Paper 2013/560

Sometimes-Recurse Shuffle: Almost-Random Permutations in Logarithmic Expected Time

Ben Morris and Phillip Rogaway

Abstract

We describe a security-preserving construction of a random permutation of domain size~$N$ from a random function, the construction tolerating adversaries asking all~$N$ plaintexts, yet employing just $\Theta(\lg N)$ calls, on average, to the one-bit-output random function. The approach is based on card shuffling. The basic idea is to use the \textit{sometimes-recurse} transformation: lightly shuffle the deck (with some other shuffle), cut the deck, and then recursively shuffle one of the two halves. Our work builds on a recent paper of Ristenpart and Yilek.

Note: Minor revisions and clarifications.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in EUROCRYPT 2014
Keywords
Card shufflingformat-preserving encryptionPRF-to-PRP conversionmix-and-cut shufflepseudorandom permutationssometimes-recurse shuffleswap-or-not shuffle
Contact author(s)
rogaway @ cs ucdavis edu
morris @ math ucdavis edu
History
2014-04-02: revised
2013-09-04: received
See all versions
Short URL
https://ia.cr/2013/560
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/560,
      author = {Ben Morris and Phillip Rogaway},
      title = {Sometimes-Recurse Shuffle: Almost-Random Permutations in Logarithmic Expected Time},
      howpublished = {Cryptology ePrint Archive, Paper 2013/560},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/560}},
      url = {https://eprint.iacr.org/2013/560}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.