Questions tagged [related-keys]
Keys with an exploitable mathematical relationship, and the attacks they enable
24
questions
0
votes
0
answers
34
views
Is the CFB mode of Encryption related-key secure
I am going through the paper https://www.iacr.org/archive/fse2013/84240283/84240283.pdf where the related key security of CBC mode of encryption is well analyzed. I am concerned about whether the CFB ...
0
votes
1
answer
110
views
Derrive a new key from Trusted Third Party (e.g. Kerberos) session key
Kerberos (and I assume other Trusted Third Party protocols) use (hash) an existing shared secret key to create a session key used for authentication. I read that this authentication secret key can ...
2
votes
1
answer
149
views
RC4 Klein (or other) attack susceptibility question
What issues do yall see with the following in terms of key recovery and related key attacks:
RC4 used to "sign" a nonce:
3 byte nonce concatenated with 16 byte long term key > RC4 ...
0
votes
1
answer
197
views
Using TEA to build a hash function
Background:
TEA uses a 128 bit master key $K_{0\ldots3}$. All odd rounds use $K_0$, $K_1$ as the round subkey, and all even rounds use $K_2$, $K_3$. One cycle of TEA applied to the block $A_i$,$B_i$ ...
2
votes
0
answers
59
views
Encrypting with one key and decrypting with a related key
Given $n$-bit block cipher $E$ (and its inverse $E^{-1}$), define block cipher $E^\prime_k(m) = E_k(E_{f(k)}^{-1}(m))$ where $k,f(k) \in \{0,1\}^n$ and $\forall k:f(k) \ne k$. Under the ideal block ...
0
votes
0
answers
35
views
Proof of score in a public game with a public contract leaderboard
Game:
Users stack blocks to form an unstable tower. Each time a new block is successfully laid, the game creates a score_string which is meant as proof of the user's current score. Assume each user ...
2
votes
1
answer
287
views
Does Wikipedia's WEP - RC4 example really demonstrate a related key attack or just an IV reuse attack?
On Wikipedia's Related Key attacks page, there is a section about WEP as an example to related key attacks.
Encryption uses the RC4 algorithm, a stream cipher. It is essential that the same key never ...
0
votes
1
answer
553
views
Related Key Attack on Schnorr Signature - Why does the challenge include $\psi = g^x$, not $y$?
The original Schnorr signature scheme suffers from a Related Key Attack (RKA) as described by Morita et al. The authors of this paper then suggest a modification to the signature algorithm to prevent ...
3
votes
1
answer
103
views
How exactly to concatenate two differential trails to form a boomerang disguisher in practice?
I've been reading many papers on boomerang/rectangle attacks. The general strategy is to find two trails for a small number of rounds and then concatenate them to form a longer distinguisher. ...
0
votes
1
answer
71
views
How modern messengers encryption keys can't be hacked [closed]
I dont know is this question more like reverse-engineering or cryptographic.
Why governments are hunting for encryptions keys? Aren't they delievering by the network the same as the encypted messages? ...
1
vote
1
answer
534
views
Is there any practical use of reduced rounds of AES
There are lots of attacks which are on reduced block ciphers. There are practical attack on five rounds of AES-128five rounds aes broken in six minutes. I was just wondering if there is any practical ...
2
votes
1
answer
505
views
Related-key attacks against Salsa20 and ChaCha
From the Salsa20 security document, DJB states that he doesn't care about related key attacks:
The standard solutions to all the standard cryptographic problems—encryption, authentication, etc.—are ...
3
votes
1
answer
226
views
Are two keys derived from the same password vulnerable to a related key attack?
Background
I am currently writing a password manager application. As usual, the passwords are put in a file encrypted using a user-entered password. I'm using the NaCl library but actually it's not ...
1
vote
1
answer
63
views
secure "related-key" stream cipher
Consider a stream cipher $E(k)$ which takes a key $k$ to produce a pseudo random keystream.
It should have the property that you can easily generate a set of at least 3 different keys $\{k_m, k_0, ...
6
votes
0
answers
217
views
Is AES resilient to chosen plaintext with access to related keys (key expansion primitives)?
I'm interested in knowing whether a cryptosystem is broken given access to a few primitives.
$\DeclareMathOperator{\KEYEXP}{KEY\_EXP}$
$\DeclareMathOperator{\E}{E}$
Suppose that you have access to an ...