Generic Attacks for the Xor of k Random Permutations
Xoring the output of k permutations, k ≥ 2 is a very simple way to construct pseudo-random functions (PRF) from pseudo-random permutations (PRP). Moreover such construction has many applications in cryptography (see [2,3,4,5] for example). Therefore it is interesting both from a theoretical and from a practical point of view, to get precise security results for this construction. In this paper, we will describe the best attacks that we have found on the Xor of k random n-bit to n-bit permutations. When k = 2, we will get an attack of computational complexity O(2 n ). This result was already stated in . On the contrary, for k ≥ 3, our analysis is new. We will see that the best known attacks require much more than 2 n computations when not all of the 2 n outputs are given, or when the function is changed on a few points. We obtain like this a new and very simple design that can be very useful when a security larger than 2 n is wanted, for example when n is very small.
KeywordsPseudorandom functions pseudorandom permutations Luby-Rackoff backwards generic attacks
Unable to display preview. Download preview PDF.
- 2.Bellare, M., Impagliazzo, R.: A Tool for Obtaining Tighter Security Analyses of Pseudorandom Function Based Constructions, with Applications to PRP to PRF Conversion. ePrint Archive 1999/024: Listing for 1999 (1999)Google Scholar
- 9.Patarin, J.: Security in O(2n) for the Xor of Two Random Permutations — Proof with the standard H technique. This paper is available from the authorGoogle Scholar