International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Pseudorandom Functions and Permutations Provably Secure Against Related-Key Attacks

Authors:
Mihir Bellare
David Cash
Download:
URL: http://eprint.iacr.org/2010/397
Search ePrint
Search Google
Abstract: This paper fills an important foundational gap with the first proofs, under standard assumptions and in the standard model, of the existence of pseudorandom functions (PRFs) and pseudorandom permutations (PRPs) resisting rich and relevant forms of related-key attacks (RKA). An RKA allows the adversary to query the function not only under the target key but under other keys derived from it in adversary-specified ways. Based on the Naor-Reingold PRF we obtain an RKA-PRF whose keyspace is a group and that is proven, under DDH, to resist attacks in which the key may be operated on by arbitrary adversary-specified group elements. Previous work was able only to provide schemes in idealized models (ideal cipher, random oracle), under new, non-standard assumptions, or for limited classes of attacks. The reason was technical difficulties that we resolve via a new approach and framework that, in addition to the above, yields other RKA-PRFs including a DLIN-based one derived from the Lewko-Waters PRF. Over the last 15 years cryptanalysts and blockcipher designers have routinely and consistently targeted RKA-security; it is visibly important for abuse-resistant cryptography; and it helps protect against fault-injection sidechannel attacks. Yet ours are the first significant proofs of existence of secure constructs. We warn that our constructs are proofs-of-concept in the foundational style and not practical.
BibTeX
@misc{eprint-2010-23298,
  title={Pseudorandom Functions and Permutations Provably Secure Against Related-Key Attacks},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / Pseudorandom Functions, Blockciphers, Related-Key Attacks, DDH},
  url={http://eprint.iacr.org/2010/397},
  note={Preliminary version in CRYPTO 2010. This is the full version. cdc@gatech.edu 14804 received 14 Jul 2010},
  author={Mihir Bellare and David Cash},
  year=2010
}