Beyond-birthday secure domain-preserving PRFs from a single permutation

Guo, Chun; Shen, Yaobin; Wang, Lei; Gu, Dawu

doi:10.1007/s10623-018-0528-8

Cited by 5 publications

(4 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Multiple key-homomorphic PRF families have been constructed via varying approaches [226,53,35,238,177,15]. In addition to key-homomorphism, PRF families have been defined/constructed with various other properties and features, e.g., bi-homomorphic PRFs [275], (private) constrained PRFs [75,55,73,83,57,246,244], Legendre PRFs [94], power residue PRFs [43], traceable PRFs [146,207], quantum PRFs [324,101], oblivious PRFs [84,56,124], domain-preserving PRFs [152], structure-preserving PRFs [2], related-key attack (RKA) secure PRFs [41,40,140,201,251,32,1,191,53,275,35], threshold/distributed PRFs [81,167,193,53,275,35], privately programmable PRFs [57,244], (zero-knowledge) provable PRFs [192,…”

Section: Definition 14 (Key-homomorphic Prf [53]mentioning

confidence: 99%

Star-specific Key-homomorphic PRFs from Linear Regression and Extremal Set Theory

Sehrawat¹,

Yeo²,

Vassilyev³

2022

Preprint

View full text Add to dashboard Cite

We introduce a novel method to derandomize the learning with errors (LWE) problem by generating deterministic yet sufficiently independent LWE instances, that are constructed via special linear regression models. We also introduce star-specific key-homomorphic (SSKH) pseudorandom functions (PRFs), which are defined by the respective sets of parties that construct them. We use our derandomized variant of LWE to construct a SSKH PRF family. The sets of parties constructing SSKH PRFs are arranged as star graphs with possibly shared vertices, i.e., some pair of sets have non-empty intersections. We reduce the security of our SSKH PRF family to the hardness of LWE. To establish the maximum number of SSKH PRFs that can be constructed -by a set of parties -in the presence of passive/active and external/internal adversaries, we prove several bounds on the size of maximally cover-free at most t-intersecting k-uniform family of sets H, where the three properties are defined as:For the same purpose, we define and compute the mutual information between different linear regression hypotheses that are generated via overlapping training datasets.

show abstract

Section: Definition 14 (Key-homomorphic Prf [53]mentioning

confidence: 99%

Star-specific Key-homomorphic PRFs from Linear Regression and Extremal Set Theory

Sehrawat¹,

Yeo²,

Vassilyev³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Our first contribution is to prove beyond-birthday-bound multi-user security for the 2-round tweakable SPN structure with a single S-box and independent round keys, with the added benefit that the inner linear permutation can be far simpler than the outer linear permutations. More specifically, we rely on the H-coefficients technique [Pat08] and on computational techniques from [CLL + 14, GSWG18,HT16] to prove that the security level of this construction is roughly equivalent to the one of the 2-round SPN structure with two independent S-boxes and a strong inner linear layer; Theorem 1 indicates that the multi-user advantage of any adversary will be small as long as the number of queries she issues is small in front of 2 2n/3 . A New Tweakable Enciphering Scheme.…”

Section: Our Contributionmentioning

confidence: 99%

CTET+: A Beyond-Birthday-Bound Secure Tweakable Enciphering Scheme Using a Single Pseudorandom Permutation

Cogliati

Ethan

Lallemand

et al. 2021

ToSC

View full text Add to dashboard Cite

In this work, we propose a construction of 2-round tweakable substitutionpermutation networks using a single secret S-box. This construction is based on non-linear permutation layers using independent round keys, and achieves security beyond the birthday bound in the random permutation model. When instantiated with an n-bit block cipher with ωn-bit keys, the resulting tweakable block cipher, dubbed CTET+, can be viewed as a tweakable enciphering scheme that encrypts ωκ-bit messages for any integer ω ≥ 2 using 5n + κ-bit keys and n-bit tweaks, providing 2n/3-bit security.Compared to the 2-round non-linear SPN analyzed in [CDK+18], we both minimize it by requiring a single permutation, and weaken the requirements on the middle linear layer, allowing better performance. As a result, CTET+ becomes the first tweakable enciphering scheme that provides beyond-birthday-bound security using a single permutation, while its efficiency is still comparable to existing schemes including AES-XTS, EME, XCB and TET. Furthermore, we propose a new tweakable enciphering scheme, dubbed AES6-CTET+, which is an actual instantiation of CTET+ using a reduced round AES block cipher as the underlying secret S-box. Extensivecryptanalysis of this algorithm allows us to claim 127 bits of security.Such tweakable enciphering schemes with huge block sizes become desirable in the context of disk encryption, since processing a whole sector as a single block significantly worsens the granularity for attackers when compared to, for example, AES-XTS, which treats every 16-byte block on the disk independently. Besides, as a huge amount of data is being stored and encrypted at rest under many different keys in clouds, beyond-birthday-bound security will most likely become necessary in the short term.

show abstract

“…It turns out that over the past several years researchers have invested a lot of effort in designing such pseudorandom functions [3,10,13,14,19,20,22,23,34,[45][46][47]. Out of several such designs, xor of two pseudorandom permutations, XOR 2 (x) := E k1 (x)⊕E k2 (x) 1 , and its single-keyed variant XOR 1 (x) := E k (0 x)⊕ E k (1 x), are the most popular ones.…”

Section: Introductionmentioning

confidence: 99%

Proof of Mirror Theory for a Wide Range of $$\xi _{\max }$$

Cogliati

Dutta²,

Nandi

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In CRYPTO'03, Patarin conjectured a lower bound on the number of distinct solutions (P1, . . . , Pq) ∈ ({0, 1} n ) q satisfying a system of equations of the form Xi ⊕ Xj = λi,j such that P1, P2, . . ., Pq are pairwise distinct. This result is known as "Pi ⊕ Pj Theorem for any ξmax" or alternatively as Mirror Theory for general ξmax, which was later proved by Patarin in ICISC'05. Mirror theory for general ξmax stands as a powerful tool to provide a high-security guarantee for many blockcipher-(or even ideal permutation-) based designs. Unfortunately, the proof of the result contains gaps that are non-trivial to fix. In this work, we present the first complete proof of the Pi ⊕ Pj theorem for a wide range of ξmax, typically up to order O(2 n/4 / √ n). Furthermore, our proof approach is made simpler by using a new type of equation, dubbed link-deletion equation, that roughly corresponds to half of the so-called orange equations from earlier works. As an illustration of our result, we also revisit the security proofs of two optimally secure blockcipher-based pseudorandom functions, and n-bit security proof for six round Feistel cipher, and provide updated security bounds.

show abstract

Beyond-birthday secure domain-preserving PRFs from a single permutation

Cited by 5 publications

References 24 publications

Star-specific Key-homomorphic PRFs from Linear Regression and Extremal Set Theory

Star-specific Key-homomorphic PRFs from Linear Regression and Extremal Set Theory

CTET+: A Beyond-Birthday-Bound Secure Tweakable Enciphering Scheme Using a Single Pseudorandom Permutation

Proof of Mirror Theory for a Wide Range of $$\xi _{\max }$$

Contact Info

Product

Resources

About