### Hash-Function based PRFs: AMAC and its Multi-User Security

Mihir Bellare, Daniel J. Bernstein, and Stefano Tessaro

##### Abstract

AMAC is a simple and fast candidate construction of a PRF from an MD-style hash function which applies the keyed hash function and then a cheap, un-keyed output transform such as truncation. Spurred by its use in the widely-deployed Ed25519 signature scheme, this paper investigates the provable PRF security of AMAC to deliver the following three-fold message: (1) First, we prove PRF security of AMAC (2) Second, we show that AMAC has a quite unique and attractive feature, namely that its multi-user security is essentially as good as its single-user security and in particular superior in some settings to that of competitors. (3) Third, it is technically interesting, its security and analysis intrinsically linked to security of the compression function in the presence of leakage.

Available format(s)
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in EUROCRYPT 2016
Keywords
Hash functionsMACsPRFsEd25519SHA-512ideal function model.
Contact author(s)
mihir @ eng ucsd edu
History
2016-03-01: revised
See all versions
Short URL
https://ia.cr/2016/142

CC BY

BibTeX

@misc{cryptoeprint:2016/142,
author = {Mihir Bellare and Daniel J.  Bernstein and Stefano Tessaro},
title = {Hash-Function based PRFs: AMAC and its Multi-User Security},
howpublished = {Cryptology ePrint Archive, Paper 2016/142},
year = {2016},
note = {\url{https://eprint.iacr.org/2016/142}},
url = {https://eprint.iacr.org/2016/142}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.