Skip to main content
SpringerLink
Log in

Multi-user Security of the Sum of Truncated Random Permutations

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2022 (ASIACRYPT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13792))

Abstract

For several decades, constructing pseudorandom functions from pseudorandom permutations, so-called Luby-Rackoff backward construction, has been a popular cryptographic problem. Two methods are well-known and comprehensively studied for this problem: summing two random permutations and truncating partial bits of the output from a random permutation. In this paper, by combining both summation and truncation, we propose new Luby-Rackoff backward constructions, dubbed \(\textsf{SaT 1}\) and \(\textsf{SaT 2}\), respectively.

\(\textsf{SaT 2}\) is obtained by partially truncating output bits from the sum of two independent random permutations, and \(\textsf{SaT 1}\) is its single permutation-based variant using domain separation. The distinguishing advantage against \(\textsf{SaT 1}\) and \(\textsf{SaT 2}\) is upper bounded by \(O({\sqrt{\mu q_{\max }}}/{2^{n-0.5m}})\) and \(O({\sqrt{\mu }q_{\max }^{1.5}}/{2^{2n-0.5m}})\), respectively, in the multi-user setting, where n is the size of the underlying permutation, m is the output size of the construction, \(\mu \) is the number of users, and \(q_{\max }\) is the maximum number of queries per user. We also prove the distinguishing advantage against a variant of \(\mathsf {XORP[3]}\) (studied by Bhattacharya and Nandi at Asiacrypt 2021) using independent permutations, dubbed \(\mathsf {SoP3\hbox {-} 2}\), is upper bounded by \(O({\sqrt{\mu } q_{\max }^2}/{2^{2.5n}})\).

In the multi-user setting with \(\mu = O(2^{n-m})\), a truncated random permutation provides only the birthday bound security, while \(\textsf{SaT 1}\) and \(\textsf{SaT 2}\) are fully secure, i.e., allowing \(O(2^n)\) queries for each user. It is the same security level as \(\mathsf {XORP[3]}\) using three permutation calls, while \(\textsf{SaT 1}\) and \(\textsf{SaT 2}\) need only two permutation calls.

W. Choi—Supported by a KIAS Individual Grant CG089501 at Korea Institute for Advanced Study

J. Lee—This work was supported by Institute for Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government(MSIT) (No.2022-0-01202 , Regional strategic industry convergence security core talent training business).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bellare, M., Impagliazzo, R.: A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to prp to prf conversion. Cryptology ePrint Archive, Paper 1999/024 (1999). https://eprint.iacr.org/1999/024

  2. Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_32

    Chapter  Google Scholar 

  3. Bellare, M., Krovetz, T., Rogaway, P.: Luby-Rackoff backwards: increasing security by making block ciphers non-invertible. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 266–280. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054132

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25

    Chapter  Google Scholar 

  5. Bhattacharya, S., Nandi, M.: Full indifferentiable security of the xor of two or more random permutations using the \(\chi ^2\) Method. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 387–412. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_15

    Chapter  Google Scholar 

  6. Bhattacharya, S., Nandi, M.: Luby-Rackoff backwards with more users and more security. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 345–375. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92078-4_12

    Chapter  Google Scholar 

  7. Bose, P., Hoang, V.T., Tessaro, S.: Revisiting AES-GCM-SIV: multi-user security, faster key derivation, and better bounds. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 468–499. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_18

    Chapter  Google Scholar 

  8. Chen, Y.L., Lambooij, E., Mennink, B.: How to build pseudorandom functions from public random permutations. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 266–293. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_10

    Chapter  Google Scholar 

  9. Choi, W., Lee, B., Lee, J.: Indifferentiability of truncated random permutations. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 175–195. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_7

    Chapter  Google Scholar 

  10. Choi, W., Lee, B., Lee, J., Lee, Y.: Toward a fully secure authenticated encryption scheme from a pseudorandom permutation. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 407–434. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92078-4_14

    Chapter  Google Scholar 

  11. Cogliati, B., Lampe, R., Patarin, J.: The indistinguishability of the XOR of \(k\) permutations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 285–302. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_15

    Chapter  Google Scholar 

  12. Cogliati, B., Seurin, Y.: EWCDM: an efficient, beyond-birthday secure, nonce-misuse resistant MAC. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 121–149. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_5

    Chapter  Google Scholar 

  13. Cogliati, B., Seurin, Y.: Analysis of the single-permutation encrypted Davies-Meyer construction. Des. Codes Cryptogr. 86(12), 2703–2723 (2018)

    Article  MathSciNet  MATH  Google Scholar 

  14. Dai, W., Hoang, V.T., Tessaro, S.: Information-theoretic indistinguishability via the chi-squared method. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 497–523. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_17

    Chapter  Google Scholar 

  15. Dutta, A., Nandi, M., Talnikar, S.: Beyond birthday bound secure MAC in faulty nonce model. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 437–466. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_15

    Chapter  MATH  Google Scholar 

  16. Gilboa, S., Gueron, S., Morris, B.: How many queries are needed to distinguish a truncated random permutation from a random function? J. Cryptol. 31(1), 162–171 (2018)

    Article  MathSciNet  MATH  Google Scholar 

  17. Gueron, S., Langley, A., Lindell, Y.: AES-GCM-SIV: specification and Analysis. IACR Cryptology ePrint Archive, Report 2017/168 (2017)

    Google Scholar 

  18. Gueron, S., Lindell, Y.: GCM-SIV: full nonce misuse-resistant authenticated encryption at under one cycle per byte. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 109–119 (2015)

    Google Scholar 

  19. Gunsing, A., Mennink, B.: The summation-truncation hybrid: reusing discarded bits for free. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 187–217. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_7

    Chapter  Google Scholar 

  20. Hall, C., Wagner, D., Kelsey, J., Schneier, B.: Building PRFs from PRPs. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 370–389. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055742

    Chapter  Google Scholar 

  21. Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 3–32. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_1

    Chapter  Google Scholar 

  22. Hoang, V.T., Tessaro, S.: The multi-user security of double encryption. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 381–411. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_13

    Chapter  Google Scholar 

  23. Lee, J.: Indifferentiability of the sum of random permutations toward optimal security. IEEE Trans. Inf. Theory 63(6), 4050–4054 (2017)

    Article  MathSciNet  MATH  Google Scholar 

  24. Lucks, S.: The sum of PRPs is a secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470–484. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_34

    Chapter  Google Scholar 

  25. Mennink, B.: Linking stam’s bounds with generalized truncation. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 313–329. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12612-4_16

    Chapter  Google Scholar 

  26. Mennink, B., Neves, S.: Encrypted davies-meyer and its dual: towards optimal security using mirror theory. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 556–583. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_19

    Chapter  Google Scholar 

  27. Mennink, B., Preneel, B.: On the XOR of multiple random permutations. In: Malkin, T., Kolesnikov, V., Lewko, A. B., Polychronakis, M. (eds.) ACNS 2015, pp. 619–634 (2015)

    Google Scholar 

  28. Mouha, N., Luykx, A.: Multi-key security: the even-mansour construction revisited. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 209–223. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_10

    Chapter  Google Scholar 

  29. Nandi, M.: Mind the composition: birthday bound attacks on EWCDMD and SoKAC21. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 203–220. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_8

    Chapter  Google Scholar 

  30. Patarin, J.: A proof of security in O(2n) for the Xor of Two Random Permutations. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 232–248. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85093-9_22

    Chapter  MATH  Google Scholar 

  31. Patarin, J.: Introduction to Mirror Theory: Analysis of Systems of Linear Equalities and Linear Non Equalities for Cryptography. IACR Cryptology ePrint Archive, Report 2010/287 (2010)

    Google Scholar 

  32. Stam, A.: Distance between sampling with and without replacement. Statistica Neerlandica 32(2), 81–91 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  33. Tessaro, S.: Optimally secure block ciphers from ideal primitives. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 437–462. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_18

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. KIAS, Seoul, Korea

    Wonseok Choi

  2. KAIST, Daejeon, Korea

    Hwigyeom Kim, Jooyoung Lee & Yeongmin Lee

Authors
  1. Wonseok Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hwigyeom Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jooyoung Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yeongmin Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Wonseok Choi or Jooyoung Lee .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology Madras, Chennai, India

    Shweta Agrawal

  2. Chinese Academy of Sciences, Beijing, China

    Dongdai Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Choi, W., Kim, H., Lee, J., Lee, Y. (2022). Multi-user Security of the Sum of Truncated Random Permutations. In: Agrawal, S., Lin, D. (eds) Advances in Cryptology – ASIACRYPT 2022. ASIACRYPT 2022. Lecture Notes in Computer Science, vol 13792. Springer, Cham. https://doi.org/10.1007/978-3-031-22966-4_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22966-4_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22965-7

  • Online ISBN: 978-3-031-22966-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation