We give a careful, fixed-size parameter analysis of a standard [1,4] way to form a pseudorandom generator by iterating a one-way function and then pseudo-random functions from said generator, [3]. We improve known bounds also asymptotically when many bits are output each iteration and we find all auxiliary parameters efficiently. The analysis is effective even for security parameters of sizes supported by typical block ciphers and hash functions. This enables us to construct very practical pseudorandom generators with strong properties based on plausible assumptions.
展开▼
