Information-Theoretic Indistinguishability via the Chi-Squared Method

Proving tight bounds on information-theoretic indistinguishability is a central problem in symmetric cryptography. This paper introduces a new method for information-theoretic indistinguishability proofs, called “the chi-squared method”. At its core, the method requires upper-bounds on the so-called \(\chi ^2\) divergence (due to Neyman and Pearson) between the output distributions of two systems being queries. The method morally resembles, yet also considerably simplifies, a previous approach proposed by Bellare and Impagliazzo (ePrint, 1999), while at the same time increasing its expressiveness and delivering tighter bounds.

[1]  Renato Renner On the variational distance of independently repeated experiments , 2005, ArXiv.

[2]  Mihir Bellare,et al.  Format-Preserving Encryption , 2009, IACR Cryptol. ePrint Arch..

[3]  Phillip Rogaway,et al.  An Enciphering Scheme Based on a Card Shuffle , 2012, CRYPTO.

[4]  Yishay Mansour,et al.  A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[5]  Thomas Ristenpart,et al.  The Mix-and-Cut Shuffle: Small-Domain Encryption Secure against N Queries , 2013, CRYPTO.

[6]  Phillip Rogaway,et al.  Sometimes-Recurse Shuffle - Almost-Random Permutations in Logarithmic Expected Time , 2014, EUROCRYPT.

[7]  Mihir Bellare,et al.  Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible , 1998, EUROCRYPT.

[8]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[9]  Mridul Nandi,et al.  A Simple and Unified Method of Proving Indistinguishability , 2006, INDOCRYPT.

[10]  Bruce Schneier,et al.  Building PRFs from PRPs , 1998, CRYPTO.

[11]  John P. Steinberger,et al.  Improved Security Bounds for Key-Alternating Ciphers via Hellinger Distance , 2012, IACR Cryptol. ePrint Arch..

[12]  Ueli Maurer,et al.  Indistinguishability of Random Systems , 2002, EUROCRYPT.

[13]  A. J. Stam Distance between sampling with and without replacement , 1978 .

[14]  Benoit Cogliati,et al.  The Indistinguishability of the XOR of k Permutations , 2014, FSE.

[15]  Ron Steinfeld,et al.  Improved Security Proofs in Lattice-Based Cryptography: Using the Rényi Divergence Rather than the Statistical Distance , 2015, Journal of Cryptology.

[16]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[17]  Mihir Bellare,et al.  A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion , 1999, IACR Cryptol. ePrint Arch..

[18]  Bart Mennink,et al.  Encrypted Davies-Meyer and Its Dual: Towards Optimal Security Using Mirror Theory , 2017, CRYPTO.

[19]  Benoit Cogliati,et al.  EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC , 2016, CRYPTO.

[20]  Mridul Nandi,et al.  A note on the chi-square method: A tool for proving cryptographic security , 2018, Cryptography and Communications.

[21]  Ueli Maurer A Simplified and Generalized Treatment of Luby-Rackoff Pseudorandom Permutation Generator , 1992, EUROCRYPT.

[22]  John P. Steinberger,et al.  Tight Security Bounds for Key-Alternating Ciphers , 2014, EUROCRYPT.

[23]  Daniel J. Bernstein,et al.  How to Stretch Random Functions: The Security of Protected Counter Sums , 1999, Journal of Cryptology.

[24]  Stefano Tessaro,et al.  Key-Alternating Ciphers and Key-Length Extension: Exact Bounds and Multi-user Security , 2016, CRYPTO.

[25]  Jacques Patarin,et al.  The "Coefficients H" Technique , 2009, Selected Areas in Cryptography.

[26]  Kai-Min Chung,et al.  Tight Parallel Repetition Theorems for Public-Coin Arguments using KL-divergence , 2015 .

[27]  Krzysztof Pietrzak Composition Does Not Imply Adaptive Security , 2005, CRYPTO.

[28]  Jacques Patarin,et al.  A Proof of Security in O(2n) for the Xor of Two Random Permutations , 2008, ICITS.

[29]  Stefan Lucks,et al.  The Sum of PRPs Is a Secure PRF , 2000, EUROCRYPT.

[30]  Jacques Patarin,et al.  Introduction to Mirror Theory: Analysis of Systems of Linear Equalities and Linear Non Equalities for Cryptography , 2010, IACR Cryptol. ePrint Arch..

[31]  Ran Raz,et al.  A parallel repetition theorem , 1995, STOC '95.

[32]  Ueli Maurer,et al.  Indistinguishability Amplification , 2007, CRYPTO.

[33]  Tetsu Iwata,et al.  New Blockcipher Modes of Operation with Beyond the Birthday Bound Security , 2006, FSE.

[34]  Kai-Min Chung,et al.  Tight Bounds for Hashing Block Sources , 2008, APPROX-RANDOM.