On simple and secure key distribution

Tsudik, Gene; Herreweghen, Els Van

doi:10.1145/168588.168594

Cited by 12 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that the correct value is suggested by all the right pairs, and hence it gets at least four suggestions with probability about 0.57. On the other hand, the probability that a wrong subkey is suggested at least four times is approximately 2 13 4 ·2 −64 = (2/3)·2 −16 . Hence, less than one subkey suggestion remains on average (If no subkey suggestions remain, which happens frequently, the set is discarded).…”

Section: A Detailed Description Of the 9-round Attackmentioning

confidence: 99%

“…The simpler the relation is, the easier it is for an adversary to manipulate the key in the desired fashion. For example, the key exchange protocol 2PKDP [13], allows an adversary to XOR the unknown key with a constant. Other related key attacks, such as those presented in [8,12], discuss practical attacks on well known schemes under different key relations.…”

Section: Related-key Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds

Biryukov

Dunkelman

Keller

et al. 2010

Advances in Cryptology – EUROCRYPT 2010

114

102

View full text Add to dashboard Cite

Abstract. AES is the best known and most widely used block cipher. Its three versions differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). While for AES-128, there are no known attacks faster than exhaustive search, AES-192 and AES-256 were recently shown to be breakable by attacks which require 2 176 and 2 99.5 time, respectively. While these complexities are much faster than exhaustive search, they are completely non-practical, and do not seem to pose any real threat to the security of AES-based systems.In this paper we aim to increase our understanding of AES security, and we concentrate on attacks with practical complexity, i.e., attacks that can be experimentally verified. We show attacks on reduced-round variants of AES-256 with up to 10 rounds with complexity which is feasible. One of our attacks uses only two related keys and 2 39 time to recover the complete 256-bit key of a 9-round version of AES-256 (the best previous attack on this variant required 4 related keys and 2 120 time). Another attack can break a 10-round version of AES-256 in 2 45 time, but it uses a stronger type of related subkey attack (the best previous attack on this variant required 64 related keys and 2 172 time). While the full AES-256 cannot be directly broken by these attacks, the fact that 10 rounds can be broken with such a low complexity raises serious concerns about the remaining safety margin offered by AES-256.

show abstract

Section: A Detailed Description Of the 9-round Attackmentioning

confidence: 99%

Section: Related-key Attacksmentioning

confidence: 99%

Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds

Biryukov

Dunkelman

Keller

et al. 2010

Advances in Cryptology – EUROCRYPT 2010

114

102

View full text Add to dashboard Cite

show abstract

“…The ticket expressions are similar to those used in the KryptoKnight Authentication and Key Distribution Service [8]. (See also [6,7,5]. )…”

Section: Protocol Descriptionmentioning

confidence: 99%

Robust and secure password and key change method

Hauser

Janson

Molva

et al. 1994

Computer Security — ESORICS 94

Self Cite

View full text Add to dashboard Cite

This paper discusses issues and idiosyncrasies associated with changing passwords and keys in distributed computer systems. Current approaches are often complicated and fail to provide the desired level of security and fault tolerance. A novel and very simple approach to changing passwords/keys is presented and analyzed. It provides a means for human users and service programs to change passwords and keys in a robust and secure fashion.

show abstract

“…This approach might seem unrealistic, as it assumes that the attacker can control some relations between the unknown keys. Still, there are some instances, e.g., the 2PKDP protocol [43], where this approach suggests practical attacks.…”

Section: Introductionmentioning

confidence: 99%

A Unified Approach to Related-Key Attacks

Biham

Dunkelman

Keller

2008

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. This paper introduces a new framework and a generalization of the various flavors of related-key attacks. The new framework allows for combining all the previous related-key attacks into a complex, but much more powerful attack. The new attack is independent of the number of rounds of the cipher. This property holds even when the round functions of the cipher use different subkeys. The strength of our new method is demonstrated by an attack on 4r-round IDEA, for any r. This attack is the first attack on a widely deployed block cipher which is independent of the number of rounds. The variant of the attack with r = 2 is the first known attack on 8-round IDEA.

show abstract

On simple and secure key distribution

Cited by 12 publications

References 13 publications

Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds

Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds

Robust and secure password and key change method

A Unified Approach to Related-Key Attacks

Contact Info

Product

Resources

About