FX 密钥长度扩展构造量子 Q1 安全性证明

Chun Guo; An Jing Huang; Yu Yu

doi:10.13868/j.cnki.jcr.000682

FX 密钥长度扩展构造量子 Q1 安全性证明

Translated title of the contribution: Quantum Q1 Security Proof for FX Key-Length Extension Construction

Chun Guo
, An Jing Huang
, Yu Yu^*

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

Abstract

The FX construction FX_k,k′[E](x) = E_k (x k^′) k^′ transforms a blockcipher E : {0, 1}^κ×{0, 1}ⁿ → {0, 1}ⁿ with κ-bit keys into a blockcipher with (κ+n)-bit keys. It is the most efficient key-length extension method. Built on an earlier work on the so-called Even-Mansour construction (EUROCRYPT 2022), Alagic et al. (Eprint 2022) provided a post-quantum security proof for a tweakable variant of the FX construction. Unfortunately, as admitted by the authors, their proof approach did not yield satisfactory bounds on the (original) FX. This paper presents a patch to their proof, which yields the desired (κ + n)/3-bit tight post-quantum security bound. The proposed patch mainly revises the distribution of an intermediate value in Alagic et al.’s proof, and this avoids certain bad events that led to worse bounds. This path requires a context-dependent extension of Alagic et al.’s resampling lemma, which may be of some conceptual novelty.

Translated title of the contribution	Quantum Q1 Security Proof for FX Key-Length Extension Construction
Original language	Chinese (Traditional)
Pages (from-to)	1139-1151
Number of pages	13
Journal	Journal of Cryptologic Research
Volume	11
Issue number	5
DOIs	https://doi.org/10.13868/j.cnki.jcr.000682
State	Published - Oct 2024
Externally published	Yes

Access to Document

10.13868/j.cnki.jcr.000682

Cite this

@article{a320601ee09349aaa0dca6671471d9d3,

title = "FX 密钥长度扩展构造量子 Q1 安全性证明",

abstract = "The FX construction FXk,k′[E](x) = Ek (x k′) k′ transforms a blockcipher E : \{0, 1\}κ×\{0, 1\}n → \{0, 1\}n with κ-bit keys into a blockcipher with (κ+n)-bit keys. It is the most efficient key-length extension method. Built on an earlier work on the so-called Even-Mansour construction (EUROCRYPT 2022), Alagic et al. (Eprint 2022) provided a post-quantum security proof for a tweakable variant of the FX construction. Unfortunately, as admitted by the authors, their proof approach did not yield satisfactory bounds on the (original) FX. This paper presents a patch to their proof, which yields the desired (κ + n)/3-bit tight post-quantum security bound. The proposed patch mainly revises the distribution of an intermediate value in Alagic et al.{\textquoteright}s proof, and this avoids certain bad events that led to worse bounds. This path requires a context-dependent extension of Alagic et al.{\textquoteright}s resampling lemma, which may be of some conceptual novelty.",

keywords = "FX construction, key-length extension, post-quantum security, provable security",

author = "Chun Guo and Huang, \{An Jing\} and Yu Yu",

year = "2024",

month = oct,

doi = "10.13868/j.cnki.jcr.000682",

language = "繁体中文",

volume = "11",

pages = "1139--1151",

journal = "Journal of Cryptologic Research",

issn = "2095-7025",

publisher = "Chinese Association for Cryptologic Research",

number = "5",

}

TY - JOUR

T1 - FX 密钥长度扩展构造量子 Q1 安全性证明

AU - Guo, Chun

AU - Huang, An Jing

AU - Yu, Yu

PY - 2024/10

Y1 - 2024/10

N2 - The FX construction FXk,k′[E](x) = Ek (x k′) k′ transforms a blockcipher E : {0, 1}κ×{0, 1}n → {0, 1}n with κ-bit keys into a blockcipher with (κ+n)-bit keys. It is the most efficient key-length extension method. Built on an earlier work on the so-called Even-Mansour construction (EUROCRYPT 2022), Alagic et al. (Eprint 2022) provided a post-quantum security proof for a tweakable variant of the FX construction. Unfortunately, as admitted by the authors, their proof approach did not yield satisfactory bounds on the (original) FX. This paper presents a patch to their proof, which yields the desired (κ + n)/3-bit tight post-quantum security bound. The proposed patch mainly revises the distribution of an intermediate value in Alagic et al.’s proof, and this avoids certain bad events that led to worse bounds. This path requires a context-dependent extension of Alagic et al.’s resampling lemma, which may be of some conceptual novelty.

AB - The FX construction FXk,k′[E](x) = Ek (x k′) k′ transforms a blockcipher E : {0, 1}κ×{0, 1}n → {0, 1}n with κ-bit keys into a blockcipher with (κ+n)-bit keys. It is the most efficient key-length extension method. Built on an earlier work on the so-called Even-Mansour construction (EUROCRYPT 2022), Alagic et al. (Eprint 2022) provided a post-quantum security proof for a tweakable variant of the FX construction. Unfortunately, as admitted by the authors, their proof approach did not yield satisfactory bounds on the (original) FX. This paper presents a patch to their proof, which yields the desired (κ + n)/3-bit tight post-quantum security bound. The proposed patch mainly revises the distribution of an intermediate value in Alagic et al.’s proof, and this avoids certain bad events that led to worse bounds. This path requires a context-dependent extension of Alagic et al.’s resampling lemma, which may be of some conceptual novelty.

KW - FX construction

KW - key-length extension

KW - post-quantum security

KW - provable security

UR - https://www.scopus.com/pages/publications/85209649504

U2 - 10.13868/j.cnki.jcr.000682

DO - 10.13868/j.cnki.jcr.000682

M3 - 文章

AN - SCOPUS:85209649504

SN - 2095-7025

VL - 11

SP - 1139

EP - 1151

JO - Journal of Cryptologic Research

JF - Journal of Cryptologic Research

IS - 5

ER -

FX 密钥长度扩展构造量子 Q1 安全性证明

Abstract

Access to Document

Other files and links

Fingerprint

Cite this