Paper 2021/097
A New and Improved Reduction Proof of Cascade PRF
Mridul Nandi
Abstract
The prefix-free PRF (pseudorandom function) security of a cascade function based on a compression function $f$ against a $q$-query distinguisher is reduced to a $q$-query PRF security of $f$ with a tightness gap $lq$ where $l$ represents the length of the longest query among all $q$ queries. In this paper, we have shown a reduction which is also applicable to multiuser setup and improves the tightness gap for both adaptive and non-adaptive distinguishers. As an immediate application of our result, we have shown multiuser security of NMAC, HMAC and many other MACs for the first time. Moreover, the tightness gap is improved in comparison with known single-user analysis. We also have shown a similar tightness gap for single-keyed NMAC. As a result, the constants ipad and opad used in HMAC and existing PRB (pseudorandom bit) assumption on the underlying compression function become redundant.
Note: Acknowledgment is added.
Metadata
- Available format(s)
- Category
- Foundations
- Publication info
- Preprint.
- Keywords
- PRFHMACNMACcascadenon-adaptive security
- Contact author(s)
- mridul nandi @ gmail com
- History
- 2021-09-17: last of 2 revisions
- 2021-01-27: received
- See all versions
- Short URL
- https://ia.cr/2021/097
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/097, author = {Mridul Nandi}, title = {A New and Improved Reduction Proof of Cascade {PRF}}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/097}, year = {2021}, url = {https://eprint.iacr.org/2021/097} }