Skip to main content
SpringerLink
Log in

On the Existence of Related-Key Oracles in Cryptosystems Based on Block Ciphers

  • Conference paper
On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (OTM 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4277))

Abstract

The notion of a related-key attack (RKA) was formally introduced by Biham in 1993. It is essentially more of an attack model rather than a specific type of attack in that it considers what sort of oracles are available to the attacker. In this case, the attacker has access to related-key (RK) oracles, i.e. he is able to have encryptions performed on plaintexts of his choice, keyed by two or more unknown but related keys. The feasibility of this attack model is at times debated mainly because the assumption that an attacker would have access to RK oracles may be too strong to really exist in practice. Hence, attacks on block ciphers in this RKA model have commonly not been regarded on the same level of significance of those not requiring RK oracles. A good example is the AES. It is generally accepted that the best known attack is a non-RKA by Gilbert and Minier in 2000, although it applies to less rounds compared to the best known RKA on AES by Biham et al. that applies to more rounds. It is our aim in this paper to show how RK oracles exist in various block cipher based cryptosystems. The gist is to think outside the box, i.e. to note that a block cipher is often an underlying primitive within a larger cryptographic construct, thus it is only natural to evaluate the block cipher security in this setting and not as a standalone primitive. In doing so, we formally introduce the notion of related-key multiplicative differentials, and related-key compositionally differentials. We also consider the existence of RK oracles in PGV-type hash functions, message authentication codes, recent authenticated encryption modes and cases of key-exchange protocols not previously mentioned in literature.

An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915034_125.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Kohno, T.: A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003), available at http://www-cse.ucsd.edu/users/tkohno/papers/RKA/rka.pdf

    Chapter  Google Scholar 

  2. Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. J. Cryptology 7(4), 229–246 (1994)

    Article  MATH  Google Scholar 

  3. Biham, E., Dunkelman, O., Keller, N.: A Related-Key Rectangle Attack on the Full KASUMI. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 443–461. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Biham, E., Dunkelman, O., Keller, N.: Related-Key Boomerang and Rectangle Attacks. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507–525. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Borisov, N., Chew, M., Johnson, R., Wagner, D.: Multiplicative Differentials. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 17–33. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)

    Google Scholar 

  7. Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: Proc. of IEEE-FOCS 2001, pp. 136–145 (2001)

    Google Scholar 

  8. Diffie, W., Hellman, M.E.: Privacy and Authentication: An Introduction to Cryptography. Proc. of the IEEE 67(3), 397–427 (1979)

    Article  Google Scholar 

  9. Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., Whiting, D.: Improved Cryptanalysis of Rijndael. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Gilbert, H., Minier, M.: A Collision Attack on 7 Rounds of Rijndael. In: Proc. of AES 2000, pp. 230–241 (2000)

    Google Scholar 

  11. Goldreich, O., Krawczyk, H.: On the Composition of Zero-Knowledge Proof Systems. In: Paterson, M. (ed.) ICALP 1990. LNCS, vol. 443, pp. 268–282. Springer, Heidelberg (1990)

    Chapter  Google Scholar 

  12. Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Jaulmes, É., Joux, A., Valette, F.: RMAC: A Randomized MAC Beyond the Birthday Paradox Limit, available online at http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/rmac/rmac-spec.pdf

  14. Kanjanarin, W., Amornraksa, T.: Scrambling and Key Distribution Scheme for Digital Television. In: Proc. of IEEE-ICON 2001, pp. 140–145 (2001)

    Google Scholar 

  15. Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)

    Google Scholar 

  16. Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  17. Kelsey, J., Schneier, B., Wagner, D.: Protocol Interactions and the Chosen Protocol Attack. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 91–104. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  18. Kim, J., Biryukov, A., Preneel, B., Hong, S.: On the Security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  19. Kim, J., Biryukov, A., Preneel, B., Lee, S.: On the Security of Encryption Modes of MD4, MD5 and HAVAL. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 147–158. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Knudsen, L.R.: Cryptanalysis of LOKI. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 22–35. Springer, Heidelberg (1993)

    Google Scholar 

  21. Knudsen, L.R., Kohno, T.: Analysis of RMAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 182–191. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  22. Ko, Y., Hong, S., Lee, W., Lee, S., Kang, J.-S.: Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 299–316. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  23. Kurosawa, K., Iwata, T.: TMAC: Two-Key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 33–49. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  24. Lucks, S.: Ciphers Secure against Related-Key Attacks. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 359–370. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  25. NIST. Advanced Encryption Standard (AES). FIPS 197 (2001)

    Google Scholar 

  26. NIST. Recommendation for Block Cipher Modes of Operation. SP800-38A (2001)

    Google Scholar 

  27. NIST. Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. SP800-38C (2004)

    Google Scholar 

  28. NIST. Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. SP800-38B (2005)

    Google Scholar 

  29. NIST. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication. Draft SP800-38D (2006)

    Google Scholar 

  30. Pfitzmann, B., Waidner, M.: Composition and Integrity Preservation of Secure Reactive Systems. In: Proc. of ACM-CCS 2000, pp. 245–254 (2000)

    Google Scholar 

  31. Phan, R.C.-W.: Related-Key Attacks on Triple-DES and DESX Variants. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 15–24. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  32. Phan, R.C.-W., Handschuh, H.: On Related-Key and Collision Attacks: The Case for the IBM 4758 Cryptoprocessor. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 111–122. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  33. Preneel, B.: Hash Functions and MAC Algorithms Based on Block Ciphers. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 270–282. Springer, Heidelberg (1997)

    Google Scholar 

  34. Preneel, B., Govaerts, R., Vandewalle, J.: Differential Cryptanalysis of Hash Functions Based on Block Ciphers. In: Proc. of ACM-CCS 1993, pp. 183–188 (1993)

    Google Scholar 

  35. Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994)

    Google Scholar 

  36. Rabin, M.O.: Digitalized Signatures. In: Fdns. of Secure Computation, pp. 155–166 (1978)

    Google Scholar 

  37. Tsudik, G., Herreweghen, E.V.: On Simple and Secure Key Distribution. In: Proc. of ACM-CCS 1993, pp. 49–57 (1993)

    Google Scholar 

  38. Winternitz, R.S., Hellman, M.E.: Chosen-key Attacks on a Block Cipher. Cryptologia 11(1), 16–20 (1987)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Research (iSECURES) Lab, Swinburne University of Technology (Sarawak Campus), Malaysia

    Ermaliza Razali & Raphael C. -W. Phan

Authors
  1. Ermaliza Razali
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raphael C. -W. Phan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STARLab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. School of Computer Science and Information Technology, RMIT University, Bld 10.10, 376-392 Swanston Street, 3001, Melbourne, VIC, Australia

    Zahir Tari

  3. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain

    Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Razali, E., Phan, R.C.W. (2006). On the Existence of Related-Key Oracles in Cryptosystems Based on Block Ciphers. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4277. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915034_66

Download citation

  • DOI: https://doi.org/10.1007/11915034_66

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-48269-7

  • Online ISBN: 978-3-540-48272-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation