Abstract
In previous work, security results of decorrelation theory was based on the infinity-associated matrix norm. This enables to prove that decorrelation provides security against non-adaptive iterated attacks. In this paper we define a new matrix norm dedicated to adaptive chosen plaintext attacks. Similarly, we construct another matrix norm dedicated to chosen plaintext and ciphertext attacks.
The formalism from decorrelation enables to manipulate the notion of best advantage for distinguishers so easily that we prove as a trivial consequence a somewhat intuitive theorem which says that the best advantage for distinguishing a random product cipher from a truly random permutation decreases exponentially with the number of terms.
We show that several of the previous results on decorrelation extend with these new norms. In particular, we show that the Peanut construction (for instance the DFC algorithm) provides security against adaptive iterated chosen plaintext attacks with unchanged bounds, and security against adapted iterated chosen plaintext and ciphertext attacks with other bounds, which shows that it is actually super-pseudorandom.
We also generalize the Peanut construction to any scheme instead of the Feistel one. We show that one only requires an equivalent to Luby-Rackoff’s Lemma in order to get decorrelation upper bounds.
Part of this work was done while the author was visiting the NTT Laboratories.
Chapter PDF
Similar content being viewed by others
References
O. Baudron, H. Gilbert, L. Granboulan, H. Handschuh, R. Harley, A. Joux, P. Nguyen, F. Noilhan, D. Pointcheval, T. Pornin, G. Poupard, J. Stern, S. Vaudenay. DFC Update. In Proceedings from the Second Advanced Encryption Standard Candidate Conference, National Institute of Standards and Technology (NIST), March 1999.
L. Carter, M. Wegman. Universal Classes of Hash Functions. Journal of Computer and System Sciences, vol. 18, pp. 143–154, 1979.
H. Feistel. Cryptography and Computer Privacy. Scientific American, vol. 228, pp. 15–23, 1973.
H. Gilbert, M. Girault, P. Hoogvorst, F. Noilhan, T. Pornin, G. Poupard, J. Stern, S. Vaudenay. Decorrelated Fast Cipher: an AES Candidate. (Extended Abstract.) In Proceedings from the First Advanced Encryption Standard Candidate Conference, National Institute of Standards and Technology (NIST), August 1998.
H. Gilbert, M. Girault, P. Hoogvorst, F. Noilhan, T. Pornin, G. Poupard, J. Stern, S. Vaudenay. Decorrelated Fast Cipher: an AES Candidate. Submitted to the Advanced Encryption Standard process. In CD-ROM “AES CD-1: Documentation”, National Institute of Standards and Technology (NIST), August 1998.
X. Lai. On the Design and Security of Block Ciphers, ETH Series in Information Processing, vol. 1, Hartung-Gorre Verlag Konstanz, 1992.
X. Lai, J. L. Massey. A Proposal for a New Block Encryption Standard. In Advances in Cryptology EUROCRYPT’90, Aarhus, Denemark, Lectures Notes in Computer Science 473, pp. 389–404, Springer-Verlag, 1991.
M. Luby, C. Rackoff. How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing, vol. 17, pp. 373–386, 1988.
U. M. Maurer. A Simplified and Generalized Treatment of Luby-Rackoff Pseudorandom permutation generators. In Advances in Cryptology EUROCRYPT’92, Balatonfüred, Hungary, Lectures Notes in Computer Science 658, pp. 239–255, Springer-Verlag, 1993.
J. Patarin. How to Construct Pseudorandom and Super Pseudorandom Permutations from One Single Pseudorandom Function. In Advances in Cryptology EUROCRYPT’92, Balatonfüred, Hungary, Lectures Notes in Computer Science 658, pp. 256–266, Springer-Verlag, 1993.
J. O. Pliam. Bounding Guesswork and Variation Distance: A New Technique for Provable Cipher Security. In these proceedings.
C. E. Shannon. Communication Theory of Secrecy Systems. Bell system technical journal, vol. 28, pp. 656–715, 1949.
S. Vaudenay. Provable Security for Block Ciphers by Decorrelation. In STACS 98, Paris, France, Lectures Notes in Computer Science 1373, pp. 249–275, Springer-Verlag, 1998.
S. Vaudenay. Provable Security for Block Ciphers by Decorrelation. (Full Paper.) Technical report LIENS-98-8, Ecole Normale Supérieure, 1998. URL: ftp://ftp.ens.fr/pub/reports/liens/liens-98-8.A4.ps.Z
S. Vaudenay. Feistel Ciphers with L 2-Decorrelation. In Selected Areas in Cryptography, Kingston, Ontario, Canada, Lectures Notes in Computer Science 1556, pp. 1–14, Springer-Verlag, 1999.
S. Vaudenay. The Decorrelation Technique Home-Page. URL:http://www.dmi.ens.fr/~vaudenay/decorrelation.html
S. Vaudenay. Vers une Théorie du Chiffrement Symétrique, Dissertation for the diploma of “habilitation to supervise research” from the University of Paris 7, Technical Report LIENS-98-15 of the Laboratoire d’Informatique de l’Ecole Normale Supérieure, 1998.
S. Vaudenay. Resistance Against General Iterated Attacks. In Advances in Cryptology EUROCRYPT’99, Prague, Czech Republic, Lectures Notes in Computer Science 1592, pp. 255–271, Springer-Verlag, 1999.
S. Vaudenay. On the Lai-Massey Scheme. Technical report LIENS-99-3, Ecole Normale Supérieure, 1999. To appear in Asiacrypt’99, LNCS, Springer-Verlag. URL: ftp://ftp.ens.fr/pub/reports/liens/liens-99-3.A4.ps.Z
M. N. Wegman, J. L. Carter. New Hash Functions and their Use in Authentication and Set Equality. Journal of Computer and System Sciences, vol. 22, pp. 265–279, 1981.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S. (2000). Adaptive-Attack Norm for Decorrelation and Super-Pseudorandomness. In: Heys, H., Adams, C. (eds) Selected Areas in Cryptography. SAC 1999. Lecture Notes in Computer Science, vol 1758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46513-8_4
Download citation
DOI: https://doi.org/10.1007/3-540-46513-8_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67185-5
Online ISBN: 978-3-540-46513-3
eBook Packages: Springer Book Archive