Message-Recovery Attacks on Feistel-Based Format Preserving Encryption

被引：16

作者：

Bellare, Mihir ^{[1
]}

Viet Tung Hoang ^{[2
]}

Tessaro, Stefano ^{[3
]}

机构：

[1] Univ Calif San Diego, Dept CS & Engn, La Jolla, CA 92093 USA

[2] Florida State Univ, Dept Comp Sci, Tallahassee, FL 32306 USA

[3] UC Santa Barbara, Dept Comp Sci, Santa Barbara, CA USA

来源：

CCS'16: PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY | 2016年

基金：

美国国家科学基金会;

关键词：

SECURITY;

D O I：

10.1145/2976749.2978390

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We give attacks on Feistel-based format-preserving encryption (FPE) schemes that succeed in message recovery (not merely distinguishing scheme outputs from random) when the message space is small. For 4-bit messages, the attacks fully recover the target message using 2(21) examples for the FF3 NIST standard and 2(25) examples for the FF1 NIST standard. The examples include only three messages per tweak, which is what makes the attacks non-trivial even though the total number of examples exceeds the size of the domain. The attacks are rigorously analyzed in a new definitional framework of message-recovery security. The attacks are easily put out of reach by increasing the number of Feistel rounds in the standards.

引用

页码：444 / 455

页数：12

共 11 条

[1]

Bellarc M, 2009, LECT NOTES COMPUT SC, V5867, P295, DOI 10.1007/978-3-642-05445-7_19

[2]

Bellare M., 2010, ADDENDUM FFX M UNPUB

[3]

Bellare M, 2006, LECT NOTES COMPUT SC, V4004, P409

[4]

Black J., 2002, LNCS, V2271, P114

[5]

Brier E., 2010, BPS FORMAT PRESERVIN

[6]

Dworkin M., 2016, NIST SPECIAL PUBLICA, V800-38G

[7] Tweakable Block Ciphers [J].

Liskov, Moses ;

Rivest, Ronald L. ;

Wagner, David .

JOURNAL OF CRYPTOLOGY, 2011, 24 (03) :588-613

[8]

Patarin J, 2004, LECT NOTES COMPUT SC, V3152, P106

[9]

Patarin J., 1992, LNCS, V576, P301

[10]

Patarin J., 2001, LNCS, P222, DOI [10.1007/3-540-45682-1_14, DOI 10.1007/3-540-45682-114]

← 1 2 →