A Pseudorandom Generator (PRG) is a deterministic polynomial-time algorithm that stretches a short, truly random seed into a significantly longer output sequence. The output is computationally indistinguishable from a uniformly random string of the same length, meaning no efficient adversary can detect a non-negligible difference. In secure aggregation, PRGs allow clients to expand a small shared key into a long pairwise mask for encrypting model updates, drastically reducing the communication overhead of transmitting full-length random masks.
Glossary
Pseudorandom Generator (PRG)

What is Pseudorandom Generator (PRG)?
A pseudorandom generator (PRG) is a deterministic algorithm that expands a short, uniformly random seed into a longer bit string computationally indistinguishable from true randomness, serving as a critical efficiency component in secure aggregation protocols.
The security of a PRG relies on the hardness of underlying computational problems, such as factoring or the discrete logarithm problem. Unlike a true random number generator, a PRG is entirely deterministic—the same seed always produces the same output. This determinism is essential for dropout resilience in protocols like SecAgg, where the server reconstructs masks for surviving clients by having them share seeds of dropped participants, enabling the cancellation of pairwise masks without requiring the dropped clients to be online.
Key Properties of a Cryptographic PRG
A Pseudorandom Generator (PRG) must satisfy specific cryptographic properties to be useful in secure aggregation protocols. These properties ensure that the masks generated to hide individual model updates are computationally indistinguishable from random noise, preventing an adversary from extracting private information.
Deterministic Expansion
A PRG is a deterministic algorithm that takes a short, truly random seed as input and expands it into a much longer output sequence. Given the exact same seed, the PRG will always produce the exact same output. This determinism is critical for secure aggregation, as it allows clients to generate identical pairwise masks without further communication after an initial key agreement phase.
- Input: A seed of length n bits (e.g., 256 bits).
- Output: A pseudorandom sequence of length l(n) bits, where l(n) > n.
- Mechanism: Applies a one-way function iteratively or in parallel to stretch the seed.
Computational Indistinguishability
The core security property of a cryptographic PRG is that its output is computationally indistinguishable from a truly random string of the same length. For any efficient adversary (a polynomial-time algorithm), the probability of distinguishing between the PRG's output and a truly random string is negligible. This ensures that the masks used in secure aggregation provide semantic security for the model updates.
- Adversary Model: Probabilistic Polynomial-Time (PPT) Turing machines.
- Negligible Function: A function that shrinks faster than the inverse of any polynomial.
Unpredictability (Next-Bit Test)
A PRG passes the next-bit test if, given the first i bits of its output, no efficient adversary can predict the (i+1)-th bit with a probability significantly greater than 1/2. This property is equivalent to computational indistinguishability and guarantees that an attacker who observes part of a generated mask cannot infer the remaining bits, preventing partial reconstruction of a client's model update.
- Formal Definition: For all PPT adversaries A, the advantage |Pr[A(G(seed){1..i}) = G(seed){i+1}] - 1/2| is negligible.
- Practical Implication: Forward secrecy for the generated mask stream.
Forward Security
A PRG used in secure aggregation must be forward-secure. This means that even if the internal state of the PRG is compromised at a specific point in time, an adversary cannot compute previous outputs. This is typically achieved by iteratively applying a one-way function and discarding old states. In the context of SecAgg, this prevents a compromised client from retroactively decrypting masks from previous training rounds.
- Mechanism: State update via s_{i+1} = f(s_i), output via o_i = g(s_i), where f is one-way.
- Contrast: A non-forward-secure PRG (like a simple counter-mode construction) would expose all past outputs if the current seed is leaked.
Seed Generation and Entropy
The security of a PRG is entirely dependent on the unpredictability of its seed. The seed must be generated from a high-entropy source, typically using a cryptographically secure True Random Number Generator (TRNG). In secure aggregation protocols like SecAgg, seeds are often derived from Diffie-Hellman key exchanges between pairs of clients, ensuring that each pairwise mask is seeded with a shared secret unknown to the server.
- Minimum Entropy: A seed for a 128-bit security level must have at least 128 bits of min-entropy.
- Common Construction: PRG(seed) = AES-CTR(seed) or ChaCha20(seed).
Concrete Constructions: AES in Counter Mode
A standard instantiation of a cryptographic PRG is the Advanced Encryption Standard (AES) block cipher operated in Counter (CTR) mode. The seed is used as the AES key, and a monotonically increasing counter is encrypted to produce a keystream. This construction is highly efficient in hardware and software, making it ideal for the low-latency requirements of mask generation in federated learning rounds.
- Throughput: Modern x86 processors with AES-NI instructions can generate >1 GB/s of pseudorandom output.
- Security: Relies on the assumption that AES is a secure Pseudo-Random Permutation (PRP).
Frequently Asked Questions
Clear answers to common questions about the deterministic algorithms that expand short seeds into computationally indistinguishable random streams, forming the cryptographic backbone of efficient secure aggregation.
A pseudorandom generator (PRG) is a deterministic algorithm that expands a short, uniformly random seed into a longer sequence of bits that is computationally indistinguishable from truly random bits. The mechanism relies on a one-way function: given a seed s of length n, the PRG outputs a string G(s) of length l(n) where l(n) > n. The security guarantee is that no polynomial-time adversary can distinguish G(s) from a truly random string with non-negligible advantage. In practice, PRGs are built from block ciphers in counter mode or from number-theoretic assumptions like the hardness of factoring. The critical property is next-bit unpredictability: given the first i bits of the output, an adversary cannot predict the (i+1)-th bit with probability significantly better than 1/2.
PRG vs. Other Randomness Sources
Comparison of pseudorandom generators against alternative randomness sources used in secure aggregation protocols.
| Feature | PRG | True RNG (Hardware) | Shared PRG (Coordinated) |
|---|---|---|---|
Deterministic | |||
Seed required | |||
Reproducible output | |||
Computational cost | Low | High (entropy bottleneck) | Low |
Statistical uniformity | High (with good seed) | Perfect | High (with good seed) |
Suitable for pairwise masking | |||
Requires secure seed distribution |
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
A pseudorandom generator is a foundational building block in secure aggregation. The following concepts define the cryptographic ecosystem in which PRGs operate to protect client updates.
Secure Aggregation (SecAgg)
A cryptographic protocol enabling a central server to compute the sum of model updates from multiple clients without inspecting any individual client's contribution. PRGs are used to efficiently generate the pairwise masks that hide each update, ensuring the server only sees the final aggregate result.
Pairwise Masking
A technique where each pair of clients agrees on a shared secret mask added to their updates. The masks are generated by expanding a short seed using a PRG into a long pseudorandom sequence. Because the masks are symmetric, they cancel out in the final sum: mask_{u,v} + mask_{v,u} = 0.
Secret Sharing
A cryptographic method for distributing a secret among participants so that only a qualified subset can reconstruct it. In secure aggregation, clients use Shamir Secret Sharing to distribute their PRG seeds, ensuring dropout resilience: the server can reconstruct masks of dropped clients without compromising the privacy of active ones.
Key Agreement
A protocol allowing two parties to establish a shared secret key over an insecure channel. Diffie-Hellman key exchange is commonly used in secure aggregation to let each client pair derive a common seed, which is then fed into a PRG to generate their pairwise masking sequence.
Semi-Honest Security
A security model assuming adversaries follow the protocol correctly but may attempt to learn additional information from the transcript. Standard SecAgg protocols with PRG-based masking achieve semi-honest security, protecting against honest-but-curious servers that inspect individual updates.
Dropout Resilience
The property allowing correct aggregate computation even when a subset of clients disconnects. When a client drops out, the server reconstructs their PRG seed from shares held by surviving clients, regenerates their masks, and removes them from the sum to recover the correct aggregate.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us