A function family (where is the key length, taken to be the security parameter) is a pseudorandom function family if any adversary (whose resources are bounded by a polynomial in ) cannot distinguish between a function (where is chosen randomly and kept secret) and a totally random function only with negligible probability. That is, a function is chosen to be either for a random -bit key, or a random function with the same range. Next gets to ask the value of on as many points as it likes. Nonetheless should be unable to tell whether is random or pseudorandom. see [14, 19] for more details.
The schemes below make use of the following property of pseudorandom functions: as long as the key is random (or pseudorandom) and remains unknown, the value is also pseudorandom for any fixed and known . (In our schemes we use the arbitrary value .) This allows us to securely iterate; that is, is also pseudorandom, and so on. Furthermore, the value where is cryptographically independent from (as long as remains secret) and can be used as a key for different cryptographic transforms (such as a MAC).