Paper 2019/244

Attacks Only Get Better: How to Break FF3 on Large Domains

Viet Tung Hoang, David Miller, and Ni Trieu

Abstract

We improve the attack of Durak and Vaudenay (CRYPTO'17) on NIST Format-Preserving Encryption standard FF3, reducing the running time from $O(N^5)$ to $O(N^{17/6})$ for domain $Z_N \times Z_N$. Concretely, DV's attack needs about $2^{50}$ operations to recover encrypted 6-digit PINs, whereas ours only spends about $2^{30}$ operations. In realizing this goal, we provide a pedagogical example of how to use distinguishing attacks to speed up slide attacks. In addition, we improve the running time of DV's known-plaintext attack on 4-round Feistel of domain $Z_N \times Z_N$ from $O(N^3)$ time to just $O(N^{5/3})$ time. We also generalize our attacks to a general domain $Z_M \times Z_N$, allowing one to recover encrypted SSNs using about $2^{50}$ operations. Finally, we provide some proof-of-concept implementations to empirically validate our results.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in EUROCRYPT 2019
Keywords
Format-preserving encryptionattacks
Contact author(s)
tvhoang @ cs fsu edu
History
2019-08-25: last of 2 revisions
2019-02-28: received
See all versions
Short URL
https://ia.cr/2019/244
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/244,
      author = {Viet Tung Hoang and David Miller and Ni Trieu},
      title = {Attacks Only Get Better: How to Break {FF3} on Large Domains},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/244},
      year = {2019},
      url = {https://eprint.iacr.org/2019/244}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.