Cryptology ePrint Archive: Report 2015/1088

Note on the RKA security of Continuously Non-Malleable Key-Derivation Function from PKC 2015

Eiichiro Fujisaki and Keita Xagawa

Abstract: Qin, Liu, Yuen, Deng, and Chen (PKC 2015) gave a new security notion of key-derivation function (KDF), continuous non-malleability with respect to $\Phi$-related-key attacks ($\Phi$-CNM), and its application to RKA-secure public-key cryptographic primitives. They constructed a KDF from cryptographic primitives and showed that the obtained KDF is $\Phi_{hoe\&iocr}$-CNM, where $\Phi_{hoe\&iocr}$ contains the identity function, the constant functions, and functions that have high output-entropy (HOE) and input-output collision-resistance (IOCR) simultaneously.

This short note disproves the security of their KDF by giving $\Phi_{hoe\&iocr}$-RKAs by exploiting the components of their KDF. We note that their proof is still correct for $\Phi$-CNM for a subset of $\Phi_{hoe\&iocr}$; for example the KDF satisfies $\Phi_{poly(d)}$-CNM, in which an adversary can tamper with a secret by using polynomials of degree at most $d$.

Category / Keywords: public-key cryptography / Related-key attacks, RKA security, continous non-malleability, CNM-KDF

Date: received 8 Nov 2015, last revised 23 Dec 2015

Contact author: xagawa keita at lab ntt co jp

Available format(s): PDF | BibTeX Citation

Version: 20151224:064322 (All versions of this report)

Short URL: ia.cr/2015/1088

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]