The iterated random function problem
Document Type
Conference Article
Publication Title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Abstract
At CRYPTO 2015, Minaud and Seurin introduced and studied the iterated random permutation problem, which is to distinguish the r-th iterate of a random permutation from a random permutation. In this paper, we study the closely related iterated random function problem, and prove the first almost-tight bound in the adaptive setting. More specifically, we prove that the advantage to distinguish the r-th iterate of a random function from a random function using q queries is bounded by O(q2r(log r)3/N), where N is the size of the domain. In previous work, the best known bound was O(q2r2/ N), obtained as a direct result of interpreting the iterated random function problem as a special case of CBC-MAC based on a random function. For the iterated random function problem, the best known attack has an advantage of Ω(q2r/ N), showing that our security bound is tight up to a factor of (log r) 3.
First Page
667
Last Page
697
DOI
10.1007/978-3-319-70697-9_23
Publication Date
1-1-2017
Recommended Citation
Bhaumik, Ritam; Datta, Nilanjan; Dutta, Avijit; Mouha, Nicky; and Nandi, Mridul, "The iterated random function problem" (2017). Conference Articles. 290.
https://digitalcommons.isical.ac.in/conf-articles/290