CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Generic attacks for the Xor of k random permutations
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
Xoring two permutations is a very simple way to construct pseudorandom functions from pseudorandom permutations. The aim of this paper is to get precise security results for this construction. Since such construction has many applications in cryptography (see [2,3,4,6] for example), this problem is interesting both from a theoretical and from a practical point of view. In [6], it was proved that Xoring two random permutations gives a secure pseudorandom function if $m \ll 2^{\frac {2n}{3}}$. By "secure" we mean here that the scheme will resist all adaptive chosen plaintext attacks limited to mqueries (even with unlimited computing power). More generally in [6] it is also proved that with kXor, instead of 2, we have security when $m \ll 2^{\frac {kn}{k+1}}$. In this paper we will prove that for k= 2, we have in fact already security when m茂戮驴 O(2n). Therefore we will obtain a proof of a similar result claimed in [2] (security when m茂戮驴 O(2n/n2/3)). Moreover our proof is very different from the proof strategy suggested in [2] (we do not use Azuma inequality and Chernoff bounds for example), and we will get precise and explicit Ofunctions. Another interesting point of our proof is that we will show that this (cryptographic) problem of security is directly related to a very simple to describe and purely combinatorial problem. An extended version of this paper can be obtained on eprint [8].