Definition: A PRG is a deterministic function that expands a short uniform random seed k ∈ {0,1}^λ into a longer pseudorandom output PRG(k) ∈ {0,1}^ℓ.
Definition: A PRF is a deterministic function F(k, x) that maps a key and input label x ∈ {0,1}^∗ to output F : {0,1}^λ × {0,1}^∗ → {0,1}^ℓ which is indistinguishable from random to adversaries without knowing k.
k_enc = PRF(k, "enc"), k_mac = PRF(k, "mac")Definition: A KDF is similar to a PRF but allows non-uniform keys as long as they have high entropy: KDF(k, x) should still output pseudorandom-looking bits.
k comes from non-uniform but high entropy sources (e.g., elliptic curve secrets).HMACk(1) || HMACk(2) || ...HMACk(label)HMAClabel(k)Definition: k = PBKDF2(F, p, s, c, ℓ)
F: keyed hash (e.g., HMAC)p: password, s: saltc: iterations (slow down brute-force)ℓ: output lengthEach output block Ti = Ui,1 ⊕ Ui,2 ⊕ ... ⊕ Ui,c with:
Ui,1 = F(p, s || i)
Ui,2 = F(p, Ui,1)
...
Ui,c = F(p, Ui,c−1)PBKDF2 is used in WPA2, iOS, and password managers like LastPass.
Modern alternatives: bcrypt, scrypt, Argon2 (preferred for password hashing)