The Security of "One-Block-to-Many" Modes of Operation

In this paper, we investigate the security, in the Luby-Rackoff security paradigm, of blockcipher modes of operation allowing to expand a one-block input into a longer t-block output under the control of a secret key K. Such ”one-block-to-many” modes of operation are of frequent use in cryptology. They can be used for stream cipher encryption purposes, and for authentication and key distribution purposes in contexts such as mobile communications. We show that although the expansion functions resulting from modes of operation of blockciphers such as the counter mode or the output feedback mode are not pseudorandom, slight modifications of these two modes provide pseudorandom expansion functions. The main result of this paper is a detailed proof, in the Luby-Rackoff security model, that the expansion function used in the construction of the third generation mobile (UMTS) example authentication and key agreement algorithm MILENAGE is pseudorandom.

[1]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[2]  Jacques Patarin,et al.  How to Construct Pseudorandom and Super Pseudorandom Permutations from one Single Pseudorandom Function , 1992, EUROCRYPT.

[3]  Serge Vaudenay,et al.  On Probable Security for Conventional Cryptography , 1999, ICISC.

[4]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[5]  John Black,et al.  A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[6]  Jacques Patarin Etude des generateurs de permutations pseudo-aleatoires bases sur le schema du d. E. S , 1991 .

[7]  Anand Desai,et al.  A Practice-Oriented Treatment of Pseudorandom Number Generators , 2002, EUROCRYPT.

[8]  Thomas Johansson,et al.  A New Version of the Stream Cipher SNOW , 2002, Selected Areas in Cryptography.

[9]  Mihir Bellare,et al.  The Security of Cipher Block Chaining , 1994, CRYPTO.

[10]  Phillip Rogaway,et al.  A Software-Optimized Encryption Algorithm , 1998, Journal of Cryptology.

[11]  Mihir Bellare,et al.  A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation , 1997, FOCS 1997.

[12]  Serge Vaudenay,et al.  Provable Security for Block Ciphers by Decorrelation , 1998, STACS.

[13]  Shai Halevi,et al.  Scream: A Software-Efficient Stream Cipher , 2002, FSE.

[14]  J. Håstad,et al.  BMGL : Synchronous Keystream Generator with Provable Security ( Revision 1 ) , 2001 .

[15]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[16]  Ueli Maurer A Simplified and Generalized Treatment of Luby-Rackoff Pseudorandom Permutation Generator , 1992, EUROCRYPT.

[17]  Antoine Joux,et al.  On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction , 2002, FSE.