TY - GEN
T1 - The advantage of truncated permutations
AU - Gilboa, Shoni
AU - Gueron, Shay
N1 - Publisher Copyright: © Springer Nature Switzerland AG 2019.
PY - 2019
Y1 - 2019
N2 - Constructing a Pseudo Random Function (PRF) from a pseudorandom permutation is a fundamental problem in cryptology. Such a construction, implemented by truncating the last m bits of permutations of (formula presented) was suggested by Hall et al. (1998). They conjectured that the distinguishing advantage of an adversary with q quesires, (formula presented), is small if (formula presented), established an upper bound on (formula presented) that confirms the conjecture for (formula presented), and also declared a general lower bound (formula presented). The conjecture was essentially confirmed by Bellare and Impagliazzo in 1999. Nevertheless, the problem of estimating (formula presented) remained open. Combining the trivial bound 1, the birthday bound, and a result by Stam (1978) leads to the following upper bound: (formula presented) This upper bound shows that the number of times that a truncated permutation can be used as a PRF can exceed the birthday bound by at least a factor of (formula presented). In this paper we show that this upper bound is tight for every (formula presented) and (formula presented). This, in turn, verifies that the converse to the conjecture of Hall et al. is also correct, i.e., that (formula presented) is negligible only for (formula presented).
AB - Constructing a Pseudo Random Function (PRF) from a pseudorandom permutation is a fundamental problem in cryptology. Such a construction, implemented by truncating the last m bits of permutations of (formula presented) was suggested by Hall et al. (1998). They conjectured that the distinguishing advantage of an adversary with q quesires, (formula presented), is small if (formula presented), established an upper bound on (formula presented) that confirms the conjecture for (formula presented), and also declared a general lower bound (formula presented). The conjecture was essentially confirmed by Bellare and Impagliazzo in 1999. Nevertheless, the problem of estimating (formula presented) remained open. Combining the trivial bound 1, the birthday bound, and a result by Stam (1978) leads to the following upper bound: (formula presented) This upper bound shows that the number of times that a truncated permutation can be used as a PRF can exceed the birthday bound by at least a factor of (formula presented). In this paper we show that this upper bound is tight for every (formula presented) and (formula presented). This, in turn, verifies that the converse to the conjecture of Hall et al. is also correct, i.e., that (formula presented) is negligible only for (formula presented).
KW - Advantage
KW - Pseudo random functions
KW - Pseudo random permutations
UR - http://www.scopus.com/inward/record.url?scp=85068217692&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-030-20951-3_11
DO - https://doi.org/10.1007/978-3-030-20951-3_11
M3 - منشور من مؤتمر
SN - 9783030209506
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 111
EP - 120
BT - Cyber Security Cryptography and Machine Learning - 3rd International Symposium, CSCML 2019, Proceedings
A2 - Dolev, Shlomi
A2 - Hendler, Danny
A2 - Lodha, Sachin
A2 - Yung, Moti
PB - Springer Verlag
T2 - 3rd International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2019
Y2 - 27 June 2019 through 28 June 2019
ER -