Cryptology ePrint Archive: Report 2015/1198

Symmetric and Dual PRFs from Standard Assumptions: A Generic Validation of an HMAC Assumption

Mihir Bellare and Anna Lysyanskaya

Abstract: The security of HMAC is proven under the assumption that its compression function is a dual PRF, meaning a PRF when keyed by either of its two inputs. But, not only do we not know whether particular compression functions really are dual PRFs, we do not know if dual PRFs even exist. What if the goal is impossible? This paper addresses this with a foundational treatment of dual PRFs, giving constructions based on standard assumptions. This provides what we call a generic validation of the dual PRF assumption for HMAC. Our approach is to introduce and construct symmetric PRFs, which imply dual PRFs and may be of independent interest. We give a general construction of a symmetric PRF based on a function having a weak form of collision resistance coupled with a leakage hardcore function, a strengthening of the usual notion of hardcore functions we introduce. We instantiate this general construction in two ways to obtain a symmetric and dual PRF assuming (1) Any collision-resistant hash function, or (2) Any one-way permutation. A construction based on any one-way function evades us and is left as an intriguing open problem.

Category / Keywords: foundations / HMAC, PRF, One-Way Function, Hardcore Function, Extractor, Hash Function

Date: received 14 Dec 2015, last revised 16 Dec 2015

Contact author: mihir at eng ucsd edu

Available format(s): PDF | BibTeX Citation

Version: 20151216:220309 (All versions of this report)

Short URL: ia.cr/2015/1198

Discussion forum: Show discussion | Start new discussion