Chosen-key attacks on a block cipher
Cryptologia
On simple and secure key distribution
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Differential cryptanalysis of hash functions based on block ciphers
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Composition and integrity preservation of secure reactive systems
Proceedings of the 7th ACM conference on Computer and communications security
On the Composition of Zero-Knowledge Proof Systems
ICALP '90 Proceedings of the 17th International Colloquium on Automata, Languages and Programming
Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Protocol Interactions and the Chosen Protocol Attack
Proceedings of the 5th International Workshop on Security Protocols
Improved Cryptanalysis of Rijndael
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
Hash Functions and MAC Algorithms Based on Block Ciphers
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Scrambling and Key Distribution Scheme for Digital Television
ICON '01 Proceedings of the 9th IEEE International Conference on Networks
Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
A theoretical treatment of related-key attacks: RKA-PRPS, RKA-PRFs, and applications
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
A related-key rectangle attack on the full KASUMI
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Related-Key boomerang and rectangle attacks
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
On the security of encryption modes of MD4, MD5 and HAVAL
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract)
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Improved Related-key Attacks on DESX and DESX+
Cryptologia
Security analysis of the full-round DDO-64 block cipher
Journal of Systems and Software
On the notions of PRP-RKA, KR and KR-RKA for block ciphers
ProvSec'07 Proceedings of the 1st international conference on Provable security
Notions and relations for RKA-secure permutation and function families
Designs, Codes and Cryptography
| Hi-index | 0.00 |
The notion of a related-key attack (RKA) was formally introduced by Biham in 1993 It is essentially more of an attack model rather than a specific type of attack in that it considers what sort of oracles are available to the attacker In this case, the attacker has access to related-key (RK) oracles, i.e he is able to have encryptions performed on plaintexts of his choice, keyed by two or more unknown but related keys The feasibility of this attack model is at times debated mainly because the assumption that an attacker would have access to RK oracles may be too strong to really exist in practice Hence, attacks on block ciphers in this RKA model have commonly not been regarded on the same level of significance of those not requiring RK oracles A good example is the AES It is generally accepted that the best known attack is a non-RKA by Gilbert and Minier in 2000, although it applies to less rounds compared to the best known RKA on AES by Biham et al that applies to more rounds It is our aim in this paper to show how RK oracles exist in various block cipher based cryptosystems The gist is to think outside the box, i.e to note that a block cipher is often an underlying primitive within a larger cryptographic construct, thus it is only natural to evaluate the block cipher security in this setting and not as a standalone primitive In doing so, we formally introduce the notion of related-key multiplicative differentials, and related-key compositionally differentials We also consider the existence of RK oracles in PGV-type hash functions, message authentication codes, recent authenticated encryption modes and cases of key-exchange protocols not previously mentioned in literature.