Comparison of distinguishing attack against blockcipher and permutation

Asked Jun 05 '23 at 05:38

Active Jun 05 '23 at 05:44

Viewed 37 times

In a previous question, we explored various security definitions of encryption schemes, such as IND-CPA, IND-CCA{1,2,3,etc.}

These indistinguishability games can roughly translate to blockciphers, as both data encryption and block encryption involve keys - a hidden parameter unknown to the adversary.

What I'm curious about, is how do we mount a distinguishing attack against a permutation? And how does it differ from one against blockciphers? I assume it involve some "capacity" bits of the permutation block being unknown to the adversary, am I correct?

edited Jun 05 '23 at 05:44

asked Jun 05 '23 at 05:38

DannyNiu

9,207
2
24
57

I see public random permutations as somewhat equivalent to random oracles with restrictions. I don't think notions of capacity are inherent to the security of a random permutation, though it can be a distinguishing strategy. Other attacks would be slides attacks or the 0-sum distinguisher. Other attacks are given in the keccak design document (https://keccak.team/files/KeccakDIAC2012.pdf). Alternatively, I would imagine that we would need an indifferentiability type of notion for public PRPs. – Marc Ilunga Jun 05 '23 at 09:54

Comparison of distinguishing attack against blockcipher and permutation

0 Answers0