Indistinguishability of Random Systems

An (X, Y)-random system takes inputs X1, X2, . . . ? ? and generates, for each new input Xi, an output Yi ? Y, depending probabilistically on X1, . . . , Xi and Y1, . . . , Yi-1. Many cryptographic systems like block ciphers, MAC-schemes, pseudo-random functions, etc., can be modeled as random systems, where in fact Yi often depends only on Xi, i.e., the system is stateless. The security proof of such a system (e.g. a block cipher) amounts to showing that it is indistinguishable from a certain perfect system (e.g. a random permutation).We propose a general framework for proving the indistinguishability of two random systems, based on the concept of the equivalence of two systems, conditioned on certain events. This abstraction demonstrates the common denominator among many security proofs in the literature, allows to unify, simplify, generalize, and in some cases strengthen them, and opens the door to proving new indistinguishability results.We also propose the previously implicit concept of quasi-randomness and give an efficient construction of a quasi-random function which can be used as a building block in cryptographic systems based on pseudorandom functions.

[1]  Victor Shoup,et al.  On Fast and Provably Secure Message Authentication Based on Universal Hashing , 1996, CRYPTO.

[2]  Mihir Bellare,et al.  The Security of the Cipher Block Chaining Message Authentication Code , 2000, J. Comput. Syst. Sci..

[3]  Jacques Patarin,et al.  About Feistel Schemes with Six (or More) Rounds , 1998, FSE.

[4]  Michael O. Rabin,et al.  Transaction Protection by Beacons , 1983, J. Comput. Syst. Sci..

[5]  Serge Vaudenay,et al.  Provable Security for Block Ciphers by Decorrelation , 1998, STACS.

[6]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[7]  Jacques Patarin,et al.  How to Construct Pseudorandom and Super Pseudorandom Permutations from one Single Pseudorandom Function , 1992, EUROCRYPT.

[8]  Jacques Patarin,et al.  New Results on Pseudorandom Permutation Generators Based on the DES Scheme , 1991, CRYPTO.

[9]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[10]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[11]  Ueli Maurer Conditionally-perfect secrecy and a provably-secure randomized cipher , 2004, Journal of Cryptology.

[12]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[13]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[14]  Hugo Krawczyk,et al.  Stateless Evaluation of Pseudorandom Functions: Security beyond the Birthday Barrier , 1999, CRYPTO.

[15]  Mihir Bellare,et al.  XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions , 1995, CRYPTO.

[16]  Richard E. Blahut,et al.  Principles and practice of information theory , 1987 .

[17]  Daniel J. Bernstein,et al.  How to Stretch Random Functions: The Security of Protected Counter Sums , 1999, Journal of Cryptology.

[18]  Ueli Maurer A Simplified and Generalized Treatment of Luby-Rackoff Pseudorandom Permutation Generator , 1992, EUROCRYPT.

[19]  Serge Vaudenay,et al.  On Probable Security for Conventional Cryptography , 1999, ICISC.

[20]  Mihir Bellare,et al.  The Security of Cipher Block Chaining , 1994, CRYPTO.

[21]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1985, CRYPTO.

[22]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.