IACR News item: 15 December 2015
Mihir Bellare, Anna Lysyanskaya
ePrint Report
The security of HMAC is proven under the assumption that its compression function is a dual PRF, meaning a PRF when keyed by either of its two inputs. But, not only do we not know whether particular compression functions really are dual PRFs, we do not know if dual PRFs even exist. What if the goal is impossible? This paper addresses this with a foundational treatment of dual PRFs, giving constructions based on standard assumptions. This provides what we call a generic validation of the dual PRF assumption for HMAC. For this purpose we introduce and construct symmetric PRFs, which may be of independent interest.
Additional news items may be found on the IACR news page.