Proof of Mirror Theory for a Wide Range of $\xi _{\max }$.
EUROCRYPT (4)(2023)
摘要
In CRYPTO’03, Patarin conjectured a lower bound on the number of distinct solutions
$$(P_1, \ldots , P_{q}) \in (\{0,1\}^{n})^{q}$$
satisfying a system of equations of the form
$$X_i \oplus X_j = \lambda _{i,j}$$
such that
$$P_1, P_2, \ldots $$
,
$$P_{q}$$
are pairwise distinct. This result is known as “
$$P_i \oplus P_j$$
Theorem for any
$$\xi _{\max }$$
” or alternatively as Mirror Theory for general
$$\xi _{\max }$$
, which was later proved by Patarin in ICISC’05. Mirror theory for general
$$\xi _{\max }$$
stands as a powerful tool to provide a high-security guarantee for many blockcipher-(or even ideal permutation-) based designs. Unfortunately, the proof of the result contains gaps that are non-trivial to fix. In this work, we present the first complete proof of the
$$P_i \oplus P_j$$
theorem for a wide range of
$$\xi _{\max }$$
, typically up to order
$$O(2^{n/4}/\sqrt{n})$$
. Furthermore, our proof approach is made simpler by using a new type of equation, dubbed link-deletion equation, that roughly corresponds to half of the so-called orange equations from earlier works. As an illustration of our result, we also revisit the security proofs of two optimally secure blockcipher-based pseudorandom functions, and n-bit security proof for six round Feistel cipher, and provide updated security bounds.
更多查看译文
关键词
Mirror Theory, system of affine equations, PRP, PRF, beyond-birthday-bound security
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要