学术文献库

We provide a new proof of Maurer, Renard, and Pietzak's result that the sum of the nCPA advantages of random permutations $P$ and $Q$ bound the CCA advantage of $P^{-1} \circ Q$. Our proof uses probability directly, as opposed to information theory, and has the advantage of providing an alternate sufficient condition of low CCA advantage. Namely, the CCA advantage of a random permutation can be bounded by its separation distance from the uniform distribution. We use this alternate condition to tighten the best known bound on the security of the swap-or-not shuffle in the special case of having fewer queries than the square root of the number of cards.