Abstract
We initiate a theoretical investigation of the popular block-cipher design-goal of security against “related-key attacks” (RKAs). We begin by introducing definitions for the concepts of PRPs and PRFs secure against classes of RKAs, each such class being specified by an associated set of “related-key deriving (RKD) functions.” Then for some such classes of attacks, we prove impossibility results, showing that no block-cipher can resist these attacks while, for other, related classes of attacks that include popular targets in the block cipher community, we prove possibility results that provide theoretical support for the view that security against them is achievable. Finally we prove security of various block-cipher based constructs that use related keys, including a tweakable block cipher given in [[14]].
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare, J. Kilian, and P. Rogaway. The security of the cipher block chaining message authentication code. Journal of Computer and System Sciences, 61(3):362–399, 2000.
M. Bellare and T. Kohno. A theoretical treatment of related-key attacks: RKAPRPs, RKA-PRFs, and applications. Full version of this paper, available at http://www-cse.ucsd.edu/users/tkohno/papers/RKA/, 2003.
E. Biham. New types of cryptanalytic attacks using related keys. In T. Helleseth, editor, Advances in Cryptology — EUROCRYPT’ 93, volume 765 of Lecture Notes in Computer Science, pages 398–409. Springer-Verlag, Berlin Germany, 1993.
J. Black and P. Rogaway. CBC MACs for arbitrary-length messages: The threekey construction. In M. Bellare, editor, Advances in Cryptology-CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 197–215. Springer-Verlag, Berlin Germany, 2000.
N. Courtois and J. Pieprzyk. Cryptanalysis of block ciphers with overdefined systems of equations. Cryptology ePrint Archive http://eprint.iacr.org/ Report 2002/044, 2002.
J. Daemen and V. Rijmen. AES proposal: Rijndael. http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf, 1999.
J. Daemen and V. Rijmen. The Design of Rijndael. Springer-Verlag, Berlin Germany, 2002.
N. Ferguson, J. Kelsey, S. Lucks, B. Schneier, M. Stay, D. Wagner, and D. Whiting. Improved cryptanalysis of Rijndael. In B. Schneier, editor, Fast Software Encryption 2000, volume 1978 of Lecture Notes in Computer Science, pages 213–230. Springer-Verlag, Berlin Germany, 2000.
O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, 33(4):210–217, 1986.
T. Iwata and K. Kurosawa. OMAC: One-key CBC MAC. In T. Johansson, editor, Fast Software Encryption 2003, Lecture Notes in Computer Science. Springer-Verlag, Berlin Germany, 2003.
J. Kelsey, B. Schneier, and D. Wagner. Key-schedule cryptanalysis of IDEA, GDES, GOST, SAFER, and Triple-DES. In N. Koblitz, editor, Advances in Cryptology — CRYPTO’ 96, volume 1109 of Lecture Notes in Computer Science, pages 237–251. Springer-Verlag, Berlin Germany, 1996.
L. Knudsen and T. Kohno. Analysis of RMAC. In T. Johansson, editor, Fast Software Encryption 2003, Lecture Notes in Computer Science. Springer-Verlag, Berlin Germany, 2003.
K. Kurosawa and T. Iwata. TMAC: Two-key CBC MAC. NIST submission, available at http://csrc.nist.gov/CryptoToolkit/modes/, June 2002.
M. Liskov, R. Rivest, and D. Wagner. Tweakable block ciphers. In M. Yung, editor, Advances in Cryptology — CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 31–46. Springer-Verlag, Berlin Germany, 2002.
M. Luby and C. Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Computation, 17(2), Apr. 1988.
M. Naor and O. Reingold. Number-theoretic constructions of efficient pseudorandom functions. In Proceedings of the 38th Annual Symposium on Foundations of Computer Science, pages 458–467. IEEE Computer Society Press, 1997.
J. B. Nielsen. A threshold pseudorandom function construction and its applications. In M. Yung, editor, Advances in Cryptology — CRYPTO 2002, volume 2442 of Lecture Notes in Computer Science, pages 401–416. Springer-Verlag, Berlin Germany, 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 International Association for Cryptologic Research
About this paper
Cite this paper
Bellare, M., Kohno, T. (2003). A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_31
Download citation
DOI: https://doi.org/10.1007/3-540-39200-9_31
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14039-9
Online ISBN: 978-3-540-39200-2
eBook Packages: Springer Book Archive