nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

On the Streaming Indistinguishability of a Random Permutation and a Random Function

verfasst von : Itai Dinur

Erschienen in: Advances in Cryptology – EUROCRYPT 2020

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

An adversary with S bits of memory obtains a stream of Q elements that are uniformly drawn from the set \(\{1,2,\ldots ,N\}\), either with or without replacement. This corresponds to sampling Q elements using either a random function or a random permutation. The adversary’s goal is to distinguish between these two cases.

This problem was first considered by Jaeger and Tessaro (EUROCRYPT 2019), which proved that the adversary’s advantage is upper bounded by \(\sqrt{Q \cdot S/N}\). Jaeger and Tessaro used this bound as a streaming switching lemma which allowed proving that known time-memory tradeoff attacks on several modes of operation (such as counter-mode) are optimal up to a factor of \(O(\log N)\) if \(Q \cdot S \approx N\). However, the bound’s proof assumed an unproven combinatorial conjecture. Moreover, if \(Q \cdot S \ll N\) there is a gap between the upper bound of \(\sqrt{Q \cdot S/N}\) and the \(Q \cdot S/N\) advantage obtained by known attacks.

In this paper, we prove a tight upper bound (up to poly-logarithmic factors) of \(O(\log Q \cdot Q \cdot S/N)\) on the adversary’s advantage in the streaming distinguishing problem. The proof does not require a conjecture and is based on a hybrid argument that gives rise to a reduction from the unique-disjointness communication complexity problem to streaming.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel OptORAMa: Optimal Oblivious RAM

Nächstes Kapitel He Gives C-Sieves on the CSIDH

Nur mit Berechtigung zugänglich

For the sake of brevity, in this paper we use the term “switching lemma” to refer to a particular type of lemma that allows to switch between a random permutation and a random function.

We note, however, that Jaeger and Tessaro’s result is superior to ours by a factor of up to \(O(\sqrt{\log Q})\) when \(S \cdot Q \approx N\).

In fact, the reduction is from the unique-disjointness problem which is a variant of set-disjointness with the promise that if the sets of the players intersect, the intersection size is 1.

A hybrid argument on a binary tree is also used to prove the security of the classical pseudo-random function construction by Goldreich et al. [11]. However, the resemblance is superficial, as in [11] the construction itself is a binary tree, whereas in our case, we build it artificially only in the proof.

For a (slightly outdated) survey on set-disjointness, refer to [8].

Our notation for disjointness is consistent with the rest of the paper, yet it differs from standard notation used in communication complexity.

The fact that “smoothing” is not required is also mentioned in [24, Footnote 7].

Alon, N., Matias, Y., Szegedy, M.: The space complexity of approximating the frequency moments. J. Comput. Syst. Sci. 58(1), 137–147 (1999)MathSciNetCrossRef

Bar-Yossef, Z., Jayram, T.S., Kumar, R., Sivakumar, D.: An information statistics approach to data stream and communication complexity. J. Comput. Syst. Sci. 68(4), 702–732 (2004)MathSciNetCrossRef

Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25CrossRef

Bhargavan, K., Leurent, G.: On the practical (in-)security of 64-bit block ciphers: collision attacks on HTTP over TLS and OpenVPN. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 456–467. ACM (2016)

Braverman, M., Moitra, A.: An information complexity approach to extended formulations. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) Symposium on Theory of Computing Conference, STOC 2013, Palo Alto, CA, USA, 1–4 June 2013, pp. 161–170. ACM (2013)

Brent, R.P.: An improved Monte Carlo factorization algorithm. BIT Numer. Math. 20(2), 176–184 (1980). https://doi.org/10.1007/BF01933190MathSciNetCrossRefMATH

Cachin, C., Maurer, U.: Unconditional security against memory-bounded adversaries. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 292–306. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052243CrossRef

Chattopadhyay, A., Pitassi, T.: The story of set disjointness. SIGACT News 41(3), 59–85 (2010)CrossRef

Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley, Hoboken (2006)MATH

10.

Dai, W., Hoang, V.T., Tessaro, S.: Information-theoretic indistinguishability via the Chi-Squared method. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 497–523. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_17CrossRef

11.

Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)MathSciNetCrossRef

12.

Göös, M., Watson, T.: Communication complexity of set-disjointness for all probabilities. Theory Comput. 12(1), 1–23 (2016)MathSciNetMATH

13.

Hall, C., Wagner, D., Kelsey, J., Schneier, B.: Building PRFs from PRPs. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 370–389. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055742CrossRef

14.

Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: Johnson, D.S. (ed.) Proceedings of the 21st Annual ACM Symposium on Theory of Computing, 14–17 May 1989, Seattle, Washigton, USA, pp. 44–61. ACM (1989)

15.

Jaeger, J., Tessaro, S.: Tight time-memory trade-offs for symmetric encryption. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 467–497. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_16CrossRef

16.

Kalyanasundaram, B., Schnitger, G.: The probabilistic communication complexity of set intersection. SIAM J. Discrete Math. 5(4), 545–557 (1992)MathSciNetCrossRef

17.

Knuth, D.E.: The Art of Computer Programming, Volume II: Seminumerical Algorithms. Addison-Wesley, Reading (1969)MATH

18.

Kushilevitz, E., Nisan, N.: Communication Complexity. Cambridge University Press, New York (1997)MATH

19.

Newman, I.: Private vs. common random bits in communication complexity. Inf. Process. Lett. 39(2), 67–71 (1991)MathSciNetCrossRef

20.

Nisan, N.: Pseudorandom generators for space-bounded computation. Combinatorica 12(4), 449–461 (1992)MathSciNetCrossRef

21.

Pollard, J.M.: A monte carlo method for factorization. BIT Numer. Math. 15(3), 331–334 (1975). https://doi.org/10.1007/BF0193366MathSciNetCrossRefMATH

22.

Razborov, A.A.: On the distributional complexity of disjointness. Theor. Comput. Sci. 106(2), 385–390 (1992)MathSciNetCrossRef

23.

Tessaro, S., Thiruvengadam, A.: Provable time-memory trade-offs: symmetric cryptography against memory-bounded adversaries. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018, Part I. LNCS, vol. 11239, pp. 3–32. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03807-6_1CrossRefMATH

24.

Watson, T.: Communication complexity with small advantage. In: Servedio, R.A. (ed.) 33rd Computational Complexity Conference, CCC 2018, 22–24 June 2018, San Diego, CA, USA, volume 102 of LIPIcs, pp. 9:1–9:17. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2018)

Titel: On the Streaming Indistinguishability of a Random Permutation and a Random Function
verfasst von: Itai Dinur
Verlag: Springer International Publishing
Buch: Advances in Cryptology – EUROCRYPT 2020
Print ISBN: 978-3-030-45723-5

Electronic ISBN: 978-3-030-45724-2

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-45724-2_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"