 안녕하세요, 여러분! 이 영상은 multi-user security of the sum of truncated random permutations. 저는 원석입니다. 그리고 이 슬라이즈의 full version of the slides will be presented on December 7. Here is a brief motivation for our research. Block Cyples are one of the most common cryptographic primitives. For example, AES is used in wireless security, processor security, file encryption, SSL-TLS protocol, and more. A block cipher takes fixed-length inputs. So, if you want to encrypt more than envy data, you must repeatedly apply the block cipher. Many block cipher-based constructions were proposed to handle arbitrary-length messages. For example, there is a counter-mode for a mode of operation, and this is used in GCN. However, such legacy constructions only guaranteed birthday-bound security. This issue can be addressed by building surrender functions from surrender permutations, since block ciphers can be regarded as surrender permutations. In this study, we proposed new beyond-birthday-bound secure PR apps in the multi-user security model. Here are the constructions, Duft, SAT1, and SAT2. Both constructions are XORing of two truncated outputs from permutations. SAT1 uses a single permutation with domain separation. SAT2 uses two independent permutations. We also studied the sum of three random permutations. SOP31 is a single permutation version and was studied by VATACHAIA and NANDI at ICACRIPT last year. However, they did not study SOP32, and we showed that SOP32 can be more secure than SOP31. Here is the comparison table for our research and SOP31. M is the output bit, mu is the number of users, and qmax is the maximum number of queries for its user. The security bounds of SOP3 and SAT are both meaningful when the number of users is huge. While we can enhance the efficiency of SAT by truncating a smaller number of bits when the number of users is small while a lower security level is a load. In other words, it is possible to take a tradeoff between the number of users, security level, and efficiency. For the application, SAT can replace key generation algorithms, especially GCM-SIV, CWC+, and SCM-USCINCETI initial values derived from secure PLFs. Those constructions would perform better in the multi-user testing when combined with SAT1 or SAT2 while probing their overall security would be an independent topic of interest. This is the end of the presentation and thank you for listening.