Please use this identifier to cite or link to this item:
Title: Weak keys in the rekeying paradigm : application to COMET and mixFeed
Authors: Khairallah, Mustafa
Keywords: Library and information science::Cryptography
Issue Date: 2020
Source: Khairallah, M. (2020). Weak keys in the rekeying paradigm : application to COMET and mixFeed. IACR Transactions on Symmetric Cryptology, 2019(4), 272-289. doi:10.13154/tosc.v2019.i4.272-289
Journal: IACR Transactions on Symmetric Cryptology
Abstract: In this paper, we study a group of AEAD schemes that use rekeying as a technique to increase efficiency by reducing the state size of the algorithm. We provide a unified model to study the behavior of the keys used in these schemes, called Rekey-and-Chain (RaC). This model helps understand the design of several AEAD schemes. We show generic attacks on these schemes based on the existence of certain types of weak keys. We also show that the borderline between multi-key and single-key analyses of these schemes is not solid and the analysis can be performed independent of the master key, leading sometimes to practical attacks in the multi-key setting. More importantly, the multi-key analysis can be applied in the single key setting, since each message is encrypted with a different key. Consequently, we show gaps in the security analysis of COMET and mixFeed in the single key setting, which led the designers to provide overly optimistic security claims. In the case of COMET, full key recovery can be performed with 2^64 online queries and 2^64 offline queries in the single-key setting, or 2^46 online queries per user and 2^64 offline queries in the multi-key setting with ∼ 0.5 million users. In the case of mixFeed, we enhance the forgery adversarial advantage in the single-key setting with a factor of 2^67 compared to what the designers claim. More importantly, our result is just a lower bound of this advantage, since we show that the gap in the analysis of mixFeed depends on properties of the AES Key Schedule that are not well understood and require more cryptanalytic efforts to find a more tight advantage. After reporting these findings, the designers updated their security analyses and accommodated the proposed attacks.
ISSN: 2519-173X
DOI: 10.13154/tosc.v2019.i4.272-289
Schools: School of Physical and Mathematical Sciences 
Rights: © 2020 Mustafa Khairallah. This work is licensed under a Creative Commons Attribution 4.0 International License.
Fulltext Permission: open
Fulltext Availability: With Fulltext
Appears in Collections:SPMS Journal Articles

Files in This Item:
File Description SizeFormat 
8465-Article Text-4899-2-10-20200324.pdf608.55 kBAdobe PDFThumbnail

Citations 50

Updated on Sep 17, 2023

Web of ScienceTM
Citations 20

Updated on Sep 15, 2023

Page view(s)

Updated on Sep 23, 2023

Download(s) 50

Updated on Sep 23, 2023

Google ScholarTM




Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.