In this paper, we suggest a simple stream cipher operation mode, respectively a simple way how to modify existing operation modes like that in the Bluetooth system, which provides provable security near 2^{2n/3} against generic collision attacks. Our suggestion refers to stream ciphers (like E0 in Bluetooth) which generate keystreams that are partitioned into packets and where the initial states for each packet are computed from a packet-IV and the secret session key using a resynchronization algorithm.
Our security analysis is based on modeling the resynchronization algorithm in terms of the FP(1)-construction E(x,k)=F(P(x+k)+k), where k denotes an n-bit secret key (corresponding to the symmetric session key), F denotes a publicly known n-bit function (corresponding to the output function of the underlying keystream generator), P denotes a publicly known n-bit permutation (corresponding to the iterated state update function of the generator), and the input x is an n-bit public initial value. Our security bounds follow from the results presented in [Cryptology ePrint Archive: Report 2015/636], where a tight 2n/3 security bound for the FP(1)-construction in the random oracle model was proved.
Category / Keywords: secret-key cryptography / Stream Cipher Operation Modes, Time-Memory-Data Tradeoff Attacks, Provable Security, Even-Mansour Constructions Date: received 29 Jul 2015, last revised 30 Jul 2015 Contact author: hamann at uni-mannheim de Available format(s): PDF | BibTeX Citation Version: 20150730:110135 (All versions of this report) Short URL: ia.cr/2015/757 Discussion forum: Show discussion | Start new discussion