January 18, 2021


Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Crooked Indifferentiability Revisited. (arXiv:2101.04888v1 [cs.CR])

In CRYPTO 2018, Russell etal introduced the notion of crooked
indifferentiability to analyze the security of a hash function when the
underlying primitive is subverted. They showed that the $n$-bit to $n$-bit
function implemented using enveloped XOR construction (textsf{EXor}) with
$3n+1$ many $n$-bit functions and $3n^2$-bit random initial vectors (iv) can be
proven secure asymptotically in the crooked indifferentiability setting.

begin{itemize} item We identify several major issues and gaps in the proof
by Russel etal, We show that their proof can achieve security only when the
adversary is restricted to make queries related to a single message. item We
formalize new technique to prove crooked indifferentiability without such
restrictions. Our technique can handle function dependent subversion. We apply
our technique to provide a revised proof for the textsf{EXor} construction.
item We analyze crooked indifferentiability of the classical sponge
construction. We show, using a simple proof idea, the sponge construction is a
crooked-indifferentiable hash function using only $n$-bit random iv. This is a
quadratic improvement over the {sf EXor} construction and solves the main open
problem of Russel etal end{itemize}