Advertisement

Pseudorandomness

Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 756)

Abstract

In this chapter, the concepts of indistinguishability and pseudorandomness were presented. It was explained that pseudorandomness of a permutation generator, such as a block cipher, implies its security against chosen plaintext attack. We also explained that, in block-cipher-based hash schemes, we should apply a block cipher which is secure against chosen plaintext/ciphertext attack in order to obtain security against the meet-in-the-middle attack, as such an attack could be transformed into a version of chosen plaintext/ciphertext attack against the underlying block cipher.

It is worthy of note that if a block cipher which is secure against chosen plaintext/ciphertext attack is used in the construction of a hash scheme, the hash scheme need not be collision free. Lai and Massey showed that there may be attacks on the block-cipher-based hash scheme that are easier than attacks on the underlying block cipher alone [Lai and Massey, 1992].

Anyway, Luby and Rackoff's construction of a pseudorandom permutation generator with three rounds of DES-like permutations and three independent pseudorandom function generators and their justification of DES structure based on this result raise the question of how to construct superpseudorandom permutation generators for use in the construction of stronger block ciphers. Luby and Rackoff proved that ψ(k, h, g, f), a construction with four rounds of DES-like permutations with four independent pseudorandom function generators, yields a super-pseudorandom permutation generator. This result suggests that more rounds should be added to a block cipher secure against chosen plaintext attack to make it resistant to stronger attacks such as chosen plaintext/ciphertext attack. But it does not offer more in-sight into the construction of a block cipher with a stronger structure. In the next chapter we study super-pseudorandom permutation generators, and we investigate necessary and sufficient conditions for the construction of such generators.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 1993

Personalised recommendations