Paper 2022/686
Proof of Mirror Theory for a Wide Range of $\xi_{\max}$
Abstract
In CRYPTO'03, Patarin conjectured a lower bound on the number of distinct solutions $(P_1, \ldots, P_{q}) \in (\{0, 1\}^{n})^{q}$ satisfying a system of equations of the form $X_i \oplus X_j = \lambda_{i,j}$ such that $P_1, P_2, \ldots$, $P_{q}$ are pairwise distinct. This result is known as \emph{``$P_i \oplus P_j$ Theorem for any $\xi_{\max}$''} or alternatively as \emph{Mirror Theory for general $\xi_{\max}$}, which was later proved by Patarin in ICISC'05. Mirror theory for general $\xi_{\max}$ stands as a powerful tool to provide a high-security guarantee for many blockcipher-(or even ideal permutation-) based designs. Unfortunately, the proof of the result contains gaps that are non-trivial to fix. In this work, we present the first complete proof of the $P_i \oplus P_j$ theorem for a wide range of $\xi_{\max}$, typically up to order $O(2^{n/4}/\sqrt{n})$. Furthermore, our proof approach is made simpler by using a new type of equation, dubbed link-deletion equation, that roughly corresponds to half of the so-called orange equations from earlier works. As an illustration of our result, we also revisit the security proofs of two optimally secure blockcipher-based pseudorandom functions, and $n$-bit security proof for six round Feistel cipher, and provide updated security bounds.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Preprint.
- Keywords
- Mirror theorySum of PermutationsPRPPRFH-Coefficient Technique
- Contact author(s)
-
benoit cogliati @ gmail com
avirocks dutta13 @ gmail com
mridul nandi @ gmail com
jpatarin @ club-internet fr
sahaa 1993 @ gmail com - History
- 2023-02-23: last of 4 revisions
- 2022-05-31: received
- See all versions
- Short URL
- https://ia.cr/2022/686
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/686, author = {Benoît Cogliati and Avijit Dutta and Mridul Nandi and Jacques Patarin and Abishanka Saha}, title = {Proof of Mirror Theory for a Wide Range of $\xi_{\max}$}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/686}, year = {2022}, url = {https://eprint.iacr.org/2022/686} }