Indifferentiability Results and Proofs for Some Popular Cryptographic Constructions

The notion of indifferentiability, which is a stronger version of the classic notion of indistinguishability, was introduced by Maurer et al. in [MRH03]. Indifferentiability, among other things, gives us a way of “securely replacing” a random oracle of one type by a random oracle of a different type. Most indifferentiability proofs in the literature are very complicated, which makes them difficult to verify and in some cases, has even resulted in them being erroneous [CPS08]. In this paper, we use a simple yet rigorous proof technique for proving indifferentiability theorems. This technique is a generalization of the indistinguishability proof technique used by Bernstein in [Ber05] to prove the security of the Cipher Block Chaining (CBC) construction. We use this technique to prove the indifferentiability result for a very simple construction which processes just two blocks of input. This construction can be viewed as bearing close resemblance to the so called Sponge construction [BDPVA11a], on which the winner of SHA-3 competition [BDPVA11b] is based. Also as a warm up, we prove the indistinguishability result for this construction using the coupling argument from probability theory. We also prove the non-indifferentiability result for the CBC construction and some of its standard variants, and survey the indifferentiability and non-indifferentiability results for the Merkle-Damg̊ard (MD) construction, some of its standard variants, and the Feistel construction, from the literature.