Generic Attacks for the Xor of k Random Permutations

  • Jacques Patarin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7954)


Xoring the output of k permutations, k ≥ 2 is a very simple way to construct pseudo-random functions (PRF) from pseudo-random permutations (PRP). Moreover such construction has many applications in cryptography (see [2,3,4,5] for example). Therefore it is interesting both from a theoretical and from a practical point of view, to get precise security results for this construction. In this paper, we will describe the best attacks that we have found on the Xor of k random n-bit to n-bit permutations. When k = 2, we will get an attack of computational complexity O(2 n ). This result was already stated in [2]. On the contrary, for k ≥ 3, our analysis is new. We will see that the best known attacks require much more than 2 n computations when not all of the 2 n outputs are given, or when the function is changed on a few points. We obtain like this a new and very simple design that can be very useful when a security larger than 2 n is wanted, for example when n is very small.


Pseudorandom functions pseudorandom permutations Luby-Rackoff backwards generic attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aiello, W., Venkatesan, R.: Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 307–320. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Impagliazzo, R.: A Tool for Obtaining Tighter Security Analyses of Pseudorandom Function Based Constructions, with Applications to PRP to PRF Conversion. ePrint Archive 1999/024: Listing for 1999 (1999)Google Scholar
  3. 3.
    Bellare, M., Krovetz, T., Rogaway, P.: Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 266–280. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Hall, C., Wagner, D., Kelsey, J., Schneier, B.: Building PRFs from PRPs. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 370–389. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Lucks, S.: The Sum of PRPs Is a Secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470–487. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Mandal, A., Patarin, J., Nachef, V.: Indifferentiability beyond the Birthday Bound for the Xor of Two Public Random Permutations. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 69–81. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Maurer, U., Pietrzak, K.: The Security of Many-Round Luby-Rackoff Pseudo-Random Permutations. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 544–561. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Patarin, J.: A Proof of Security in O(2n) for the Xor of Two Random Permutations. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 232–248. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Patarin, J.: Security in O(2n) for the Xor of Two Random Permutations — Proof with the standard H technique. This paper is available from the authorGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jacques Patarin
    • 1
  1. 1.Université de VersaillesVersailles CedexFrance

Personalised recommendations