Proof of Mirror Theory for a Wide Range of ξmax

Document Type

Conference Article

Publication Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Abstract

In CRYPTO’03, Patarin conjectured a lower bound on the number of distinct solutions (P1,…,Pq)∈({0,1}n)q satisfying a system of equations of the form Xi⊕ Xj= λi,j such that P1, P2, …, Pq are pairwise distinct. This result is known as “ Pi⊕ Pj Theorem for any ξmax ” or alternatively as Mirror Theory for general ξmax, which was later proved by Patarin in ICISC’05. Mirror theory for general ξmax stands as a powerful tool to provide a high-security guarantee for many blockcipher-(or even ideal permutation-) based designs. Unfortunately, the proof of the result contains gaps that are non-trivial to fix. In this work, we present the first complete proof of the Pi⊕ Pj theorem for a wide range of ξmax, typically up to order O(2n/4/n). Furthermore, our proof approach is made simpler by using a new type of equation, dubbed link-deletion equation, that roughly corresponds to half of the so-called orange equations from earlier works. As an illustration of our result, we also revisit the security proofs of two optimally secure blockcipher-based pseudorandom functions, and n-bit security proof for six round Feistel cipher, and provide updated security bounds.

First Page

470

Last Page

501

DOI

10.1007/978-3-031-30634-1_16

Publication Date

1-1-2023

Comments

Open Access, Bronze

This document is currently not available here.

Share

COinS