Cryptanalysis of the Legendre Pseudorandom Function over Extension Fields
Abstract
The Legendre Pseudorandom Function (PRF) is a highly efficient cryptographic primitive built upon the Legendre symbol, valued for its low multiplicative complexity in Multi-Party Computation (MPC) and Zero-Knowledge Proof (ZKP) protocols. While its security over prime fields is well-documented, recent interest has shifted toward instantiations over extension fields . This paper presents the first comprehensive cryptanalysis of the single-degree Legendre PRF operating over . First, we analyze polynomial input encoding under a standard passive threat model (sequential additive counter queries). We demonstrate that while the absence of polynomial carry-overs causes an asynchronous "no-carry fracture" that neutralizes classical sliding-window collision attacks, the fracture itself is deterministically periodic. By introducing a novel "Differential Signature" bucketing technique, we prove that an adversary can systematically group fractured sequences by their structural shapes to bypass this defense, recovering the secret key in operations, where is the unicity distance. Second, we evaluate the PRF under an active Chosen-Query threat model. We demonstrate that an adversary can circumvent the additive fracture by evaluating the PRF along a geometric sequence generated by a primitive polynomial. This structure invokes strict multiplicative homomorphism over , permitting a direct generalization of state-of-the-art table collision attacks to extract the key in operations. Finally, we establish the cryptographic boundaries of these attacks, formally proving the necessity of higher-degree key variants () to achieve exponential security against structural reduction in extension fields.
Cite
@article{arxiv.2604.04833,
title = {Cryptanalysis of the Legendre Pseudorandom Function over Extension Fields},
author = {Daksh Pandey},
journal= {arXiv preprint arXiv:2604.04833},
year = {2026}
}