Pseudorandom Functions Revisited: The Cascade Construction and Its Concrete Security

Pseudorandom function families are a powerful cryptographic primitive, yielding, in particular, simple solutions for the main problems in private key cryptography. Their existence based on general assumptions (namely, the existence of one-way functions) has been established. In this work we investigate new ways of designing pseudorandom function families. The goal is to find constructions that are both efficient and secure, and thus eventually to bring the benefits of pseudorandom functions to practice. The basic building blocks in our design are certain limited versions of pseudorandom function families, called finite-length input pseudorandom function families, for which very efficient realizations exist in practical cryptography. Thus rather than starting from one-way functions, we propose constructions of “full-fledged” pseudorandom function families from these limited ones. In particular we propose the cascade construction, and provide a concrete security analysis which relates the strength of the cascade to that of the underlying finite pseudorandom function family in a precise and quantitative way. Department of Computer Science & Engineering, Mail Code 0114, University of California at San Diego, 9500 Gilman Drive, La Jolla, CA 92093. Email: [email protected]. † IBM T.J. Watson Research Center, PO Box 704, Yorktown Heights, New York 10598. Email: canetti@ watson.ibm.com. Work done while author was at MIT. ‡ IBM T.J. Watson Research Center, PO Box 704, Yorktown Heights, New York 10598. Email: hugo@ watson.ibm.com.