Skip to main content

Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques

  • Conference paper
  • First Online:

Part of the Lecture Notes in Computer Science book series (LNCS,volume 1976)

Abstract

Rather than use a shared key directly to cryptographically process (e.g. encrypt or authenticate) data one can use it as a master key to derive subkeys, and use the subkeys for the actual cryptographic processing. This popular paradigm is called re-keying, and the expectation is that it is good for security. In this paper we provide concrete security analyses of various re-keying mechanisms and their usage. We show that re-keying does indeed “increase” security, effectively extending the lifetime of the master key and bringing significant, provable security gains in practical situations. We quantify the security provided by different rekeying processes as a function of the security of the primitives they use, thereby enabling a user to choose between different re-keying processes given the constraints of some application.

Keywords

  • Encryption Scheme
  • Block Cipher
  • Parallel Generator
  • Serial Generator
  • Pseudorandom Generator

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. M. Abdalla and M. Bellare, “A comparative analysis of the security of rekeying techniques,” Full version of this paper, available via http://www-cse.ucsd.edu/users/mihir.

  2. M. Bellare, R. Canetti and H. Krawczyk, “Keying hash functions for message authentication,” Advances in Cryptology-Crypto’ 96, LNCS Vol. 1109, N. Koblitz ed., Springer-Verlag, 1996.

    CrossRef  Google Scholar 

  3. M. Bellare, A. Desai, E. Jokipii and P. Rogaway, “A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation,” Proc. of the 38th IEEE FOCS, IEEE, 1997.

    Google Scholar 

  4. M. Bellare, O. Goldreich and H. Krawczyk, “Stateless evaluation of pseudorandom functions: Security beyond the birthday barrier,” Advances in Cryptology-Crypto’ 99, LNCS Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.

    Google Scholar 

  5. M. Bellare, J. Kilian and P. Rogaway, “The security of cipher block chaining,” available via http://www-cse.ucsd.edu/users/mihir. Preliminary version in Advances in Cryptology-Crypto’ 94, LNCS Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.

    Google Scholar 

  6. M. Bellare, T. Krovetz and P. Rogaway, “Luby-Racko. backwards: Increasing security by making block ciphers non-invertible,” Advances in Cryptology-Eurocrypt’ 98, LNCS Vol. 1403, K. Nyberg ed., Springer-Verlag, 1998.

    Google Scholar 

  7. M. Bellare and S. Miner, “A forward-secure digital signature scheme,” Advances in Cryptology-Crypto’ 99, LNCS Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.

    Google Scholar 

  8. M. Bellare and C. Namprempre, “Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm,” Advances in Cryptology-ASIACRYPT’ 00, LNCS Vol. ??, T. Okamoto ed., Springer-Verlag, 2000. Available via http://www-cse.ucsd.edu/users/mihir.

    Google Scholar 

  9. M. Bellare and B. Yee, “Forward security in private-key cryptography,” Manuscript, 1998.

    Google Scholar 

  10. E. Biham and A. Shamir, “Differential cryptanalysis of the Full 16-round DES,” Advances in Cryptology-Crypto’ 92, LNCS Vol. 740, E. Brickell ed., Springer-Verlag, 1992.

    Google Scholar 

  11. M. Blum and S. Micali, “How to generate cryptographically strong sequences of pseudo-random bits,” SIAM Journal on Computing, Vol. 13, No. 4, 850–864, November 1984.

    MATH  CrossRef  MathSciNet  Google Scholar 

  12. W. Diffie, P. van Oorschot and M. Wiener, “Authentication and authenticated key exchanges,” Designs, Codes and Cryptography, 2, 107–125, 1992.

    CrossRef  Google Scholar 

  13. O. Goldreich, S. Goldwasser and S. Micali, “How to construct random functions,” Journal of the ACM, Vol. 33, No. 4, 1986, pp. 210–217.

    CrossRef  MathSciNet  Google Scholar 

  14. S. Goldwasser and S. Micali, “Probabilistic encryption,” Journal of Computer and System Sciences, Vol. 28, 1984, pp. 270–299.

    MATH  CrossRef  MathSciNet  Google Scholar 

  15. C. Günther, “An identity-based key-exchange protocol,” Advances in Cryptology-Eurocrypt’ 89, LNCS Vol. 434, J-J. Quisquater, J. Vandewille ed., Springer-Verlag, 1989.

    Google Scholar 

  16. C. Hall, D. Wagner, J. Kelsey and B. Schneier, “Building PRFs from PRPs,” Advances in Cryptology-Crypto’ 98, LNCS Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.

    CrossRef  Google Scholar 

  17. M. Matsui, “The first experimental cryptanalysis of the Data Encryption Standard,” Advances in Cryptology-Crypto’ 94, LNCS Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.

    Google Scholar 

  18. A. Yao, “Theory and applications of trapdoor functions,” Proc. of the 23rd IEEE FOCS, IEEE, 1982.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abdalla, M., Bellare, M. (2000). Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques. In: Okamoto, T. (eds) Advances in Cryptology — ASIACRYPT 2000. ASIACRYPT 2000. Lecture Notes in Computer Science, vol 1976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44448-3_42

Download citation

  • DOI: https://doi.org/10.1007/3-540-44448-3_42

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-41404-9

  • Online ISBN: 978-3-540-44448-0

  • eBook Packages: Springer Book Archive

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.