Aarhus University Seal

Expanding Pseudorandom Functions: or: From Known-Plaintext Security to Chosen-Plaintext Security

Research output: Contribution to book/anthology/report/proceedingArticle in proceedingsResearchpeer-review

  • Department of Computer Science
Given any weak pseudorandom function, we present a general and efficient technique transforming such a function to a new weak pseudorandom function with an arbitrary length output. This implies, among other things, an encryption mode for block ciphers. The mode is as efficient as known (and widely used) encryption modes as CBC mode and counter (CTR) mode, but is provably secure against chosen-plaintext attack (CPA) already if the underlying symmetric cipher is secure against known-plaintext attack (KPA). We prove that CBC, CTR and Jutla’s integrity aware modes do not have this property. In particular, we prove that when using a KPA secure block cipher, then: CBC mode is KPA secure, but need not be CPA secure, Jutla’s modes need not be CPA secure, and CTR mode need not be even KPA secure. The analysis is done in a concrete security framework.
Original languageEnglish
Title of host publicationAdvances in Cryptology - CRYPTO 2002 : 22nd Annual International Cryptology Conference Santa Barbara, California, USA, August 18-22, 2002 Proceedings
EditorsMoti Yung
Number of pages16
Publication year2002
ISBN (print)978-3-540-44050-5
Publication statusPublished - 2002
EventAnnual International Cryptology Conference - Santa Barbara, California, United States
Duration: 18 Aug 200222 Aug 2002
Conference number: 22


ConferenceAnnual International Cryptology Conference
LandUnited States
BySanta Barbara, California
SeriesLecture Notes in Computer Science

See relations at Aarhus University Citationformats

ID: 281412