The Key-Dependent Message Security of Key-Alternating Feistel Ciphers View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2021-05-11

AUTHORS

Pooya Farshim , Louiza Khati , Yannick Seurin , Damien Vergnaud

ABSTRACT

Key-Alternating Feistel (KAF) ciphers are a popular variant of Feistel ciphers whereby the round functions are defined as x↦F(ki⊕x)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$x \mapsto \mathsf {F}(k_i \oplus x)$$\end{document}, where ki\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$k_i$$\end{document} are the round keys and F\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {F}$$\end{document} is a public random function. Most Feistel ciphers, such as DES, indeed have such a structure. However, the security of this construction has only been studied in the classical CPA/CCA models. We provide the first security analysis of KAF ciphers in the key-dependent message (KDM) attack model, where plaintexts can be related to the private key. This model is motivated by cryptographic schemes used within application scenarios such as full-disk encryption or anonymous credential systems.We show that the four-round KAF cipher, with a single function F\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {F}$$\end{document} reused across the rounds, provides KDM security for a non-trivial set of KDM functions. To do so, we develop a generic proof methodology, based on the H-coefficient technique, that can ease the analysis of other block ciphers in such strong models of security. More... »

PAGES

351-374

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-75539-3_15

DOI

http://dx.doi.org/10.1007/978-3-030-75539-3_15

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1137886141


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Department of Computer Science, University of York, York, UK", 
          "id": "http://www.grid.ac/institutes/grid.5685.e", 
          "name": [
            "Department of Computer Science, University of York, York, UK"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Farshim", 
        "givenName": "Pooya", 
        "id": "sg:person.014211315007.75", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014211315007.75"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Khati", 
        "givenName": "Louiza", 
        "id": "sg:person.016623444027.38", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016623444027.38"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "ANSSI, Paris, France", 
          "id": "http://www.grid.ac/institutes/None", 
          "name": [
            "ANSSI, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Seurin", 
        "givenName": "Yannick", 
        "id": "sg:person.011724731171.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Sorbonne Universit\u00e9, LIP6 and Institut Universitaire de France, Paris, France", 
          "id": "http://www.grid.ac/institutes/grid.462844.8", 
          "name": [
            "Sorbonne Universit\u00e9, LIP6 and Institut Universitaire de France, Paris, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Vergnaud", 
        "givenName": "Damien", 
        "id": "sg:person.010540646221.28", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010540646221.28"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2021-05-11", 
    "datePublishedReg": "2021-05-11", 
    "description": "Key-Alternating Feistel (KAF) ciphers are a popular variant of Feistel ciphers whereby the round functions are defined as x\u21a6F(ki\u2295x)\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$x \\mapsto \\mathsf {F}(k_i \\oplus x)$$\\end{document}, where ki\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$k_i$$\\end{document} are the round keys and F\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\mathsf {F}$$\\end{document} is a public random function. Most Feistel ciphers, such as DES, indeed have such a structure. However, the security of this construction has only been studied in the classical CPA/CCA models. We provide the first security analysis of KAF ciphers in the key-dependent message (KDM) attack model, where plaintexts can be related to the private key. This model is motivated by cryptographic schemes used within application scenarios such as full-disk encryption or anonymous credential systems.We show that the four-round KAF cipher, with a single function F\\documentclass[12pt]{minimal}\n\t\t\t\t\\usepackage{amsmath}\n\t\t\t\t\\usepackage{wasysym}\n\t\t\t\t\\usepackage{amsfonts}\n\t\t\t\t\\usepackage{amssymb}\n\t\t\t\t\\usepackage{amsbsy}\n\t\t\t\t\\usepackage{mathrsfs}\n\t\t\t\t\\usepackage{upgreek}\n\t\t\t\t\\setlength{\\oddsidemargin}{-69pt}\n\t\t\t\t\\begin{document}$$\\mathsf {F}$$\\end{document} reused across the rounds, provides KDM security for a non-trivial set of KDM functions. To do so, we develop a generic proof methodology, based on the H-coefficient technique, that can ease the analysis of other block ciphers in such strong models of security.", 
    "editor": [
      {
        "familyName": "Paterson", 
        "givenName": "Kenneth G.", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-75539-3_15", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-030-75538-6", 
        "978-3-030-75539-3"
      ], 
      "name": "Topics in Cryptology \u2013 CT-RSA 2021", 
      "type": "Book"
    }, 
    "keywords": [
      "key-dependent message (KDM) security", 
      "full disk encryption", 
      "anonymous credential system", 
      "first security analysis", 
      "public random function", 
      "cryptographic schemes", 
      "message security", 
      "security analysis", 
      "private key", 
      "credential system", 
      "KDM security", 
      "attack model", 
      "application scenarios", 
      "proof methodology", 
      "Feistel ciphers", 
      "block cipher", 
      "cipher", 
      "security", 
      "round keys", 
      "popular variants", 
      "round function", 
      "strong model", 
      "H-coefficient technique", 
      "non-trivial set", 
      "key", 
      "encryption", 
      "plaintext", 
      "single function", 
      "CCA model", 
      "random function", 
      "scenarios", 
      "scheme", 
      "model", 
      "set", 
      "DES", 
      "methodology", 
      "system", 
      "technique", 
      "construction", 
      "KAF", 
      "rounds", 
      "function", 
      "analysis", 
      "variants", 
      "structure"
    ], 
    "name": "The Key-Dependent Message Security of Key-Alternating Feistel Ciphers", 
    "pagination": "351-374", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1137886141"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-75539-3_15"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-75539-3_15", 
      "https://app.dimensions.ai/details/publication/pub.1137886141"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-12-01T06:55", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221201/entities/gbq_results/chapter/chapter_61.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-75539-3_15"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75539-3_15'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75539-3_15'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75539-3_15'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-75539-3_15'


 

This table displays all metadata directly associated to this object as RDF triples.

131 TRIPLES      22 PREDICATES      69 URIs      62 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-75539-3_15 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N29b3af982e7c4e7785aa335cc769236f
4 schema:datePublished 2021-05-11
5 schema:datePublishedReg 2021-05-11
6 schema:description Key-Alternating Feistel (KAF) ciphers are a popular variant of Feistel ciphers whereby the round functions are defined as x↦F(ki⊕x)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$x \mapsto \mathsf {F}(k_i \oplus x)$$\end{document}, where ki\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$k_i$$\end{document} are the round keys and F\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {F}$$\end{document} is a public random function. Most Feistel ciphers, such as DES, indeed have such a structure. However, the security of this construction has only been studied in the classical CPA/CCA models. We provide the first security analysis of KAF ciphers in the key-dependent message (KDM) attack model, where plaintexts can be related to the private key. This model is motivated by cryptographic schemes used within application scenarios such as full-disk encryption or anonymous credential systems.We show that the four-round KAF cipher, with a single function F\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\mathsf {F}$$\end{document} reused across the rounds, provides KDM security for a non-trivial set of KDM functions. To do so, we develop a generic proof methodology, based on the H-coefficient technique, that can ease the analysis of other block ciphers in such strong models of security.
7 schema:editor Ndea201635c5c4811b8ae28888a668c1e
8 schema:genre chapter
9 schema:isAccessibleForFree false
10 schema:isPartOf N66d8e60490ca4f44b57fb0ee3ec05f7d
11 schema:keywords CCA model
12 DES
13 Feistel ciphers
14 H-coefficient technique
15 KAF
16 KDM security
17 analysis
18 anonymous credential system
19 application scenarios
20 attack model
21 block cipher
22 cipher
23 construction
24 credential system
25 cryptographic schemes
26 encryption
27 first security analysis
28 full disk encryption
29 function
30 key
31 key-dependent message (KDM) security
32 message security
33 methodology
34 model
35 non-trivial set
36 plaintext
37 popular variants
38 private key
39 proof methodology
40 public random function
41 random function
42 round function
43 round keys
44 rounds
45 scenarios
46 scheme
47 security
48 security analysis
49 set
50 single function
51 strong model
52 structure
53 system
54 technique
55 variants
56 schema:name The Key-Dependent Message Security of Key-Alternating Feistel Ciphers
57 schema:pagination 351-374
58 schema:productId N2f5755a3ce564fb89c9766371b3c49bd
59 N32978374f52c4f78ac529f60c95a0d1c
60 schema:publisher Nb650222ee2744ee2a8317e15ba42f6c1
61 schema:sameAs https://app.dimensions.ai/details/publication/pub.1137886141
62 https://doi.org/10.1007/978-3-030-75539-3_15
63 schema:sdDatePublished 2022-12-01T06:55
64 schema:sdLicense https://scigraph.springernature.com/explorer/license/
65 schema:sdPublisher Ne824177c029e44eabcbf2eb927328184
66 schema:url https://doi.org/10.1007/978-3-030-75539-3_15
67 sgo:license sg:explorer/license/
68 sgo:sdDataset chapters
69 rdf:type schema:Chapter
70 N29b3af982e7c4e7785aa335cc769236f rdf:first sg:person.014211315007.75
71 rdf:rest N31492aecb03244c0b264bc60881d08db
72 N2f5755a3ce564fb89c9766371b3c49bd schema:name doi
73 schema:value 10.1007/978-3-030-75539-3_15
74 rdf:type schema:PropertyValue
75 N31492aecb03244c0b264bc60881d08db rdf:first sg:person.016623444027.38
76 rdf:rest N7eccb52b9f06401395f52f8e5defe455
77 N32978374f52c4f78ac529f60c95a0d1c schema:name dimensions_id
78 schema:value pub.1137886141
79 rdf:type schema:PropertyValue
80 N66d8e60490ca4f44b57fb0ee3ec05f7d schema:isbn 978-3-030-75538-6
81 978-3-030-75539-3
82 schema:name Topics in Cryptology – CT-RSA 2021
83 rdf:type schema:Book
84 N7eccb52b9f06401395f52f8e5defe455 rdf:first sg:person.011724731171.01
85 rdf:rest N808d100e790848daace88adef2334994
86 N808d100e790848daace88adef2334994 rdf:first sg:person.010540646221.28
87 rdf:rest rdf:nil
88 Nb650222ee2744ee2a8317e15ba42f6c1 schema:name Springer Nature
89 rdf:type schema:Organisation
90 Nbfcac34002e945d2a46c705fa83ebc97 schema:familyName Paterson
91 schema:givenName Kenneth G.
92 rdf:type schema:Person
93 Ndea201635c5c4811b8ae28888a668c1e rdf:first Nbfcac34002e945d2a46c705fa83ebc97
94 rdf:rest rdf:nil
95 Ne824177c029e44eabcbf2eb927328184 schema:name Springer Nature - SN SciGraph project
96 rdf:type schema:Organization
97 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
98 schema:name Information and Computing Sciences
99 rdf:type schema:DefinedTerm
100 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
101 schema:name Data Format
102 rdf:type schema:DefinedTerm
103 sg:person.010540646221.28 schema:affiliation grid-institutes:grid.462844.8
104 schema:familyName Vergnaud
105 schema:givenName Damien
106 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010540646221.28
107 rdf:type schema:Person
108 sg:person.011724731171.01 schema:affiliation grid-institutes:None
109 schema:familyName Seurin
110 schema:givenName Yannick
111 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011724731171.01
112 rdf:type schema:Person
113 sg:person.014211315007.75 schema:affiliation grid-institutes:grid.5685.e
114 schema:familyName Farshim
115 schema:givenName Pooya
116 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014211315007.75
117 rdf:type schema:Person
118 sg:person.016623444027.38 schema:affiliation grid-institutes:None
119 schema:familyName Khati
120 schema:givenName Louiza
121 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016623444027.38
122 rdf:type schema:Person
123 grid-institutes:None schema:alternateName ANSSI, Paris, France
124 schema:name ANSSI, Paris, France
125 rdf:type schema:Organization
126 grid-institutes:grid.462844.8 schema:alternateName Sorbonne Université, LIP6 and Institut Universitaire de France, Paris, France
127 schema:name Sorbonne Université, LIP6 and Institut Universitaire de France, Paris, France
128 rdf:type schema:Organization
129 grid-institutes:grid.5685.e schema:alternateName Department of Computer Science, University of York, York, UK
130 schema:name Department of Computer Science, University of York, York, UK
131 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...