TY - JOUR AU - Connolly, Aisling AU - Farshim, Pooya AU - Fuchsbauer, Georg PY - 2019/09/20 Y2 - 2024/03/28 TI - Security of Symmetric Primitives against Key-Correlated Attacks JF - IACR Transactions on Symmetric Cryptology JA - ToSC VL - 2019 IS - 3 SE - Articles DO - 10.13154/tosc.v2019.i3.193-230 UR - https://tosc.iacr.org/index.php/ToSC/article/view/8363 SP - 193-230 AB - <p>We study the security of symmetric primitives against <em>key-correlated attacks </em>(KCA), whereby an adversary can arbitrarily correlate keys, messages, and ciphertexts. Security against KCA is required whenever a primitive should securely encrypt key-dependent data, even when it is used under related keys. KCA is a strengthening of the previously considered notions of related-key attack (RKA) and key-dependent message (KDM) security. This strengthening is strict, as we show that 2-round Even–Mansour fails to be KCA secure even though it is <em>both </em>RKA and KDM secure. We provide feasibility results in the ideal-cipher model for KCAs and show that 3-round Even–Mansour is KCA secure under key offsets in the random-permutation model. We also give a natural transformation that converts any authenticated encryption scheme to a KCA-secure one in the random-oracle model. Conceptually, our results allow for a unified treatment of RKA and KDM security in idealized models of computation.</p> ER -