Advertisement

Two Simple Composition Theorems with H-coefficients

  • Jacques Patarin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10831)

Abstract

We will present two new and simple theorems that show that when we compose permutation generators with independent keys, then the “quality” of CCA security increases. These theorems (Theorems 2 and 5 of this paper) are written in terms of H-coefficients (which are nothing else, up to some normalization factors, than transition probabilities). Then we will use these theorems on the classical analysis of Random Feistel Schemes (i.e. Luby-Rackoff constructions) and we will compare the results with the coupling technique. Finally, we will show an interesting difference between 5 and 6 Random Feistel Schemes. With 5 rounds on 2n bits \(\rightarrow 2n\) bits, when the number of q queries satisfies \(\sqrt{2^n} \ll q \ll 2^n\), we have some “holes” in the H-coefficient values, i.e. some H values are much smaller than the average value of H. This property for 5 rounds does not exist any more on 6 rounds.

References

  1. 1.
    Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327–350. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_19CrossRefGoogle Scholar
  2. 2.
    Cogliati, B., Patarin, J., Seurin, Y.: Security amplification for the composition of block ciphers: simpler proofs and new results. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 129–146. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13051-4_8CrossRefGoogle Scholar
  3. 3.
    Hoang, V.T., Rogaway, P.: On generalized Feistel networks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 613–630. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14623-7_33CrossRefGoogle Scholar
  4. 4.
    Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 3–32. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_1CrossRefGoogle Scholar
  5. 5.
    Lampe, R., Patarin, J., Seurin, Y.: An asymptotically tight security analysis of the iterated Even-Mansour cipher. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 278–295. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34961-4_18CrossRefGoogle Scholar
  6. 6.
    Lampe, R., Seurin, Y.: Tweakable blockciphers with asymptotically optimal security. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 133–151. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43933-3_8Google Scholar
  7. 7.
    Lampe, R., Seurin, Y.: Security analysis of key-alternating Feistel ciphers. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 243–264. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46706-0_13Google Scholar
  8. 8.
    Luby, M., Rackoff, C.: How to construct pseudo-random permutations from pseudo-random functions. SIAM J. Comput. 17, 373–386 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Maurer, U.: Indistinguishability of random systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110–132. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_8CrossRefGoogle Scholar
  10. 10.
    Maurer, U., Pietrzak, K.: The security of many-round Luby-Rackoff pseudo-random permutations. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 544–561. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_34CrossRefGoogle Scholar
  11. 11.
    Maurer, U., Pietrzak, K.: Composition of random systems: when two weak make one strong. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 410–427. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24638-1_23CrossRefGoogle Scholar
  12. 12.
    Maurer, U., Pietrzak, K., Renner, R.: Indistinguishability amplification. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 130–149. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74143-5_8CrossRefGoogle Scholar
  13. 13.
    Mironov, I.: (Not so) random shuffles of RC4. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 304–319. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_20CrossRefGoogle Scholar
  14. 14.
    Morris, B., Rogaway, P., Stegers, T.: How to encipher messages on a small domain. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 286–302. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_17CrossRefGoogle Scholar
  15. 15.
    Myers, S.: Black-box composition does not imply adaptive security. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 189–206. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_12CrossRefGoogle Scholar
  16. 16.
    Patarin, J.: Étude des Générateurs de Permutations Pseudo-aléatoires basés sur le schéma du D.E.S., Ph.D., November 1991Google Scholar
  17. 17.
    Patarin, J.: The “coefficients H” technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328–345. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04159-4_21CrossRefGoogle Scholar
  18. 18.
    Patarin, J.: Security of balanced and unbalanced Feistel schemes with linear non equalities. Cryptology ePrint Archive: Report 2010/293 (2010)Google Scholar
  19. 19.
    Pietrzak, K.: Composition does not imply adaptive security. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 55–65. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535218_4CrossRefGoogle Scholar
  20. 20.
    Tessaro, S.: Security amplification for the cascade of arbitrarily weak PRPs: tight bounds via the interactive hardcore lemma. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 37–54. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-19571-6_3CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Laboratoire de Mathématiques de Versailles, UVSQ, CNRS, Université Paris-SaclayVersaillesFrance

Personalised recommendations