Abstract
The sum of permutations is a popular way to turn a PRP (like a block cipher) into a PRF. However, with the rise of permutation based cryptography, it makes sense to investigate the possibility to design a PRF as the sum of externally keyed public permutations. This challenge was initiated by Chen et al. (CRYPTO 2019) who presented the Sum of Even-Mansours (SoEM) construction. Sibleyras and Todo (CT-RSA 2023) later minimized the amount of key maskings in this construction with their Keyed Sum of Permutations (KSoP). However, both constructions have in common that their security proofs require two independent keys and two independent public random permutations. In this work, we investigate the possibilities to reduce this amount of randomness, by introducing three constructions: sirP, that uses two independent permutations but one key, sirK, that uses two independent keys but one permutation, and sirX, that uses a single permutation and a single key. The constructions are further generalized by having a parameter prescribing the data input size compared to the permutation size. We present general security results for all three variants, and demonstrate that, for certain parameter choices, the security bounds match those of SoEM and KSoP, but with reduced randomness.
| Original language | English |
|---|---|
| Pages (from-to) | 230-260 |
| Number of pages | 31 |
| Journal | IACR Transaction on Symmetric Cryptology |
| Volume | 2025 |
| Issue number | 3 |
| DOIs | |
| Publication status | Published - 2025 |
Keywords
- RP-to-PRF
- SoEM
- KSoP
- beyond birthday bound
- sirX
- SECURITY BOUNDS
- HASH FUNCTIONS
- EVEN-MANSOUR
- BLOCK CIPHER
- FAMILY
- AUTHENTICATION
- ENCRYPTION
- GCM
- XOR