Related-key attack

In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the keys is known to the attacker. For example, the attacker might know that the last 80 bits of the keys are always the same, even though they don't know, at first, what the bits are.

YouTube Encyclopedic

1/5
Views:
77 609
129 718
1 271 878
12 724
596 312

Transcription

KASUMI

KASUMI is an eight round, 64-bit block cipher with a 128-bit key. It is based upon MISTY1 and was designed to form the basis of the 3G confidentiality and integrity algorithms.

Mark Blunden and Adrian Escott described differential related key attacks on five and six rounds of KASUMI.^[1] Differential attacks were introduced by Biham and Shamir. Related key attacks were first introduced by Biham.^[2] Differential related key attacks are discussed in Kelsey et al.^[3]

WEP

An important example of a cryptographic protocol that failed because of a related-key attack is Wired Equivalent Privacy (WEP) used in Wi-Fi wireless networks. Each client Wi-Fi network adapter and wireless access point in a WEP-protected network shares the same WEP key. Encryption uses the RC4 algorithm, a stream cipher. It is essential that the same key never be used twice with a stream cipher. To prevent this from happening, WEP includes a 24-bit initialization vector (IV) in each message packet. The RC4 key for that packet is the IV concatenated with the WEP key. WEP keys have to be changed manually and this typically happens infrequently. An attacker therefore can assume that all the keys used to encrypt packets share a single WEP key. This fact opened up WEP to a series of attacks which proved devastating. The simplest to understand uses the fact that the 24-bit IV only allows a little under 17 million possibilities. Because of the birthday paradox, it is likely that for every 4096 packets, two will share the same IV and hence the same RC4 key, allowing the packets to be attacked. More devastating attacks take advantage of certain weak keys in RC4 and eventually allow the WEP key itself to be recovered. In 2005, agents from the U.S. Federal Bureau of Investigation publicly demonstrated the ability to do this with widely available software tools in about three minutes.

Preventing related-key attacks

One approach to preventing related-key attacks is to design protocols and applications so that encryption keys will never have a simple relationship with each other. For example, each encryption key can be generated from the underlying key material using a key derivation function.

For example, a replacement for WEP, Wi-Fi Protected Access (WPA), uses three levels of keys: master key, working key and RC4 key. The master WPA key is shared with each client and access point and is used in a protocol called Temporal Key Integrity Protocol (TKIP) to create new working keys frequently enough to thwart known attack methods. The working keys are then combined with a longer, 48-bit IV to form the RC4 key for each packet. This design mimics the WEP approach enough to allow WPA to be used with first-generation Wi-Fi network cards, some of which implemented portions of WEP in hardware. However, not all first-generation access points can run WPA.

Another, more conservative approach is to employ a cipher designed to prevent related-key attacks altogether, usually by incorporating a strong key schedule. A newer version of Wi-Fi Protected Access, WPA2, uses the AES block cipher instead of RC4, in part for this reason. There are related-key attacks against AES, but unlike those against RC4, they're far from practical to implement, and WPA2's key generation functions may provide some security against them. Many older network cards cannot run WPA2.

References

^ Matsui, M., "New block encryption algorithm MISTY", 1997
^ Biham, Eli. "New types of cryptanalytic attacks using related keys." Journal of Cryptology 7.4 (1994): 229-246.
^ Kelsey, John, Bruce Schneier, and David Wagner. "Key-schedule cryptanalysis of idea, g-des, gost, safer, and triple-des." Advances in Cryptology"CRYPTO’96. Springer Berlin/Heidelberg, 1996.

v t e Block ciphers (security summary)
Common algorithms	AES Blowfish DES (internal mechanics, Triple DES) Serpent SM4 Twofish
Less common algorithms	ARIA Camellia CAST-128 GOST IDEA LEA RC5 RC6 SEED Skipjack TEA XTEA
Other algorithms	3-Way Adiantum Akelarre Anubis Ascon BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC2 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES xmx XXTEA Zodiac
Design	Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Confusion and diffusion Round Avalanche effect Block size Key size Key whitening (Whitening transformation)
Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM Biclique attack 3-subset MITM attack Linear (Piling-up lemma) Differential Impossible Truncated Higher-order Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Side-channel Timing Power-monitoring Electromagnetic Acoustic Differential-fault XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff
Standardization	AES process CRYPTREC NESSIE
Utilization	Initialization vector Mode of operation Padding

Stream ciphers

Widely used ciphers

eSTREAM Portfolio

Software	HC-128 Rabbit Salsa20 SOSEMANUK
Hardware	Grain MICKEY Trivium

Other ciphers

Generators

Theory

Attacks

v t e Cryptography
General	History of cryptography Outline of cryptography Cryptographic protocol Authentication protocol Cryptographic primitive Cryptanalysis Cryptocurrency Cryptosystem Cryptographic nonce Cryptovirology Hash function Cryptographic hash function Key derivation function Digital signature Kleptography Key (cryptography) Key exchange Key generator Key schedule Key stretching Keygen Cryptojacking malware Ransomware Random number generation Cryptographically secure pseudorandom number generator (CSPRNG) Pseudorandom noise (PRN) Secure channel Insecure channel Subliminal channel Encryption Decryption End-to-end encryption Harvest now, decrypt later Information-theoretic security Plaintext Codetext Ciphertext Shared secret Trapdoor function Trusted timestamping Key-based routing Onion routing Garlic routing Kademlia Mix network
Mathematics	Cryptographic hash function Block cipher Stream cipher Symmetric-key algorithm Authenticated encryption Public-key cryptography Quantum key distribution Quantum cryptography Post-quantum cryptography Message authentication code Random numbers Steganography
Category

This page was last edited on 20 November 2023, at 07:27

From Wikipedia, the free encyclopedia

YouTube Encyclopedic

Transcription

KASUMI

WEP

Preventing related-key attacks

References