Advertisement

New Results on Pseudorandom Permutation Generators Based on the Des Scheme

  • Jacques Patarin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 576)

Abstract

We denote by ψ k the permutation generator based on the DES Scheme with k rounds where the S boxes are replaced by random independant functions. We denote by |P 1P 1*|, (respectively |P 1P 1**|), the probability of distinguishing such a permutation from a random function (respectively from a random permutation) by means of a distinguishing circuit that has m oracle gates.

In 1988, M. Luby and C. Rackoff [1] proved that
$$ \forall k \geqslant 3,|P_1 - P_1^* | \leqslant \frac{{m(m - 1)}} {{2^n }}. $$

At Eurocrypt 90, J. Pieprzyk wondered at the end of his paper [4] if that inequality could be improved. This is the problem we consider here. In particular, such an improvement could greatly reduce the length of the keys used in a “direct” application of these theorems to a cryptosystem.

Our main results will be:
  1. 1.

    For ψ 3 and ψ 4 there is no really tighter inequality than \( \leqslant \frac{{m(m - 1)}} {{2^n }} \) .

     
  2. 2.

    However for ψ 5 (and then for ψ k, k ≥ 5), there is a much tighter inequality than Luby - Rackoff’s one. For example for ψ 6, |P 1P 1*| and |P 1P 1**| are \( \leqslant \frac{{12m.}} {{2^n }} + \frac{{18m^3 }} {{2^{2n} }} \) .

     
  3. 3.

    When m is very small (m = 2 or 3 for example) it is possible to have an explicit evaluation of the effects of the number of rounds k on the “better and better pseudorandomness” of ψ k.

     

References

  1. [1]
    M. Luby and Ch. Rackoff, How to construct pseudorandom permutations from pseudorandom functions, SIAM Journal and Computing, 17(2): 373–386, April 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  2. [2]
    J. Patarin, Pseudorandom permutations based on the DES Scheme, Proceedings of EUROCODE’90.Google Scholar
  3. [3]
    J. Patarin, Etude des générateurs de permutations basés sur le Schéma du D.E.S., Thèse. To be publish in September 1991, INRIA, Domaine de Voluceau, Le Chesnay, France.Google Scholar
  4. [4]
    J. Pieprzyk, How to construct pseudorandom permutations from Single Pseudorandom Functions, EUROCRYPT’90, Århus, Denmark, May 1990.Google Scholar
  5. [5]
    Y. Zheng, T. Matsumoto and H. Imai, Impossibility and optimality results on constructing pseudorandom permutations, Abstract of EUROCRYPT’89, Houthalen, Belgium, April 1989.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1992

Authors and Affiliations

  • Jacques Patarin
    • 1
  1. 1.INRIA Domaine de VoluceauLe Chesnay CedexFrance

Personalised recommendations