Chosen-key attacks on a block cipher
Cryptologia
How to construct pseudorandom permutations from pseudorandom functions
SIAM Journal on Computing - Special issue on cryptography
New types of cryptanalytic attacks using related keys
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The security of the cipher block chaining message authentication code
Journal of Computer and System Sciences
Key-Dependent S-Boxes and Differential Cryptanalysis
Designs, Codes and Cryptography
Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
A theoretical treatment of related-key attacks: RKA-PRPS, RKA-PRFs, and applications
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
On the notions of PRP-RKA, KR and KR-RKA for block ciphers
ProvSec'07 Proceedings of the 1st international conference on Provable security
New cryptanalytic results on IDEA
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
A related-key rectangle attack on the full KASUMI
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Related-key and meet-in-the-middle attacks on Triple-DES and DES-EXE
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
On the existence of related-key oracles in cryptosystems based on block ciphers
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Related-Key boomerang and rectangle attacks
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Related-Key attacks on reduced rounds of SHACAL-2
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
EME*: extending EME to handle arbitrary-length messages with associated data
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
A simple related-key attack on the full SHACAL-1
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Related-key rectangle attacks on reduced AES-192 and AES-256
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Hi-index | 0.00 |
The theory of designing block ciphers is mature, having seen significant progress since the early 1990s for over two decades, especially during the AES development effort. Nevertheless, interesting directions exist, in particular in the study of the provable security of block ciphers along similar veins as public-key primitives, i.e. the notion of pseudorandomness (PRP) and indistinguishability (IND). Furthermore, recent cryptanalytic progress has shown that block ciphers well designed against known cryptanalysis techniques including related-key attacks (RKA) may turn out to be less secure against RKA than expected. The notion of provable security of block ciphers against RKA was initiated by Bellare and Kohno, and subsequently treated by Lucks. Concrete block cipher constructions were proposed therein with provable security guarantees. In this paper, we are interested in the security notions for RKA-secure block ciphers. In the first part of the paper, we show that secure tweakable permutation families in the sense of strong pseudorandom permutation (SPRP) can be transformed into secure permutation families in the sense of SPRP against some classes of RKA (SPRP---RKA). This fact allows us to construct a secure SPRP---RKA cipher which is faster than the Bellare---Kohno PRP---RKA cipher. We also show that function families of a certain form secure in the sense of a pseudorandom function (PRF) can be transformed into secure permutation families in the sense of PRP against some classes of RKA (PRP---RKA). We can exploit it to get various constructions secure against some classes of RKA from known MAC algorithms. Furthermore, we discuss how the key recovery (KR) security of the Bellare---Kohno PRP---RKA, the Lucks PRP---RKA and our SPRP---RKA ciphers relates to existing types of attacks on block ciphers like meet-in-the-middle and slide attacks. In the second part of the paper, we define other security notions for RKA-secure block ciphers, namely in the sense of indistinguishability (IND) and non-malleability, and show the relations between these security notions. In particular, we show that secure tweakable permutation families in the sense of IND (resp. non-malleability) can be transformed into RKA-secure permutation families in the sense of IND (resp. non-malleability).