From unpredictability to indistinguishability: A simple construction of pseudo-random functions from MACs

Extended abstract
  • Moni Naor
  • Omer Reingold
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1462)


This paper studies the relationship between unpredictable functions (which formalize the concept of a MAC) and pseudo-random functions. We show an efficient transformation of the former to the latter using a unique application of the Goldreich-Levin hard-core bit (taking the inner-product with a random vector r): While in most applications of the GL-bit the random vector r may be public, in our setting this is not the case. The transformation is only secure when r is secret and treated as part of the key. In addition, we consider weaker notions of unpredictability and their relationship to the corresponding notions of pseudo-randomness. Using these weaker notions we formulate the exact requirements of standard protocols for private-key encryption, authentication and identification. In particular, this implies a simple construction of a private-key encryption scheme from the standard challenge-response identification scheme.


Encryption Scheme Adaptive Sample Message Authentication Weak Notion Choose Ciphertext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Bellare, R. Canetti and H. Krawczyk, Keying hash functions for message authentication, Proc. Advances in Cryptology — CRYPTO '96, LNCS, Springer, vol. 1109, 1996, pp. 1–15.Google Scholar
  2. 2.
    M. Bellare, A. Desai, E. Jokipii and P. Rogaway, A Concrete Security Treatment of Symmetric Encryption, Proc. 38th IEEE Symp. on Foundations of Computer Science, 1997, pp. 394–403.Google Scholar
  3. 3.
    M. Bellare, J. Kilian and P. Rogaway, The security of cipher block chaining, Advances in Cryptology — CRYPTO '94, Lecture Notes in Computer Science, vol. 839, Springer-Verlag, 1994, pp. 341–358.Google Scholar
  4. 4.
    M. Bellare and S. Goldwasser, New paradigms for digital signatures and message authentication based on non-interactive zero knowledge proofs Proc. Advances in Cryptology — CRYPTO '89, LNCS, Springer, 1990, pp. 194–211.Google Scholar
  5. 5.
    A. Blum, M. Furst, M. Kearns and R.J. Lipton, Cryptographic primitives based on hard learning problems, in: D.R. Stinson, ed., Advances in Cryptology — CRYPTO '93, LNCS, vol. 773, Springer, 1994, pp. 278–291.Google Scholar
  6. 6.
    M. Blum and S. Micali, How to generate cryptographically strong sequence of pseudo-random bits, SIAM J. Comput., vol. 13, 1984, pp. 850–864.zbMATHMathSciNetCrossRefGoogle Scholar
  7. 7.
    G. Brassard, Modern cryptology, LNCS, vol. 325, Springer, 1988.Google Scholar
  8. 8.
    R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor and B. Pinkas, Multicast security: A taxonomy and efficient authentication, manuscript.Google Scholar
  9. 9.
    D. Dolev, C. Dwork and M. Naor, Non-malleable cryptography, Proc. 23rd Ann. ACM Symp. on Theory of Computing, 1991, pp. 542–552. Full version available at: Scholar
  10. 10.
    O. Goldreich, Two remarks concerning the Goldwasser-Micali-Rivest signature scheme, Advances in Cryptology — CRYPTO'86, LNCS, vol. 263, 1987, pp. 104–110.zbMATHMathSciNetGoogle Scholar
  11. 11.
    O. Goldreich, Foundations of Cryptography (Fragments of a Book) 1995. Electronic publication in the Electronic Colloquium on Computational Complexity: Scholar
  12. 12.
    O. Goldreich, S. Goldwasser and S. Micali, How to construct random functions, J. of the ACM., vol. 33, 1986, pp. 792–807.MathSciNetCrossRefGoogle Scholar
  13. 13.
    O. Goldreich, S. Goldwasser and S. Micali, On the cryptographic applications of random functions, Advances in Cryptology — CRYPTO '84, LNCS, vol. 196, Springer, 1985, pp. 276–288.Google Scholar
  14. 14.
    O. Goldreich and L. Levin, A hard-core predicate for all one-way functions, in: Proc. 21st Ann. ACM Symp. on Theory of Computing, 1989, pp. 25–32.Google Scholar
  15. 15.
    S. Halevi and H. Krawczyk, MMH: message authentication in software in the Gbit/second rates, Proc. Fast Software Encryption, Lecture Notes in Computer Science, Springer-Verlag, 1997.Google Scholar
  16. 16.
    J. Hastad, R. Impagliazzo, L. A. Levin and M. Luby, Construction of a pseudo-random generator from any one-way function, To appear in SIAM J. Comput. Preliminary versions by Impagliazzo et. al. in 21st STOC, 1989 and Hastad in 22nd STOC, 1990.Google Scholar
  17. 17.
    R. Impagliazzo and M. Luby, One-way functions are essential for complexity based cryptography, Proc. 30th FOCS, 1989, pp. 230–235.Google Scholar
  18. 18.
    M. Luby, Pseudo-randomness and applications, Princeton University Press, 1996.Google Scholar
  19. 19.
    M. Luby and C. Rackoff, How to construct pseudorandom permutations and pseudorandom functions, SIAM J. Comput., vol. 17, 1988, pp. 373–386.zbMATHMathSciNetCrossRefGoogle Scholar
  20. 20.
    M. Naor and O. Reingold, Synthesizers and their application to the parallel construction of pseudo-random functions, Proc. 36th IEEE Symp. on Foundations of Computer Science, 1995, pp. 170–181.Google Scholar
  21. 21.
    M. Naor and O. Reingold, On the construction of pseudo-random permutations: Luby-Rackoff revisited, To appear in: J. of Cryptology. Preliminary version in: Proc. 29th Ann. ACM Symp. on Theory of Computing, 1997. pp. 189–199.Google Scholar
  22. 22.
    M. Naor and O. Reingold, Number-Theoretic constructions of efficient pseudo-random functions, Proc. 38th FOCS, 1997, pp. 458–467.Google Scholar
  23. 23.
    B. Preneel and P. C. van Oorschot, On the security of two MAC algorithms, Advances in Cryptology — EUROCRYPT '96, LNCS, vol. 1070, 1996, pp. 19–32.Google Scholar
  24. 24.
    R. L. Rivest, Chaffing and winnowing: confidentiality without encryption, MIT Lab for Computer Science,, March 18, 1998. To appear in: RSA CryptoBytes, Summer 1998.Google Scholar
  25. 25.
    P. Rogaway, Bucket hashing and its application to fast message authentication, Advances in Cryptology — CRYPTO '95, Lecture Notes in Computer Science, vol. 963, Springer-Verlag, 1995, pp. 74–85.Google Scholar
  26. 26.
    A. Shamir, On the generation of cryptographically strong pseudo-random number sequences, ACM Trans. Comput. Sys., vol 1, 1983, pp. 38–44.CrossRefGoogle Scholar
  27. 27.
    M. Wegman and L. Carter, New hash functions and their use in authentication and set equality, J. of Computer and System Sciences, vol. 22, 1981, pp. 265–279.zbMATHMathSciNetCrossRefGoogle Scholar
  28. 28.
    A. C. Yao, Theory and applications of trapdoor functions, Proc. 23rd IEEE Symp. on Foundations of Computer Science, 1982, pp. 80–91.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Moni Naor
    • 1
  • Omer Reingold
    • 1
  1. 1.Dept. of Applied Mathematics and Computer ScienceWeizmann Institute of ScienceRehovotIsrael

Personalised recommendations