The advantage of truncated permutations

Shoni Gilboa; Shay Gueron

doi:10.1016/j.dam.2021.01.029

The advantage of truncated permutations

Shoni Gilboa, Shay Gueron

Mathematics discipline

Research output: Contribution to journal › Article › peer-review

Abstract

Constructing a Pseudo Random Function (PRF) is a fundamental problem in cryptology. Such a construction, implemented by truncating the last m bits of permutations of {0,1}ⁿ was suggested by Hall et al. (1998). They conjectured that the distinguishing advantage of an adversary with q queries, Adv_n,m(q), is small if q=o(2^(n+m)∕2), established an upper bound on Adv_n,m(q) that confirms the conjecture for m<n∕7, and also declared a general lower bound Adv_n,m(q)=Ω(q²∕2^n+m). The conjecture was essentially confirmed by Bellare and Impagliazzo (1999). Nevertheless, the problem of estimating Adv_n,m(q) remained open. Combining the trivial bound 1, the birthday bound, and a result of Stam (1978) leads to the upper bound [Formula presented] In this paper we show that this upper bound is tight for every 0≤m<n and any q. This, in turn, verifies that the converse to the conjecture of Hall et al. is also correct, i.e., that Adv_n,m(q) is negligible only for q=o(2^(n+m)∕2).

Original language	English
Pages (from-to)	214-223
Number of pages	10
Journal	Discrete Applied Mathematics
Volume	294
DOIs	https://doi.org/10.1016/j.dam.2021.01.029
State	Published - 15 May 2021

Bibliographical note

Funding Information:
This research was partially supported by the Bar-Ilan University Center for Research in Applied Cryptography and Cyber Security , and the Center for Cyber Law and Policy at the University of Haifa , both in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office ; the Israel Science Foundation (ISF, Grant Number 3380/19 ); and a joint funding research grant of the U.S. National Science Foundation and the U.S.–Israel Binational Science Foundation (NSF–BSF, Grant Number 2018640 ).

Funding Information:
We thank Ron Peled for fruitful discussions. This research was partially supported by the Bar-Ilan University Center for Research in Applied Cryptography and Cyber Security, and the Center for Cyber Law and Policy at the University of Haifa, both in conjunction with the Israel National Cyber Bureau in the Prime Minister's Office; the Israel Science Foundation (ISF, Grant Number 3380/19); and a joint funding research grant of the U.S. National Science Foundation and the U.S.?Israel Binational Science Foundation (NSF?BSF, Grant Number 2018640).

Publisher Copyright:
© 2021 Elsevier B.V.

Keywords

Pseudo random function advantage

Access to Document

10.1016/j.dam.2021.01.029

Cite this

@article{34a2eeefd7884be281712b4e8f6a851f,

title = "The advantage of truncated permutations",

abstract = "Constructing a Pseudo Random Function (PRF) is a fundamental problem in cryptology. Such a construction, implemented by truncating the last m bits of permutations of {0,1}n was suggested by Hall et al. (1998). They conjectured that the distinguishing advantage of an adversary with q queries, Advn,m(q), is small if q=o(2(n+m)∕2), established an upper bound on Advn,m(q) that confirms the conjecture for mn,m(q)=Ω(q2∕2n+m). The conjecture was essentially confirmed by Bellare and Impagliazzo (1999). Nevertheless, the problem of estimating Advn,m(q) remained open. Combining the trivial bound 1, the birthday bound, and a result of Stam (1978) leads to the upper bound [Formula presented] In this paper we show that this upper bound is tight for every 0≤mn,m(q) is negligible only for q=o(2(n+m)∕2).",

keywords = "Pseudo random function advantage",

author = "Shoni Gilboa and Shay Gueron",

note = "Publisher Copyright: {\textcopyright} 2021 Elsevier B.V.",

year = "2021",

month = may,

day = "15",

doi = "10.1016/j.dam.2021.01.029",

language = "אנגלית",

volume = "294",

pages = "214--223",

journal = "Discrete Applied Mathematics",

issn = "0166-218X",

publisher = "Elsevier",

}

TY - JOUR

T1 - The advantage of truncated permutations

AU - Gilboa, Shoni

AU - Gueron, Shay

PY - 2021/5/15

Y1 - 2021/5/15

N2 - Constructing a Pseudo Random Function (PRF) is a fundamental problem in cryptology. Such a construction, implemented by truncating the last m bits of permutations of {0,1}n was suggested by Hall et al. (1998). They conjectured that the distinguishing advantage of an adversary with q queries, Advn,m(q), is small if q=o(2(n+m)∕2), established an upper bound on Advn,m(q) that confirms the conjecture for mn,m(q)=Ω(q2∕2n+m). The conjecture was essentially confirmed by Bellare and Impagliazzo (1999). Nevertheless, the problem of estimating Advn,m(q) remained open. Combining the trivial bound 1, the birthday bound, and a result of Stam (1978) leads to the upper bound [Formula presented] In this paper we show that this upper bound is tight for every 0≤mn,m(q) is negligible only for q=o(2(n+m)∕2).

AB - Constructing a Pseudo Random Function (PRF) is a fundamental problem in cryptology. Such a construction, implemented by truncating the last m bits of permutations of {0,1}n was suggested by Hall et al. (1998). They conjectured that the distinguishing advantage of an adversary with q queries, Advn,m(q), is small if q=o(2(n+m)∕2), established an upper bound on Advn,m(q) that confirms the conjecture for mn,m(q)=Ω(q2∕2n+m). The conjecture was essentially confirmed by Bellare and Impagliazzo (1999). Nevertheless, the problem of estimating Advn,m(q) remained open. Combining the trivial bound 1, the birthday bound, and a result of Stam (1978) leads to the upper bound [Formula presented] In this paper we show that this upper bound is tight for every 0≤mn,m(q) is negligible only for q=o(2(n+m)∕2).

KW - Pseudo random function advantage

UR - http://www.scopus.com/inward/record.url?scp=85101097951&partnerID=8YFLogxK

U2 - 10.1016/j.dam.2021.01.029

DO - 10.1016/j.dam.2021.01.029

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85101097951

SN - 0166-218X

VL - 294

SP - 214

EP - 223

JO - Discrete Applied Mathematics

JF - Discrete Applied Mathematics

ER -

The advantage of truncated permutations

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this