A Unified Method for Improving PRF Bounds for a Class of Blockcipher Based MACs

  • Mridul Nandi
Conference paper

DOI: 10.1007/978-3-642-13858-4_12

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6147)
Cite this paper as:
Nandi M. (2010) A Unified Method for Improving PRF Bounds for a Class of Blockcipher Based MACs. In: Hong S., Iwata T. (eds) Fast Software Encryption. FSE 2010. Lecture Notes in Computer Science, vol 6147. Springer, Berlin, Heidelberg


This paper provides a unified framework for improvingPRF(pseudorandom function) advantages of several popular MACs (message authentication codes) based on a blockcipher modeled as RP (random permutation). In many known MACs, the inputs of the underlying blockcipher are defined to be some deterministic affine functions of previously computed outputs of the blockcipher. Keeping the similarity in mind, a class of ADEs (affine domain extensions) and a wide subclass of SADEs (secure ADEs) are introduced in the paper which contain following constructions \(\mathcal{C}\) = { CBC-MAC, GCBC*, OMAC, PMAC }. We prove that all SADEs have PRF advantages O(tq/2n + N(t,q)/2n) where t is the total number of blockcipher computations needed for all q queries and N(t,q) is a parameter defined in the paper. The PRF advantage of any SADE is O(t2/2n) as we can show that \(N(t,q) \leq {t \choose 2}\). Moreover, N(t,q) = O(tq) for all members of \(\mathcal{C}\) and hence these MACs have improved advantages O(tq / 2n). Eventually, our proposed bounds for CBC-MAC and GCBC* become strictly better than previous best known bounds.


affine domain extension PRF random permutation CBC-MAC 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Mridul Nandi
    • 1
  1. 1.National Institute of Standards and Technology and Computer Science DepartmentThe George Washington University 

Personalised recommendations