Paper 2021/097

A New and Improved Reduction Proof of Cascade PRF

Mridul Nandi

Abstract

The prefix-free PRF (pseudorandom function) security of a cascade function based on a compression function $f$ against a $q$-query distinguisher is reduced to a $q$-query PRF security of $f$ with a tightness gap $lq$ where $l$ represents the length of the longest query among all $q$ queries. In this paper, we have shown a reduction which is also applicable to multiuser setup and improves the tightness gap for both adaptive and non-adaptive distinguishers. As an immediate application of our result, we have shown multiuser security of NMAC, HMAC and many other MACs for the first time. Moreover, the tightness gap is improved in comparison with known single-user analysis. We also have shown a similar tightness gap for single-keyed NMAC. As a result, the constants ipad and opad used in HMAC and existing PRB (pseudorandom bit) assumption on the underlying compression function become redundant.

Note: Acknowledgment is added.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
PRFHMACNMACcascadenon-adaptive security
Contact author(s)
mridul nandi @ gmail com
History
2021-09-17: last of 2 revisions
2021-01-27: received
See all versions
Short URL
https://ia.cr/2021/097
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/097,
      author = {Mridul Nandi},
      title = {A New and Improved Reduction Proof of Cascade {PRF}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/097},
      year = {2021},
      url = {https://eprint.iacr.org/2021/097}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.