Indifferentiability beyond the Birthday Bound for the Xor of Two Public Random Permutations

  • Avradip Mandal
  • Jacques Patarin
  • Valerie Nachef
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6498)


Xoring two permutations is a very simple way to construct pseudorandom functions from pseudorandom permutations. The aim of this paper is to get precise security results for this construction when the two permutations on n bits f and g are public. We will first prove that f ⊕ g is indifferentiable from a random function on n bits when the attacker is limited with q queries, with \(q \ll \sqrt {2^n}\). This bound is called the “birthday bound”. We will then prove that this bound can be improved to q 3 ≪ 22n . We essentially instantiate length preserving random functions, starting from fixed key ideal cipher with high security guarantee.


Indifferentiability Luby-Rackoff Backwards with public permutations Building random oracles from ideal block ciphers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aiello, W., Venkatesan, R.: Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 307–320. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Impagliazzo, R.: A Tool for Obtaining Tighter Security Analyses of Pseudorandom Function Based Constructions, with Applications to PRP to PRF Conversion. ePrint Archive 1999/024: Listing for 1999 (1999)Google Scholar
  3. 3.
    Bellare, M., Krovetz, T., Rogaway, P.: Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 266–280. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Bhattacharyya, R., Mandal, A., Nandi, M.: Security analysis of the mode of jh hash function. In: beyer, i. (ed.) FSE 2010. LNCS, vol. 6147, Springer, Heidelberg (2010)Google Scholar
  5. 5.
    Chang, D., Lee, S., Nandi, M., Yung, M.: Indifferentiable security analysis of popular hash functions with prefix-free padding. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 283–298. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Coron, J.C., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damgård Revisited: How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430–448. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Coron, J.-S., Patarin, J., Seurin, Y.: The Random Oracle Model and the Ideal Cipher Model are Equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1–20. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Dodis, Y., Pietrzak, K., Puniya, P.: A new mode of operation for block ciphers and length-preserving macs. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 198–219. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Hall, C., Wagner, D., Kelsey, J., Schneier, B.: Building PRFs from PRPs. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 370–389. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Hall Jr., M.: A Combinatorial Problem on Abelian Groups. Proceedings of the Americal Mathematical Society 3(4), 584–587 (1952)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Lucks, S.: The Sum of PRPs Is a Secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470–487. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Maurer, U., Pietrzak, K.: The Security of Many-Round Luby-Rackoff Pseudo-Random Permutations. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 544–561. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Maurer, U., Renner, R., Holenstein, C.: Indifferentiability Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21–39. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Maurer, U.M., Tessaro, S.: Domain extension of public random functions: Beyond the birthday barrier. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 187–204. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Nandi, M.: A simple and unified method of proving indistinguishability. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 317–334. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Patarin, J.: Luby-Rackoff: 7 Rounds are Enough for 2n(1 − ε) Security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 513–529. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Patarin, J.: On linear systems of equations with distinct variables and Small block size. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 299–321. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Patarin, J.: A proof of security in O(2n) for the Benes schemes. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 209–220. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Patarin, J.: A Proof of Security in O(2n) for the Xor of Two Random Permutations. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 232–248. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Patarin, J.: A Proof of Security in O(2n) for the Xor of Two Random Permutations - Extended Version. Cryptology ePrint archive: 2008/010: Listing for 2008 (2008)Google Scholar
  21. 21.
    Salzborn, F., Szekeres, G.: A Problem in Combinatorial Group Theory. Ars Combinatoria 7, 3–5 (1979)MathSciNetzbMATHGoogle Scholar
  22. 22.
    Seurin, Y.: Primitives et Protocoles cryptographics à sécurité prouvée. In: Ph. Thesis. Université de Versailles - Saint Quentin – France (2009)Google Scholar
  23. 23.
    Shrimpton, T., Stam, M.: Building a collision-resistant compression function from non-compressing primitives. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 643–654. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  24. 24.
    Stam, M.: Beyond uniformity: Better security/efficiency tradeoffs for compression functions. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 397–412. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Avradip Mandal
    • 1
  • Jacques Patarin
    • 2
  • Valerie Nachef
    • 3
  1. 1.University of LuxembourgLuxembourg
  2. 2.PRISMUniversité de VersaillesFrance
  3. 3.UMR CNRS 8088, University of Cergy-PontoiseFrance

Personalised recommendations