[Resource Topic] 2023/1520: Kirby: A Robust Permutation-Based PRF Construction

Welcome to the resource topic for 2023/1520

Title:
Kirby: A Robust Permutation-Based PRF Construction

Authors: Charlotte Lefevre, Yanis Belkheyar, Joan Daemen

Abstract:

We present a construction, called Kirby, for building a variable-input-length pseudorandom function (VIL-PRF) from a b-bit permutation. For this construction we prove a tight bound of b/2 bits of security on the PRF distinguishing advantage in the random permutation model and in the multi-user setting. Similar to full-state keyed sponge/duplex, it supports full-state absorbing and additionally supports full-state squeezing, where the latter can at most squeeze b-c bits per permutation call for a security level of c bits. This advantage is especially relevant on constrained platforms when using a permutation with small width b. For instance, for b=256 at equal security strength the squeezing rate of Kirby is twice that of keyed sponge/duplex. We define a simple mode on top of Kirby that turns it into a deck function with parallel expansion. This deck function is suited for lightweight applications in the sense that it has a low memory footprint. Moreover, for short inputs it can be used for low-latency stream encryption: the time between the availability of the input and the keystream is only a single permutation call. Another feature that sets Kirby apart from other constructions is that leakage of an intermediate state does not allow recovering the key or \textit{earlier states}.

ePrint: https://eprint.iacr.org/2023/1520

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .