Cryptology ePrint Archive: Report 2017/697

On Internal Re-keying

Liliya R. Ahmetzyanova and Evgeny K. Alekseev and Igor B. Oshkin and Stanislav V. Smyshlyaev

Abstract: In this paper we introduce a classification of existing re-keying-based approaches to increase the security of block cipher operation modes. We introduce the concepts of external and internal re-keying putting the focus on the second one. Whereas the external re-keying approach is widely used and provides the mechanism of key usage control on a message stream processing level, the internal re-keying approach is the first known mechanism providing such a control on a single message processing level. These approaches can be applied completely independently. The internal re-keying approach was already applied to the CTR encryption mode and yielded the CTR-ACPKM mode. This mode is currently being standardized in ISO and in IETF/IRTF (CFRG).

In the current paper we apply the internal re-keying approach to the well-known GCM authenticated encryption mode. The main results of this paper are a new internally re-keyed GCM-ACPKM mode and its security bounds. The proposed mode is also passing through the last formal standardization stages in IETF (CFRG). We estimate the security of the GCM-ACPKM mode respecting standard security notions. We compare both security and performance of the GCM-ACPKM and GCM modes. The results show that changing GCM mode by integrating the ACPKM internal re-keying procedure increases security, significantly extending the lifetime of a key with a negligible loss in performance. Also we show how the re-keying approaches could increase the security of TLS 1.3 cipher suites.

Category / Keywords: secret-key cryptography / re-keying, block cipher modes, AEAD, GCM, provable security

Date: received 13 Jul 2017, last revised 22 May 2020

Contact author: lah at cryptopro ru

Available format(s): PDF | BibTeX Citation

Version: 20200522:194451 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]