The Sum of PRPs Is a Secure PRF

Given d independent pseudorandom permutations (PRPs) πi, ..., πd over {0; 1}n, it appears natural to define a pseudorandom function (PRF) by adding (or XORing) the permutation results: sumd(x) = π1(x) ⊕...⊕πd(x). This paper investigates the security of sumd and also considers a variant that only uses one single PRP over {0; 1}n.

[1]  Mihir Bellare,et al.  Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible , 1998, EUROCRYPT.

[2]  Ramarathnam Venkatesan,et al.  Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel , 1996, EUROCRYPT.

[3]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[4]  Mihir Bellare,et al.  The Security of Cipher Block Chaining , 1994, CRYPTO.

[5]  Stefan Lucks,et al.  Faster Luby-Rackoff Ciphers , 1996, FSE.

[6]  Leonid A. Levin,et al.  One-way functions and pseudorandom generators , 1985, STOC '85.

[7]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[8]  Bruce Schneier,et al.  Building PRFs from PRPs , 1998, CRYPTO.

[9]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[10]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[11]  Mihir Bellare,et al.  A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion , 1999, IACR Cryptol. ePrint Arch..

[12]  Jacques Patarin,et al.  About Feistel Schemes with Six (or More) Rounds , 1998, FSE.

[13]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.