A Proof of Security in O(2n) for the Benes Scheme

In [1], W. Aiello and R. Venkatesan have shown how to construct pseudorandom functions of 2n bits → 2n bits from pseudorandom functions of n bits → n bits. They claimed that their construction, called "Benes" reaches the optimal bound (m ≪ 2n) of security against adversaries with unlimited computing power but limited by m queries in an Adaptive Chosen Plaintext Attack (CPA-2). This result may have many applications in Cryptography (cf [1,19,18] for example). However, as pointed out in [18] a complete proof of this result is not given in [1] since one of the assertions in [1] is wrong. It is not easy to fix the proof and in [18], only a weaker result was proved, i.e. that in the Benes Schemes we have security when m ≪ f(Ɛ)ċ 2n-Ɛ, where f is a function such that limƐ→0 f(Ɛ) = +∞ (f depends only of Ɛ, not of n). Nevertheless, no attack better than in O(2n) was found. In this paper we will in fact present a complete proof of security when m ≪ O(2n) for the Benes Scheme, with an explicit O function. Therefore it is possible to improve all the security bounds on the cryptographic constructions based on Benes (such as in [19]) by using our O(2n) instead of f(Ɛ) ċ2n-Ɛ of [18].

[1]  Jacques Patarin,et al.  New Results on Pseudorandom Permutation Generators Based on the DES Scheme , 1991, CRYPTO.

[2]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[3]  Jacques Patarin,et al.  Security of Random Feistel Schemes with 5 or More Rounds , 2004, CRYPTO.

[4]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[5]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[6]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[7]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[8]  Ueli Maurer,et al.  The Security of Many-Round Luby-Rackoff Pseudo-Random Permutations , 2003, EUROCRYPT.

[9]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[10]  Mihir Bellare,et al.  A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion , 1999, IACR Cryptol. ePrint Arch..

[11]  Ueli Maurer,et al.  Indistinguishability of Random Systems , 2002, EUROCRYPT.

[12]  Moni Naor,et al.  On the construction of pseudo-random permutations: Luby-Rackoff revisited (extended abstract) , 1997, STOC '97.

[13]  Ueli Maurer A Simplified and Generalized Treatment of Luby-Rackoff Pseudorandom Permutation Generator , 1992, EUROCRYPT.

[14]  Jacques Patarin,et al.  Design of near-optimal pseudorandom functions and pseudorandom permutations in the information-theoretic model , 2005, IACR Cryptol. ePrint Arch..

[15]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[16]  Hugo Krawczyk,et al.  Stateless Evaluation of Pseudorandom Functions: Security beyond the Birthday Barrier , 1999, CRYPTO.

[17]  Jacques Patarin,et al.  Benes and Butterfly Schemes Revisited , 2005, ICISC.

[18]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[19]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[20]  Seungjoo Kim,et al.  Information Security and Cryptology - ICISC 2005 , 2005, Lecture Notes in Computer Science.

[21]  Jacques Patarin,et al.  Luby-Rackoff: 7 Rounds Are Enough for 2n(1-epsilon)Security , 2003, CRYPTO.

[22]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[23]  Ramarathnam Venkatesan,et al.  Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel , 1996, EUROCRYPT.

[24]  Ueli Maurer,et al.  Information-Theoretic Cryptography , 1999, CRYPTO.

[25]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[26]  Stefan Lucks,et al.  The Sum of PRPs Is a Secure PRF , 2000, EUROCRYPT.

[27]  Jacques Patarin Improved security bounds for pseudorandom permutations , 1997, CCS '97.