Advertisement

A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications

  • Mihir Bellare
  • Tadayoshi Kohno
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2656)

Abstract

We initiate a theoretical investigation of the popular block-cipher design-goal of security against “related-key attacks” (RKAs). We begin by introducing definitions for the concepts of PRPs and PRFs secure against classes of RKAs, each such class being specified by an associated set of “related-key deriving (RKD) functions.” Then for some such classes of attacks, we prove impossibility results, showing that no block-cipher can resist these attacks while, for other, related classes of attacks that include popular targets in the block cipher community, we prove possibility results that provide theoretical support for the view that security against them is achievable. Finally we prove security of various block-cipher based constructs that use related keys, including a tweakable block cipher given in [[14]].

Keywords

Block Cipher Full Version Oracle Query Fast Software Encryption Cipher Block Chain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    M. Bellare, J. Kilian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 61(3):362–399, 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    M. Bellare and T. Kohno. A theoretical treatment of related-key attacks: RKAPRPs, RKA-PRFs, and applications. Full version of this paper, available at http://www-cse.ucsd.edu/users/tkohno/papers/RKA/, 2003.
  3. 3.
    E. Biham. New types of cryptanalytic attacks using related keys. In T. Helleseth, editor, Advances in Cryptology — EUROCRYPT’ 93, volume 765 of Lecture Notes in Computer Science, pages 398–409. Springer-Verlag, Berlin Germany, 1993.Google Scholar
  4. 4.
    J. Black and P. Rogaway. CBC MACs for arbitrary-length messages: The threekey construction. In M. Bellare, editor, Advances in Cryptology-CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 197–215. Springer-Verlag, Berlin Germany, 2000.Google Scholar
  5. 5.
    N. Courtois and J. Pieprzyk. Cryptanalysis of block ciphers with overdefined systems of equations. Cryptology ePrint Archive http://eprint.iacr.org/ Report 2002/044, 2002.
  6. 6.
    J. Daemen and V. Rijmen. AES proposal: Rijndael. http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf, 1999.
  7. 7.
    J. Daemen and V. Rijmen. The Design of Rijndael. Springer-Verlag, Berlin Germany, 2002.zbMATHGoogle Scholar
  8. 8.
    N. Ferguson, J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner, and D. Whiting. Improved cryptanalysis of Rijndael. In B. Schneier, editor, Fast Software Encryption 2000, volume 1978 of Lecture Notes in Computer Science, pages 213–230. Springer-Verlag, Berlin Germany, 2000.CrossRefGoogle Scholar
  9. 9.
    O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, 33(4):210–217, 1986.CrossRefMathSciNetGoogle Scholar
  10. 10.
    T. Iwata and K. Kurosawa. OMAC: One-key CBC MAC. In T. Johansson, editor, Fast Software Encryption 2003, Lecture Notes in Computer Science. Springer-Verlag, Berlin Germany, 2003.Google Scholar
  11. 11.
    J. Kelsey, B. Schneier, and D. Wagner. Key-schedule cryptanalysis of IDEA, GDES, GOST, SAFER, and Triple-DES. In N. Koblitz, editor, Advances in Cryptology — CRYPTO’ 96, volume 1109 of Lecture Notes in Computer Science, pages 237–251. Springer-Verlag, Berlin Germany, 1996.CrossRefGoogle Scholar
  12. 12.
    L. Knudsen and T. Kohno. Analysis of RMAC. In T. Johansson, editor, Fast Software Encryption 2003, Lecture Notes in Computer Science. Springer-Verlag, Berlin Germany, 2003.Google Scholar
  13. 13.
    K. Kurosawa and T. Iwata. TMAC: Two-key CBC MAC. NIST submission, available at http://csrc.nist.gov/CryptoToolkit/modes/, June 2002.
  14. 14.
    M. Liskov, R. Rivest, and D. Wagner. Tweakable block ciphers. In M. Yung, editor, Advances in Cryptology — CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 31–46. Springer-Verlag, Berlin Germany, 2002.Google Scholar
  15. 15.
    M. Luby and C. Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Computation, 17(2), Apr. 1988.Google Scholar
  16. 16.
    M. Naor and O. Reingold. Number-theoretic constructions of efficient pseudorandom functions. In Proceedings of the 38th Annual Symposium on Foundations of Computer Science, pages 458–467. IEEE Computer Society Press, 1997.Google Scholar
  17. 17.
    J. B. Nielsen. A threshold pseudorandom function construction and its applications. In M. Yung, editor, Advances in Cryptology — CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 401–416. Springer-Verlag, Berlin Germany, 2002.Google Scholar

Copyright information

© International Association for Cryptologic Research 2003

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Tadayoshi Kohno
    • 1
  1. 1.Dept. of Computer Science & EngineeringUniversity of California at San DiegoLa JollaUSA

Personalised recommendations