Pseudo-random permutation generators and cryptographic composition
STOC '86 Proceedings of the eighteenth annual ACM symposium on Theory of computing
Indistinguishability of Random Systems
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Security Amplification for Interactive Cryptographic Primitives
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Computational Indistinguishability Amplification: Tight Product Theorems for System Composition
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Indistinguishability amplification
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Composition does not imply adaptive security
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Luby-Rackoff ciphers from weak round functions?
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Efficient and optimally secure key-length extension for block ciphers via randomized cascading
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Understanding adaptivity: random systems revisited
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Hi-index | 0.00 |
The term indistinguishability amplification refers to a setting where a certain construction combines two (or more) cryptographic primitives of the same type to improve their indistinguishability from an ideal primitive. Various constructions achieving this property have been studied, both in the information-theoretic and computational setting. In the former, a result due to Maurer, Pietrzak and Renner describes the amplification achieved by a very general class of constructions called neutralizing. Two types of amplification are observed: a product theorem (bounding the advantage in distinguishing the construction by twice the product of individual advantages) and the amplification of the distinguisher class (the obtained construction is secure against a wider class of distinguishers). In this paper, we combine these two aspects of information-theoretic indistinguishability amplification. We derive a new bound for the general case of a neutralizing construction that keeps the structure of a product theorem, while also capturing the amplification of the distinguisher class. This improves both bounds mentioned above. The new technical notion we introduce, central to our analysis, is the notion of free-start distinguishing of systems. This describes the setting where the distinguisher is allowed to choose any common state for both systems and then it is supposed to distinguish these systems starting from that chosen state.