Improved Indifferentiable Security Analysis of PHOTON
In this paper, we study the indifferentiable security of the domain extension algorithm of the PHOTON hash function that was proven to be indifferentiable from a random oracle up to $\mathcal{O}(2^{\min\{ c/2, c^\prime/2 \}})$ query complexity, where c is the capacity in the absorbing step of PHOTON...
Saved in:
| Published in | Security and Cryptography for Networks pp. 340 - 357 |
|---|---|
| Main Authors | , |
| Format | Book Chapter |
| Language | English |
| Published |
Cham
Springer International Publishing
2014
|
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 3319108786 9783319108780 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/978-3-319-10879-7_20 |
Cover
Loading…
| Summary: | In this paper, we study the indifferentiable security of the domain extension algorithm of the PHOTON hash function that was proven to be indifferentiable from a random oracle up to $\mathcal{O}(2^{\min\{ c/2, c^\prime/2 \}})$ query complexity, where c is the capacity in the absorbing step of PHOTON and c′ is that in the squeezing step. By reducing the size c′, one can reduce the processing time spent by PHOTON, while the indifferentiable security is degraded. Note that there is no generic attack on PHOTON with $\mathcal{O}(2^{c^\prime/2})$ query complexity. Thus it is interesting to investigate the optimality of the indifferentiable security and the size of c′ ensuring the $\mathcal{O}(2^{c/2})$ security.
For these motivations, first, we prove that PHOTON is indifferentiable from a random oracle up to $\mathcal{O}(\min \{ q_{\mathsf{mcoll}} (d^\ast,c-c^\prime ), 2^{c/2} \})$ query complexity where qmcoll (d ∗ ,c − c′) is the query complexity to find a d ∗ -multi-collision of (c − c′) bits of hash values and d ∗ satisfies $q_{\mathsf{mcoll}} (d^\ast,c-c^\prime ) = 2^{c^\prime }/d^\ast$ . We also show that there exists a generic attack on PHOTON with the same query complexity. Thus the indifferentiable security of our proof is optimal.
Second, by using this bound we study the parameter c′ ensuring the $\mathcal{O}(2^{c/2})$ security. We show that the $\mathcal{O}(2^{c/2})$ security is ensured if c′ ≥ c/2 + log2c, which implies that we can reduce the processing time by PHOTON with keeping the same indifferentiable security.
Finally, we propose a faster construction than PHOTON with keeping the same indifferentiable security, where the length of the first message block is modified from r bits to r + c/2 bits. |
|---|---|
| Bibliography: | Original Abstract: In this paper, we study the indifferentiable security of the domain extension algorithm of the PHOTON hash function that was proven to be indifferentiable from a random oracle up to \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{O}(2^{\min\{ c/2, c^\prime/2 \}})$\end{document} query complexity, where c is the capacity in the absorbing step of PHOTON and c′ is that in the squeezing step. By reducing the size c′, one can reduce the processing time spent by PHOTON, while the indifferentiable security is degraded. Note that there is no generic attack on PHOTON with \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{O}(2^{c^\prime/2})$\end{document} query complexity. Thus it is interesting to investigate the optimality of the indifferentiable security and the size of c′ ensuring the \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{O}(2^{c/2})$\end{document} security. For these motivations, first, we prove that PHOTON is indifferentiable from a random oracle up to \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{O}(\min \{ q_{\mathsf{mcoll}} (d^\ast,c-c^\prime ), 2^{c/2} \})$\end{document} query complexity where qmcoll (d ∗ ,c − c′) is the query complexity to find a d ∗ -multi-collision of (c − c′) bits of hash values and d ∗ satisfies \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$q_{\mathsf{mcoll}} (d^\ast,c-c^\prime ) = 2^{c^\prime }/d^\ast$\end{document}. We also show that there exists a generic attack on PHOTON with the same query complexity. Thus the indifferentiable security of our proof is optimal. Second, by using this bound we study the parameter c′ ensuring the \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{O}(2^{c/2})$\end{document} security. We show that the \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{O}(2^{c/2})$\end{document} security is ensured if c′ ≥ c/2 + log2c, which implies that we can reduce the processing time by PHOTON with keeping the same indifferentiable security. Finally, we propose a faster construction than PHOTON with keeping the same indifferentiable security, where the length of the first message block is modified from r bits to r + c/2 bits. |
| ISBN: | 3319108786 9783319108780 |
| ISSN: | 0302-9743 1611-3349 |
| DOI: | 10.1007/978-3-319-10879-7_20 |