 Hello everyone, my name is Yulong Chin and welcome to my abstract presentation of my paper a modern approach to the security analysis of two. Due to the SHA-3 hash version of addition, more and more constructions are built on them. Examples include epoxifers, for example this two-round ephemal zoo which epoxifers this two-round ephemal zoo prfs where this is the sum of ephemal zoo and another prf which is the permutation-based variant of encrypted staphis mail. We also have MAC algorithms which is permutation-based MEHTM and this TCCR hash function for MPC applications. We see all those constructions are built on two public permutations. The reason for this is because this is a minimum number of primitive evaluations needed to achieve beyond versatile security. Today the day most of constructions in symmetric key cryptography are proved using edge coefficient technique. The idea behind edge coefficient technique is that there is only a small set which appears with higher probability than the other and the small set of transcripts appears with higher probability than the other. That is actually the bad transcript. Then the advantage of the adversary is actually bounded by this blue epsilon term and this green probability. In order to perform the proof using edge coefficient technique we need to perform the following three steps. First we need to define the bad transcript. Then we need to bounce the probability of the bad transcripts in the ideal world. And the last step we need to calculate is blue epsilon which is related to the probability of the good transcripts in the real world with that in the ideal world. So we can see that the second step is green probability of the bad transcript in the ideal world. It's actually a totico binadorio problem and only relies on the randomness of the used keys. But the first and the last steps actually totally depend on the construction itself. We see that the constructions in the previous slides all look very similar. Then there arises a question whether it's possible to find a model approach where the first and the third steps such as no dedicated proof need to be performed every time a new construction is designed. In order to answer this question we first need to recap Batarazmi of theory. It's a technique used to determine the solution to a system of baffariate equations and known equations. In order to do that we need to represent this system by a graph where a distinct unknown is actually represented by a vertex and an equation is represented by a lambda labeled edge and a null equation by a lambda dot labeled edge. Then the transcripts graphs should satisfy the following properties. First it shouldn't contain a circle for example if we have this case then here it says the distance between those two nodes is equal to one by one. Well this also says that the distance between those two nodes is equal to lambda two which is inconsistent. The graph shouldn't contain any cell path label because if we have this situation then the distance between those two nodes is equal to one by one while the distance between those two nodes is also equal to lambda while those are more the same node. The last property is related to the lambda dot labeled edges so they relate to the null equations. It says that there should be a circle with a lambda dot labeled edge such as this lambda dot is equal to the sum of all the lambda labels in the circle. So if we have this situation then it says the distance between those two nodes is equal to lambda while the distance between those two nodes is not equal to one by one when lambda dot is equal to lambda then it's inconsistent. So those are actually the properties that are used to define the bad transcript however near theory is as mean for block cypher based constructions so in order to use it on the permutation based constructions we need to generalize the idea. So in this work we focus on our constructions that can be filled like the following construction where A, B and D are actually functions of secret key the inputs and the outputs. Then the security analysis of such construction is usually performed in the idea of permutation model where it accepts the query to the construction the attacker also has query access to the underlying primitives i1 and i2 which are more of a random. Therefore in order to use the new theory we need to handle those primitive queries we will present those primitive queries by doing various equations and add those equations to the system. Then we need to generalize the the resulting theory can be applied to different constructions in our work. We apply this to the TricBow if a monsoon cypher at script or 2015 the permutation based EDMPIF at TOSC 2021 and the permutation based NEHT and MAC algorithm at Africa in 2020. Using our model approach we can simply see that there is actually a flow in the security proof of this MAC algorithm which the proof is now fixed here and in my other paper with others using two different approaches. So using the new technique we can show them you the use security of those three constructions in a very simple way without performing dedicated security analysis each time now for each construction. So the full presentation of this work can be found on AsiaQuit. Thank you for your attention.