On the Notions of PRP - RKA , KR and KR - RKA for Block Ciphers
نویسندگان
چکیده
Security of a modern block cipher is commonly measured in terms of its resistance to known attacks. While the provable security approach to block ciphers dates back to the first CRYPTO conference (1981), analysis of modern block cipher proposals typically do not benefit fully from this besides the proof of security for DESX by Kilian and Rogaway, and recent work on the notions of PRP-RKA initiated by Bellare and Kohno. We consider the security of recently proposed PRP-RKA secure block ciphers. We discuss implications of the proven theorems and how they relate to existing types of attacks on block ciphers. Our results are the first known cryptanalysis of these provably secure ciphers.
منابع مشابه
Notions and relations for RKA-secure permutation and function families
The theory of designing block ciphers is mature, having seen significant progress since the early 1990s for over two decades, especially during the AES development effort. Nevertheless, interesting directions exist, in particular in the study of the provable security of block ciphers along similar veins as public-key primitives, i.e. the notion of pseudorandomness (PRP) and indistinguishability...
متن کاملRelated-Key Almost Universal Hash Functions: Definitions, Constructions and Applications
Universal hash functions (UHFs) have been extensively used in the design of cryptographic schemes. If we consider the related-key attack (RKA) against these UHF-based schemes, some of them may not be secure, especially those using the key of UHF as a part of the whole key of scheme, due to the weakness of UHF in the RKA setting. In order to solve the issue, we propose a new concept of related-k...
متن کاملImproved Constructions of PRFs Secure Against Related-Key Attacks
Building cryptographic primitives that are secure against related-key attacks (RKAs) is a well-studied problem by practitioners and theoreticians alike. Practical implementations of block ciphers take into account RKA security to mitigate fault injection attacks. The theoretical study of RKA security was initiated by Bellare and Kohno (Eurocrypt ’03). In Crypto 2010, Bellare and Cash introduce ...
متن کاملRelations between robustness and RKA security under public-key encryption
We revisit the notions of robustness introduced by Abdalla, Bellare and Neven (TCC 2010), and related-key attack (RKA) security raised by Bellare, Cash and Miller (ASIACRYPT 2011). In the setting of public-key encryption (PKE), robustness means that it is hard to produce a ciphertext that is valid for two different users, while RKA security means that a PKE scheme is still secure even when an a...
متن کاملSuper-Strong RKA Secure MAC, PKE and SE from Tag-based Hash Proof System
F-Related-Key Attacks (RKA) on cryptographic systems consider adversaries who can observe the outcome of a system under not only the original key, say k, but also related keys f(k), with f adaptively chosen from F by the adversary. In this paper, we define new RKA security notions for several cryptographic primitives including message authentication code (MAC), public-key encryption (PKE) and s...
متن کامل