### Continuous Non-Malleable Key Derivation and Its Application to Related-Key Security

Baodong Qin, Shengli Liu, Tsz Hon Yuen, Robert H. Deng, and Kefei Chen

##### Abstract

Related-Key Attacks (RKAs) allow an adversary to observe the outcomes of a cryptographic primitive under not only its original secret key e.g., $s$, but also a sequence of modified keys $\phi(s)$, where $\phi$ is specified by the adversary from a class $\Phi$ of so-called Related-Key Derivation (RKD) functions. This paper extends the notion of non-malleable Key Derivation Functions (nm-KDFs), introduced by Faust et al. (EUROCRYPT'14), to \emph{continuous} nm-KDFs. Continuous nm-KDFs have the ability to protect against any a-priori \emph{unbounded} number of RKA queries, instead of just a single time tampering attack as in the definition of nm-KDFs. Informally, our continuous non-malleability captures the scenario where the adversary can tamper with the original secret key repeatedly and adaptively. We present a novel construction of continuous nm-KDF for any polynomials of bounded degree over a finite field. Essentially, our result can be extended to richer RKD function classes possessing properties of \emph{high output entropy and input-output collision resistance}. The technical tool employed in the construction is the one-time lossy filter (Qin et al. ASIACRYPT'13) which can be efficiently obtained under standard assumptions, e.g., DDH and DCR. We propose a framework for constructing $\Phi$-RKA-secure IBE, PKE and signature schemes, using a continuous nm-KDF for the same $\Phi$-class of RKD functions. Applying our construction of continuous nm-KDF to this framework, we obtain the first RKA-secure IBE, PKE and signature schemes for a class of polynomial RKD functions of bounded degree under \emph{standard} assumptions. While previous constructions for the same class of RKD functions all rely on non-standard assumptions, e.g., $d$-extended DBDH assumption.

Note: Fixed a minor error in the definition of Game 1 in Fig.3 and some typos.

Available format(s)
Category
Public-key cryptography
Publication info
Keywords
Related-key attacksnon-malleable key derivationone-time lossy filter
Contact author(s)
qinbaodong @ sjtu edu cn
slliu @ sjtu edu cn
History
2015-01-10: revised
See all versions
Short URL
https://ia.cr/2015/003

CC BY

BibTeX

@misc{cryptoeprint:2015/003,
author = {Baodong Qin and Shengli Liu and Tsz Hon Yuen and Robert H.  Deng and Kefei Chen},
title = {Continuous Non-Malleable Key Derivation and Its Application to Related-Key Security},
howpublished = {Cryptology ePrint Archive, Paper 2015/003},
year = {2015},
note = {\url{https://eprint.iacr.org/2015/003}},
url = {https://eprint.iacr.org/2015/003}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.