International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Impossibility of Indifferentiable Iterated Blockciphers from 3 or Less Primitive Calls

Authors:
Chun Guo , Shandong University
Lei Wang , Shanghai Jiaotong University
Dongdai Lin , Institute of Information Engineering, Chinese Academy of Sciences
Download:
DOI: 10.1007/978-3-031-30634-1_14 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: EUROCRYPT 2023
Abstract: Virtually all modern blockciphers are {\it iterated}. In this paper, we ask: to construct a secure iterated blockcipher ``non-trivially'', how many calls to random functions and permutations are necessary? When security means {\it indistinguishability from a random permutation}, optimality is achieved by the Even-Mansour scheme using 1 call to a public permutation. We seek for the arguably strongest security {\it indifferentiability from an ideal cipher}, a notion introduced by Maurer et al. (TCC 2004) and popularized by Coron et al. (JoC, 2014). We provide the first generic negative result/lower bounds: when the key is not too short, no iterated blockciphers making 3 calls is (statistically) indifferentiable. This proves optimality for a 4-call positive result of Guo et al. (Eprint 2016). Furthermore, using 1 or 2 calls, even indifferentiable iterated blockciphers with polynomial keyspace are impossible. To prove this, we develop an abstraction of idealized iterated blockciphers and establish various basic properties, and apply Extremal Graph Theory results to prove the existence of certain (generalized) non-random properties such as the boomerang and yoyo.
BibTeX
@inproceedings{eurocrypt-2023-32857,
  title={Impossibility of Indifferentiable Iterated Blockciphers from 3 or Less Primitive Calls},
  publisher={Springer-Verlag},
  doi={10.1007/978-3-031-30634-1_14},
  author={Chun Guo and Lei Wang and Dongdai Lin},
  year=2023
}