In this paper, we study similar construction for pseudorandom functions (PRFs), where additionally the access to a public $n$-bit (one-way) function $F$ is allowed. In particular, we show a sharp $n/2$-security bound for the simplest possible construction $F(x\oplus k)$ and a sharp $2/3\cdot n$-bound for the $FP(1)$-construction $F(P(x\oplus k)\oplus k)$, both in the random oracle model. The latter result contrasts with a sharp bound of the same order for $P(P(x\oplus k)\oplus \pi(k))\oplus k$, recently proved by Chen et. al.
One practical motivation for our research is due to the fact that operation modes of key stream generator based (KSG-based) stream ciphers can be modeled in a very straightforward way by FP-constructions. Our research shows a way to save KSG inner state length by using operation modes, which yield provable security beyond the birthday bound against time-space-data tradeoff attacks. For instance, we demonstrate that a slight change in the operation mode of the Bluetooth cipher (adding the session key twice in the initialization phase) raises the security w.r.t. to generic time-space-data tradeoff attacks from $n/2$ to $2/3\cdot n$, where $n$ denotes the KSG inner state length.
Category / Keywords: secret-key cryptography / Pseudorandom functions, Even-Mansour Constructions, Lower Bound Proofs in the Random Oracle Model, Stream Ciphers Date: received 26 Jun 2015 Contact author: krause at uni-mannheim de Available format(s): PDF | BibTeX Citation Version: 20150630:190743 (All versions of this report) Short URL: ia.cr/2015/636 Discussion forum: Show discussion | Start new discussion