The H-Coefficient Method

Nachef, Valerie; Patarin, Jacques; Volte, Emmanuel

doi:10.1007/978-3-319-49530-9_3

Valerie Nachef⁴,
Jacques Patarin⁵ &
Emmanuel Volte⁴

993 Accesses

Abstract

The “H-coefficient technique” was introduced in 1990 and 1991 in Patarin (Pseudorandom permutations based on the DES scheme, Springer, Heidelberg, 1990, pp. 193–204; Étude des Générateurs de Permutations Pseudo-aléatoires basés sur le schéma du D.E.S., PhD, November 1991). Since then, it has been used many times to prove various results on pseudo-random functions and pseudo-random permutations (Chen et al., Minimizing the Two-round Even-Mansour Cipher Advances in Cryptology – CRYPTO 2014, vol. 8616, Springer, Heidelberg, 2014, pp. 39–56; Gilbert and Minier, New results on the pseudorandomness of some blockcipher constructions, Springer, Heidelberg, 2001, pp. 248–266; Pieprzyk, How to construct pseudorandom permutations from single pseudorandom functions, Springer, Heidelberg, 1991, pp. 140–150; Yun et al., Des. Codes Cryptography 58:45–72, 2011). Recently, it has also been used on key-alternating ciphers (Even-Mansour), cf. (Chen and Steinberger, Tight security bounds for key-alternating ciphers, Springer, Heidelberg, 2014, pp. 327–350) for example. We will use this technique in Chap. 4 for the specific cases of Ψ ³, Ψ ⁴, and then in many proofs of security of this book. In this chapter, in Sect. 3.1, we will present the “H-coefficient technique”, in a general way (not only for Ψ ^k), with different formulations when we study different cryptographic attacks (known-plaintext attacks, chosen-plaintext attacks, etc.). In Sect. 3.4, we will present an example with the exact values of the H coefficient on Ψ ^k with q = 2 plaintext/ciphertext pairs. Finally, in Sect. 3.5, we will present two simple and powerful composition theorems based on H-coefficient method in CCA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 149.00; Price excludes VAT (USA)

Softcover Book: USD 199.99; Price excludes VAT (USA)

Hardcover Book: USD 199.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Cogliati, B., Patarin, J., Seurin, Y.: Security amplification for the composition of block cipher: simpler proofs and new results. In: Joux, A., Yousssef, A. (eds.), Selected Areas in Cryptography– SAC ’14, vol. 8781, Lecture Notes in Computer Science, pp. 129–146 Springer, Heidelberg (2014)
Google Scholar
Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, M. (eds.), Advances in Cryptology – CRYPTO 2016, vol. 9814, Lecture Notes in Computer Science, pp. 3–32 Springer, Heidelberg (2016)
Google Scholar
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17, 373–386 (1988)
Article MathSciNet MATH Google Scholar
Maurer, U.: Indistinguishability of random systemes. In: Knudsen, L.R. (ed.), Advances in Cryptology – EUROCRYPT ’02, vol. 2332, Lecture Notes in Computer Science, pp. 110–132. Springer, Heidelberg (2002)
Google Scholar
Maurer, U., Pietrzak, K., Renner, R.: Indistinguishability simplification. In: Menezes, A. (ed.), Advances in Cryptology – CRYPTO ’07, vol. 4622, Lecture Notes in Computer Science, pp. 130–149. Springer, Heidelberg (2007)
Google Scholar
Myers, S.: Black-box composition does not imply adaptive security. In: Cachin, C., Camenisch, J.L. (eds.), Advances in Cryptology – EUROCRYPT ’04, vol. 3027, Lecture Notes in Computer Science, pp. 189–206 Springer, Heidelberg (2004)
Google Scholar
Patarin, J.: Étude des Générateurs de Permutations Pseudo-aléatoires basés sur le schéma du D.E.S., PhD, November 1991
Google Scholar
Patarin, J.: Luby-Rackoff: 7 rounds are enough for 2^n(1−ε) security. In: Boneh, D. (ed.), Advances in Cryptology – CRYPTO 2003, vol. 2729, Lecture Notes in Computer Science, pp. 513–529 Springer, Heidelberg (2003)
Google Scholar
Patarin, J.: The “coefficient H” technique. In: Avanzi, R., Keliher, L., Sica, F. (eds.), Selected Areas in Cryptography – SAC ’08, vol. 5381, Lecture Notes in Computer Science, pp. 328–345. Springer, Heidelberg (2009)
Google Scholar
Pietrzak, K.: Composition does not imply adaptive security. In: Shoup, V. (ed.), Advances in Cryptology – CRYPTO ’05, vol. 3621, Lecture Notes in Computer Science, pp. 55–65. Springer, Heidelberg (2005)
Google Scholar
Tessaro, S.: Security amplification for the cascade of arbitrarily weak PRPs: tight bounds via the interactive hardcore lemma. In: Ishai, Y. (eds.) Theory of Cryptography (TCC). Lecture Notes in Computer Science, vol. 6597, pp. 37–54. Springer (2011)
Google Scholar

Download references

Author information

Authors and Affiliations

Mathematics/UMR CNRS 8088, University of Cergy-Pontoise, Cergy-Pontoise, Val-d’Oise, France
Valerie Nachef & Emmanuel Volte
Laboratoire de Mathématiques de Versailles, UVSQ/UMR CNRS 8100, University Paris-Saclay, Versailles, Yvelines, France
Jacques Patarin

Authors

Valerie Nachef
View author publications
You can also search for this author in PubMed Google Scholar
Jacques Patarin
View author publications
You can also search for this author in PubMed Google Scholar
Emmanuel Volte
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Nachef, V., Patarin, J., Volte, E. (2017). The H-Coefficient Method. In: Feistel Ciphers. Springer, Cham. https://doi.org/10.1007/978-3-319-49530-9_3

Download citation

DOI: https://doi.org/10.1007/978-3-319-49530-9_3
Published: 22 February 2017
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49528-6
Online ISBN: 978-3-319-49530-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics