scholarly journals Cryptanalysis of the generalised Legendre pseudorandom function

2020 ◽  
Vol 4 (1) ◽  
pp. 267-282
Author(s):  
Novak Kaluđerović ◽  
Thorsten Kleinjung ◽  
Dušan Kostić
Keyword(s):  
Pseudorandom Function

scholarly journals On Length Independent Security Bounds for the PMAC Family

2021 ◽  
pp. 423-445
Author(s):  
Bishwajit Chakraborty ◽  
Soumya Chattopadhyay ◽  
Ashwin Jha ◽  
Mridul Nandi
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Gray Code ◽  
Tight Bound ◽  
Simple Modification ◽  
Security Proof ◽  
Tight Security ◽  
Pseudorandom Function ◽  
Exact Security ◽  
Query Length

At FSE 2017, Gaži et al. demonstrated a pseudorandom function (PRF) distinguisher (Gaži et al., ToSC 2016(2)) on PMAC with Ω(lq2/2n) advantage, where q, l, and n, denote the number of queries, maximum permissible query length (in terms of n-bit blocks), and block size of the underlying block cipher. This, in combination with the upper bounds of Ο(lq2/2n) (Minematsu and Matsushima, FSE 2007) and Ο(qσ/2n) (Nandi and Mandal, J. Mathematical Cryptology 2008(2)), resolved the long-standing problem of exact security of PMAC. Gaži et al. also showed that the dependency on l can be dropped (i.e. O(q2/2n) bound up to l ≤ 2n/2) for a simplified version of PMAC, called sPMAC, by replacing the Gray code-based masking in PMAC with any 4-wise independent universal hash-based masking. Recently, Naito proposed another variant of PMAC with two powering-up maskings (Naito, ToSC 2019(2)) that achieves l-free bound of O(q2/2n), provided l ≤ 2n/2. In this work, we first identify a flaw in the analysis of Naito’s PMAC variant that invalidates the security proof. Apparently, the flaw is not easy to fix under the existing proof setup. We then formulate an equivalent problem which must be solved in order to achieve l-free security bounds for this variant. Second, we show that sPMAC achieves O(q2/2n) bound for a weaker notion of universality as compared to the earlier condition of 4-wise independence. Third, we analyze the security of PMAC1 (a popular variant of PMAC) with a simple modification in the linear combination of block cipher outputs. We show that this simple modification of PMAC1 has tight security O(q2/2n) provided l ≤ 2n/4. Even if l < 2n/4, we still achieve same tight bound as long as total number of blocks in all queries is less than 22n/3.

scholarly journals Orthros: A Low-Latency PRF

2021 ◽  
pp. 37-77
Author(s):  
Subhadeep Banik ◽  
Takanori Isobe ◽  
Fukang Liu ◽  
Kazuhiko Minematsu ◽  
Kosei Sakamoto
Keyword(s):  
Hardware Implementation ◽  
Block Cipher ◽  
State Of The Art ◽  
Security Analysis ◽  
Parallel Structure ◽  
Low Latency ◽  
Round Function ◽  
Minimum Latency ◽  
Primary Focus ◽  
Pseudorandom Function

We present Orthros, a 128-bit block pseudorandom function. It is designed with primary focus on latency of fully unrolled circuits. For this purpose, we adopt a parallel structure comprising two keyed permutations. The round function of each permutation is similar to Midori, a low-energy block cipher, however we thoroughly revise it to reduce latency, and introduce different rounds to significantly improve cryptographic strength in a small number of rounds. We provide a comprehensive, dedicated security analysis. For hardware implementation, Orthros achieves the lowest latency among the state-of-the-art low-latency primitives. For example, using the STM 90nm library, Orthros achieves a minimum latency of around 2.4 ns, while other constructions like PRINCE, Midori-128 and QARMA9-128- σ0 achieve 2.56 ns, 4.10 ns, 4.38 ns respectively.

scholarly journals Revisiting Variable Output Length XOR Pseudorandom Function

2018 ◽  
pp. 314-335 ◽  
Author(s):  
Srimanta Bhattacharya ◽  
Mridul Nandi
Keyword(s):  
Linear Equations ◽  
Security Analysis ◽  
Basic Structure ◽  
Authenticated Encryption ◽  
Security Proof ◽  
Simple Variant ◽  
Encryption Algorithms ◽  
The Cost ◽  
Mirror Theory ◽  
Pseudorandom Function

Let σ be some positive integer and C ⊆ {(i, j) : 1 ≤ i < j ≤ σ}. The theory behind finding a lower bound on the number of distinct blocks P1, . . . , Pσ ∈ {0, 1}n satisfying a set of linear equations {Pi ⊕Pj = ci,j : (i, j) ∈ C} for some ci,j ∈ {0, 1}n, is called mirror theory. Patarin introduced the mirror theory and provided a proof for this. However, the proof, even for a special class of equations, is complex and contains several non-trivial gaps. As an application of mirror theory, XORP[w] (known as XOR construction) returning (w−1) block output, is a pseudorandom function (PRF) for some parameter w, called width. The XOR construction can be seen as a basic structure of some encryption algorithms, e.g., the CENC encryption and the CHM authenticated encryption, proposed by Iwata in 2006. Due to potential application of XORP[w] and the nontrivial gaps in the proof of mirror theory, an alternative simpler analysis of PRF-security of XORP[w] would be much desired. Recently (in Crypto 2017) Dai et al. introduced a tool, called the χ2 method, for analyzing PRF-security. Using this tool, the authors have provided a proof of PRF-security of XORP[2] without relying on the mirror theory. In this paper, we resolve the general case; we apply the χ2 method to obtain a simpler security proof of XORP[w] for any w ≥ 2. For w = 2, we obtain a tighter bound for a wider range of parameters than that of Dai et al.. Moreover, we consider variable width construction XORP[∗] (in which the widths are chosen by adversaries adaptively), and also provide variable output length pseudorandom function (VOLPRF) security analysis for it. As an application of VOLPRF, we propose an authenticated encryption which is a simple variant of CHM or AES-GCM and provides much higher security than those at the cost of one extra blockcipher call for every message.

scholarly journals Private Predicate Encryption for Inner Product from Key-Homomorphic Pseudorandom Function

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Yi-Fan Tseng ◽  
Zi-Yuan Liu ◽  
Jen-Chieh Hsu ◽  
Raylin Tso
Keyword(s):  
Discrete Logarithm ◽  
Public Key ◽  
Inner Product ◽  
Sensitive Information ◽  
Public Key Encryption ◽  
Secret Key ◽  
New Paradigm ◽  
Generic Construction ◽  
Predicate Encryption ◽  
Pseudorandom Function

Predicate encryption (PE), formalized by Katz et al., is a new paradigm of public-key encryption that conceptually captures the public-key encryption that supports fine-grained access control policy. Because of the nature of PE, it is used for cloud storage so that users can retrieve encrypted data without revealing any information about the data to cloud servers and other users. Although lots of PE schemes have been studied, the predicate-hiding security is seldom considered; that is, the user’s secret key may leak sensitive information of the predicate. Additionally, the security of the current predicate-hiding PE schemes relies on the discrete logarithm assumption which cannot resist the quantum attacks in the future. In this paper, we propose a generic PE for inner product under symmetric-key setting, called private IPE, from specific key-homomorphic pseudorandom function (PRF). The rigorous proofs are provided to show that the construction is payload-hiding, attribute-hiding, and predicate-hiding secure. With the advantage of the generic construction, if the underlying PRF can resist quantum attacks, then, through our proposed generic construction, a quantum-resistant private IPE can be obtained.

Sign in / Sign up

Export Citation Format

Share Document