Advertisement

The Iterated Random Function Problem

  • Ritam Bhaumik
  • Nilanjan Datta
  • Avijit Dutta
  • Nicky Mouha
  • Mridul Nandi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10625)

Abstract

At CRYPTO 2015, Minaud and Seurin introduced and studied the iterated random permutation problem, which is to distinguish the r-th iterate of a random permutation from a random permutation. In this paper, we study the closely related iterated random function problem, and prove the first almost-tight bound in the adaptive setting. More specifically, we prove that the advantage to distinguish the r-th iterate of a random function from a random function using q queries is bounded by \(O(q^2r(\log r)^3/N)\), where N is the size of the domain. In previous work, the best known bound was \(O(q^2r^2/N)\), obtained as a direct result of interpreting the iterated random function problem as a special case of CBC-MAC based on a random function. For the iterated random function problem, the best known attack has an advantage of \(\varOmega (q^2r/N)\), showing that our security bound is tight up to a factor of \((\log r)^3\).

Keywords

Iterated random function Random function Pseudorandom function Password hashing Patarin H-coefficient technique Provable security 

References

  1. 1.
    Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341–358. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48658-5_32 Google Scholar
  2. 2.
    Bellare, M., Kilian, J., Rogaway, P.: The security of the Cipher Block Chaining message authentication code. J. Comp. Syst. Sci. 61(3), 362–399 (2000)MathSciNetCrossRefMATHGoogle Scholar
  3. 3.
    Bellare, M., Pietrzak, K., Rogaway, P.: Improved security analyses for Cipher Block Chaining Message Authentication Codes. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 527–545. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535218_32 CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Ristenpart, T., Tessaro, S.: Multi-instance security and its application to password-based cryptography. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 312–329. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_19 CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006).  https://doi.org/10.1007/11761679_25 CrossRefGoogle Scholar
  6. 6.
    Berke, R.: On the security of iterated MACs. Ph.D. thesis, ETH Zürich (2003)Google Scholar
  7. 7.
    Bernstein, D.J.: A short proof of the unpredictability of cipher block chaining, January 2005. http://cr.yp.to/antiforgery/easycbc-20050109.pdf
  8. 8.
    Bhaumik, R., Datta, N., Dutta, A., Mouha, N., Nandi, M.: The Iterated Random Function Problem. ePrint Report 2017/892 (2017). full version of this paperGoogle Scholar
  9. 9.
    Bossi, S., Visconti, A.: What users should know about Full Disk Encryption based on LUKS. In: Reiter, M., Naccache, D. (eds.) CANS 2015. LNCS, vol. 9476, pp. 225–237. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-26823-1_16 CrossRefGoogle Scholar
  10. 10.
    Chen, S., Steinberger, J.: Tight Security Bounds for Key-Alternating Ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327–350. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_19 CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, Cascade and HMAC modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 494–510. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_30 CrossRefGoogle Scholar
  12. 12.
    Dodis, Y., Ristenpart, T., Steinberger, J., Tessaro, S.: To hash or not to hash again? (In) differentiability results for H 2 and HMAC. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 348–366. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_21 CrossRefGoogle Scholar
  13. 13.
    Ferguson, N., Schneier, B.: Practical Cryptography. Wiley, New York (2003)MATHGoogle Scholar
  14. 14.
    Gaži, P., Pietrzak, K., Rybár, M.: The exact PRF-Security of NMAC and HMAC. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 113–130. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_7 CrossRefGoogle Scholar
  15. 15.
    Minaud, B., Seurin, Y.: The iterated random permutation problem with applications to cascade encryption. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 351–367. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_17 CrossRefGoogle Scholar
  16. 16.
    Nandi, M.: A simple and unified method of proving indistinguishability. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 317–334. Springer, Heidelberg (2006).  https://doi.org/10.1007/11941378_23 CrossRefGoogle Scholar
  17. 17.
    Patarin, J.: The “Coefficients H” technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328–345. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04159-4_21 CrossRefGoogle Scholar
  18. 18.
    Preneel, B., van Oorschot, P.C.: MDx-MAC and building fast MACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1–14. Springer, Heidelberg (1995).  https://doi.org/10.1007/3-540-44750-4_1 Google Scholar
  19. 19.
    Turan, M.S., Barker, E., Burr, W., Chen, L.: Recommendation for key derivation using pseudorandom functions (Revised). NIST Special Publication 800–132, National Institute of Standards and Technology (NIST), December 2010Google Scholar
  20. 20.
    Wagner, D., Goldberg, I.: Proofs of security for the Unix password hashing algorithm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 560–572. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44448-3_43 CrossRefGoogle Scholar
  21. 21.
    Wuille, P.: Bitcoin network graphs (2017). http://bitcoin.sipa.be/
  22. 22.
    Yao, F.F., Yin, Y.L.: Design and Analysis of Password-Based Key Derivation Functions. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 245–261. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30574-3_17 CrossRefGoogle Scholar
  23. 23.
    Yao, F.F., Yin, Y.L.: Design and analysis of password-based key derivation functions. IEEE Trans. Inf. Theor. 51(9), 3292–3297 (2005)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Ritam Bhaumik
    • 1
  • Nilanjan Datta
    • 2
  • Avijit Dutta
    • 1
  • Nicky Mouha
    • 3
    • 4
  • Mridul Nandi
    • 1
  1. 1.Indian Statistical InstituteKolkataIndia
  2. 2.Indian Institute of TechnologyKharagpurIndia
  3. 3.National Institute of Standards and TechnologyGaithersburgUSA
  4. 4.Project-team SECRET, InriaParisFrance

Personalised recommendations