Range Extension for Weak PRFs; The Good, the Bad, and the Ugly

We investigate a general class of (black-box) constructions for range extension of weak pseudorandom functions: a construction based on mindependent functions F 1 ,...,F m is given by a set of strings over {1,...,m}*, where for example $\{\langle{2}\rangle, \langle{1,2}\rangle\}$ corresponds to the function X?[F 2 (X),F 2 (F 1 (X))]. All efficient constructions for range expansion of weak pseudorandom functions that we are aware of are of this form. We completely classify such constructions as good, bador ugly, where the good constructions are those whose security can be proven via a black-box reduction, the bad constructions are those whose insecurity can be proven via a black-box reduction, and the ugly constructions are those which are neither good nor bad. Our classification shows that the range expansion from [10] is optimal, in the sense that it achieves the best possible expansion (2m? 1 when using mkeys). Along the way we show that for weak quasirandomfunctions (i.e. in the information theoretic setting), all constructions which are not bad --- in particular all the ugly ones --- are secure.

[1]  Ueli Maurer,et al.  Indistinguishability Amplification , 2007, CRYPTO.

[2]  Johan Sjödin,et al.  Weak Pseudorandom Functions in Minicrypt , 2008, ICALP.

[3]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[4]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[5]  Ivan Damgård,et al.  Expanding Pseudorandom Functions; or: From Known-Plaintext Security to Chosen-Plaintext Security , 2002, CRYPTO.

[6]  Michael Luby,et al.  Pseudo-random permutation generators and cryptographic composition , 1986, STOC '86.

[7]  Ueli Maurer,et al.  Indistinguishability of Random Systems , 2002, EUROCRYPT.

[8]  Kazuhiko Minematsu,et al.  Expanding Weak PRF with Small Key Size , 2005, ICISC.

[9]  Ueli Maurer,et al.  Composition of Random Systems: When Two Weak Make One Strong , 2004, TCC.

[10]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[11]  Ueli Maurer,et al.  A Fast and Key-Efficient Reduction of Chosen-Ciphertext to Known-Plaintext Security , 2007, EUROCRYPT.

[12]  Seungjoo Kim,et al.  Information Security and Cryptology - ICISC 2005 , 2005, Lecture Notes in Computer Science.

[13]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[14]  Russell Impagliazzo,et al.  Limits on the Provable Consequences of One-way Permutations , 1988, CRYPTO.

[15]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[16]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[17]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[18]  Moni Naor,et al.  From Unpredictability to Indistinguishability: A Simple Construction of Pseudo-Random Functions from MACs (Extended Abstract) , 1998, CRYPTO.