In [1], W. Aiello and R. Venkatesan have shown how to construct pseudo-random functions of 2n bits → bits from pseudo-random functions of n bits → bits. They claimed that their construction, called "Benes", reaches the optimal bound (m ≪ 2 n) of security against adversaries with unlimited computing power but limited by m queries in an Adaptive Chosen Plaintext Attack (CPA-2). However a complete proof of this result is not given in [1] since one of the assertions of [1] is wrong. Due to this, the proof given in [1] is valid for most attacks, but not for all the possible Chosen Plaintext Attacks. In this paper we will in a way fix this problem since for all ε > 0, we will prove CPA-2 security when m ≪ 2 n(1-ε. However we will also see that the probability to distinguish Benes functions from random functions is sometime larger than the term in m 2 /2 2n given in [1]. One of the key idea in our proof will be to notice that, when m ≫ 2 2n/3 and m ≪ 2 n, for large number of variables linked with some critical equalities, the average number of solutions may be large (i.e. ≫ 1) while, at the same time, the probability to have at least one such critical equalities is negligible (i.e. ≪ 1). © Springer-Verlag Berlin Heidelberg 2006.
CITATION STYLE
Patarin, J., & Montreuil, A. (2006). Benes and butterfly schemes revisited. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3935 LNCS, pp. 92–116). Springer Verlag. https://doi.org/10.1007/11734727_10
Mendeley helps you to discover research relevant for your work.