Security of Symmetric Primitives against Key-Correlated Attacks
DOI:
https://doi.org/10.13154/tosc.v2019.i3.193-230Keywords:
Key-correlated attack, related-key attack, key-dependent-message attack, ideal-cipher model, random-oracle model, authenticated encryption, xkcdAbstract
We study the security of symmetric primitives against key-correlated attacks (KCA), whereby an adversary can arbitrarily correlate keys, messages, and ciphertexts. Security against KCA is required whenever a primitive should securely encrypt key-dependent data, even when it is used under related keys. KCA is a strengthening of the previously considered notions of related-key attack (RKA) and key-dependent message (KDM) security. This strengthening is strict, as we show that 2-round Even–Mansour fails to be KCA secure even though it is both RKA and KDM secure. We provide feasibility results in the ideal-cipher model for KCAs and show that 3-round Even–Mansour is KCA secure under key offsets in the random-permutation model. We also give a natural transformation that converts any authenticated encryption scheme to a KCA-secure one in the random-oracle model. Conceptually, our results allow for a unified treatment of RKA and KDM security in idealized models of computation.
Downloads
Published
Issue
Section
License
Copyright (c) 2019 Aisling Connolly, Pooya Farshim, Georg Fuchsbauer
This work is licensed under a Creative Commons Attribution 4.0 International License.