The advantage of truncated permutations

Shoni Gilboa, Shay Gueron

Research output: Contribution to journalArticlepeer-review

Abstract

Constructing a Pseudo Random Function (PRF) is a fundamental problem in cryptology. Such a construction, implemented by truncating the last m bits of permutations of {0,1}n was suggested by Hall et al. (1998). They conjectured that the distinguishing advantage of an adversary with q queries, Advn,m(q), is small if q=o(2(n+m)∕2), established an upper bound on Advn,m(q) that confirms the conjecture for m<n∕7, and also declared a general lower bound Advn,m(q)=Ω(q2∕2n+m). The conjecture was essentially confirmed by Bellare and Impagliazzo (1999). Nevertheless, the problem of estimating Advn,m(q) remained open. Combining the trivial bound 1, the birthday bound, and a result of Stam (1978) leads to the upper bound [Formula presented] In this paper we show that this upper bound is tight for every 0≤m<n and any q. This, in turn, verifies that the converse to the conjecture of Hall et al. is also correct, i.e., that Advn,m(q) is negligible only for q=o(2(n+m)∕2).

Original languageEnglish
Pages (from-to)214-223
Number of pages10
JournalDiscrete Applied Mathematics
Volume294
DOIs
StatePublished - 15 May 2021

Bibliographical note

Funding Information:
This research was partially supported by the Bar-Ilan University Center for Research in Applied Cryptography and Cyber Security , and the Center for Cyber Law and Policy at the University of Haifa , both in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office ; the Israel Science Foundation (ISF, Grant Number 3380/19 ); and a joint funding research grant of the U.S. National Science Foundation and the U.S.–Israel Binational Science Foundation (NSF–BSF, Grant Number 2018640 ).

Funding Information:
We thank Ron Peled for fruitful discussions. This research was partially supported by the Bar-Ilan University Center for Research in Applied Cryptography and Cyber Security, and the Center for Cyber Law and Policy at the University of Haifa, both in conjunction with the Israel National Cyber Bureau in the Prime Minister's Office; the Israel Science Foundation (ISF, Grant Number 3380/19); and a joint funding research grant of the U.S. National Science Foundation and the U.S.?Israel Binational Science Foundation (NSF?BSF, Grant Number 2018640).

Publisher Copyright:
© 2021 Elsevier B.V.

Keywords

  • Pseudo random function advantage

Fingerprint

Dive into the research topics of 'The advantage of truncated permutations'. Together they form a unique fingerprint.

Cite this