**Note on the RKA security of Continuously Non-Malleable Key-Derivation Function from PKC 2015**

*Eiichiro Fujisaki and Keita Xagawa*

**Abstract: **Qin, Liu, Yuen, Deng, and Chen (PKC 2015) gave a new security notion of key-derivation function (KDF), continuous non-malleability with respect to $\Phi$-related-key attacks ($\Phi$-CNM), and its application to RKA-secure public-key cryptographic primitives. They constructed a KDF from cryptographic primitives and showed that the obtained KDF is $\Phi_{hoe\&iocr}$-CNM, where $\Phi_{hoe\&iocr}$ contains the identity function, the constant functions, and functions that have high output-entropy (HOE) and input-output collision-resistance (IOCR) simultaneously.

This short note disproves the security of their KDF by giving $\Phi_{hoe\&iocr}$-RKAs by exploiting the components of their KDF. We note that their proof is still correct for $\Phi$-CNM for a subset of $\Phi_{hoe\&iocr}$; for example the KDF satisfies $\Phi_{poly(d)}$-CNM, in which an adversary can tamper with a secret by using polynomials of degree at most $d$.

**Category / Keywords: **public-key cryptography / Related-key attacks, RKA security, continous non-malleability, CNM-KDF

**Date: **received 8 Nov 2015, last revised 23 Dec 2015

**Contact author: **xagawa keita at lab ntt co jp

**Available format(s): **PDF | BibTeX Citation

**Version: **20151224:064322 (All versions of this report)

**Short URL: **ia.cr/2015/1088

[ Cryptology ePrint archive ]