Security of Symmetric Primitives against Key-Correlated Attacks

  • Aisling Connolly Ingenico Group, Paris, France; Département d’informatique École normale supérieure (DIENS), Centre national de la recherche scientifique (CNRS), Université Paris Sciences et Lettres (PSL), Paris, France
  • Pooya Farshim Département d’informatique École normale supérieure (DIENS), Centre national de la recherche scientifique (CNRS), Université Paris Sciences et Lettres (PSL), Paris, France; Inria, Paris, France
  • Georg Fuchsbauer Département d’informatique École normale supérieure (DIENS), Centre national de la recherche scientifique (CNRS), Université Paris Sciences et Lettres (PSL), Paris, France; Inria, Paris, France
Keywords: Key-correlated attack, related-key attack, key-dependent-message attack, ideal-cipher model, random-oracle model, authenticated encryption, xkcd

Abstract

We study the security of symmetric primitives against key-correlated attacks (KCA), whereby an adversary can arbitrarily correlate keys, messages, and ciphertexts. Security against KCA is required whenever a primitive should securely encrypt key-dependent data, even when it is used under related keys. KCA is a strengthening of the previously considered notions of related-key attack (RKA) and key-dependent message (KDM) security. This strengthening is strict, as we show that 2-round Even–Mansour fails to be KCA secure even though it is both RKA and KDM secure. We provide feasibility results in the ideal-cipher model for KCAs and show that 3-round Even–Mansour is KCA secure under key offsets in the random-permutation model. We also give a natural transformation that converts any authenticated encryption scheme to a KCA-secure one in the random-oracle model. Conceptually, our results allow for a unified treatment of RKA and KDM security in idealized models of computation.

Published
2019-09-20
How to Cite
Connolly, A., Farshim, P., & Fuchsbauer, G. (2019). Security of Symmetric Primitives against Key-Correlated Attacks. IACR Transactions on Symmetric Cryptology, 2019(3), 193-230. https://doi.org/10.13154/tosc.v2019.i3.193-230
Section
Articles