Computational Indistinguishability Amplification: Tight Product Theorems for System Composition

  • Ueli Maurer
  • Stefano Tessaro
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5677)


Computational indistinguishability amplification is the problem of strengthening cryptographic primitives whose security is defined by bounding the distinguishing advantage of an efficient distinguisher. Examples include pseudorandom generators (PRGs), pseudorandom functions (PRFs), and pseudorandom permutations (PRPs).

The literature on computational indistinguishability amplification consists only of few isolated results. Yao’s XOR-lemma implies, by a hybrid argument, that no efficient distinguisher has advantage better than (roughly) n2m − 1δm in distinguishing the XOR of m independent n-bit PRG outputs S1,...,Sm from uniform randomness if no efficient distinguisher has advantage more than δ in distinguishing Si from a uniform n-bit string. The factor 2m − 1 allows for security amplification only if \(\delta<\frac{1}{2}\): For the case of PRFs, a random-offset XOR-construction of Myers was the first result to achieve strong security amplification, i.e., also for \(\frac{1}{2} \le \delta < 1\).

This paper proposes a systematic treatment of computational indistinguishability amplification. We generalize and improve the above product theorem for the XOR of PRGs along five axes. First, we prove the tight information-theoretic bound 2m − 1δm (without factor n) also for the computational setting. Second, we prove results for interactive systems (e.g. PRFs or PRPs). Third, we consider the general class of neutralizing combination constructions, not just XOR. As an application, this yields the first indistinguishability amplification results for the cascade of PRPs (i.e., block ciphers) converting a weak PRP into an arbitrarily strong PRP, both for single-sided and two-sided queries. Fourth, strong security amplification is achieved for a subclass of neutralizing constructions which includes as a special case the construction of Myers. As an application we obtain highly practical optimal security amplification for block ciphers, simply by adding random offsets at the input and output of the cascade. Fifth, we show strong security amplification also for weakened assumptions like security against random-input (as opposed to chosen-input) attacks.

A key technique is a generalization of Yao’s XOR-lemma to (interactive) systems which is of independent interest.


  1. 1.
    Bellare, M., Impagliazzo, R., Naor, M.: Does parallel repetition lower the error in computationally sound protocols? In: FOCS 1997, pp. 374–383 (1997)Google Scholar
  2. 2.
    Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Canetti, R., Halevi, S., Steiner, M.: Hardness amplification of weakly verifiable puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Canetti, R., Rivest, R.L., Sudan, M., Trevisan, L., Vadhan, S.P., Wee, H.: Amplifying collision resistance: A complexity-theoretic treatment. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 264–283. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Damgård, I.B., Nielsen, J.B.: Expanding pseudorandom functions; or: From known-plaintext security to chosen-plaintext security. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 449–464. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Dodis, Y., Impagliazzo, R., Jaiswal, R., Kabanets, V.: Security amplification for interactive cryptographic primitives. In: TCC 2009. LNCS, vol. 5444, pp. 128–145 (2009)Google Scholar
  7. 7.
    Dwork, C., Naor, M., Reingold, O.: Immunizing encryption schemes from decryption errors. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 342–360. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Even, S., Goldreich, O.: On the power of cascade ciphers. ACM Trans. Comput. Syst. 3(2), 108–116 (1985)CrossRefGoogle Scholar
  9. 9.
    Goldreich, O., Impagliazzo, R., Levin, L.A., Venkatesan, R., Zuckerman, D.: Security preserving amplification of hardness. In: FOCS 1990, pp. 318–326 (1990)Google Scholar
  10. 10.
    Goldreich, O., Nisan, N., Wigderson, A.: On Yao’s XOR-lemma. Electronic Colloquium on Computational Complexity (ECCC) 2(50) (1995)Google Scholar
  11. 11.
    Haitner, I., Harnik, D., Reingold, O.: On the power of the randomized iterate. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 22–40. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Halevi, S., Rabin, T.: Degradation and amplification of computational hardness. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 626–643. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Herzberg, A.: On tolerant cryptographic constructions. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 172–190. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Holenstein, T.: Key agreement from weak bit agreement. In: STOC 2005, pp. 664–673 (2005)Google Scholar
  16. 16.
    Holenstein, T., Renner, R.: One-way secret-key agreement and applications to circuit polarization and immunization of public-key encryption. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 478–493. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Hopper, N., Molnar, D., Wagner, D.: From weak to strong watermarking. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 362–382. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Impagliazzo, R.: Hard-core distributions for somewhat hard problems. In: FOCS 1995, pp. 538–545 (1995)Google Scholar
  19. 19.
    Impagliazzo, R., Jaiswal, R., Kabanets, V.: Chernoff-type direct product theorems. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 500–516. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  20. 20.
    Levin, L.A.: One way functions and pseudorandom generators. Combinatorica 7(4), 357–363 (1987)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Luby, M., Rackoff, C.: Pseudo-random permutation generators and cryptographic composition. In: STOC 1986, pp. 356–363 (1986)Google Scholar
  22. 22.
    Maurer, U.: Indistinguishability of random systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110–132. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    Maurer, U., Massey, J.L.: Cascade ciphers: The importance of being first. Journal of Cryptology 6(1), 55–61 (1993)CrossRefMATHGoogle Scholar
  24. 24.
    Maurer, U., Pietrzak, K., Renner, R.: Indistinguishability amplification. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 130–149. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  25. 25.
    Maurer, U., Sjödin, J.: A fast and key-efficient reduction of chosen-ciphertext to known-plaintext security. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 498–516. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  26. 26.
    Myers, S.: On the development of block-ciphers and pseudo-random function generators using the composition and XOR operators. Master’s thesis, University of Toronto (1999)Google Scholar
  27. 27.
    Myers, S.: Efficient amplification of the security of weak pseudo-random function generators. Journal of Cryptology 16, 1–24 (2003)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Naor, M., Reingold, O.: Synthesizers and their application to the parallel construction of pseudo-random functions. Journal of Computer and System Sciences 58(2), 336–375 (1999)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Pass, R., Venkitasubramaniam, M.: An efficient parallel repetition theorem for Arthur-Merlin games. In: STOC 2007, pp. 420–429 (2007)Google Scholar
  30. 30.
    Pietrzak, K., Wikström, D.: Parallel repetition of computationally sound protocols revisited. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 86–102. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  31. 31.
    Shaltiel, R., Viola, E.: Hardness amplification proofs require majority. In: STOC 2008, pp. 589–598 (2008)Google Scholar
  32. 32.
    Vaudenay, S.: Provable security for block ciphers by decorrelation. In: Meinel, C., Morvan, M. (eds.) STACS 1998. LNCS, vol. 1373, pp. 249–275. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  33. 33.
    Vaudenay, S.: Adaptive-attack norm for decorrelation and super-pseudorandomness. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 49–61. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  34. 34.
    Wullschleger, J.: Oblivious-transfer amplification. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 555–572. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  35. 35.
    Yao, A.C.: Theory and applications of trapdoor functions. In: FOCS 1982, pp. 80–91 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ueli Maurer
    • 1
  • Stefano Tessaro
    • 1
  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland

Personalised recommendations