes of output available
Example use cases
Use cases for PRF include deterministic redaction of personally identifiable
information (PII), keyed hash functions, and creating sub-IDs that don't allow
joining with the original dataset without knowing the key.
While PRFs can be used in order to prove authenticity of a message, using the
MAC primitive is recommended for that use case, as it has support for
verification, avoiding the security problems that often happen during
verification, and having automatic support for key rotation. It also allows for
non-deterministic algorithms.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-14 UTC."],[[["Tink's PRF primitive provides stable, pseudo-random outputs for given inputs, enabling deterministic redaction and keyed hashing functionalities."],["PRFs in Tink are indexed by key IDs within keysets, allowing for key rotation without association loss."],["While offering strong security, PRFs are deterministic and do not guarantee anonymity, only pseudonymity, requiring careful application in privacy-sensitive systems."],["Tink supports various PRF key types, with HMAC_SHA256_PRF recommended for most use cases and AES_CMAC_PRF potentially offering the best performance on hardware with AES-NI acceleration."],["PRFs provide a minimum of 128-bit security, even in multi-user environments with large key sets, and can generate at least 16 bytes of output."]]],["Pseudo-Random Function (PRF) produces stable, pseudo-random outputs for a given input, managed via keysets indexed by a 32-bit key ID for rotation. Key properties include deterministic output and randomness. `HMAC_SHA256_PRF` is recommended, with alternatives like `HMAC_SHA512_PRF` and `AES_CMAC_PRF`. PRF provides pseudonymity, not anonymity, and is secure with at least 128-bit security. Use cases include deterministic PII redaction and creating non-joinable sub-IDs. MAC is recommended for proving authenticity.\n"]]
