Pseudo-random permutation generators and cryptographic composition
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
Provable Security for Block Ciphers by Decorrelation
STACS '98 Proceedings of the 15th Annual Symposium on Theoretical Aspects of Computer Science
Indistinguishability of Random Systems
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Derandomized constructions of k-wise (almost) independent permutations
APPROX'05/RANDOM'05 Proceedings of the 8th international workshop on Approximation, Randomization and Combinatorial Optimization Problems, and Proceedings of the 9th international conference on Randamization and Computation: algorithms and techniques
Composition does not imply adaptive security
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Composition implies adaptive security in minicrypt
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Luby-Rackoff ciphers from weak round functions?
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Computational indistinguishability logic
Proceedings of the 17th ACM conference on Computer and communications security
On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption
Proceedings of the 17th ACM conference on Computer and communications security
Free-start distinguishing: combining two types of indistinguishability amplification
ICITS'09 Proceedings of the 4th international conference on Information theoretic security
Equivalence of uniform key agreement and composition insecurity
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
On generalized Feistel networks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Proving the security of ElGamal encryption via indistinguishability logic
Proceedings of the 2011 ACM Symposium on Applied Computing
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Constant-rate oblivious transfer from noisy channels
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
TCC'10 Proceedings of the 7th international conference on Theory of Cryptography
Constructive cryptography --- a new paradigm for security definitions and proofs
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Efficient and optimally secure key-length extension for block ciphers via randomized cascading
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
An asymptotically tight security analysis of the iterated even-mansour cipher
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Understanding adaptivity: random systems revisited
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Hi-index | 0.00 |
Many aspects of cryptographic security proofs can be seen as the proof that a certain system (e.g. a block cipher) is indistinguishable from an ideal system (e.g. a random permutation), for different types of distinguishers. This paper presents a new generic approach to proving upper bounds on the information-theoretic distinguishing advantage (from an ideal system) for a combined system, assuming upper bounds of certain types for the component systems. For a general type of combination operation of systems, including the XOR of functions or the cascade of permutations, we prove two amplification theorems. The first is a product theorem, in the spirit of XOR-lemmas: The distinguishing advantage of the combination of two systems is at most twice the product of the individual distinguishing advantages. This bound is optimal. The second theorem states that the combination of systems is secure against some strong class of distinguishers, assuming only that the components are secure against some weaker class of distinguishers. A key technical tool of the paper is the proof of a tight two-way correspondence, previously only known to hold in one direction, between the distinguishing advantage of two systems and the probability of winning an appropriately defined game.