Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Differential Analysis and Meet-in-the-Middle Attack Against Round-Reduced TWINE Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes

verfasst von : Peter Gaži, Jooyoung Lee, Yannick Seurin, John Steinberger, Stefano Tessaro

Erschienen in: Fast Software Encryption

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

We revisit the security (as a pseudorandom permutation) of cascading-based constructions for block-cipher key-length extension. Previous works typically considered the extreme case where the adversary is given the entire codebook of the construction, the only complexity measure being the number \(q_e\) of queries to the underlying ideal block cipher, representing adversary’s secret-key-independent computation. Here, we initiate a systematic study of the more natural case of an adversary restricted to adaptively learning a number \(q_c\) of plaintext/ciphertext pairs that is less than the entire codebook. For any such \(q_c\), we aim to determine the highest number of block-cipher queries \(q_e\) the adversary can issue without being able to successfully distinguish the construction (under a secret key) from a random permutation.
More concretely, we show the following results for key-length extension schemes using a block cipher with n-bit blocks and \(\kappa \)-bit keys:
  • Plain cascades of length \(\ell =2r+1\) are secure whenever \(q_cq_e^r \ll 2^{r(\kappa +n)}\), \(q_c \ll 2^\kappa \) and \(q_e \ll 2^{2\kappa }\). The bound for \(r = 1\) also applies to two-key triple encryption (as used within Triple DES).
  • The r-round XOR-cascade is secure as long as \(q_cq_e^r \ll 2^{r(\kappa +n)}\), matching an attack by Gaži (CRYPTO 2013).
  • We fully characterize the security of Gaži and Tessaro’s two-call \(\mathsf {2XOR}\) construction (EUROCRYPT 2012) for all values of \(q_c\), and note that the addition of a third whitening step strictly increases security for \(2^{n/4} \le q_c \le 2^{3/4n}\). We also propose a variant of this construction without re-keying and achieving comparable security levels.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Practical Cryptanalysis of the Open Smart Grid Protocol
Nächstes Kapitel The Related-Key Security of Iterated Even–Mansour Ciphers
Anhänge
Nur mit Berechtigung zugänglich
Fußnoten
1
We interchangeably use both notations E(kx) and \(E_k(x)\), and similarly \(E^{-1}(k,y)\) and \(E^{-1}_k(y)\).
 
2
This refers to the notion of a sequential cipher defined in Sect. 3.1.
 
3
We use the wording master key to emphasize that it will usually be used to derive sub-keys for calling the underlying block cipher. We also write \(\mathsf {mk} =(k,z)\) for key-length extension schemes and \(\mathsf {mk} =z\) for sequential ciphers (see Sect. 3.1).
 
4
Our randomized KLE schemes also cover the notion of sequential constructions introduced in [12]. Since the latter are KLE schemes, they syntactically differ from the notion of a sequential cipher considered here.
 
5
In case this causes confusion, r is the number of rounds, m is the number of distinct keys that are used to call the underlying block cipher, and \(\sigma \) specifies which key is used at each round.
 
6
Though each \(\rho ^i\) is syntactically a block cipher, we prefer to avoid this wording since in most of the paper the \(\rho ^i\)’s will be much simpler than E, the block cipher underlying the key-length extension scheme.
 
7
Without loss of generality, we can assume \(\sum _{\tau \in \mathcal {T} _1}\Pr [T_\mathrm{id} =\tau ]\ge \sum _{\tau \in \mathcal {T} _1}\Pr [T_\mathrm{re} =\tau ]\) by slightly modifying \(\mathsf {D} \) if necessary.
 
8
For example, assuming n even, \(\pi :(z_L,z_R)\mapsto (z_R,z_L\oplus z_R)\), where \(z_L\) and \(z_R\) are respectively the left and right halves of z, is an \(\mathbb {F} _2\)-linear orthomorphism.
 
Literatur
1.
EMV Integrated Circuit Card Specification for Payment Systems, Book 2: Security and Key Management, v. 4.2, June 2008
2.
Advanced encryption standard (aes). National Institute of Standards and Technology (NIST), FIPS PUB 197, U.S. Department of Commerce, November 2001
3.
Aiello, W., Bellare, M., Di Crescenzo, G., Venkatesan, R.: Security amplification by composition: the case of doubly-iterated, ideal ciphers. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 390–407. Springer, Heidelberg (1998) CrossRef
4.
Andreeva, E., Bogdanov, A., Dodis, Y., Mennink, B., Steinberger, J.P.: On the indifferentiability of key-alternating ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 531–550. Springer, Heidelberg (2013) CrossRef
5.
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006) CrossRef
6.
Bogdanov, A., Knudsen, L.R., Leander, G., Standaert, F.-X., Steinberger, J., Tischhauser, E.: Key-alternating ciphers in a provable setting: encryption using a small number of public permutations - (extended abstract). In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 45–62. Springer, Heidelberg (2012) CrossRef
7.
Chen, S., Lampe, R., Lee, J., Seurin, Y., Steinberger, J.: Minimizing the two-round Even-Mansour cipher. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 39–56. Springer, Heidelberg (2014)
8.
Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327–350. Springer, Heidelberg (2014) CrossRef
9.
Dai, Y., Lee, J., Mennink, B., Steinberger, J.: The security of multiple encryption in the ideal cipher model. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 20–38. Springer, Heidelberg (2014)
10.
Data encryption standard: National Bureau of Standards, NBS FIPS PUB 46,U.S. Department of Commerce, January 1977
11.
Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptology 10(3), 151–162 (1997)MathSciNetCrossRefMATH
12.
Gaži, P.: Plain versus randomized cascading-based key-length extension for block ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 551–570. Springer, Heidelberg (2013) CrossRef
13.
Gaži, P., Lee, J., Seurin, Y., Steinberger, J., Tessaro, S.: Relaxing full-codebook security: a refined analysis of key-length extension schemes. Full version of this paper http://​eprint.​iacr.​org/​
14.
Gaži, P., Maurer, U.: Cascade encryption revisited. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 37–51. Springer, Heidelberg (2009) CrossRef
15.
Gaži, P., Tessaro, S.: Efficient and optimally secure key-length extension for block ciphers via randomized cascading. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 63–80. Springer, Heidelberg (2012) CrossRef
16.
Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search (an analysis of DESX). J. Cryptology 14(1), 17–35 (2001)MathSciNetCrossRefMATH
17.
Lampe, R., Patarin, J., Seurin, Y.: An asymptotically tight security analysis of the iterated Even-Mansour cipher. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 278–295. Springer, Heidelberg (2012) CrossRef
18.
Lampe, R., Seurin, Y.: How to construct an ideal cipher from a small set of public permutations. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 444–463. Springer, Heidelberg (2013) CrossRef
19.
Lee, J.: Towards key-length extension with optimal security: cascade encryption and xor-cascade encryption. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 405–425. Springer, Heidelberg (2013) CrossRef
20.
Luby, M., Rackoff, C.: Pseudo-random permutation generators and cryptographic composition. In: Symposium on Theory of Computing - STOC 1986, pp. 356–363. ACM (1986)
21.
Maurer, U.M., Pietrzak, K., Renner, R.: Indistinguishability amplification. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 130–149. Springer, Heidelberg (2007) CrossRef
22.
Maurer, U.M., Tessaro, S.: Computational indistinguishability amplification: tight product theorems for system composition. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 355–373. Springer, Heidelberg (2009) CrossRef
23.
Patarin, J.: The “Coefficients H” technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328–345. Springer, Heidelberg (2009) CrossRef
24.
25.
Tessaro, S.: Security amplification for the cascade of arbitrarily weak PRPs: tight bounds via the interactive hardcore lemma. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 37–54. Springer, Heidelberg (2011) CrossRef
26.
Vaudenay, S.: Adaptive-attack norm for decorrelation and super-pseudorandomness. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 49–61. Springer, Heidelberg (2000) CrossRef
Metadaten
Titel
Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes
verfasst von
Peter Gaži
Jooyoung Lee
Yannick Seurin
John Steinberger
Stefano Tessaro
Copyright-Jahr
2015
Verlag
Springer Berlin Heidelberg
Buch
Fast Software Encryption

Print ISBN: 978-3-662-48115-8

Electronic ISBN: 978-3-662-48116-5

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-662-48116-5_16

Premium Partner

    Bildnachweise