How to construct pseudorandom permutations from pseudorandom functions
SIAM Journal on Computing - Special issue on cryptography
New types of cryptanalytic attacks using related keys
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The security of the cipher block chaining message authentication code
Journal of Computer and System Sciences
OCB: a block-cipher mode of operation for efficient authenticated encryption
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
The Design of Rijndael
On the Security of CTR + CBC-MAC
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
A Block-Cipher Mode of Operation for Parallelizable Message Authentication
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Provable Security of KASUMI and 3GPP Encryption Mode f8
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Related Key Attacks on Reduced Round KASUMI
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Encryption Modes with Almost Free Message Integrity
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Analysis of 3gpp-MAC and two-key 3gpp-MAC
Discrete Applied Mathematics - Special issue: International workshop on coding and cryptography (WCC 2001)
A theoretical treatment of related-key attacks: RKA-PRPS, RKA-PRFs, and applications
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
How to enhance the security of the 3GPP confidentiality and integrity algorithms
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
How to enhance the security of the 3GPP confidentiality and integrity algorithms
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
3kf9: enhancing 3GPP-MAC beyond the birthday bound
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
We consider the 3GPP confidentiality and integrity schemes that were adopted by Universal Mobile Telecommunication System, an emerging standard for third generation wireless communications. The schemes, known as f8 and f9, are based on the block cipher KASUMI. Although previous works claim security proofs for f8 and f9′, where f9′ is a generalized version of f9, it was shown that these proofs are incorrect; it is impossible to prove f8 and f9′ secure under the standard PRP assumption on the underlying block cipher. Following the results, it was shown that it is possible to prove f8′ and f9′ secure if we make the assumption that the underlying block cipher is a secure PRP-RKA against a certain class of related-key attacks; here f8′ is a generalized version of f8. Needless to say, the assumptions here are stronger than the standard PRP assumptions, and it is natural to seek a practical way to modify f8′ and f9′ to establish security proofs under the standard PRP assumption. In this paper, we propose f8+ and f9+, slightly modified versions of f8′ and f9′, but they allow proofs of security under the standard PRP assumption. Our results are practical in the sense that we insist on the minimal modifications; f8+ is obtained from f8′ by setting the key modifier to all-zero, and f9+ is obtained from f9′ by setting the key modifier to all-zero, and using the encryptions of two constants in the CBC MAC computation.