Expanding Weak PRF with Small Key Size

  • Kazuhiko Minematsu
  • Yukiyasu Tsunoo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3935)


We propose modes for weakly-secure block ciphers that take one block input to provide output of arbitrary length. Damgård and Nielsen proposed such a mode called the Pseudorandom Tree (PRT) mode, and demonstrated that PRT could be used to establish a communication channel that is secure against Chosen-Plaintext Attacks, if the underlying block cipher is secure against any Known-Plaintext Attacks. We present a mode that reduces the key size of PRT to about 60% without any additional computation. We call this the Extended PRT (ERT) mode and prove its security. One drawback of PRT and ERT is that their key sizes are not much small under small expansion, since functions with small expansion are important from practical point of view. We also present a mode that greatly reduces the key size under small expansion.


Composition Operator Expansion Rate Block Cipher Small Expansion Pseudorandom Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aiello, W., Rajagopalan, S., Venkatesan, R.: High-speed Pseudorandom Number Generation with Small Memory. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 290–304. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption. In: Proceedings of the 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, pp. 394–403 (1997)Google Scholar
  3. 3.
    Bellare, M., Kilian, J., Rogaway, P.: The Security of Cipher Block Chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994)Google Scholar
  4. 4.
    Damgård, I., Nielsen, J.: Expanding Pseudorandom Functions; or: From Known-Plaintext Security to Chosen-Plaintext Security. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 449–464. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Gilbert, H.: The Security of “One-Block-to-Many” Modes of Operation. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 377–395. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Goldreich, O., Goldwasser, S., Micali, S.: How to Construct Random Functions. Journal of the ACM 33(4), 792–807 (1986)MathSciNetCrossRefMATHGoogle Scholar
  7. 7.
    Klemm, A., Lindemann, C., Lohmann, M.: Traffic Modeling of IP Networks Using the Batch Markovian Arrival Process. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 92–110. Springer, Heidelberg (2002)Google Scholar
  8. 8.
    Luby, M., Rackoff, C.: How to Construct Pseudo-random Permutations from Pseudo-random functions. SIAM J. Computing 17(2), 373–386 (1988)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Maurer, U., Massey, J.L.: Cascade Ciphers: The Importance of Being First. J. Cryptology 6(1), 55–61 (1993)CrossRefMATHGoogle Scholar
  10. 10.
    Maurer, U.: Indistinguishability of Random Systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110–132. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Maurer, U., Pietrzak, K.: Composition of Random Systems: When Two Weak Make One Strong. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 410–427. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Naor, M., Reingold, O.: Number-theoretic Constructions of Efficient Pseudo-random Functions. In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, pp. 458–467 (1997)Google Scholar
  13. 13.
    Naor, M., Reingold, O.: From Unpredictability to Indistinguishability: A Simple Construction of Pseudo-Random Functions from MACs (extended abstract). In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 267–282. Springer, Heidelberg (1998)Google Scholar
  14. 14.
    Naor, M., Reingold, O.: On the Construction of Pseudorandom Permutations: Luby-Rackoff Revisited. Journal of Cryptology 12(1), 29–66 (1999)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Naor, M., Reingold, O.: Synthesizers and their application to the parallel construction of pseudo-random functions. J. of Computer and Systems Sciences 58(2), 336–375 (1999)MathSciNetCrossRefMATHGoogle Scholar
  16. 16.
    3rd Generation Partnership Project,
  17. 17.
    Vaudenay, S.: Feistel Ciphers with L 2-Decorrelation. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 1–14. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  18. 18.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Kazuhiko Minematsu
    • 1
  • Yukiyasu Tsunoo
    • 1
  1. 1.NEC CorporationKawasakiJapan

Personalised recommendations