Paper 2015/003

Continuous Non-Malleable Key Derivation and Its Application to Related-Key Security

Baodong Qin, Shengli Liu, Tsz Hon Yuen, Robert H. Deng, and Kefei Chen


Related-Key Attacks (RKAs) allow an adversary to observe the outcomes of a cryptographic primitive under not only its original secret key e.g., $s$, but also a sequence of modified keys $\phi(s)$, where $\phi$ is specified by the adversary from a class $\Phi$ of so-called Related-Key Derivation (RKD) functions. This paper extends the notion of non-malleable Key Derivation Functions (nm-KDFs), introduced by Faust et al. (EUROCRYPT'14), to \emph{continuous} nm-KDFs. Continuous nm-KDFs have the ability to protect against any a-priori \emph{unbounded} number of RKA queries, instead of just a single time tampering attack as in the definition of nm-KDFs. Informally, our continuous non-malleability captures the scenario where the adversary can tamper with the original secret key repeatedly and adaptively. We present a novel construction of continuous nm-KDF for any polynomials of bounded degree over a finite field. Essentially, our result can be extended to richer RKD function classes possessing properties of \emph{high output entropy and input-output collision resistance}. The technical tool employed in the construction is the one-time lossy filter (Qin et al. ASIACRYPT'13) which can be efficiently obtained under standard assumptions, e.g., DDH and DCR. We propose a framework for constructing $\Phi$-RKA-secure IBE, PKE and signature schemes, using a continuous nm-KDF for the same $\Phi$-class of RKD functions. Applying our construction of continuous nm-KDF to this framework, we obtain the first RKA-secure IBE, PKE and signature schemes for a class of polynomial RKD functions of bounded degree under \emph{standard} assumptions. While previous constructions for the same class of RKD functions all rely on non-standard assumptions, e.g., $d$-extended DBDH assumption.

Note: Fixed a minor error in the definition of Game 1 in Fig.3 and some typos.

Available format(s)
Public-key cryptography
Publication info
Published by the IACR in PKC 2015
Related-key attacksnon-malleable key derivationone-time lossy filter
Contact author(s)
qinbaodong @ sjtu edu cn
slliu @ sjtu edu cn
2015-01-10: revised
2015-01-05: received
See all versions
Short URL
Creative Commons Attribution


      author = {Baodong Qin and Shengli Liu and Tsz Hon Yuen and Robert H.  Deng and Kefei Chen},
      title = {Continuous Non-Malleable Key Derivation and Its Application to Related-Key Security},
      howpublished = {Cryptology ePrint Archive, Paper 2015/003},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.