Welcome to the resource topic for 2019/413
Title:
On the Streaming Indistinguishability of a Random Permutation and a Random Function
Authors: Itai Dinur
Abstract:An adversary with S bits of memory obtains a stream of Q elements that are uniformly drawn from the set \{1,2,\ldots,N\}, either with or without replacement. This corresponds to sampling Q elements using either a random function or a random permutation. The adversary’s goal is to distinguish between these two cases. This problem was first considered by Jaeger and Tessaro (EUROCRYPT 2019), which proved that the adversary’s advantage is upper bounded by \sqrt{Q \cdot S/N}. Jaeger and Tessaro used this bound as a streaming switching lemma which allowed proving that known time-memory tradeoff attacks on several modes of operation (such as counter-mode) are optimal up to a factor of O(\log N) if Q \cdot S \approx N. However, the bound’s proof assumed an unproven combinatorial conjecture. Moreover, if Q \cdot S \ll N there is a gap between the upper bound of \sqrt{Q \cdot S/N} and the Q \cdot S/N advantage obtained by known attacks. In this paper, we prove a tight upper bound (up to poly-logarithmic factors) of O(\log Q \cdot Q \cdot S/N) on the adversary’s advantage in the streaming distinguishing problem. The proof does not require a conjecture and is based on a hybrid argument that gives rise to a reduction from the unique-disjointness communication complexity problem to streaming.
ePrint: https://eprint.iacr.org/2019/413
Talk: https://www.youtube.com/watch?v=eCoQtmmk3j0
Slides: https://iacr.org/submit/files/slides/2020/eurocrypt/ec2020/202/slides.pdf
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .