Notions and relations for RKA-secure permutation and function families |
| |
Authors: | Jongsung Kim Jaechul Sung Ermaliza Razali Raphael C-W Phan Marc Joye |
| |
Institution: | 1.Division of e-Business,Kyungnam University,Masan, Kyungnam,Korea;2.Department of Mathematics,University of Seoul,Seoul,Korea;3.Information Security Research (iSECURES) Lab,Swinburne University of Technology,Sarawak,Malaysia;4.Electronic & Electrical Engineering,Loughborough University,Loughborough,UK;5.Technicolor, Security & Content Protection Labs,Cesson-Sévigné, Cedex,France |
| |
Abstract: | The theory of designing block ciphers is mature, having seen significant progress since the early 1990s for over two decades,
especially during the AES development effort. Nevertheless, interesting directions exist, in particular in the study of the
provable security of block ciphers along similar veins as public-key primitives, i.e. the notion of pseudorandomness (PRP)
and indistinguishability (IND). Furthermore, recent cryptanalytic progress has shown that block ciphers well designed against
known cryptanalysis techniques including related-key attacks (RKA) may turn out to be less secure against RKA than expected.
The notion of provable security of block ciphers against RKA was initiated by Bellare and Kohno, and subsequently treated
by Lucks. Concrete block cipher constructions were proposed therein with provable security guarantees. In this paper, we are
interested in the security notions for RKA-secure block ciphers. In the first part of the paper, we show that secure tweakable
permutation families in the sense of strong pseudorandom permutation (SPRP) can be transformed into secure permutation families
in the sense of SPRP against some classes of RKA (SPRP–RKA). This fact allows us to construct a secure SPRP–RKA cipher which
is faster than the Bellare–Kohno PRP–RKA cipher. We also show that function families of a certain form secure in the sense
of a pseudorandom function (PRF) can be transformed into secure permutation families in the sense of PRP against some classes
of RKA (PRP–RKA). We can exploit it to get various constructions secure against some classes of RKA from known MAC algorithms.
Furthermore, we discuss how the key recovery (KR) security of the Bellare–Kohno PRP–RKA, the Lucks PRP–RKA and our SPRP–RKA
ciphers relates to existing types of attacks on block ciphers like meet-in-the-middle and slide attacks. In the second part
of the paper, we define other security notions for RKA-secure block ciphers, namely in the sense of indistinguishability (IND) and non-malleability, and show the relations between these security notions. In particular, we show that secure tweakable permutation families
in the sense of IND (resp. non-malleability) can be transformed into RKA-secure permutation families in the sense of IND (resp.
non-malleability). |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|