Abstract
We give a careful, fixed-size parameter analysis of a standard (Blum and Micali in SIAM J. Comput. 13(4):850–864, 1984; Goldreich and Levin in Proceedings of 21st ACM Symposium on Theory of Computing, pp. 25–32, 1989) way to form a pseudo-random generator from a one-way function and then pseudo-random functions from said generator (Goldreich et al. in J. Assoc. Comput. Mach. 33(4):792–807, 1986) While the analysis is done in the model of exact security, we improve known bounds also asymptotically when many bits are output each round and we find all auxiliary parameters efficiently, giving a uniform result. These optimizations makes the analysis effective even for security parameters/key-sizes supported by typical block ciphers and hash functions. This enables us to construct very practical pseudo-random generators with strong properties based on plausible assumptions.
References
W. Alexi, B. Chor, O. Goldreich, C.P. Schnorr, RSA and Rabin functions: Certain parts are as hard as the whole, SIAM J. Comput. 17(2), 194–209 (1988)
N. Alon, J. Spencer, The Probabilistic Method, 2nd edn. (Wiley, New York, 2000)
M. Bellare, A. Desai, E. Jokipii, P. Rogaway, A concrete security treatment of symmetric encryption: analysis of the DES modes of operation, in Proceedings of the 38th IEEE Conference on Foundations of Computer Science, 1997, pp. 394–403
A. Biryukov, A. Shamir, Cryptanalytic time/memory/data tradeoffs for stream ciphers, in Advances in Cryptology-ASIACRYPT 2000. Lecture Notes in Computer Science, vol. 1976 (Springer, Berlin, 2000), pp. 1–13
M. Blum, S. Micali, How to generate cryptographically strong sequences of pseudo-random bits, SIAM J. Comput. 13(4), 850–864 (1984)
J. Daemen, V. Rijmen, AES proposal: Rijndael, www.nist.gov/aes/
D. Eastlake, S. Crocker, J. Schiller, Randomness recommendations for security, RFC 1750, IETF, 1994
O. Goldreich, Modern Cryptography, Probabilistic Proofs and Pseudo-Randomness (Springer, Berlin, 1999)
O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions, J. Assoc. Comput. Mach. 33(4), 792–807 (1986)
O. Goldreich, L.A. Levin, A hard core predicate for any one way function, in Proceedings of 21st ACM Symposium on Theory of Computing, 1989, pp. 25–32
G. Hast, Nearly one-sided tests and the Goldreich–Levin predicate, SIAM J. Comput. 28, 1364–1396 (1999)
J. Håstad, R. Impagliazzo, L.A. Levin, M. Luby, Pseudo-random number generators from any one-way function, SIAM J. Comput. 28, 1364–1396 (1999)
J. Håstad, M. Näslund, Practical construction and analysis of pseudo-randomness primitives, in Advances in Cryptology—Asiacrypt 2001, ed. by C. Boyd. Lecture Notes in Computer Science, vol. 2248 (Springer, Berlin, 2001), pp. 442–459
J. Håstad, M. Näslund, BMGL: Synchronous key-stream generator with provable security, in Proceedings of the 1st Open NESSIE Workshop, 13–14 November 2000
J. Håstad, M. Näslund, Improved analysis of the BMGL key-stream generator, in Proceedings of the 2nd Open NESSIE Workshop, 12–13 September 2001
D. Knuth, Seminumerical Algorithms, 2nd edn. The Art of Computer Programming, vol. 2 (Addison-Wesley, Reading, 1982)
L. Levin, One-way functions and pseudo-random generators, Combinatorica 7, 357–363 (1987)
L. Levin, Randomness and non-determinism, J. Symb. Log. 58(3), 1102–1103 (1993)
F.J. MacWilliams, N.J.A. Sloane, The Theory of Error Correcting Codes (North-Holland, Amsterdam, 1977)
G. Marsaglia, The Diehard statistical tests, http://stat.fsu.edu/~geo/diehard.html
M. Näslund, Universal hash functions & hard-core bits, in Proceedings of Advances in Cryptology—Eurocrypt 1995. Lecture Notes in Computer Science, vol. 921 (Springer, Berlin, 1995), pp. 356–366
S. Pyka, The statistical evaluation of the NESSIE submission BMGL, NESSIE Public report NES/DOC/SAG/WP3/039/1, 2001
P. Rogaway, D. Coppersmith, A software-optimized encryption algorithm, J. Cryptol. 11(4), 273–287 (1988)
B. Schneier, Applied Cryptography (Wiley, New York, 1995)
U.V. Vazirani, V.V. Vazirani, Efficient and secure pseudo-random number generation, in Proceedings of 25th IEEE Symposium on Foundations of Computer Science, 1984, pp. 458–463
A.C. Yao, Theory and applications of trapdoor functions, in Proceedings of 23rd IEEE Symposium on Foundations of Computer Science, 1982, pp. 80–91
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Moti Yung
Rights and permissions
About this article
Cite this article
Håstad, J., Näslund, M. Practical Construction and Analysis of Pseudo-Randomness Primitives. J Cryptol 21, 1–26 (2008). https://doi.org/10.1007/s00145-007-9009-3
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-007-9009-3
Keywords
- Hard core function
- One-way function
- Pseudo random generator
- Exact security