Comparison of distinguishing attack against blockcipher and permutation

DannyNiu

6/5/24, 5:38 AM

In a previous question, we explored various security definitions of encryption schemes, such as IND-CPA, IND-CCA{1,2,3,etc.}

These indistinguishability games can roughly translate to blockciphers, as both data encryption and block encryption involve keys - a hidden parameter unknown to the adversary.

What I'm curious about, is how do we mount a distinguishing attack against a permutation? And how does it differ from one against blockciphers? I assume it involve some "capacity" bits of the permutation block being unknown to the adversary, am I correct?

0 + 1

permutation

cryptanalysis

block-cipher

security-definition

Marc Ilunga

6/5/24, 9:54 AM

I see public random permutations as somewhat equivalent to random oracles with restrictions. I don't think notions of capacity are inherent to the security of a random permutation, though it can be a distinguishing strategy. Other attacks would be slides attacks or the 0-sum distinguisher. Other attacks are given in the keccak design document (https://keccak.team/files/KeccakDIAC2012.pdf). Alternatively, I would imagine that we would need an indifferentiability type of notion for public PRPs.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Comparison of distinguishing attack against blockcipher and permutation

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.