Randomized Stopping Times and Provably Secure Pseudorandom Permutation Generators

Conventionally, key-scheduling algorithm (KSA) of a cryptographic scheme runs for predefined number of steps. We suggest a different approach by utilization of randomized stopping rules to generate permutations which are indistinguishable from uniform ones. We explain that if the stopping time of such a shuffle is a Strong Stationary Time and bits of the secret key are not reused then these algorithms are immune against timing attacks.

[1]  Cesar Pereida García,et al.  "Make Sure DSA Signing Exponentiations Really are Constant-Time" , 2016, CCS.

[2]  Jovan Dj. Golic,et al.  Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997, EUROCRYPT.

[3]  Ilya Mironov,et al.  (Not So) Random Shuffles of RC4 , 2002, IACR Cryptol. ePrint Arch..

[4]  Yuval Peres,et al.  Shuffling by Semi-random Transpositions , 2004 .

[5]  J. A. Fill An interruptible algorithm for perfect sampling via Markov chains , 1998 .

[6]  David Bruce Wilson,et al.  Exact sampling with coupled Markov chains and applications to statistical mechanics , 1996, Random Struct. Algorithms.

[7]  P. Diaconis,et al.  Generating a random permutation with random transpositions , 1981 .

[8]  Bartosz Zoltak,et al.  VMPC One-Way Function and Stream Cipher , 2004, FSE.

[9]  Stefan Kölbl,et al.  State-Recovery Analysis of Spritz , 2015, LATINCRYPT.

[10]  Moni Naor,et al.  On the construction of pseudo-random permutations: Luby-Rackoff revisited (extended abstract) , 1997, STOC '97.

[11]  Moti Yung,et al.  Leakage Resilient Cryptography in Practice , 2010, Towards Hardware-Intrinsic Security.

[12]  Kenneth G. Paterson,et al.  Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS , 2016, EUROCRYPT.

[13]  Bart Preneel,et al.  A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher , 2004, FSE.

[14]  Scott R. Fluhrer,et al.  Statistical Analysis of the Alleged RC4 Keystream Generator , 2000, FSE.

[15]  James Allen Fill,et al.  An interruptible algorithm for perfect sampling via Markov chains , 1997, STOC '97.

[16]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[17]  Takanori Isobe,et al.  Cryptanalysis of the Full Spritz Stream Cipher , 2016, FSE.

[18]  Yuval Yarom,et al.  CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.

[19]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[20]  Ronald L. Rivest,et al.  Spritz - a spongy RC4-like stream cipher and hash function , 2016, IACR Cryptol. ePrint Arch..

[21]  Yuval Yarom,et al.  CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.

[22]  Goutam Paul,et al.  Analysis of RC4 and Proposal of Additional Layers for Better Security Margin , 2008, IACR Cryptol. ePrint Arch..

[23]  Kenneth G. Paterson,et al.  On the Security of RC4 in TLS , 2013, USENIX Security Symposium.

[24]  P. Diaconis,et al.  Strong uniform times and finite random walks , 1987 .

[25]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[26]  P. Diaconis,et al.  SHUFFLING CARDS AND STOPPING-TIMES , 1986 .

[27]  P. Matthews A strong uniform time for random transpositions , 1988 .