Timeline for answer to What is the security model of a public random permutation? by DannyNiu
Current License: CC BY-SA 4.0
Post Revisions
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 26, 2025 at 21:56 | comment | added | Paul Uszak | @user1641237 Hmm, struggling to see how XOR and LFSR injection is a permutation. | |
| Oct 25, 2025 at 17:09 | comment | added | user1641237 | @PaulUszak While Keccak the hash function isn't a permutation, the building block Keccak-f[1600] is one. Keccak then instantiates the sponge constructiong using Keccak-f[1600] as the "stirring the entropy pool" permutation. | |
| Oct 25, 2025 at 15:14 | comment | added | Paul Uszak | In what world is Keccak a permutation? Or sponges in general? See en.wikipedia.org/wiki/Permutation . It's contorting the language, like saying AES is a permutation which is clearly isn't. | |
| Oct 25, 2025 at 2:37 | comment | added | DannyNiu | @user1641237 It appears that for certain input, some part of the output can be predicted without knowing the full input, or have certain pattern. See inria.hal.science/hal-03045986/document#page=10 | |
| Oct 24, 2025 at 20:27 | comment | added | user1641237 | For sponges in particular, distinguishing the rate part from random certainly works. However, there seems to be general claims like "this paper broke N rounds of Gimli" that are independent from the sponge construction. I looked at these papers but they don't seem to be using some common definition for what is "broken"... | |
| Oct 24, 2025 at 17:36 | history | answered | DannyNiu | CC BY-SA 4.0 |