Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

Annual Cryptology Conference

CRYPTO 2012: Advances in Cryptology – CRYPTO 2012 pp 68–85Cite as

  1. Home
  2. Advances in Cryptology – CRYPTO 2012
  3. Conference paper
Substitution-Permutation Networks, Pseudorandom Functions, and Natural Proofs

Substitution-Permutation Networks, Pseudorandom Functions, and Natural Proofs

  • Eric Miles18 &
  • Emanuele Viola18 
  • Conference paper
  • 5043 Accesses

  • 11 Citations

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7417)

Abstract

This paper takes a new step towards closing the troubling gap between pseudorandom functions (PRF) and their popular, bounded-input-length counterparts. This gap is both quantitative, because these counterparts are more efficient than PRF in various ways, and methodological, because these counterparts usually fit in the substitution-permutation network paradigm (SPN) which has not been used to construct PRF.

We give several candidate PRF \(\mathcal {F}_i\) that are inspired by the SPN paradigm. This paradigm involves a “substitution function” (S-box). Our main candidates are:

\(\mathcal {F}_1 : \{0, 1\}^n \rightarrow \{0, 1\}^n\) is an SPN whose S-box is a random function on b bits given as part of the seed. We prove unconditionally that \(\mathcal {F}_1\) resists attacks that run in time \(\le 2^{\epsilon b}\). Setting \(b = \omega (\lg n)\) we obtain an inefficient PRF, which however seems to be the first such construction using the SPN paradigm.

\(\mathcal {F}_2 : \{0, 1\}^n \rightarrow \{0, 1\}^n\) is an SPN where the S-box is (patched) field inversion, a common choice in practical constructions. \(\mathcal {F}_2\) is computable with Boolean circuits of size \(n \cdot \log ^{O(1)} n\), and in particular with seed length \(n \cdot \log ^{O(1)} n\). We prove that this candidate has exponential security \(2^{\Omega (n)}\) against linear and differential cryptanalysis.

\(\mathcal {F}_3 : \{0, 1\}^n \rightarrow \{0, 1\}\) is a non-standard variant on the SPN paradigm, where “states” grow in length. \(\mathcal {F}_3\) is computable with size \(n^{1+\epsilon }\), for any \(\epsilon > 0\), in the restricted circuit class \(\mathrm {TC}^0\) of unbounded fan-in majority circuits of constant-depth. We prove that \(\mathcal {F}_3\) is almost 3-wise independent.

\(\mathcal {F}_4 : \{0, 1\}^n \rightarrow \{0, 1\}\) uses an extreme setting of the SPN parameters (one round, one S-box, no diffusion matrix). The S-box is again (patched) field inversion. We prove that this candidate fools all parity tests that look at \(\le 2^{0.9n}\) outputs.

Assuming the security of our candidates, our work also narrows the gap between the “Natural Proofs barrier” [Razborov & Rudich; JCSS ’97] and existing lower bounds, in three models: unbounded-depth circuits, \(\mathrm {TC}^0\) circuits, and Turing machines. In particular, the efficiency of the circuits computing \(\mathcal {F}_3\) is related to a result by Allender and Koucky [JACM ’10] who show that a lower bound for such circuits would imply a lower bound for \(\mathrm {TC}^0\).

Keywords

  • Random Function
  • Turing Machine
  • Block Cipher
  • Advance Encryption Standard
  • Seed Length

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Supported by NSF grant CCF-0845003.

Download conference paper PDF

References

  1. Aaronson, S., Wigderson, A.: Algebrization: a new barrier in complexity theory. In: 40th ACM Symp. on the Theory of Computing, STOC, pp. 731–740 (2008)

    Google Scholar 

  2. Allender, E., Koucký, M.: Amplifying lower bounds by means of self-reducibility. J. of the ACM 57(3) (2010)

    Google Scholar 

  3. Alon, N., Goldreich, O., Håstad, J., Peralta, R.: Simple constructions of almost \(k\)-wise independent random variables. Random Structures & Algorithms 3(3), 289–304 (1992)

    CrossRef  MathSciNet  MATH  Google Scholar 

  4. Baker, T., Gill, J., Solovay, R.: Relativizations of the P=? NP question. SIAM J. Comput. 4(4), 431–442 (1975)

    Google Scholar 

  5. Bazzi, L.M.J.: Polylogarithmic independence can fool DNF formulas. SIAM J. Comput. 38(6), 2220–2272 (2009)

    CrossRef  MathSciNet  MATH  Google Scholar 

  6. Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)

    CrossRef  MathSciNet  MATH  Google Scholar 

  7. Braverman, M.: Poly-logarithmic independence fools \(AC^0\) circuits. In: 24th IEEE Conf. on Computational Complexity, CCC. IEEE (2009)

    Google Scholar 

  8. Brodsky, A., Hoory, S.: Simple permutations mix even better. Random Struct. Algorithms 32(3), 274–289 (2008)

    CrossRef  MathSciNet  MATH  Google Scholar 

  9. Cho, H.-S., Sung, S.H., Kwon, D., Lee, J.-K., Song, J.H., Lim, J.: New Method for Bounding the Maximum Differential Probability for SPNs and ARIA. In: Park, C., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 21–32. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  10. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer (2002)

    Google Scholar 

  11. Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptology 10(3), 151–162 (1997)

    CrossRef  MathSciNet  MATH  Google Scholar 

  12. Gao, S., von zur Gathen, J., Panario, D., Shoup, V.: Algorithms for exponentiation in finite fields. J. Symb. Comput. 29(6), 879–889 (2000)

    Google Scholar 

  13. Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl: a SHA-3 candidate (2011), http://www.groestl.info

  14. Gentry, C., Ramzan, Z.: Eliminating Random Permutation Oracles in the Even-Mansour Cipher. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 32–47. Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  15. Gerasoulis, A.: A fast algorithm for the multiplication of generalized Hilbert matrices with vectors. Mathematics of Computation 50, 179–188 (1988)

    CrossRef  MathSciNet  MATH  Google Scholar 

  16. Goldreich, O.: Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press (2001)

    Google Scholar 

  17. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. of the ACM 33(4), 792–807 (1986)

    CrossRef  MathSciNet  MATH  Google Scholar 

  18. Goldreich, O., Levin, L.: A hard-core predicate for all one-way functions. In: 21st ACM Symp. on the Theory of Computing, STOC, pp. 25–32 (1989)

    Google Scholar 

  19. Gowers, W.: An almost \(m\)-wise independent random permutation of the cube. Combinatorics, Probability and Computing 5(2), 119–130 (1996)

    CrossRef  MathSciNet  MATH  Google Scholar 

  20. Haitner, I., Reingold, O., Vadhan, S.P.: Efficiency improvements in constructing pseudorandom generators from one-way functions. In: 42nd ACM Symp. on the Theory of Computing, STOC, pp. 437–446 (2010)

    Google Scholar 

  21. Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)

    CrossRef  MathSciNet  MATH  Google Scholar 

  22. Healy, A., Viola, E.: Constant-Depth Circuits for Arithmetic in Finite Fields of Characteristic Two. In: Durand, B., Thomas, W. (eds.) STACS 2006. LNCS, vol. 3884, pp. 672–683. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  23. Hesse, W., Allender, E., Barrington, D.A.M.: Uniform constant-depth threshold circuits for division and iterated multiplication. J. Comput. System Sci. 65(4), 695–716 (2002); Special issue on complexity, 2001 (Chicago, IL)

    Google Scholar 

  24. Hoory, S., Magen, A., Myers, S., Rackoff, C.: Simple permutations mix well. Theor. Comput. Sci. 348(2-3), 251–261 (2005)

    CrossRef  MathSciNet  MATH  Google Scholar 

  25. Jakobsen, T., Knudsen, L.: Attacks on block ciphers of low algebraic degree. Journal of Cryptology 14, 197–210 (2001)

    CrossRef  MathSciNet  MATH  Google Scholar 

  26. Kang, J.S., Hong, S., Lee, S., Yi, O., Park, C., Lim, J.: Practical and provable security against differential and linear cryptanalysis for substitution-permutation networks. ETRI Journal 23(4), 158–167 (2001)

    CrossRef  Google Scholar 

  27. Keliher, L., Meijer, H., Tavares, S.: New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 420–436. Springer, Heidelberg (2001)

    CrossRef  Google Scholar 

  28. Knudsen, L.R.: Truncated and Higher Order Differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)

    Google Scholar 

  29. Kopparty, S.: On the complexity of powering in finite fields. In: ACM Symp. on the Theory of Computing, STOC (2011)

    Google Scholar 

  30. Kushilevitz, E., Nisan, N.: Communication complexity. Cambridge University Press (1997)

    Google Scholar 

  31. Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17(2), 373–386 (1988)

    CrossRef  MathSciNet  MATH  Google Scholar 

  32. Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)

    CrossRef  Google Scholar 

  33. Naor, J., Naor, M.: Small-bias probability spaces: efficient constructions and applications. SIAM J. Comput. 22(4), 838–856 (1993)

    CrossRef  MathSciNet  MATH  Google Scholar 

  34. Naor, M., Reingold, O.: On the construction of pseudorandom permutations: Luby-Rackoff revisited. J. Cryptology 12(1), 29–66 (1999)

    CrossRef  MathSciNet  MATH  Google Scholar 

  35. Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. J. of the ACM 51(2), 231–262 (2004)

    CrossRef  MathSciNet  MATH  Google Scholar 

  36. Nyberg, K.: Differentially Uniform Mappings for Cryptography. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 55–64. Springer, Heidelberg (1994)

    CrossRef  Google Scholar 

  37. Pieprzyk, J.: On bent permutations. In: Proceedings of the International Conference on Finite Fields, Coding Theory, and Advances in Communications and Computing, Las Vegas (August 1991)

    Google Scholar 

  38. Ramzan, Z., Reyzin, L.: On the Round Security of Symmetric-Key Cryptographic Primitives. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 376–393. Springer, Heidelberg (2000)

    CrossRef  Google Scholar 

  39. Razborov, A., Rudich, S.: Natural proofs. J. of Computer and System Sciences 55(1), 24–35 (1997)

    CrossRef  MathSciNet  MATH  Google Scholar 

  40. Razborov, A.A.: A simple proof of Bazzi’s theorem. ACM Transactions on Computation Theory (TOCT) 1(1) (2009)

    Google Scholar 

  41. Roth, R.M., Seroussi, G.: On generator matrices of MDS codes. IEEE Transactions on Information Theory 31, 826–830 (1985)

    CrossRef  MathSciNet  MATH  Google Scholar 

  42. Shannon, C.: Communication theory of secrecy systems. Bell Systems Technical Journal 28(4), 656–715 (1949)

    CrossRef  MathSciNet  MATH  Google Scholar 

  43. Vadhan, S.P., Zheng, C.J.: Characterizing pseudoentropy and simplifying pseudorandom generator constructions. In: ACM Symp. on the Theory of Computing, STOC (2012)

    Google Scholar 

  44. Williams, R.: Non-uniform ACC lower bounds. In: IEEE Conf. on Computational Complexity, CCC (2011)

    Google Scholar 

  45. Wu, H.: The hash function JH (2011), http://www3.ntu.edu.sg/home/wuhj/research/jh/index.html

Download references

Author information

Authors and Affiliations

  1. Northeastern University, Boston, USA

    Eric Miles & Emanuele Viola

Authors
  1. Eric Miles
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emanuele Viola
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eric Miles .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive NW, T2N 1N4, Calgary, AB, Canada

    Reihaneh Safavi-Naini

  2. Department of Computer Science, University of Boston, 111 Cummington Street, 02215, Boston, MA, USA

    Ran Canetti

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 International Association for Cryptologic Research 2012

About this paper

Cite this paper

Miles, E., Viola, E. (2012). Substitution-Permutation Networks, Pseudorandom Functions, and Natural Proofs. In: Safavi-Naini, R., Canetti, R. (eds) Advances in Cryptology – CRYPTO 2012. CRYPTO 2012. Lecture Notes in Computer Science, vol 7417. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32009-5_5

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-32009-5_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32008-8

  • Online ISBN: 978-3-642-32009-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature