Questions tagged [indifferentiability]

I have a construction $C$ which internally uses idealized primitive $\mathcal{P}$ (a random permutation) where the goal is that $C$ is indifferentiable from a random oracle $\mathcal{F}$. That is, $C$ implements the API of $\mathcal{F}$. Via the…

In the case of sponge construction, it is shown to be differentiable from a RO. In the paper by Bertoni et al., what is meant by the node being saturated. How does it become saturated and the condition which leads to error in the simulator was not…

An $n$-round Feistel network is a key-ed permutation defined by $$ {\sf Fstl}^{(m)}_{k_1,\dots,k_m}(L,R) := {\sf Fstl}^{(m-1)}_{k_1,\dots,k_{m-1}}\big( R, L\oplus F_{k_m}(R) \big)\;, $$ with the convention that ${\sf Fstl}^{(0)}:={\sf Id}$. It…

What is reset indifferentiability? Why practical hash functions cannot satisfy reset indifferentiability. What are the implication of reset indifferentiability.