IACR News item: 30 June 2015
Matthias Krause
ePrint ReportIn this paper, we study similar construction for pseudorandom functions (PRFs), where additionally the access to a public $n$-bit (one-way) function $F$ is allowed. In particular, we show a sharp $n/2$-security bound for the simplest possible construction $F(x\\oplus k)$ and a sharp $2/3\\cdot n$-bound for the $FP(1)$-construction $F(P(x\\oplus k)\\oplus k)$, both in the random oracle model. The latter result contrasts with a sharp bound of the same order for $P(P(x\\oplus k)\\oplus \\pi(k))\\oplus k$, recently proved by Chen et. al.
One practical motivation for our research is due to the fact that operation modes of key stream generator based (KSG-based) stream ciphers can be modeled in a very straightforward way by FP-constructions. Our research shows a way to save KSG inner state length by using operation modes, which yield provable security beyond the birthday bound against time-space-data tradeoff attacks. For instance, we demonstrate that a slight change in the operation mode of the Bluetooth cipher (adding the session key twice in the initialization phase) raises the security w.r.t. to generic time-space-data tradeoff attacks from $n/2$ to $2/3\\cdot n$, where $n$ denotes the KSG inner state length.
Additional news items may be found on the IACR news page.