Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Cryptology

Inscrypt 2016: Information Security and Cryptology pp 150–165Cite as

How to Make the Cramer-Shoup Cryptosystem Secure Against Linear Related-Key Attacks

  • Conference paper
  • First Online:

  • 1155 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10143))

Abstract

Related-key attacks allow an adversary to change the key stored in the memory of a physical device via tampering or other means, and subsequently observe the outcomes of the cryptosystem under these modified keys. Cramer and Shoup (CRYPTO 1998) proposed the first practical public-key encryption scheme proven to be secure against adaptive chosen-ciphertext attacks in the standard model. The scheme (CS-PKE for short) has great influence since it embodies the paradigm of hash proof system. However, Wee (PKC 2012) showed that the CS-PKE scheme is not secure in the scenario of related-key attacks when the related-key derivation functions include linear functions. A fascinating problem left open is how to protect the classical CS-PKE scheme secure against linear related-key attacks. In this paper, we propose a simple method to make the Cramer-Shoup scheme secure against linear related-key attacks. The idea is to recompute the public key in the decryption algorithm from the secret key, so that any (dangerous) modification to the secret key could be detected during the decryption phase. The new scheme has the same efficiency as the original one, except for involving six exponentiations to fixed bases in the decryption algorithm. Fortunately, the computing time for one fixed-base exponentiation with precomputations is at least 5 times faster than that of one regular exponentiation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Abdalla, M., Benhamouda, F., Passelègue, A., Paterson, K.G.: Related-key security for pseudorandom functions beyond the linear barrier. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 77–94. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44371-2_5

    Chapter  Google Scholar 

  2. Bellare, M., Cash, D.: Pseudorandom functions and permutations provably secure against related-key attacks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 666–684. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14623-7_36

    Chapter  Google Scholar 

  3. Bellare, M., Cash, D., Miller, R.: Cryptography secure against related-key attacks and tampering. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 486–503. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_26

    Chapter  Google Scholar 

  4. Bellare, M., Paterson, K.G., Thomson, S.: RKA security beyond the linear barrier: IBE, encryption and signatures. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 331–348. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34961-4_21

    Chapter  Google Scholar 

  5. Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptology 7(4), 229–246 (1994)

    Article  MATH  Google Scholar 

  6. Biham, E., Dunkelman, O., Keller, N.: A related-key rectangle attack on the full KASUMI. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 443–461. Springer, Heidelberg (2005). doi:10.1007/11593447_24

    Chapter  Google Scholar 

  7. Biham, E., Dunkelman, O., Keller, N.: A unified approach to related-key attacks. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 73–96. Springer, Heidelberg (2008). doi:10.1007/978-3-540-71039-4_5

    Chapter  Google Scholar 

  8. Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1–18. Springer, Heidelberg (2009). doi:10.1007/978-3-642-10366-7_1

    Chapter  Google Scholar 

  9. Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03356-8_14

    Chapter  Google Scholar 

  10. Boyen, X., Mei, Q., Waters, B.: Direct chosen ciphertext security from identity-based techniques. In: Atluri, V., Meadows, C., Juels, A. (eds.) CCS 2005, pp. 320–329. ACM (2005)

    Google Scholar 

  11. Chen, Y., Qin, B., Zhang, J., Deng, Y., Chow, S.S.M.: Non-malleable functions and their applications. In: Cheng, C., Chung, K., Persiano, G., Yang, B. (eds.) PKC 2016, Part II. LNCS, vol. 9615, pp. 386–416. Springer, Heidelberg (2016)

    Google Scholar 

  12. Cramer, R., Dodis, Y., Fehr, S., Padró, C., Wichs, D.: Detection of algebraic manipulation with applications to robust secret sharing and fuzzy extractors. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 471–488. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78967-3_27

    Chapter  Google Scholar 

  13. Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). doi:10.1007/BFb0055717

    Chapter  Google Scholar 

  14. Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). doi:10.1007/3-540-46035-7_4

    Chapter  Google Scholar 

  15. Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  16. Cui, H., Mu, Y., Au, M.H.: Public-key encryption resilient to linear related-key attacks. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICSSITE, vol. 127, pp. 182–196. Springer, Cham (2013). doi:10.1007/978-3-319-04283-1_12

    Chapter  Google Scholar 

  17. Cui, H., Mu, Y., Au, M.H.: Public-key encryption resilient against linear related-key attacks revisited. In: TrustCom 2014, pp. 268–275. IEEE Computer Society (2014)

    Google Scholar 

  18. Cui, H., Mu, Y., Au, M.H.: Proof of retrievability with public verifiability resilient against related-key attacks. IET Inf. Secur. 9, 43–49 (2015)

    Article  Google Scholar 

  19. Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. In: Yao, A.C. (ed.) Innovations in Computer Science - ICS 2010, pp. 434–452. Tsinghua University Press (2010)

    Google Scholar 

  20. Fujisaki, E., Xagawa, K.: Efficient RKA-secure KEM and IBE schemes against invertible functions. In: Lauter, K., Rodríguez-Henríquez, F. (eds.) LATINCRYPT 2015. LNCS, vol. 9230, pp. 3–20. Springer, Cham (2015). doi:10.1007/978-3-319-22174-8_1

    Chapter  Google Scholar 

  21. Jafargholi, Z., Wichs, D.: Tamper detection and continuous non-malleable codes. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 451–480. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46494-6_19

    Google Scholar 

  22. Jia, D., Li, B., Lu, X., Mei, Q.: Related key secure PKE from hash proof systems. In: Yoshida, M., Mouri, K. (eds.) IWSEC 2014. LNCS, vol. 8639, pp. 250–265. Springer, Cham (2014). doi:10.1007/978-3-319-09843-2_19

    Google Scholar 

  23. Jia, D., Lu, X., Li, B., Mei, Q.: RKA secure PKE based on the DDH and HR assumptions. In: Susilo, W., Reyhanitabar, R. (eds.) ProvSec 2013. LNCS, vol. 8209, pp. 271–287. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41227-1_16

    Chapter  Google Scholar 

  24. Kiltz, E., Pietrzak, K., Stam, M., Yung, M.: A new randomness extraction paradigm for hybrid encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 590–609. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_34

    Chapter  Google Scholar 

  25. Matsumoto, T., Kato, K., Imai, H.: Speeding up secret computations with insecure auxiliary devices. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 497–506. Springer, New York (1990). doi:10.1007/0-387-34799-2_35

    Google Scholar 

  26. Möller, B.: Algorithms for multi-exponentiation. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 165–180. Springer, Heidelberg (2001). doi:10.1007/3-540-45537-X_13

    Chapter  Google Scholar 

  27. Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Ortiz, H. (ed.) STOC 1990, pp. 427–437. ACM (1990)

    Google Scholar 

  28. Phan, R.C.-W.: Related-key attacks on triple-DES and DESX variants. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 15–24. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24660-2_2

    Chapter  Google Scholar 

  29. Qin, B., Liu, S., Yuen, T.H., Deng, R.H., Chen, K.: Continuous non-malleable key derivation and its application to related-key security. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 557–578. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46447-2_25

    Google Scholar 

  30. Scott, M.: Faster pairings using an elliptic curve with an efficient endomorphism. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 258–269. Springer, Heidelberg (2005). doi:10.1007/11596219_21

    Chapter  Google Scholar 

  31. Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. IACR Cryptology ePrint Archive 2004, 332 (2004)

    Google Scholar 

  32. Wee, H.: Public key encryption against related key attacks. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 262–279. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30057-8_16

    Chapter  Google Scholar 

  33. Zhang, W., Wu, W., Zhang, L., Feng, D.: Improved related-key impossible differential attacks on reduced-round AES-192. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 15–27. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74462-7_2

    Chapter  Google Scholar 

Download references

Acknowledgments

This work was supported by the National Natural Science Foundation of China (Grant No. 61502400, 61672346, 61402199, 61303257), the Science Foundation of Sichuan Educational Committee (Grant No. 16ZB0140), the Natural Science Foundation of Southwest University of Science and Technology (Grant No. 16zx7107), the Youth Innovation Promotion Association CAS and the Natural Science Funds of Guangdong (Grant No. 2015A030310017)

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Southwest University of Science and Technology, Mianyang, 621010, China

    Baodong Qin

  2. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China

    Baodong Qin

  3. Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China

    Shuai Han & Shengli Liu

  4. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Yu Chen

  5. Huawei Singapore Research Center, Singapore, Singapore

    Zhuo Wei

Authors
  1. Baodong Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shuai Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shengli Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhuo Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Baodong Qin .

Editor information

Editors and Affiliations

  1. School of Science, Hangzhou Normal University, Hangzhou, China

    Kefei Chen

  2. Institute of Information Engineering, SKLOIS, Beijing, China

    Dongdai Lin

  3. Snapchat Inc., Columbia University, New York, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Qin, B., Han, S., Chen, Y., Liu, S., Wei, Z. (2017). How to Make the Cramer-Shoup Cryptosystem Secure Against Linear Related-Key Attacks. In: Chen, K., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2016. Lecture Notes in Computer Science(), vol 10143. Springer, Cham. https://doi.org/10.1007/978-3-319-54705-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54705-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54704-6

  • Online ISBN: 978-3-319-54705-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation