Indifferentiability of Truncated Random Permutations
One of natural ways of constructing a pseudorandom function from a pseudorandom permutation is to simply truncate the output of the permutation. When n is the permutation size and m is the number of truncated bits, the resulting construction is known to be indistinguishable from a random function up to 2(n+m/2) queries, which is tight.
In this paper, we study the indifferentiability of a truncated random permutation where a fixed prefix is prepended to the inputs. We prove that this construction is (regularly) indifferentiable from a public random function up to min{2(n+m/3), 2(m), 2(l)} queries, while it is publicly indifferentiable up to min{max{2(n+m/3), 2(n2)}, 2(l)} queries, where l is the size of the fixed prefix. Furthermore, the regular indifferentiability bound is proved to be tight when m + l << n.
Our results significantly improve upon the previous bound of min{2(m/2), 2(l)} given by Dodis et al. (FSE 2009), allowing us to construct, for instance, an n/2-to-n/2 bit random function that makes a single call to an n-bit permutation, achieving n/2-bit security.
- Issue Date
- 2019-12-09
- Language
- English
- Citation
25th Annual International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT), pp.175 - 195
- Appears in Collection
- CS-Conference Papers(학술회의논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 11 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.