Welcome to the resource topic for 2024/1723
Title:
Proving the Security of the Extended Summation-Truncation Hybrid
Authors: Avijit Dutta, Eik List
Abstract:Since designing a dedicated secure symmetric PRF is difficult, various works studied optimally secure PRFs from the sum of independent permutations (SoP).
At CRYPTO’20, Gunsing and Mennink proposed the Summation-Truncation Hybrid (STH).
While based on SoP, STH releases additional a \leq n bits of the permutation calls and sums n-a bits of them.
Thus, it produces n+a bits at O(n-a/2)-bit PRF security.
Both SoP or STH can be used directly in encryption schemes or MACs in place of permutation calls for higher security.
However, simply replacing every call as in GCM-SIV$r$ would demand more calls.
For encryption schemes, Iwata’s XORP scheme is long known to provide a better trade-off between efficiency and security. It extends SoP to variable-length-outputs by using r+1 calls to a block cipher where the output of one call is added to each of the other r outputs.
A similar extension can be conducted for STH that we call XTH, the XORP-Truncation Hybrid.
Such an extension was already suggested in the final discussion by Gunsing and Mennink, but left as an open problem. This work fills the gap by formalizing and proving the security of XTH.
For a rate of r/(r+1) as in XORP, we show O(n-a/2-1.5\log(r))-bit security for XTH.
ePrint: https://eprint.iacr.org/2024/1723
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .