TY - GEN
T1 - Tight Indistinguishability Bounds for the XOR of Independent Random Permutations by Fourier Analysis
AU - Dinur, Itai
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2024.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - The XOR of two independent permutations (XoP) is a well-known construction for achieving security beyond the birthday bound when implementing a pseudorandom function using a block cipher (i.e., a pseudorandom permutation). The idealized construction (where the permutations are uniformly chosen and independent) and its variants have been extensively analyzed over nearly 25 years. The best-known asymptotic information-theoretic indistinguishability bound for the XoP construction is O(q/21.5n), derived by Eberhard in 2017. A generalization of the XoP construction outputs the XOR of r≥2 independent permutations, and has also received significant attention in both the single-user and multi-user settings. In particular, for r=3, the best-known bound (obtained by Choi et al. [ASIACRYPT’22]) is about q2/22.5n in the single-user setting and uqmax2/22.5n in the multi-user setting (where u is the number of users and qmax is the number of queries per user). In this paper, we prove an indistinguishability bound of q/2(r-0.5)n for the (generalized) XoP construction in the single-user setting, and a bound of uqmax/2(r-0.5)n in the multi-user setting. In particular, for r=2, we obtain the bounds q/21.5n and uqmax/21.5n in single-user and multi-user settings, respectively. For r=3 the corresponding bounds are q/22.5n and uqmax/22.5n. All of these bounds hold assuming q<2n/2 (or qmax<2n/2). Compared to previous works, we improve all the best-known bounds for the (generalized) XoP construction in the multi-user setting, and the best-known bounds for the generalized XoP construction for r≥3 in the single-user setting (assuming q≥2n/2). For the basic two-permutation XoP construction in the single-user setting, our concrete bound of q/21.5n stands in contrast to the asymptotic bound of O(q/21.5n) by Eberhard. Since all of our bounds are matched (up to constant factors) for q>2n/2 by attacks published by Patarin in 2008 (and their generalizations to the multi-user setting), they are all tight. We obtain our results by Fourier analysis of Boolean functions. Most of our technical work involves bounding (sums of) Fourier coefficients of the density function associated with sampling without replacement. While the proof of Eberhard relies on similar bounds, our proof is elementary and significantly simpler.
AB - The XOR of two independent permutations (XoP) is a well-known construction for achieving security beyond the birthday bound when implementing a pseudorandom function using a block cipher (i.e., a pseudorandom permutation). The idealized construction (where the permutations are uniformly chosen and independent) and its variants have been extensively analyzed over nearly 25 years. The best-known asymptotic information-theoretic indistinguishability bound for the XoP construction is O(q/21.5n), derived by Eberhard in 2017. A generalization of the XoP construction outputs the XOR of r≥2 independent permutations, and has also received significant attention in both the single-user and multi-user settings. In particular, for r=3, the best-known bound (obtained by Choi et al. [ASIACRYPT’22]) is about q2/22.5n in the single-user setting and uqmax2/22.5n in the multi-user setting (where u is the number of users and qmax is the number of queries per user). In this paper, we prove an indistinguishability bound of q/2(r-0.5)n for the (generalized) XoP construction in the single-user setting, and a bound of uqmax/2(r-0.5)n in the multi-user setting. In particular, for r=2, we obtain the bounds q/21.5n and uqmax/21.5n in single-user and multi-user settings, respectively. For r=3 the corresponding bounds are q/22.5n and uqmax/22.5n. All of these bounds hold assuming q<2n/2 (or qmax<2n/2). Compared to previous works, we improve all the best-known bounds for the (generalized) XoP construction in the multi-user setting, and the best-known bounds for the generalized XoP construction for r≥3 in the single-user setting (assuming q≥2n/2). For the basic two-permutation XoP construction in the single-user setting, our concrete bound of q/21.5n stands in contrast to the asymptotic bound of O(q/21.5n) by Eberhard. Since all of our bounds are matched (up to constant factors) for q>2n/2 by attacks published by Patarin in 2008 (and their generalizations to the multi-user setting), they are all tight. We obtain our results by Fourier analysis of Boolean functions. Most of our technical work involves bounding (sums of) Fourier coefficients of the density function associated with sampling without replacement. While the proof of Eberhard relies on similar bounds, our proof is elementary and significantly simpler.
UR - http://www.scopus.com/inward/record.url?scp=85193619882&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-58716-0_2
DO - 10.1007/978-3-031-58716-0_2
M3 - Conference contribution
AN - SCOPUS:85193619882
SN - 9783031587153
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 33
EP - 62
BT - Advances in Cryptology – EUROCRYPT 2024 - 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2024, Proceedings
A2 - Joye, Marc
A2 - Leander, Gregor
PB - Springer Science and Business Media Deutschland GmbH
T2 - 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2024
Y2 - 26 May 2024 through 30 May 2024
ER -