The Sum of PRPs Is a Secure PRF
نویسنده
چکیده
Given d independent pseudorandom permutations (PRPs) πi, . . . , πd over {0, 1} , it appears natural to define a pseudorandom function (PRF) by adding (or XORing) the permutation results: sum(x) = π1(x)⊕· · ·⊕πd(x). This paper investigates the security of sum d and also considers a variant that only uses one single PRP over {0, 1}.
منابع مشابه
Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks
This paper fills an important foundational gap with the first proofs, under standard assumptions and in the standard model, of the existence of PRFs and PRPs resisting rich and relevant forms of relatedkey attack (RKA). An RKA allows the adversary to query the function not only under the target key but under other keys derived from it in adversary-specified ways. Based on the Naor-Reingold PRF ...
متن کاملOne-key Double-Sum MAC with Beyond-Birthday Security
MACs (Message Authentication Codes) are widely adopted in communication systems to ensure data integrity and data origin authentication, e.g. CBC-MACs in the ISO standard 9797-1. However, all the current designs either suffer from birthday attacks or require long key sizes. In this paper, we focus on designing beyond-birthday-bound MAC modes with a single key, and investigate their design princ...
متن کاملپروتکل کارا برای جمع چندسویه امن با قابلیت تکرار
In secure multiparty computation (SMC), a group of users jointly and securely computes a mathematical function on their private inputs, such that the privacy of their private inputs will be preserved. One of the widely used applications of SMC is the secure multiparty summation which securely computes the summation value of the users’ private inputs. In this paper, we consider a secure multipar...
متن کاملA Note on Quantum-Secure PRPs
We show how to construct pseudorandom permutations (PRPs) that remain secure even if the adversary can query the permutation on a quantum superposition of inputs. Such PRPs are called quantum-secure. Our construction combines a quantum-secure pseudorandom function together with constructions of classical format preserving encryption. By combining known results, we obtain the first quantum-secur...
متن کاملConcrete Security Characterizations of PRFs and PRPs: Reductions and Applications
We investigate several alternate characterizations of pseudorandom functions (PRFs) and pseudorandom permutations (PRPs) in a concrete security setting. By analyzing the concrete complexity of the reductions between the standard notions and the alternate ones, we show that the latter, while equivalent under polynomial-time reductions, are weaker in the concrete security sense. With these altern...
متن کامل