Paper 2022/972

Keyed Streebog is a secure PRF and MAC

Vitaly Kiryukhin, LLC "SFB Lab", Moscow, Russia, JSC "InfoTeCS", Moscow, Russia
Abstract

One of the most popular ways to turn a keyless hash function into a keyed one is the HMAC algorithm. This approach is too expensive in some cases due to double hashing. Excessive overhead can sometimes be avoided by using certain features of the hash function itself. The paper presents a simple and safe way to create a keyed cryptoalgorithm (conventionally called "Streebog-K") from hash function Streebog $\mathsf{H}(M)$. Let $K$ be a secret key, then $\mathsf{KH}(K,M)=\mathsf{H}(K||M)$ is a secure pseudorandom function (PRF) and, therefore, a good message authentification code (MAC). The proof is obtained by reduction of the security of the presented construction to the resistance of the underlying compression function to the related key attacks (PRF-RKA). The security bounds of Streebog-K are essentially the same as those of HMAC-Streebog, but the computing speed doubles when short messages are used.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. CTCrypt 2022 - 11th Workshop on Current Trends in Cryptology, June 6–9, 2022, Novosibirsk, Russia
Keywords
Streebog Streebog-K PRF MAC HMAC provable security
Contact author(s)
vitaly kiryukhin @ sfblaboratory ru
History
2022-07-30: approved
2022-07-29: received
See all versions
Short URL
https://ia.cr/2022/972
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/972,
      author = {Vitaly Kiryukhin},
      title = {Keyed Streebog is a secure {PRF} and {MAC}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/972},
      year = {2022},
      url = {https://eprint.iacr.org/2022/972}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.