Generic Attacks for the Xor of k Random Permutations
Xoring the output of k permutations, k ≥ 2 is a very simple way to construct pseudo-random functions (PRF) from pseudo-random permutations (PRP). Moreover such construction has many applications in cryptography (see [2,3,4,5] for example). Therefore it is interesting both from a theoretical and from a practical point of view, to get precise security results for this construction. In this paper, we will describe the best attacks that we have found on the Xor of k random n-bit to n-bit permutations. When k = 2, we will get an attack of computational complexity O(2n). This result was already stated in . On the contrary, for k ≥ 3, our analysis is new. We will see that the best known attacks require much more than 2n computations when not all of the 2n outputs are given, or when the function is changed on a few points. We obtain like this a new and very simple design that can be very useful when a security larger than 2n is wanted, for example when n is very small.
KeywordsPseudorandom functions pseudorandom permutations Luby-Rackoff backwards generic attacks
Unable to display preview. Download preview PDF.
- 2.Bellare, M., Impagliazzo, R.: A Tool for Obtaining Tighter Security Analyses of Pseudorandom Function Based Constructions, with Applications to PRP to PRF Conversion. ePrint Archive 1999/024: Listing for 1999 (1999)Google Scholar
- 9.Patarin, J.: Security in O(2n) for the Xor of Two Random Permutations — Proof with the standard H technique. This paper is available from the authorGoogle Scholar