Paper 2017/697

On Internal Re-keying

Liliya R. Ahmetzyanova, Evgeny K. Alekseev, Igor B. Oshkin, and Stanislav V. Smyshlyaev


In this paper we introduce a classification of existing re-keying-based approaches to increase the security of block cipher operation modes. We introduce the concepts of external and internal re-keying putting the focus on the second one. Whereas the external re-keying approach is widely used and provides the mechanism of key usage control on a message stream processing level, the internal re-keying approach is the first known mechanism providing such a control on a single message processing level. These approaches can be applied completely independently. The internal re-keying approach was already applied to the CTR encryption mode and yielded the CTR-ACPKM mode. This mode is currently being standardized in ISO and in IETF/IRTF (CFRG). In the current paper we apply the internal re-keying approach to the well-known GCM authenticated encryption mode. The main results of this paper are a new internally re-keyed GCM-ACPKM mode and its security bounds. The proposed mode is also passing through the last formal standardization stages in IETF (CFRG). We estimate the security of the GCM-ACPKM mode respecting standard security notions. We compare both security and performance of the GCM-ACPKM and GCM modes. The results show that changing GCM mode by integrating the ACPKM internal re-keying procedure increases security, significantly extending the lifetime of a key with a negligible loss in performance. Also we show how the re-keying approaches could increase the security of TLS 1.3 cipher suites.

Available format(s)
Secret-key cryptography
Publication info
re-keyingblock cipher modesAEADGCMprovable security
Contact author(s)
lah @ cryptopro ru
2020-05-22: last of 2 revisions
2017-07-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Liliya R.  Ahmetzyanova and Evgeny K.  Alekseev and Igor B.  Oshkin and Stanislav V.  Smyshlyaev},
      title = {On Internal Re-keying},
      howpublished = {Cryptology ePrint Archive, Paper 2017/697},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.