A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications
We initiate a theoretical investigation of the popular block-cipher design-goal of security against “related-key attacks” (RKAs). We begin by introducing definitions for the concepts of PRPs and PRFs secure against classes of RKAs, each such class being specified by an associated set of “related-key deriving (RKD) functions.” Then for some such classes of attacks, we prove impossibility results, showing that no block-cipher can resist these attacks while, for other, related classes of attacks that include popular targets in the block cipher community, we prove possibility results that provide theoretical support for the view that security against them is achievable. Finally we prove security of various block-cipher based constructs that use related keys, including a tweakable block cipher given in [].
KeywordsBlock Cipher Full Version Oracle Query Fast Software Encryption Cipher Block Chain
- 2.M. Bellare and T. Kohno. A theoretical treatment of related-key attacks: RKAPRPs, RKA-PRFs, and applications. Full version of this paper, available at http://www-cse.ucsd.edu/users/tkohno/papers/RKA/, 2003.
- 3.E. Biham. New types of cryptanalytic attacks using related keys. In T. Helleseth, editor, Advances in Cryptology — EUROCRYPT’ 93, volume 765 of Lecture Notes in Computer Science, pages 398–409. Springer-Verlag, Berlin Germany, 1993.Google Scholar
- 4.J. Black and P. Rogaway. CBC MACs for arbitrary-length messages: The threekey construction. In M. Bellare, editor, Advances in Cryptology-CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 197–215. Springer-Verlag, Berlin Germany, 2000.Google Scholar
- 5.N. Courtois and J. Pieprzyk. Cryptanalysis of block ciphers with overdefined systems of equations. Cryptology ePrint Archive http://eprint.iacr.org/ Report 2002/044, 2002.
- 6.J. Daemen and V. Rijmen. AES proposal: Rijndael. http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf, 1999.
- 10.T. Iwata and K. Kurosawa. OMAC: One-key CBC MAC. In T. Johansson, editor, Fast Software Encryption 2003, Lecture Notes in Computer Science. Springer-Verlag, Berlin Germany, 2003.Google Scholar
- 12.L. Knudsen and T. Kohno. Analysis of RMAC. In T. Johansson, editor, Fast Software Encryption 2003, Lecture Notes in Computer Science. Springer-Verlag, Berlin Germany, 2003.Google Scholar
- 13.K. Kurosawa and T. Iwata. TMAC: Two-key CBC MAC. NIST submission, available at http://csrc.nist.gov/CryptoToolkit/modes/, June 2002.
- 14.M. Liskov, R. Rivest, and D. Wagner. Tweakable block ciphers. In M. Yung, editor, Advances in Cryptology — CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 31–46. Springer-Verlag, Berlin Germany, 2002.Google Scholar
- 15.M. Luby and C. Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Computation, 17(2), Apr. 1988.Google Scholar
- 16.M. Naor and O. Reingold. Number-theoretic constructions of efficient pseudorandom functions. In Proceedings of the 38th Annual Symposium on Foundations of Computer Science, pages 458–467. IEEE Computer Society Press, 1997.Google Scholar
- 17.J. B. Nielsen. A threshold pseudorandom function construction and its applications. In M. Yung, editor, Advances in Cryptology — CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 401–416. Springer-Verlag, Berlin Germany, 2002.Google Scholar