pith. sign in
Pith Number

pith:OKQ6B4BA

pith:2026:OKQ6B4BATZFOUK5AQTSLKR6HS3
not attested not anchored not stored refs pending

Cryptanalysis of the Legendre Pseudorandom Function over Extension Fields

Daksh Pandey

The single-degree Legendre PRF over extension fields admits efficient key recovery through periodic fracture bucketing and geometric-sequence collisions.

arxiv:2604.04833 v3 · 2026-04-06 · cs.CR · math.NT

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{OKQ6B4BATZFOUK5AQTSLKR6HS3}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

We demonstrate that an adversary can systematically group fractured sequences by their structural shapes to bypass this defense, recovering the secret key in O(U · p^r/M) operations... an adversary can circumvent the additive fracture by evaluating the PRF along a geometric sequence generated by a primitive polynomial... extract the key in O(p^r/M) operations. Finally, we establish the cryptographic boundaries of these attacks, formally proving the necessity of higher-degree key variants (d ≥ 2) to achieve exponential security against structural reduction in extension fields.

C2weakest assumption

The analysis relies on polynomial input encoding without carry-overs producing a deterministically periodic fracture, and on the existence of primitive polynomials enabling strict multiplicative homomorphism in the active model; if real implementations use different encodings or the fracture periodicity does not hold as claimed, the bucketing and collision attacks may fail.

C3one line summary

The Legendre PRF over extension fields admits key recovery in O(p^r/M) operations via differential signature bucketing on fractured sequences or geometric sequence queries exploiting multiplicative homomorphism, proving higher-degree keys are required for exponential security.

Receipt and verification
First computed 2026-05-25T02:01:18.931731Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

72a1e0f0209e4aea2ba084e4b547c796d68f2a643322ebfbe09eff4d857cc050

Aliases

arxiv: 2604.04833 · arxiv_version: 2604.04833v3 · doi: 10.48550/arxiv.2604.04833 · pith_short_12: OKQ6B4BATZFO · pith_short_16: OKQ6B4BATZFOUK5A · pith_short_8: OKQ6B4BA
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/OKQ6B4BATZFOUK5AQTSLKR6HS3 \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 72a1e0f0209e4aea2ba084e4b547c796d68f2a643322ebfbe09eff4d857cc050
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "df8e14ee4c5322bb028108462faceb3c09a49bcde3b525e785f9bec104e05899",
    "cross_cats_sorted": [
      "math.NT"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-04-06T16:35:32Z",
    "title_canon_sha256": "1611a5b4f24465b3eb769c2e3a1f19a7928f19245a8cbd2d8838ba5f8f019c2b"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2604.04833",
    "kind": "arxiv",
    "version": 3
  }
}