M. Bellare, R. Impagliazzo, "A Tool for Obtaining Tighter Security Analyses of Pseudorandom Function Based Constructions, with Applications to PRP#PRF Conversion" (FOCS '99 submission), Theory of Cryptography Library , record 9924 (1999). Full version online: http://wwwcsif.cs.ucdavis.edu/~rogaway/papers/list.html The library is online: http://philby.ucsd.edu/cryptolib/ Home/Search Document Details and Download
Summary Related Articles Check |
This paper is cited in the following contexts:
ACE: The Advanced Cryptographic Engine - Schweinberger, Shoup (2000) (6 citations) (Correct)
....and not a random function. Indeed, if we just use MARS directly in counter mode, then we can distinguish its output from random with an advantage close to l , simply because in a sequence of random blocks, we would expect a collision, but none is forthcoming from MARS. Recent results of [BI99] imply that the sum counter mode construction reduces the advantage to something much closer to l 2 . A similar result has also been independently obtained by [Luc00] The latter result is based on a much more elementary proof, and is somewhat weaker; however, for l 2 , the result in ....
....construction reduces the advantage to something much closer to l 2 . A similar result has also been independently obtained by [Luc00] The latter result is based on a much more elementary proof, and is somewhat weaker; however, for l 2 , the result in [Luc00] is nearly as good as that in [BI99] 3 Terminology and Notation In order to describe the encryption and signature schemes precisely, we need to establish some notational conventions. 3.1 Basic mathematical notation Z The set Z of integers. F 2 [T ] The set F 2 [T ] of univariate polynomials with coe#cients in the finite ....
M. Bellare and R. Impagliazzo. A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP PRF conversion. Manuscript, 1999.
Comments to NIST concerning AES Modes of Operations.. - Lipmaa, Rogaway, Wagner (2000) (13 citations) (Correct)
....the concrete security bounds one gets for CTR mode encryption, using a block cipher, are no worse than what one gets for CBC encryption. Indeed there are approaches to get better security bounds with CTR mode encryption than with CBC mode, though these do not directly use the block cipher E) See [4, 3]. The security of CTR mode is well analyzed and well understood. 2 Simplicity. With CTR mode, both encryption and decryption depend only on E neither depends on the inverse map, D = E 1 . So D need not be implemented. This matters most when the inverse direction of the block cipher, D, is ....
MIHIR BELLARE and RUSSELL IMPAGLIAZZO. A Tool for Obtaining Tighter Security Analyses of Pseudorandom Function Based Constructions, with Applications to PRP!PRF Conversion. Proceedings of 40th Annual Symposium on Foundations of Computer Science, 1999. (FOCS '99).
ACE: The Advanced Cryptographic Engine - Schweinberger, Shoup (2000) (6 citations) (Correct)
....not a random function. Indeed, if we just use MARS directly in counter mode, then we can distinguish its output from random with an advantage close to l 2 =2 128 , simply because in a sequence of random blocks, we would expect a collision, but none is forthcoming from MARS. Recent results of [BI99] imply that the sum counter mode construction reduces the advantage to something much closer to l=2 128 . A similar result has also been independently obtained by [Luc00] The latter result is based on a much more elementary proof, and is somewhat weaker; however, for l 2 64 , the result in ....
....reduces the advantage to something much closer to l=2 128 . A similar result has also been independently obtained by [Luc00] The latter result is based on a much more elementary proof, and is somewhat weaker; however, for l 2 64 , the result in [Luc00] is nearly as good as that in [BI99] 3 Terminology and Notation In order to describe the encryption and signature schemes precisely, we need to establish some notational conventions. 3.1 Basic mathematical notation Z The set Z of integers. F 2 [T ] The set F 2 [T ] of univariate polynomials with coecients in the nite ....
M. Bellare and R. Impagliazzo. A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP ! PRF conversion. Manuscript, 1999.
The Sum of PRPs is a Secure PRF - Lucks (2000) (5 citations) (Correct)
No context found.
M. Bellare, R. Impagliazzo, "A Tool for Obtaining Tighter Security Analyses of Pseudorandom Function Based Constructions, with Applications to PRP#PRF Conversion" (FOCS '99 submission), Theory of Cryptography Library , record 9924 (1999). Full version online: http://wwwcsif.cs.ucdavis.edu/~rogaway/papers/list.html The library is online: http://philby.ucsd.edu/cryptolib/
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC