Paper 2023/607

Security analysis of the Milenage-construction based on a PRF

Alexander Maximov, Ericsson (Sweden)
Mats Näslund, Royal Institute of Technology
Abstract

This paper analyses the security of the so-called Milenage construction, developed by ETSI SAGE, when it is based on a non-one-to-one pseudo-random function (PRF) rather than a one-to-one pseudo-random permutation (PRP). It is shown that Milenage based on an $n$-bit random function and producing $t$ $n$-bit outputs, is indistinguishable from a random $tn$-bit function up to $q = O(2^{n/2}/t)$ queries. We also extend the existing security proof for PRP-based Milenage due to Gilbert by generalising the model and incorporating the Milenage message authentication function in the proof.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
MilenagePRFsecurity proof
Contact author(s)
alexander maximov @ ericsson com
matsna @ kth se
History
2023-07-14: revised
2023-04-28: received
See all versions
Short URL
https://ia.cr/2023/607
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/607,
      author = {Alexander Maximov and Mats Näslund},
      title = {Security analysis of the Milenage-construction based on a PRF},
      howpublished = {Cryptology ePrint Archive, Paper 2023/607},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/607}},
      url = {https://eprint.iacr.org/2023/607}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.