Relaxing full-codebook security: A refined analysis of key-length extension schemes

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 270
  • Download : 0
DC FieldValueLanguage
dc.contributor.authorGaži, Peterko
dc.contributor.authorSeurin, Yannickko
dc.contributor.authorLee, Jooyoungko
dc.contributor.authorSteinberger, Johnko
dc.contributor.authorTessaro, Stefanoko
dc.date.accessioned2017-08-02T08:46:31Z-
dc.date.available2017-08-02T08:46:31Z-
dc.date.created2017-07-19-
dc.date.created2017-07-19-
dc.date.created2017-07-19-
dc.date.created2017-07-19-
dc.date.issued2015-03-08-
dc.identifier.citation22nd International Workshop on Fast Software Encryption, FSE 2015, pp.319 - 341-
dc.identifier.urihttp://hdl.handle.net/10203/224961-
dc.description.abstractWe revisit the security (as a pseudorandom permutation) of cascading-based constructions for block-cipher key-length extension. Previous works typically considered the extreme case where the adversary is given the entire codebook of the construction, the only complexity measure being the number qe of queries to the underlying ideal block cipher, representing adversary’s secret-key-independent computation. Here, we initiate a systematic study of the more natural case of an adversary restricted to adaptively learning a number qc of plaintext/ciphertext pairs that is less than the entire codebook. For any such qc, we aim to determine the highest number of block-cipher queries qe the adversary can issue without being able to successfully distinguish the construction (under a secret key) from a random permutation. More concretely, we show the following results for key-length extension schemes using a block cipher with n-bit blocks and κ-bit keys: – Plain cascades of length ℓ = 2r+1 are secure whenever qcqre ≪ 2r(κ+n), qc ≪ 2κ and qe ≪ 22κ. The bound for r = 1 also applies to two-key triple encryption (as used within Triple DES). – The r-round XOR-cascade is secure as long as qcqre ≪ 2r(κ+n), matching an attack by Gaži (CRYPTO 2013). – We fully characterize the security of Ga ži and Tessaro’s two-call 2XOR construction (EUROCRYPT 2012) for all values of qc, and note that the addition of a third whitening step strictly increases security for 2n/4 ≤ qc ≤ 23/4n. We also propose a variant of this construction without re-keying and achieving comparable security levels.-
dc.languageEnglish-
dc.publisherSpringer Verlag-
dc.titleRelaxing full-codebook security: A refined analysis of key-length extension schemes-
dc.typeConference-
dc.identifier.scopusid2-s2.0-84944550339-
dc.type.rimsCONF-
dc.citation.beginningpage319-
dc.citation.endingpage341-
dc.citation.publicationname22nd International Workshop on Fast Software Encryption, FSE 2015-
dc.identifier.conferencecountryTU-
dc.identifier.conferencelocationIstanbul Commerce University-
dc.identifier.doi10.1007/978-3-662-48116-5_16-
dc.contributor.localauthorLee, Jooyoung-
dc.contributor.nonIdAuthorGaži, Peter-
dc.contributor.nonIdAuthorSeurin, Yannick-
dc.contributor.nonIdAuthorSteinberger, John-
dc.contributor.nonIdAuthorTessaro, Stefano-
Appears in Collection
CS-Conference Papers(학술회의논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0