The PRF set primitive allows to redact data in a deterministic fashion, for example personal identifiable information or internal IDs, or to come up with a user ID from user information without revealing said information in the ID. This allows someone with access to the output of the PRF without access to the key do some types of analysis, while limiting others.
Note that while in theory PRFs can be used in other ways, for example for encryption or message authentication, the corresponding primitives should only be used for these use cases.
WARNING: Since PRFs operate deterministically on their input, using a PRF to redact will not automatically provide anonymity, but only provide pseudonymity. It is an important tool to build privacy aware systems, but has to be used carefully.
WARNING: While HMAC-SHA-2 and HKDF-SHA-2 behave like a cryptographically secure hash function if the key is revealed, and still provide some protection against revealing the input, AES-CMAC is only secure as long as the key is secure.
Since Tink operates on key sets, this primitive exposes a corresponding set of PRFs instead of a single PRF. The PRFs are indexed by a 32 bit key id. This can be used to rotate the key used to redact a piece of information, without losing the previous association.