Security analysis of the Milenage-construction based on a PRF

ePrint Report: Security analysis of the Milenage-construction based on a PRF

Alexander Maximov, Mats Näslund

This paper analyses the security of the so-called Milenage construction, developed by ETSI SAGE, when it is based on a non-one-to-one pseudo-random function (PRF) rather than a one-to-one pseudo-random permutation (PRP). It is shown that Milenage based on an $n$-bit random function and producing $t$ $n$-bit outputs, is indistinguishable from a random $tn$-bit function up to $q = O(2^{n/2}/ t)$ queries. We also extend the …

analysis called construction eprint report function gilbert non producing random report security security analysis