Critique of the related-key attack concept

Authors:
David G. Harris
Affiliations:
United States Department of Defense, Washington, USA
Venue:
Designs, Codes and Cryptography
Year:
2011

Citing 11
Cited 0

Handbook of Applied Cryptography

Handbook of Applied Cryptography
The Design of Rijndael

The Design of Rijndael
Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA

ICICS '97 Proceedings of the First International Conference on Information and Communication Security
Weaknesses in the Key Scheduling Algorithm of RC4

SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Cryptanalysis of LOKI91

ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Related-Key Cryptanalysis of the Full AES-192 and AES-256

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Collision free hash functions and public key signature schemes

EUROCRYPT'87 Proceedings of the 6th annual international conference on Theory and application of cryptographic techniques
A theoretical treatment of related-key attacks: RKA-PRPS, RKA-PRFs, and applications

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Formalizing human ignorance

VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
The ideal-cipher model, revisited: an uninstantiable blockcipher-based hash function

FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Related-Key boomerang and rectangle attacks

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

In a related-key attack, an attacker seeks to discover the secret key by requesting encryptions under keys related to the secret key in a manner chosen by the attacker. We describe a new related-key attack against generic ciphers, requiring just O(1) work to distinguish a cipher from random, and O(key length) to completely recover the secret key. This attack applies within a model which was not previously known to be vulnerable, undermining the theoretical foundation of the related-key attack concept. We propose a new definition of related-key security, which prevents all known generic attacks including this new attack. We discuss the theoretical consequences of this new definition.