CryptoDB
On the Streaming Indistinguishability of a Random Permutation and a Random Function
Authors: 
 Itai Dinur , BenGurion University, Israel

Download: 
 DOI: 10.1007/9783030457242_15
(login may be required)
 Search ePrint
 Search Google

Presentation: 
Slides

Conference:

EUROCRYPT 2020

Abstract: 
An adversary with $S$ bits of
memory obtains a stream of $Q$ elements that are uniformly drawn from the set $\{1,2,\ldots,N\}$, either with or without replacement. This corresponds to sampling $Q$ elements using either a random function or a random permutation. The adversary's goal is to distinguish between these two cases.
This problem was first considered by Jaeger and Tessaro (EUROCRYPT 2019), which proved that the adversary's advantage is upper bounded by $\sqrt{Q \cdot S/N}$. Jaeger and Tessaro used this bound as a streaming switching lemma which allowed proving that known timememory tradeoff attacks on several modes of operation (such as countermode) are optimal up to a factor of $O(\log N)$ if $Q \cdot S \approx N$. However, the bound's proof assumed an unproven combinatorial conjecture. Moreover,
if $Q \cdot S \ll N$ there is a gap between the upper bound of $\sqrt{Q \cdot S/N}$ and the $Q \cdot S/N$ advantage obtained by known attacks.
In this paper, we prove a tight upper bound (up to polylogarithmic factors) of $O(\log Q \cdot Q \cdot S/N)$ on the adversary's advantage in the streaming distinguishing problem. The proof does not require a conjecture and is based on a hybrid argument that gives rise to a reduction from the uniquedisjointness communication complexity problem to streaming. 
Video from EUROCRYPT 2020
BibTeX
@inproceedings{eurocrypt202030195,
title={On the Streaming Indistinguishability of a Random Permutation and a Random Function},
booktitle={39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, May 10–14, 2020, Proceedings},
series={Lecture Notes in Computer Science},
publisher={Springer},
keywords={Streaming algorithm;timememory tradeoff;communication complexity;provable security;switching lemma;mode of operation.},
volume={12105},
doi={10.1007/9783030457242_15},
author={Itai Dinur},
year=2020
}