nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Multi-key Security: The Even-Mansour Construction Revisited

verfasst von : Nicky Mouha, Atul Luykx

Erschienen in: Advances in Cryptology -- CRYPTO 2015

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

At ASIACRYPT 1991, Even and Mansour introduced a block cipher construction based on a single permutation. Their construction has since been lauded for its simplicity, yet also criticized for not providing the same security as other block ciphers against generic attacks. In this paper, we prove that if a small number of plaintexts are encrypted under multiple independent keys, the Even-Mansour construction surprisingly offers similar security as an ideal block cipher with the same block and key size. Note that this multi-key setting is of high practical relevance, as real-world implementations often allow frequent rekeying. We hope that the results in this paper will further encourage the use of the Even-Mansour construction, especially when a secure and efficient implementation of a key schedule would result in significant overhead.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Tweaking Even-Mansour Ciphers

Nächstes Kapitel Reproducible Circularly-Secure Bit Encryption: Applications and Realizations

Throughout this paper, we will always refer to the single-key variant of the Even-Mansour construction, that is, using only a single n-bit key K.

In the model of Chatterjee et al. [19], an adversary can also corrupt any user of its choosing, meaning that their key is given to the adversary. The goal of the adversary is then to win the game for any uncorrupted user. Although it is straightforward to take this refinement into account, we decided not to do this for the clarity of our exposition.

Abdalla, M., Bellare, M.: Increasing the lifetime of a key: a comparative analysis of the security of re-keying techniques. In: Okamoto [52], pp. 546–559

Albrecht, M., Cid, C.: Cold boot key recovery by solving polynomial systems with noise. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 57–72. Springer, Heidelberg (2011) CrossRef

AlFardan, N.J., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.: On the security of RC4 in TLS and WPA. In: USENIX Security Symposium (2013)

Andreeva, E., Daemen, J., Mennink, B., Assche, G.V.: Security of keyed sponge constructions using a modular proof approach. In: Demirci, H., Leander, G. (eds.) FSE 2015. LNCS, Springer (2015, to appear). https://www.cosic.esat.kuleuven.be/publications/article-2502.pdf

Babbage, S.H.: Improved “exhaustive search” attacks on stream ciphers. In: ECOS 95 (European Convention on Security and Detection), Conference publication No. 408, pp. 161–166, May 1995

Barker, W.C., Barker, E.: SP 800–67 Revision 1: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, January 2012. http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67-Rev1.pdf

Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel [56], pp. 259–274

Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, Miami Beach, Florida, USA, October 19–22, 1997, pp. 394–403. IEEE Computer Society (1997)

Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003) CrossRef

10.

Biham, E.: New types of cryptanalytic attacks using related keys (extended abstract). In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)

11.

Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptology 7(4), 229–246 (1994)CrossRefMATH

12.

Biham, E.: How to Forge DES-Encrypted Messages in \(2^{28}\) Steps. Technical report CS0884, Technion Computer Science Department, Israel (1996)

13.

Biham, E.: How to decrypt or even substitute DES-encrypted messages in 2\({}^{\text{28 }}\) steps. Inf. Process. Lett. 84(3), 117–124 (2002)MathSciNetCrossRefMATH

14.

Biryukov, A.: Some Thoughts on Time-Memory-Data Tradeoffs. Cryptology ePrint Archive, Report 2005/207 (2005). http://eprint.iacr.org/

15.

Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009) CrossRef

16.

Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009) CrossRef

17.

Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto [52], pp. 1–13

18.

Biryukov, A., Wagner, D.: Advanced slide attacks. In: Preneel [56], pp. 589–606

19.

Chatterjee, S., Menezes, A., Sarkar, P.: Another look at tightness. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 293–319. Springer, Heidelberg (2012) CrossRef

20.

Chen, L.: Recommendation for Key Derivation Using Pseudorandom Functions (Revised). NIST special publication 800–108, National Institute of Standards and Technology (NIST), October 2009. http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf

21.

Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327–350. Springer, Heidelberg (2014) CrossRef

22.

Daemen, J.: Limitations of the even-mansour construction. In: Imai et al. [40], pp. 495–498

23.

Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002) CrossRef

24.

Daemen, J., Rijmen, V.: On the related-key attacks against AES. In: Proceedings of the Romanian Academy, Series A, vol. 13(4), pp. 395–400 (2012)

25.

Davies, D.W.: Some regular properties of the ‘data encryption standard’ algorithm. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) CRYPTO, pp. 89–96. Plenum Press, New York (1982)

26.

Dunkelman, O., Keller, N., Shamir, A.: Minimalism in cryptography: the even-mansour scheme revisited. In: Pointcheval and Johansson [55], pp. 336–354

27.

Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. NIST special publication 800–38b, National Institute of Standards and Technology (NIST), May 2005. http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf

28.

Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, November 2007. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf

29.

Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. In: Imai et al. [40], pp. 210–224

30.

Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptology 10(3), 151–162 (1997)MathSciNetCrossRefMATH

31.

Fouque, P.-A., Joux, A., Mavromati, C.: Multi-user collisions: applications to discrete logarithm, even-mansour and PRINCE. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 420–438. Springer, Heidelberg (2014)

32.

Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl - a SHA-3 candidate. Submission to the NIST SHA-3 Competition (Round 3) (2011). http://www.groestl.info/Groestl.pdf

33.

Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)

34.

Group, I.N.W.: The Transport Layer Security (TLS) Protocol (2006). http://tools.ietf.org/html/rfc4346

35.

Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryption keys. In: van Oorschot, P.C. (ed.) Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA, pp. 45–60. USENIX Association (2008)

36.

Hellman, M.E., Merkle, R., Schroeppel, R., Diffie, W., Pohlig, S., Schweitzer, P.: Results of an Initial Attempt to Cryptanalyze the NBS Data Encryption Standard. Technical report, Stanford University, USA (1976)

37.

Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 26(4), 401–406 (1980)MathSciNetCrossRefMATH

38.

Hong, J., Sarkar, P.: New applications of time memory data tradeoffs. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 353–372. Springer, Heidelberg (2005) CrossRef

39.

Ideguchi, K., Owada, T., Yoshida, H.: A Study on RAM Requirements of Various SHA-3 Candidates on Low-cost 8-bit CPUs. Cryptology ePrint Archive, Report 2009/260 (2009). http://eprint.iacr.org/

40.

Matsumoto, T., Imai, H., Rivest, R.L. (eds.): ASIACRYPT 1991. LNCS, vol. 739. Springer, Heidelberg (1993) MATH

41.

Kamal, A.A., Youssef, A.M.: Applications of SAT solvers to AES key recovery from decayed key schedule images. In: 2010 Fourth International Conference on Emerging Security Information Systems and Technologies (SECURWARE), pp. 216–220. IEEE (2010)

42.

Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007) CrossRef

43.

Koblitz, N., Menezes, A.: Another look at HMAC. J. Math. Cryptology 7(3), 225–251 (2013)MathSciNetCrossRefMATH

44.

Lai, X., Massey, J.L.: Markov ciphers and differential cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)

45.

Mantin, I., Shamir, A.: A practical attack on broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002) CrossRef

46.

Mehuron, W.: Data Encryption Standard (DES), October 1999. http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

47.

Menezes, A.: Another look at provable security. In: Pointcheval and Johansson [55], p. 8

48.

Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, USA (1997) MATH

49.

Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306–323. Springer, Heidelberg (2014)

50.

Müller, T., Dewald, A., Freiling, F.C.: AESSE: a cold-boot resistant implementation of AES. In: Costa, M., Kirda, E. (eds.) Proceedings of the Third European Workshop on System Security, EUROSEC 2010, Paris, France, April 13, 2010, pp. 42–47. ACM (2010)

51.

Müller, T., Freiling, F.C., Dewald, A.: TRESOR runs encryption securely outside RAM. In: Proceedings of 20th USENIX Security Symposium, San Francisco, CA, USA, August 8–12, 2011. USENIX Association (2011)

52.

Okamoto, T. (ed.): ASIACRYPT 2000. LNCS, vol. 1976. Springer, Heidelberg (2000) MATH

53.

Patarin, J.: The “coefficients H” technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328–345. Springer, Heidelberg (2009) CrossRef

54.

Paterson, K.G., Poettering, B., Schuldt, J.C.N.: Plaintext recovery attacks against WPA/TKIP. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 325–349. Springer, Heidelberg (2015)

55.

Pointcheval, D., Johansson, T. (eds.): EUROCRYPT 2012. LNCS, vol. 7237. Springer, Heidelberg (2012) MATH

56.

Preneel, B. (ed.): EUROCRYPT 2000. LNCS, vol. 1807. Springer, Heidelberg (2000) MATH

57.

Provos, N.: Encrypting virtual memory. In: Bellovin, S.M., Rose, G. (eds.) 9th USENIX Security Symposium, Denver, Colorado, USA, August 14–17, 2000. USENIX Association (2000)

58.

Tsow, A.: An improved recovery algorithm for decayed AES key schedule images. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 215–230. Springer, Heidelberg (2009) CrossRef

Titel: Multi-key Security: The Even-Mansour Construction Revisited
verfasst von: Nicky Mouha
Atul Luykx
Verlag: Springer Berlin Heidelberg
Buch: Advances in Cryptology -- CRYPTO 2015
Print ISBN: 978-3-662-47988-9

Electronic ISBN: 978-3-662-47989-6

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-662-47989-6_10

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner