Advertisement

Stateless Evaluation of Pseudorandom Functions: Security Beyond the Birthday Barrier

  • Mihir Bellare
  • Oded Goldreich
  • Hugo Krawczyk
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1666)

Abstract

Many cryptographic solutions based on pseudorandom functions (for common problems like encryption, message-authentication or challenge-response protocols) have the following feature: There is a stateful (counter based) version of the scheme that has high security, but if, to avoid the use of state, we substitute a random value for the counter, the security of the scheme drops below the birthday bound. In some situations the use of counters or other forms of state is impractical or unsafe. Can we get security beyond the birthday bound without using counters?

This paper presents a paradigm for strengthening pseudorandom function usages to this end, the idea of which is roughly to use the XOR of the values of a pseudorandom function on a small number of distinct random points in place of its value on a single point. We establish two general security properties of our construction, “pseudorandomness” and “integrity”, with security beyond the birthday bound. These can be applied to derive encryption schemes, and MAC schemes (based on universal hash functions), that have security well beyond the birthday bound, without the use of state and at moderate computational cost.

Keywords

Hash Function Encryption Scheme Block Cipher Pseudorandom Function Parity Construct 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    W. Aiello, and R. Venkatesan. Foiling birthday attacks in length-doubling transformations. Advances in Cryptology-Eurocrypt 96 Proceedings, Lecture Notes in Computer Science Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.Google Scholar
  2. 2.
    M. Bellare, A. Desai, E. Jokipii and P. Rogaway. A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.Google Scholar
  3. 3.
    M. Bellare, O. Goldreich and h. Krawczyk. Beyond the birthday barrier, without counters. Full version of this paper, available via http://www-cse. ucsd.edu/users/mihir.
  4. 4.
    M. Bellare, R. GuÉrin and P. Rogaway. XOR MACs: New Methods for Message Authentication using Finite Pseudorandom Functions. Full version available via http://www-cse.ucsd.edu/users/mihir. Preliminary version in Advances in Cryptology-Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.Google Scholar
  5. 5.
    M. Bellare, J. Kilian and P. Rogaway. The Security of Cipher Block Chaining. Advances in Cryptology-Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.Google Scholar
  6. 6.
    M. Bellare, T. Krovetz and P. Rogaway. Luby-Rackoff backwards: Increasing security by making block ciphers non-invertible. Advances in Cryptology-Eurocrypt 97 Proceedings, Lecture Notes in Computer Science Vol. 1233, W. Fumy ed., Springer-Verlag, 1997.Google Scholar
  7. 7.
    O. Goldreich, S. Goldwasser and S. Micali. How to construct random functions. Journal of the ACM, Vol. 33, No. 4, 1986, pp. 210–217.CrossRefMathSciNetGoogle Scholar
  8. 8.
    C. Hall, D. Wagner, J. Kelsey and B. Schneier. Building PRFs from PRPs. Advances in Cryptology-Crypto 98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.Google Scholar
  9. 9.
    H. Krawczyk. LFSR-based Hashing and Authentication. Advances in Cryptology-Crypto 94 Proceedings, Lecture Notes in Computer Science Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.Google Scholar
  10. 10.
    M. Luby and C. Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Computing, Vol. 17, No. 2, April 1988.Google Scholar
  11. 11.
    M. Naor and O. Reingold. On the construction of pseudorandom permutations: Luby-Rackoff revisited. J. of Cryptology Vol. 12, No. 1, 1999, pp. 29–66.zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    J. Patarin. Improved security bounds for pseudorandom permutations. Proceedings of the Fourth Annual Conference on Computer and Communications Security, ACM, 1997.Google Scholar
  13. 13.
    J. Patarin. About Feistel schemes with six (or more) rounds. Proceedings of the 5th Fast Software Encryption Workshop, Lecture Notes in Computer Science Vol. 1372, Springer-Verlag, 1998.CrossRefGoogle Scholar
  14. 14.
    B. Preneel and P. van Oorschott. MDx-MAC and building fast MACs from hash functions. Advances in Cryptology-Crypto 95 Proceedings, Lecture Notes in Computer Science Vol. 963, D. Coppersmith ed., Springer-Verlag, 1995.CrossRefGoogle Scholar
  15. 15.
    V. Shoup. On Fast and Provably Secure Message Authentication Based on Universal Hashing. Advances in Cryptology-Crypto 96 Proceedings, Lecture Notes in Computer Science Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.Google Scholar
  16. 16.
    M. Wegman and L. Carter. New hash functions and their use in authentication and set equality. J. of Computer and System Sciences, vol. 22, 1981, pp. 265–279.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Oded Goldreich
    • 2
  • Hugo Krawczyk
    • 3
    • 4
  1. 1.Dept. of Computer Science & EngineeringUniversity of California at San DiegoLa JollaUSA
  2. 2.Department of Computer ScienceWeizmann Institute of ScienceRehovotIsrael
  3. 3.Department of Electrical EngineeringTechnionHaifaIsrael
  4. 4.Watson Research CenterYorktown HeightsUSA

Personalised recommendations