Continuous Non-malleable Key Derivation and Its Application to Related-Key Security

Related-Key Attacks (RKAs) allow an adversary to observe the outcomes of a cryptographic primitive under not only its original secret key e.g., \(s\), but also a sequence of modified keys \(\phi (s)\), where \(\phi \) is specified by the adversary from a class \(\varPhi \) of so-called Related-Key Derivation (RKD) functions. This paper extends the notion of non-malleable Key Derivation Functions (nm-KDFs), introduced by Faust et al. (EUROCRYPT’14), to continuous nm-KDFs. Continuous nm-KDFs have the ability to protect against any a-priori unbounded number of RKA queries, instead of just a single time tampering attack as in the definition of nm-KDFs. Informally, our continuous non-malleability captures the scenario where the adversary can tamper with the original secret key repeatedly and adaptively. We present a novel construction of continuous nm-KDF for any polynomials of bounded degree over a finite field. Essentially, our result can be extended to richer RKD function classes possessing properties of high output entropy and input-output collision resistance. The technical tool employed in the construction is the one-time lossy filter (Qin et al. ASIACRYPT’13) which can be efficiently obtained under standard assumptions, e.g., DDH and DCR. We propose a framework for constructing \(\varPhi \)-RKA-secure IBE, PKE and signature schemes, using a continuous nm-KDF for the same \(\varPhi \)-class of RKD functions. Applying our construction of continuous nm-KDF to this framework, we obtain the first RKA-secure IBE, PKE and signature schemes for a class of polynomial RKD functions of bounded degree under standard assumptions. While previous constructions for the same class of RKD functions all rely on non-standard assumptions, e.g., \(d\)-extended DBDH assumption.

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[3]  Massimiliano Daniele Rosini,et al.  Macroscopic Models for Vehicular Flows and Crowd Dynamics: Theory and Applications: Classical and Non–Classical Advanced Mathematics for Real Life Applications , 2013 .

[4]  B. Abdolmaleki Non-Malleable Codes , 2017 .

[5]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[6]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[7]  Pratyay Mukherjee,et al.  Continuous Non-malleable Codes , 2014, IACR Cryptol. ePrint Arch..

[8]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[9]  Adam O'Neill,et al.  Correlated-Input Secure Hash Functions , 2011, TCC.

[10]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[11]  Dingding Jia,et al.  Related-Key Security for Hybrid Encryption , 2014, ISC.

[12]  Kenneth G. Paterson,et al.  Related-Key Security for Pseudorandom Functions Beyond the Linear Barrier , 2017, Journal of Cryptology.

[13]  Daniel Wichs,et al.  Efficient Non-Malleable Codes and Key Derivation for Poly-Size Tampering Circuits , 2014, IEEE Transactions on Information Theory.

[14]  Shengli Liu,et al.  Leakage-Flexible CCA-secure Public-Key Encryption: Simple Construction and Free of Pairing , 2014, Public Key Cryptography.

[15]  David Cash,et al.  Cryptography Secure Against Related-Key Attacks and Tampering , 2011, IACR Cryptol. ePrint Arch..

[16]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[17]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[18]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[19]  Daniel Wichs,et al.  Tamper Detection and Continuous Non-malleable Codes , 2015, TCC.

[20]  Yuval Ishai,et al.  Semantic Security under Related-Key Attacks and Applications , 2011, ICS.

[21]  Silvio Micali,et al.  Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering , 2004, TCC.

[22]  David Cash,et al.  Pseudorandom Functions and Permutations Provably Secure against Related-Key Attacks , 2010, CRYPTO.

[23]  Kenneth G. Paterson,et al.  RKA Security beyond the Linear Barrier: IBE, Encryption and Signatures , 2012, IACR Cryptol. ePrint Arch..

[24]  Hoeteck Wee Public Key Encryption against Related Key Attacks , 2012, Public Key Cryptography.

[25]  Mihir Bellare,et al.  A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications , 2003, EUROCRYPT.

[26]  Shengli Liu,et al.  Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter , 2013, IACR Cryptol. ePrint Arch..

[27]  Carles Padró,et al.  Detection of Algebraic Manipulation with Applications to Robust Secret Sharing and Fuzzy Extractors , 2008, EUROCRYPT.

[28]  Ivan Damgård,et al.  Bounded Tamper Resilience: How to Go beyond the Algebraic Barrier , 2013, ASIACRYPT.

[29]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.