Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques

@inproceedings{Abdalla2000IncreasingTL,
  title={Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques},
  author={Michel Abdalla and Mihir Bellare},
  booktitle={ASIACRYPT},
  year={2000}
}
Rather than use a shared key directly to cryptographically process (e.g. encrypt or authenticate) data one can use it as a master key to derive subkeys, and use the subkeys for the actual cryptographic processing. This popular paradigm is called re-keying, and the expectation is that it is good for security. In this paper we provide concrete security analyses of various re-keying mechanisms and their usage. We show that re-keying does indeed "increase" security, effectively extending the… 

Increasing the Lifetime of Symmetric Keys for the GCM Mode by Internal Re-keying

TLDR
The obtained proof framework can be reused to provide security bounds for other re-keyed modes without a master key, and it is shown that the ACPKM internal re-keying technique increases security, essentially extending the lifetime of a key with a minor loss in performance.

RCB: leakage-resilient authenticated encryption via re-keying

TLDR
This paper proposes a leakage-resilient authenticated encryption scheme, called Re-keying Code Book (RCB), that is secure against the side-channel attacks by combining with existing re- keying schemes, rather than designing new algorithms.

Towards Fresh and Hybrid Re-Keying Schemes with Beyond Birthday Security

TLDR
The reasoning extends to hybrid schemes, where the communication party to protect against side-channel attacks is stateful, and is illustrated by describing a collision attack against an example of a hybrid scheme patented by Kocher, and presenting a tweak leading to beyond birthday security.

Efficient Re-Keyed Encryption Schemes for Secure Communications

TLDR
This paper presents a new encryption schemes based on rekeyed that effectively extends the lifetime of the key increasing the threshold number of encryptions that can be performed without requiring a new exchange of keys.

On Making U2F Protocol Leakage-Resilient via Re-keying

TLDR
This work presents a countermeasure for the SCA based on re-keying technique to prevent the repeated use of the device secret key for encryption and signing and recommends a modification in the existing U2F protocol to minimise the effect of signing with the fixed attestation private key.

A Formal Treatment of Multi-key Channels

TLDR
This design aims at achieving forward security, protecting prior communication after long-term key corruption, as well as security of individual channel phases even if the key in other phases is leaked (a property the authors denote as phase-key insulation).

Reducing The Need For Trusted Parties In Cryptography. (Limiter le besoin de tiers de confiance en cryptographie)

TLDR
Two methods for reducing the amount of trust in third parties are considered, one of which is to assume that the secret keys used in authenticated key exchange protocols have low entropy and do not need to be stored in a cryptographic device and the other is an identity-based cryptosystem, in which the public key of a user can be an arbitrary string such as an email address.

Provably secure counter mode with related-key-based internal re-keying

TLDR
A new internally re-keyed block cipher mode of operation called CTRR (”CounTer with Related-key Re-keying mode”) is proposed and it is proved its security under the assumption that the underlying cipher is secure in the related-key adversary model.

Secure Key-Updating for Lazy Revocation

TLDR
It is given two composition methods that combine two secure key-updating schemes into a new secure scheme that permits a larger number of user revocations and proposes a novel binary tree construction that is also provably secure in this model.

AES-GCM-SIV: Specification and Analysis

TLDR
The security of the AES-GCM-SIV mode of operation, as defined in the CFRG specification, is described and analyzed, and the concrete bounds were overly optimistic, most notably for very large messages.
...

References

SHOWING 1-10 OF 33 REFERENCES

Stateless Evaluation of Pseudorandom Functions: Security beyond the Birthday Barrier

TLDR
The idea is roughly to use the XOR of the values of a pseudorandom function on a small number of distinct random points in place of its value on a single point, which establishes two general security properties, "pseudorandomness" and "integrity", with security beyond the birthday bound.

A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation

TLDR
This work studies notions and schemes for symmetric (ie. private key) encryption in a concrete security framework and analyzes the concrete complexity of reductions among them, providing both upper and lower bounds, and obtaining tight relations.

The First Experimental Cryptanalysis of the Data Encryption Standard

TLDR
An improved version of linear cryptanalysis is described and its application to the first, successful computer experiment in breaking the full 16-round DES with high success probability if 243 random plaintexts and their ciphertexts are available.

Advances in Cryptology — CRYPTO ’96

  • N. Koblitz
  • Computer Science, Mathematics
    Lecture Notes in Computer Science
  • 2001
TLDR
This work presents new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, and proves that NMAC and HMAC are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm

TLDR
This work analyzes the security of authenticated encryption schemes designed by "generic composition," meaning making black-box use of a given symmetric encryption scheme and a given MAC and indicates whether or not the resulting scheme meets the notion in question assuming the given symmetry is secure against chosen-plaintext attack and the given MAC is unforgeable under chosen-message attack.

A concrete security treatment of symmetric encryption

TLDR
This work studies notions and schemes for symmetric (ie. private key) encryption in a concrete security framework and gives four different notions of security against chosen plaintext attack, providing both upper and lower bounds, and obtaining tight relations.

Keying Hash Functions for Message Authentication

TLDR
Two new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, NMAC and HMAC, are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.

A Forward-Secure Digital Signature Scheme

We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the

Advances in Cryptology — CRYPTO’ 92

  • E. Brickell
  • Computer Science, Mathematics
    Lecture Notes in Computer Science
  • 2001
TLDR
A new signature scheme is introduced that combines the strength of the strongest schemes with the efficiency of RSA, and uses the same amount of computation and memory as the widely applied RSA scheme.

Differential Cryptanalysis of the Full 16-Round DES

TLDR
The first known attack is developed which is capable of breaking the full 16 round DES in less than the 255 complexity of exhaustive search and can be carried out in parallel on up to 233 disconnected processors with linear speedup.