Free-Start Distinguishing: Combining Two Types of Indistinguishability Amplification

• Published in: Information Theoretic Security pp. 28 - 44
• Main Authors: Gaži, Peter, Maurer, Ueli
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg 2010
• Series: Lecture Notes in Computer Science
• Subjects: free-start distinguishing; indistinguishability amplification; Information-theoretic cryptography; neutralizing constructions; projected systems
• ISBN: 9783642144950; 3642144950
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-642-14496-7_4

The term indistinguishability amplification refers to a setting where a certain construction combines two (or more) cryptographic primitives of the same type to improve their indistinguishability from an ideal primitive. Various constructions achieving this property have been studied, both in the information-theoretic and computational setting. In the former, a result due to Maurer, Pietrzak and Renner describes the amplification achieved by a very general class of constructions called neutralizing. Two types of amplification are observed: a product theorem (bounding the advantage in distinguishing the construction by twice the product of individual advantages) and the amplification of the distinguisher class (the obtained construction is secure against a wider class of distinguishers). In this paper, we combine these two aspects of information-theoretic indistinguishability amplification. We derive a new bound for the general case of a neutralizing construction that keeps the structure of a product theorem, while also capturing the amplification of the distinguisher class. This improves both bounds mentioned above. The new technical notion we introduce, central to our analysis, is the notion of free-start distinguishing of systems. This describes the setting where the distinguisher is allowed to choose any common state for both systems and then it is supposed to distinguish these systems starting from that chosen state.