タイトル | Efficient Domain Extension Using Weak Pseudorandom Function |
---|---|
著者 | 峯松 一彦 、松嶋 敏泰 |
年度 | 2007 |
形式 | 国内学会 |
分野 | 情報セキュリティ |
掲載雑誌名 | 2008年暗号と情報セキュリティシンポジウム予稿集 |
掲載号・ページ | 不明 |
掲載年 | 2008 |
掲載月 | 1 |
アブスト (日本語) |
学会名:暗号と情報セキュリティシンポジウム(SCIS 2008) 日程:2008年1月22日~1月25日 場所:宮崎 査読無し DOI: 無し 【不明点】ページ |
アブスト (英語) |
We present an efficient solution to the domain extension problem for a block cipher. The domain extension, proposed by Ristenpart and Rogaway \cite{Ris07}, is to extend a message length of a (possibly variable-input-length) block cipher, ${\cal E}$, where the message space is $x\in\setM$, so that an incompatible input $x'\not\in\setM$ can be accepted, using an $n$-bit block cipher, $E$, with fixed $n$. This can be useful when the message length of a target application is incompatible with the block size of a block cipher that we want to use. For example, some block cipher modes (using an $n$-bit block cipher) accept only $\ell$-bit message length where $\ell$ is a multiple of $n$. While the previous proposal for the domain extension, called XLS \cite{Ris07}, uses two calls of an $n$-bit strong pseudorandom permutation and some bit shifts, our solution requires only one call of an $n$-bit block {\it weak} pseudorandom function, which is only secure against Known-Plaintext attacks, and two calls of universal hash functions. These universal hashes can be, for example, implemented with multiplications over $\txtn{GF}(2^n)$. This is obtained as a result of a recent paper \cite{Min07h} presented by the authors. |
備考 (日本語) |
1 |
備考 (英語) |
1 |
論文原稿 | |
発表資料 |