论文信息 - Impossibility and Optimality Results on Constructing Pseudorandom Permutations (Extended Abstract)

Impossibility and Optimality Results on Constructing Pseudorandom Permutations (Extended Abstract)

Let I n = {0, 1}n, and H n be the set of all functions from I n to I n. For f ∈ H n, define the DES-like transformation associated with f by F 2n, f (L, R) = (R ⊕ f(L), L), where L, R e I n. For f 1, f 2, ..., f s ∈ H n, define Ψ(f s, ..., f 2, f 1) = F 2n,fs, ∘ ... ∘ F 2n,f2 ∘ F 2n,f1. Our main result is that Ψ(f k, f j, f i) is not pseudorandom for any positive integers i, j, k, where f i denotes the i-fold composition of f. Thus, as immediate consequences, we have that (1) none of Ψ(f, f, f), Ψ(f, f, f 2) and Ψ(f 2, f, f) are pseudorandom and, (2) Ohnishi’s constructions Ψ(g, g, f) and Ψ(g, f, f) are optimal. Generalizations of the main result are also considered.

[1] Andrew Chi-Chih Yao,et al. Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[2] Claus-Peter Schnorr,et al. On the Construction of Random Number Generators and Random Function Generators , 1988, EUROCRYPT.

[3] J.L. Smith,et al. Some cryptographic techniques for machine-to-machine data communications , 1975, Proceedings of the IEEE.

[4] Silvio Micali,et al. How to construct random functions , 1986, JACM.

[5] Michael Luby,et al. How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[6] Andrew Chi-Chih Yao,et al. Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).