International Association
for Cryptologic Research

Xoring two permutations is a very simple way to construct pseudorandom functions from pseudorandom permutations. In~\\cite{P08a}, it is proved that we have security against CPA-2 attacks when $m \\ll O(2^n)$, where $m$ is the number of queries and $n$ is the number of bits of the inputs

and outputs of the bijections. In this paper, we will obtain similar (but slightly different) results by using the

``standard H technique\'\' instead of the ``$H_{\\sigma}$ technique\'\'. It will be interesting to

compare the two techniques, their similarities and the differences between the proofs and the

results.