Security in O(2n) for the Xor of Two Random Permutations \\ - Proof with the standard H technique -

Xoring two permutations is a very simple way to construct pseudorandom functions from pseudorandom permutations. In [13], it is proved that we have security against CPA-2 attacks when m O(2), where m is the number of queries and n is the number of bits of the inputs and outputs of the bijections. In this paper, we will obtain similar (but slightly different) results by using the “standard H technique” instead of the “Hσ technique”. It will be interesting to compare the two techniques, their similarities and the differences between the proofs and the results.

[1]  Mihir Bellare,et al.  Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible , 1998, EUROCRYPT.

[2]  Jacques Patarin,et al.  A Proof of Security in O(2n) for the Xor of Two Random Permutations , 2008, ICITS.

[3]  Stefan Lucks,et al.  The Sum of PRPs Is a Secure PRF , 2000, EUROCRYPT.

[4]  Kenneth Rogers,et al.  A combinatorial problem in Abelian groups , 1963, Mathematical Proceedings of the Cambridge Philosophical Society.

[5]  Jacques Patarin,et al.  Introduction to Mirror Theory: Analysis of Systems of Linear Equalities and Linear Non Equalities for Cryptography , 2010, IACR Cryptol. ePrint Arch..

[6]  Jacques Patarin,et al.  The "Coefficients H" Technique , 2009, Selected Areas in Cryptography.

[7]  Jacques Patarin Generic Attacks for the Xor of k Random Permutations , 2013, ACNS.

[8]  Roger C. Lyndon,et al.  PROBLEMS IN COMBINATORIAL GROUP THEORY , 1987 .

[9]  Ueli Maurer,et al.  The Security of Many-Round Luby-Rackoff Pseudo-Random Permutations , 2003, EUROCRYPT.

[10]  Jacques Patarin Luby-rackoff: 7 rounds are enough for 2n(1-ε) security , 2003 .

[11]  Valérie Nachef,et al.  Indifferentiability beyond the Birthday Bound for the Xor of Two Public Random Permutations , 2010, INDOCRYPT.

[12]  Bruce Schneier,et al.  Building PRFs from PRPs , 1998, CRYPTO.

[13]  Jacques Patarin,et al.  On Linear Systems of Equations with Distinct Variables and Small Block Size , 2005, ICISC.

[14]  Jacques Patarin,et al.  Luby-Rackoff: 7 Rounds Are Enough for 2n(1-epsilon)Security , 2003, CRYPTO.

[15]  Mihir Bellare,et al.  A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion , 1999, IACR Cryptol. ePrint Arch..

[16]  Jacques Patarin Etude des generateurs de permutations pseudo-aleatoires bases sur le schema du d. E. S , 1991 .

[17]  Ramarathnam Venkatesan,et al.  Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel , 1996, EUROCRYPT.